tecies: use the same KDF to derive aes init vector and aes and hmac keys. - electrum - Electrum Bitcoin wallet
HTML git clone https://git.parazyd.org/electrum
DIR Log
DIR Files
DIR Refs
DIR Submodules
---
DIR commit a97375dbb4a2fd29ce2dc003abf117fb77aa6005
DIR parent eed37c41b51f99e1fa6e532a20fe879d6388729d
HTML Author: ThomasV <thomasv@gitorious>
Date: Mon, 1 Sep 2014 14:57:08 +0200
ecies: use the same KDF to derive aes init vector and aes and hmac keys.
Diffstat:
M lib/bitcoin.py | 40 ++++++++++++++++++++++++-------
1 file changed, 31 insertions(+), 9 deletions(-)
---
DIR diff --git a/lib/bitcoin.py b/lib/bitcoin.py
t@@ -46,6 +46,31 @@ EncodeAES = lambda secret, s: base64.b64encode(aes.encryptData(secret,s))
DecodeAES = lambda secret, e: aes.decryptData(secret, base64.b64decode(e))
+def aes_encrypt_with_iv(key, iv, data):
+ mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
+ key = map(ord, key)
+ iv = map(ord, iv)
+ data = aes.append_PKCS7_padding(data)
+ keysize = len(key)
+ assert keysize in aes.AES.keySize.values(), 'invalid key size: %s' % keysize
+ moo = aes.AESModeOfOperation()
+ (mode, length, ciph) = moo.encrypt(data, mode, key, keysize, iv)
+ return ''.join(map(chr, ciph))
+
+def aes_decrypt_with_iv(key, iv, data):
+ mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
+ key = map(ord, key)
+ iv = map(ord, iv)
+ keysize = len(key)
+ assert keysize in aes.AES.keySize.values(), 'invalid key size: %s' % keysize
+ data = map(ord, data)
+ moo = aes.AESModeOfOperation()
+ decr = moo.decrypt(data, None, mode, key, keysize, iv)
+ decr = aes.strip_PKCS7_padding(decr)
+ return decr
+
+
+
def pw_encode(s, password):
if password:
secret = Hash(password)
t@@ -521,15 +546,12 @@ class EC_KEY(object):
ephemeral_exponent = number_to_string(ecdsa.util.randrange(pow(2,256)), generator_secp256k1.order())
ephemeral = EC_KEY(ephemeral_exponent)
-
ecdh_key = point_to_ser(pk * ephemeral.privkey.secret_multiplier)
key = hashlib.sha512(ecdh_key).digest()
- key_e, key_m = key[:32], key[32:]
-
- iv_ciphertext = aes.encryptData(key_e, message)
-
+ iv, key_e, key_m = key[0:16], key[16:32], key[32:]
+ ciphertext = aes_encrypt_with_iv(key_e, iv, message)
ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
- encrypted = 'BIE1' + ephemeral_pubkey + iv_ciphertext
+ encrypted = 'BIE1' + ephemeral_pubkey + ciphertext
mac = hmac.new(key_m, encrypted, hashlib.sha256).digest()
return base64.b64encode(encrypted + mac)
t@@ -544,7 +566,7 @@ class EC_KEY(object):
magic = encrypted[:4]
ephemeral_pubkey = encrypted[4:37]
- iv_ciphertext = encrypted[37:-32]
+ ciphertext = encrypted[37:-32]
mac = encrypted[-32:]
if magic != 'BIE1':
t@@ -560,11 +582,11 @@ class EC_KEY(object):
ecdh_key = point_to_ser(ephemeral_pubkey * self.privkey.secret_multiplier)
key = hashlib.sha512(ecdh_key).digest()
- key_e, key_m = key[:32], key[32:]
+ iv, key_e, key_m = key[0:16], key[16:32], key[32:]
if mac != hmac.new(key_m, encrypted[:-32], hashlib.sha256).digest():
raise Exception('invalid ciphertext: invalid mac')
- return aes.decryptData(key_e, iv_ciphertext)
+ return aes_decrypt_with_iv(key_e, iv, ciphertext)
###################################### BIP32 ##############################