ecies: use the same KDF to derive aes init vector and aes and hmac keys.
This commit is contained in:
parent
eed37c41b5
commit
a97375dbb4
|
@ -46,6 +46,31 @@ EncodeAES = lambda secret, s: base64.b64encode(aes.encryptData(secret,s))
|
|||
DecodeAES = lambda secret, e: aes.decryptData(secret, base64.b64decode(e))
|
||||
|
||||
|
||||
def aes_encrypt_with_iv(key, iv, data):
|
||||
mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
|
||||
key = map(ord, key)
|
||||
iv = map(ord, iv)
|
||||
data = aes.append_PKCS7_padding(data)
|
||||
keysize = len(key)
|
||||
assert keysize in aes.AES.keySize.values(), 'invalid key size: %s' % keysize
|
||||
moo = aes.AESModeOfOperation()
|
||||
(mode, length, ciph) = moo.encrypt(data, mode, key, keysize, iv)
|
||||
return ''.join(map(chr, ciph))
|
||||
|
||||
def aes_decrypt_with_iv(key, iv, data):
|
||||
mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
|
||||
key = map(ord, key)
|
||||
iv = map(ord, iv)
|
||||
keysize = len(key)
|
||||
assert keysize in aes.AES.keySize.values(), 'invalid key size: %s' % keysize
|
||||
data = map(ord, data)
|
||||
moo = aes.AESModeOfOperation()
|
||||
decr = moo.decrypt(data, None, mode, key, keysize, iv)
|
||||
decr = aes.strip_PKCS7_padding(decr)
|
||||
return decr
|
||||
|
||||
|
||||
|
||||
def pw_encode(s, password):
|
||||
if password:
|
||||
secret = Hash(password)
|
||||
|
@ -521,15 +546,12 @@ class EC_KEY(object):
|
|||
|
||||
ephemeral_exponent = number_to_string(ecdsa.util.randrange(pow(2,256)), generator_secp256k1.order())
|
||||
ephemeral = EC_KEY(ephemeral_exponent)
|
||||
|
||||
ecdh_key = point_to_ser(pk * ephemeral.privkey.secret_multiplier)
|
||||
key = hashlib.sha512(ecdh_key).digest()
|
||||
key_e, key_m = key[:32], key[32:]
|
||||
|
||||
iv_ciphertext = aes.encryptData(key_e, message)
|
||||
|
||||
iv, key_e, key_m = key[0:16], key[16:32], key[32:]
|
||||
ciphertext = aes_encrypt_with_iv(key_e, iv, message)
|
||||
ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
|
||||
encrypted = 'BIE1' + ephemeral_pubkey + iv_ciphertext
|
||||
encrypted = 'BIE1' + ephemeral_pubkey + ciphertext
|
||||
mac = hmac.new(key_m, encrypted, hashlib.sha256).digest()
|
||||
|
||||
return base64.b64encode(encrypted + mac)
|
||||
|
@ -544,7 +566,7 @@ class EC_KEY(object):
|
|||
|
||||
magic = encrypted[:4]
|
||||
ephemeral_pubkey = encrypted[4:37]
|
||||
iv_ciphertext = encrypted[37:-32]
|
||||
ciphertext = encrypted[37:-32]
|
||||
mac = encrypted[-32:]
|
||||
|
||||
if magic != 'BIE1':
|
||||
|
@ -560,11 +582,11 @@ class EC_KEY(object):
|
|||
|
||||
ecdh_key = point_to_ser(ephemeral_pubkey * self.privkey.secret_multiplier)
|
||||
key = hashlib.sha512(ecdh_key).digest()
|
||||
key_e, key_m = key[:32], key[32:]
|
||||
iv, key_e, key_m = key[0:16], key[16:32], key[32:]
|
||||
if mac != hmac.new(key_m, encrypted[:-32], hashlib.sha256).digest():
|
||||
raise Exception('invalid ciphertext: invalid mac')
|
||||
|
||||
return aes.decryptData(key_e, iv_ciphertext)
|
||||
return aes_decrypt_with_iv(key_e, iv, ciphertext)
|
||||
|
||||
|
||||
###################################### BIP32 ##############################
|
||||
|
|
Loading…
Reference in New Issue