replaced jackjack encryption with corrected ecies implementation
This commit is contained in:
parent
680fbf1d3e
commit
93f61f1717
137
lib/bitcoin.py
137
lib/bitcoin.py
|
@ -383,21 +383,6 @@ def ECC_YfromX(x,curved=curve_secp256k1, odd=True):
|
||||||
return [_p-My,offset]
|
return [_p-My,offset]
|
||||||
raise Exception('ECC_YfromX: No Y found')
|
raise Exception('ECC_YfromX: No Y found')
|
||||||
|
|
||||||
def private_header(msg,v):
|
|
||||||
assert v<1, "Can't write version %d private header"%v
|
|
||||||
r = ''
|
|
||||||
if v==0:
|
|
||||||
r += ('%08x'%len(msg)).decode('hex')
|
|
||||||
r += sha256(msg)[:2]
|
|
||||||
return ('%02x'%v).decode('hex') + ('%04x'%len(r)).decode('hex') + r
|
|
||||||
|
|
||||||
def public_header(pubkey,v):
|
|
||||||
assert v<1, "Can't write version %d public header"%v
|
|
||||||
r = ''
|
|
||||||
if v==0:
|
|
||||||
r = sha256(pubkey)[:2]
|
|
||||||
return '\x6a\x6a' + ('%02x'%v).decode('hex') + ('%04x'%len(r)).decode('hex') + r
|
|
||||||
|
|
||||||
|
|
||||||
def negative_point(P):
|
def negative_point(P):
|
||||||
return Point( P.curve(), P.x(), -P.y(), P.order() )
|
return Point( P.curve(), P.x(), -P.y(), P.order() )
|
||||||
|
@ -493,83 +478,69 @@ class EC_KEY(object):
|
||||||
raise Exception("Bad signature")
|
raise Exception("Bad signature")
|
||||||
|
|
||||||
|
|
||||||
# ecdsa encryption/decryption methods
|
# ecies encryption/decryption methods; aes-256-cbc is used as the cipher; hmac-sha256 is used as the mac
|
||||||
# credits: jackjack, https://github.com/jackjack-jj/jeeq
|
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def encrypt_message(self, message, pubkey):
|
def encrypt_message(self, message, pubkey):
|
||||||
generator = generator_secp256k1
|
|
||||||
curved = curve_secp256k1
|
|
||||||
r = ''
|
|
||||||
msg = private_header(message,0) + message
|
|
||||||
msg = msg + ('\x00'*( 32-(len(msg)%32) ))
|
|
||||||
msgs = chunks(msg,32)
|
|
||||||
|
|
||||||
_r = generator.order()
|
|
||||||
str_to_long = string_to_number
|
|
||||||
|
|
||||||
P = generator
|
|
||||||
pk = ser_to_point(pubkey)
|
pk = ser_to_point(pubkey)
|
||||||
|
if not ecdsa.ecdsa.point_is_valid(generator_secp256k1, pk.x(), pk.y()):
|
||||||
|
raise Exception('invalid pubkey')
|
||||||
|
|
||||||
|
ephemeral_exponent = number_to_string(ecdsa.util.randrange(pow(2,256)), generator_secp256k1.order())
|
||||||
|
ephemeral = EC_KEY(ephemeral_exponent)
|
||||||
|
|
||||||
|
ecdh_key = (pk * ephemeral.privkey.secret_multiplier).x()
|
||||||
|
ecdh_key = ('%064x' % ecdh_key).decode('hex')
|
||||||
|
key = hashlib.sha512(ecdh_key).digest()
|
||||||
|
key_e, key_m = key[:32], key[32:]
|
||||||
|
|
||||||
|
iv_ciphertext = aes.encryptData(key_e, message)
|
||||||
|
iv, ciphertext = iv_ciphertext[:16], iv_ciphertext[16:]
|
||||||
|
|
||||||
for i in range(len(msgs)):
|
mac = hmac.new(key_m, ciphertext, hashlib.sha256).digest()
|
||||||
n = ecdsa.util.randrange( pow(2,256) )
|
ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
|
||||||
Mx = str_to_long(msgs[i])
|
|
||||||
My, xoffset = ECC_YfromX(Mx, curved)
|
encrypted = 'BIE1' + hash_160(pubkey) + ephemeral_pubkey + iv + ciphertext + mac
|
||||||
M = Point( curved, Mx+xoffset, My, _r )
|
return base64.b64encode(encrypted)
|
||||||
T = P*n
|
|
||||||
U = pk*n + M
|
|
||||||
toadd = point_to_ser(T) + point_to_ser(U)
|
|
||||||
toadd = chr(ord(toadd[0])-2 + 2*xoffset) + toadd[1:]
|
|
||||||
r += toadd
|
|
||||||
|
|
||||||
return base64.b64encode(public_header(pubkey,0) + r)
|
|
||||||
|
|
||||||
|
|
||||||
def decrypt_message(self, enc):
|
def decrypt_message(self, encrypted):
|
||||||
G = generator_secp256k1
|
|
||||||
curved = curve_secp256k1
|
encrypted = base64.b64decode(encrypted)
|
||||||
pvk = self.secret
|
|
||||||
pubkeys = [point_to_ser(G*pvk,True), point_to_ser(G*pvk,False)]
|
if len(encrypted) < 105:
|
||||||
enc = base64.b64decode(enc)
|
raise Exception('invalid ciphertext: length')
|
||||||
str_to_long = string_to_number
|
|
||||||
|
magic = encrypted[:4]
|
||||||
|
recipient_pubkeyhash = encrypted[4:24]
|
||||||
|
ephemeral_pubkey = encrypted[24:57]
|
||||||
|
iv = encrypted[57:73]
|
||||||
|
ciphertext = encrypted[73:-32]
|
||||||
|
mac = encrypted[-32:]
|
||||||
|
|
||||||
|
if magic != 'BIE1':
|
||||||
|
raise Exception('invalid ciphertext: invalid magic bytes')
|
||||||
|
|
||||||
|
if hash_160(self.get_public_key().decode('hex')) != recipient_pubkeyhash:
|
||||||
|
raise Exception('invalid ciphertext: invalid key')
|
||||||
|
|
||||||
|
try:
|
||||||
|
ephemeral_pubkey = ser_to_point(ephemeral_pubkey)
|
||||||
|
except AssertionError, e:
|
||||||
|
raise Exception('invalid ciphertext: invalid ephemeral pubkey')
|
||||||
|
|
||||||
assert enc[:2]=='\x6a\x6a'
|
if not ecdsa.ecdsa.point_is_valid(generator_secp256k1, ephemeral_pubkey.x(), ephemeral_pubkey.y()):
|
||||||
|
raise Exception('invalid ciphertext: invalid ephemeral pubkey')
|
||||||
phv = str_to_long(enc[2])
|
|
||||||
assert phv==0, "Can't read version %d public header"%phv
|
|
||||||
hs = str_to_long(enc[3:5])
|
|
||||||
public_header=enc[5:5+hs]
|
|
||||||
checksum_pubkey=public_header[:2]
|
|
||||||
address=filter(lambda x:sha256(x)[:2]==checksum_pubkey, pubkeys)
|
|
||||||
assert len(address)>0, 'Bad private key'
|
|
||||||
address=address[0]
|
|
||||||
enc=enc[5+hs:]
|
|
||||||
r = ''
|
|
||||||
for Tser,User in map(lambda x:[x[:33],x[33:]], chunks(enc,66)):
|
|
||||||
ots = ord(Tser[0])
|
|
||||||
xoffset = ots>>1
|
|
||||||
Tser = chr(2+(ots&1))+Tser[1:]
|
|
||||||
T = ser_to_point(Tser)
|
|
||||||
U = ser_to_point(User)
|
|
||||||
V = T*pvk
|
|
||||||
Mcalc = U + negative_point(V)
|
|
||||||
r += ('%064x'%(Mcalc.x()-xoffset)).decode('hex')
|
|
||||||
|
|
||||||
pvhv = str_to_long(r[0])
|
|
||||||
assert pvhv==0, "Can't read version %d private header"%pvhv
|
|
||||||
phs = str_to_long(r[1:3])
|
|
||||||
private_header = r[3:3+phs]
|
|
||||||
size = str_to_long(private_header[:4])
|
|
||||||
checksum = private_header[4:6]
|
|
||||||
r = r[3+phs:]
|
|
||||||
|
|
||||||
msg = r[:size]
|
|
||||||
hashmsg = sha256(msg)[:2]
|
|
||||||
checksumok = hashmsg==checksum
|
|
||||||
|
|
||||||
return [msg, checksumok, address]
|
|
||||||
|
|
||||||
|
ecdh_key = (ephemeral_pubkey * self.privkey.secret_multiplier).x()
|
||||||
|
ecdh_key = ('%064x' % ecdh_key).decode('hex')
|
||||||
|
key = hashlib.sha512(ecdh_key).digest()
|
||||||
|
key_e, key_m = key[:32], key[32:]
|
||||||
|
if mac != hmac.new(key_m, ciphertext, hashlib.sha256).digest():
|
||||||
|
raise Exception('invalid ciphertext: invalid mac')
|
||||||
|
|
||||||
|
return aes.decryptData(key_e, iv + ciphertext)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -779,7 +750,7 @@ def test_crypto():
|
||||||
|
|
||||||
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
#test_crypto()
|
test_crypto()
|
||||||
test_bip32("000102030405060708090a0b0c0d0e0f", "m/0'/1/2'/2/1000000000")
|
test_bip32("000102030405060708090a0b0c0d0e0f", "m/0'/1/2'/2/1000000000")
|
||||||
test_bip32("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542","m/0/2147483647'/1/2147483646'/2")
|
test_bip32("fffcf9f6f3f0edeae7e4e1dedbd8d5d2cfccc9c6c3c0bdbab7b4b1aeaba8a5a29f9c999693908d8a8784817e7b7875726f6c696663605d5a5754514e4b484542","m/0/2147483647'/1/2147483646'/2")
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue