|
1 | | -use aes::{ |
2 | | - Aes128, |
3 | | - cipher::{InnerIvInit, KeyInit, StreamCipherCore}, |
4 | | -}; |
5 | 1 | use bls_lagrange::{KeyId, split}; |
6 | | -use ctr::cipher; |
7 | 2 | use openssl::{encrypt::Encrypter, pkey::PKey}; |
8 | | -use pbkdf2::{hmac::Hmac, pbkdf2}; |
9 | | -use scrypt::{Params as ScryptParams, scrypt}; |
10 | | -use sha2::{Digest, Sha256, digest::Update}; |
11 | 3 | use types::SecretKey; |
12 | 4 |
|
13 | | -use crate::{ |
14 | | - EncryptedKeyShare, KeyShare, KeysplitError, ValidatorKeys, |
15 | | - cli::SharedKeygenOptions, |
16 | | - keystore::{KdfparamsType, Keystore}, |
17 | | -}; |
18 | | - |
19 | | -struct Aes128Ctr { |
20 | | - inner: ctr::CtrCore<Aes128, ctr::flavors::Ctr128BE>, |
21 | | -} |
22 | | - |
23 | | -impl Aes128Ctr { |
24 | | - fn new(key: &[u8], iv: &[u8]) -> Result<Self, cipher::InvalidLength> { |
25 | | - let cipher = aes::Aes128::new_from_slice(key).expect("Key has already been validated"); |
26 | | - let inner = ctr::CtrCore::inner_iv_slice_init(cipher, iv).expect("Cipher is valid"); |
27 | | - Ok(Self { inner }) |
28 | | - } |
29 | | - |
30 | | - fn apply_keystream(self, buf: &mut [u8]) { |
31 | | - self.inner.apply_keystream_partial(buf.into()); |
32 | | - } |
33 | | -} |
34 | | - |
35 | | -// From the keystore file, extract the decrypted validator keys |
36 | | -pub fn extract_key(keystore: &Keystore, password: &str) -> Result<ValidatorKeys, KeysplitError> { |
37 | | - let derived_key = match &keystore.crypto.kdf.params { |
38 | | - KdfparamsType::Pbkdf2 { |
39 | | - c, |
40 | | - dklen, |
41 | | - prf: _, |
42 | | - salt, |
43 | | - } => { |
44 | | - let mut key = vec![0u8; *dklen as usize]; |
45 | | - pbkdf2::<Hmac<Sha256>>(password.as_ref(), salt, *c, key.as_mut_slice()).map_err( |
46 | | - |e| KeysplitError::Pbkdf2(format!("Faild to run key derivation function: {e}")), |
47 | | - )?; |
48 | | - key |
49 | | - } |
50 | | - KdfparamsType::Scrypt { |
51 | | - dklen, |
52 | | - n, |
53 | | - p, |
54 | | - r, |
55 | | - salt, |
56 | | - } => { |
57 | | - let mut key = vec![0u8; *dklen as usize]; |
58 | | - let scrypt_params = ScryptParams::new((*n as f64).log2() as u8, *r, *p, salt.len()) |
59 | | - .map_err(|e| { |
60 | | - KeysplitError::Scrypt(format!("Failed to construct scrypt params: {e}")) |
61 | | - })?; |
62 | | - |
63 | | - scrypt(password.as_ref(), salt, &scrypt_params, &mut key).map_err(|e| { |
64 | | - KeysplitError::Scrypt(format!("Faild to run key derivation function: {e}")) |
65 | | - })?; |
66 | | - key |
67 | | - } |
68 | | - }; |
69 | | - |
70 | | - let derived_mac = Sha256::new() |
71 | | - .chain(&derived_key[16..32]) |
72 | | - .chain(&keystore.crypto.cipher.message) |
73 | | - .finalize(); |
74 | | - |
75 | | - if derived_mac.as_slice() != keystore.crypto.checksum.message.as_slice() { |
76 | | - return Err(KeysplitError::Password("Invalid password".to_string())); |
77 | | - } |
78 | | - |
79 | | - let decryptor = Aes128Ctr::new(&derived_key[..16], &keystore.crypto.cipher.params.iv[..16]) |
80 | | - .expect("invalid length"); |
81 | | - |
82 | | - let mut pk = keystore.crypto.cipher.message.clone(); |
83 | | - decryptor.apply_keystream(&mut pk); |
84 | | - |
85 | | - let deser_pk = SecretKey::deserialize(pk.as_slice()) |
86 | | - .map_err(|e| KeysplitError::Misc(format!("Failed to deserialize secret key: {e:?}")))?; |
87 | | - Ok(ValidatorKeys { |
88 | | - public_key: deser_pk.public_key(), |
89 | | - secret_key: deser_pk, |
90 | | - }) |
91 | | -} |
| 5 | +use crate::{EncryptedKeyShare, KeyShare, KeysplitError, cli::SharedKeygenOptions}; |
92 | 6 |
|
93 | 7 | // Given a secret key, split it into parts |
94 | 8 | pub fn split_keys( |
|
0 commit comments