Merge pull request #1940 from wildfjre/lightkdfflag

cmd/utils, crypto: add --lightkdf flag for lighter KDF
release/1.3.0
Felix Lange 9 years ago
commit 56f8699a6c
  1. 12
      cmd/utils/flags.go
  2. 2
      common/natspec/natspec_e2e_test.go
  3. 2
      common/natspec/natspec_e2e_test.go.orig
  4. 2
      crypto/crypto.go
  5. 35
      crypto/key_store_passphrase.go
  6. 8
      crypto/key_store_test.go
  7. 2
      tests/block_test_util.go

@ -157,6 +157,10 @@ var (
Name: "fast", Name: "fast",
Usage: "Enables fast syncing through state downloads", Usage: "Enables fast syncing through state downloads",
} }
LightKDFFlag = cli.BoolFlag{
Name: "lightkdf",
Usage: "Reduce KDF memory & CPU usage at some expense of KDF strength",
}
// miner settings // miner settings
// TODO: refactor CPU vs GPU mining flags // TODO: refactor CPU vs GPU mining flags
@ -579,7 +583,13 @@ func MakeAccountManager(ctx *cli.Context) *accounts.Manager {
if ctx.GlobalBool(TestNetFlag.Name) { if ctx.GlobalBool(TestNetFlag.Name) {
dataDir += "/testnet" dataDir += "/testnet"
} }
ks := crypto.NewKeyStorePassphrase(filepath.Join(dataDir, "keystore")) scryptN := crypto.StandardScryptN
scryptP := crypto.StandardScryptP
if ctx.GlobalBool(LightKDFFlag.Name) {
scryptN = crypto.LightScryptN
scryptP = crypto.LightScryptP
}
ks := crypto.NewKeyStorePassphrase(filepath.Join(dataDir, "keystore"), scryptN, scryptP)
return accounts.NewManager(ks) return accounts.NewManager(ks)
} }

@ -128,7 +128,7 @@ func testEth(t *testing.T) (ethereum *eth.Ethereum, err error) {
db, _ := ethdb.NewMemDatabase() db, _ := ethdb.NewMemDatabase()
addr := common.HexToAddress(testAddress) addr := common.HexToAddress(testAddress)
core.WriteGenesisBlockForTesting(db, core.GenesisAccount{addr, common.String2Big(testBalance)}) core.WriteGenesisBlockForTesting(db, core.GenesisAccount{addr, common.String2Big(testBalance)})
ks := crypto.NewKeyStorePassphrase(filepath.Join(tmp, "keystore")) ks := crypto.NewKeyStorePassphrase(filepath.Join(tmp, "keystore"), crypto.LightScryptN, crypto.LightScryptP)
am := accounts.NewManager(ks) am := accounts.NewManager(ks)
keyb, err := crypto.HexToECDSA(testKey) keyb, err := crypto.HexToECDSA(testKey)
if err != nil { if err != nil {

@ -106,7 +106,7 @@ func testEth(t *testing.T) (ethereum *eth.Ethereum, err error) {
} }
// create a testAddress // create a testAddress
ks := crypto.NewKeyStorePassphrase("/tmp/eth-natspec/keystore") ks := crypto.NewKeyStorePassphrase("/tmp/eth-natspec/keystore", crypto.LightScryptN, crypto.LightScryptP)
am := accounts.NewManager(ks) am := accounts.NewManager(ks)
testAccount, err := am.NewAccount("password") testAccount, err := am.NewAccount("password")
if err != nil { if err != nil {

@ -215,7 +215,7 @@ func Decrypt(prv *ecdsa.PrivateKey, ct []byte) ([]byte, error) {
// Used only by block tests. // Used only by block tests.
func ImportBlockTestKey(privKeyBytes []byte) error { func ImportBlockTestKey(privKeyBytes []byte) error {
ks := NewKeyStorePassphrase(common.DefaultDataDir() + "/keystore") ks := NewKeyStorePassphrase(common.DefaultDataDir()+"/keystore", LightScryptN, LightScryptP)
ecKey := ToECDSA(privKeyBytes) ecKey := ToECDSA(privKeyBytes)
key := &Key{ key := &Key{
Id: uuid.NewRandom(), Id: uuid.NewRandom(),

@ -45,19 +45,29 @@ import (
const ( const (
keyHeaderKDF = "scrypt" keyHeaderKDF = "scrypt"
// 2^18 / 8 / 1 uses 256MB memory and approx 1s CPU time on a modern CPU.
scryptN = 1 << 18 // n,r,p = 2^18, 8, 1 uses 256MB memory and approx 1s CPU time on a modern CPU.
scryptr = 8 StandardScryptN = 1 << 18
scryptp = 1 StandardScryptP = 1
scryptdkLen = 32
// n,r,p = 2^12, 8, 6 uses 4MB memory and approx 100ms CPU time on a modern CPU.
LightScryptN = 1 << 12
LightScryptP = 6
scryptR = 8
scryptDKLen = 32
) )
type keyStorePassphrase struct { type keyStorePassphrase struct {
keysDirPath string keysDirPath string
scryptN int
scryptP int
scryptR int
scryptDKLen int
} }
func NewKeyStorePassphrase(path string) KeyStore { func NewKeyStorePassphrase(path string, scryptN int, scryptP int) KeyStore {
return &keyStorePassphrase{path} return &keyStorePassphrase{path, scryptN, scryptP, scryptR, scryptDKLen}
} }
func (ks keyStorePassphrase) GenerateNewKey(rand io.Reader, auth string) (key *Key, err error) { func (ks keyStorePassphrase) GenerateNewKey(rand io.Reader, auth string) (key *Key, err error) {
@ -87,11 +97,10 @@ func (ks keyStorePassphrase) GetKeyAddresses() (addresses []common.Address, err
func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) { func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
authArray := []byte(auth) authArray := []byte(auth)
salt := randentropy.GetEntropyCSPRNG(32) salt := randentropy.GetEntropyCSPRNG(32)
derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen) derivedKey, err := scrypt.Key(authArray, salt, ks.scryptN, ks.scryptR, ks.scryptP, ks.scryptDKLen)
if err != nil { if err != nil {
return err return err
} }
encryptKey := derivedKey[:16] encryptKey := derivedKey[:16]
keyBytes := FromECDSA(key.PrivateKey) keyBytes := FromECDSA(key.PrivateKey)
@ -104,10 +113,10 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
mac := Sha3(derivedKey[16:32], cipherText) mac := Sha3(derivedKey[16:32], cipherText)
scryptParamsJSON := make(map[string]interface{}, 5) scryptParamsJSON := make(map[string]interface{}, 5)
scryptParamsJSON["n"] = scryptN scryptParamsJSON["n"] = ks.scryptN
scryptParamsJSON["r"] = scryptr scryptParamsJSON["r"] = ks.scryptR
scryptParamsJSON["p"] = scryptp scryptParamsJSON["p"] = ks.scryptP
scryptParamsJSON["dklen"] = scryptdkLen scryptParamsJSON["dklen"] = ks.scryptDKLen
scryptParamsJSON["salt"] = hex.EncodeToString(salt) scryptParamsJSON["salt"] = hex.EncodeToString(salt)
cipherParamsJSON := cipherparamsJSON{ cipherParamsJSON := cipherparamsJSON{

@ -56,7 +56,7 @@ func TestKeyStorePlain(t *testing.T) {
} }
func TestKeyStorePassphrase(t *testing.T) { func TestKeyStorePassphrase(t *testing.T) {
ks := NewKeyStorePassphrase(common.DefaultDataDir()) ks := NewKeyStorePassphrase(common.DefaultDataDir(), LightScryptN, LightScryptP)
pass := "foo" pass := "foo"
k1, err := ks.GenerateNewKey(randentropy.Reader, pass) k1, err := ks.GenerateNewKey(randentropy.Reader, pass)
if err != nil { if err != nil {
@ -82,7 +82,7 @@ func TestKeyStorePassphrase(t *testing.T) {
} }
func TestKeyStorePassphraseDecryptionFail(t *testing.T) { func TestKeyStorePassphraseDecryptionFail(t *testing.T) {
ks := NewKeyStorePassphrase(common.DefaultDataDir()) ks := NewKeyStorePassphrase(common.DefaultDataDir(), LightScryptN, LightScryptP)
pass := "foo" pass := "foo"
k1, err := ks.GenerateNewKey(randentropy.Reader, pass) k1, err := ks.GenerateNewKey(randentropy.Reader, pass)
if err != nil { if err != nil {
@ -110,7 +110,7 @@ func TestImportPreSaleKey(t *testing.T) {
// python pyethsaletool.py genwallet // python pyethsaletool.py genwallet
// with password "foo" // with password "foo"
fileContent := "{\"encseed\": \"26d87f5f2bf9835f9a47eefae571bc09f9107bb13d54ff12a4ec095d01f83897494cf34f7bed2ed34126ecba9db7b62de56c9d7cd136520a0427bfb11b8954ba7ac39b90d4650d3448e31185affcd74226a68f1e94b1108e6e0a4a91cdd83eba\", \"ethaddr\": \"d4584b5f6229b7be90727b0fc8c6b91bb427821f\", \"email\": \"gustav.simonsson@gmail.com\", \"btcaddr\": \"1EVknXyFC68kKNLkh6YnKzW41svSRoaAcx\"}" fileContent := "{\"encseed\": \"26d87f5f2bf9835f9a47eefae571bc09f9107bb13d54ff12a4ec095d01f83897494cf34f7bed2ed34126ecba9db7b62de56c9d7cd136520a0427bfb11b8954ba7ac39b90d4650d3448e31185affcd74226a68f1e94b1108e6e0a4a91cdd83eba\", \"ethaddr\": \"d4584b5f6229b7be90727b0fc8c6b91bb427821f\", \"email\": \"gustav.simonsson@gmail.com\", \"btcaddr\": \"1EVknXyFC68kKNLkh6YnKzW41svSRoaAcx\"}"
ks := NewKeyStorePassphrase(common.DefaultDataDir()) ks := NewKeyStorePassphrase(common.DefaultDataDir(), LightScryptN, LightScryptP)
pass := "foo" pass := "foo"
_, err := ImportPreSaleKey(ks, []byte(fileContent), pass) _, err := ImportPreSaleKey(ks, []byte(fileContent), pass)
if err != nil { if err != nil {
@ -168,7 +168,7 @@ func TestV1_1(t *testing.T) {
} }
func TestV1_2(t *testing.T) { func TestV1_2(t *testing.T) {
ks := NewKeyStorePassphrase("tests/v1") ks := NewKeyStorePassphrase("tests/v1", LightScryptN, LightScryptP)
addr := common.HexToAddress("cb61d5a9c4896fb9658090b597ef0e7be6f7b67e") addr := common.HexToAddress("cb61d5a9c4896fb9658090b597ef0e7be6f7b67e")
k, err := ks.GetKey(addr, "g") k, err := ks.GetKey(addr, "g")
if err != nil { if err != nil {

@ -162,7 +162,7 @@ func runBlockTests(bt map[string]*BlockTest, skipTests []string) error {
} }
func runBlockTest(test *BlockTest) error { func runBlockTest(test *BlockTest) error {
ks := crypto.NewKeyStorePassphrase(filepath.Join(common.DefaultDataDir(), "keystore")) ks := crypto.NewKeyStorePassphrase(filepath.Join(common.DefaultDataDir(), "keystore"), crypto.StandardScryptN, crypto.StandardScryptP)
am := accounts.NewManager(ks) am := accounts.NewManager(ks)
db, _ := ethdb.NewMemDatabase() db, _ := ethdb.NewMemDatabase()
cfg := &eth.Config{ cfg := &eth.Config{

Loading…
Cancel
Save