ecies: use the same KDF to derive aes init vector and aes and hmac keys.

2014-09-01 14:57:08 +02:00 · 2014-09-01 14:57:08 +02:00 · a97375dbb4
parent eed37c41b5
commit a97375dbb4
1 changed files with 31 additions and 9 deletions
--- a/lib/bitcoin.py
+++ b/lib/bitcoin.py
@ -46,6 +46,31 @@ EncodeAES = lambda secret, s: base64.b64encode(aes.encryptData(secret,s))
 DecodeAES = lambda secret, e: aes.decryptData(secret, base64.b64decode(e))


+def aes_encrypt_with_iv(key, iv, data):
+    mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
+    key = map(ord, key)
+    iv = map(ord, iv)
+    data = aes.append_PKCS7_padding(data)
+    keysize = len(key)
+    assert keysize in aes.AES.keySize.values(), 'invalid key size: %s' % keysize
+    moo = aes.AESModeOfOperation()
+    (mode, length, ciph) = moo.encrypt(data, mode, key, keysize, iv)
+    return ''.join(map(chr, ciph))
+
+def aes_decrypt_with_iv(key, iv, data):
+    mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
+    key = map(ord, key)
+    iv = map(ord, iv)
+    keysize = len(key)
+    assert keysize in aes.AES.keySize.values(), 'invalid key size: %s' % keysize
+    data = map(ord, data)
+    moo = aes.AESModeOfOperation()
+    decr = moo.decrypt(data, None, mode, key, keysize, iv)
+    decr = aes.strip_PKCS7_padding(decr)
+    return decr
+
+
+
 def pw_encode(s, password):
    if password:
        secret = Hash(password)
@ -521,15 +546,12 @@ class EC_KEY(object):

        ephemeral_exponent = number_to_string(ecdsa.util.randrange(pow(2,256)), generator_secp256k1.order())
        ephemeral = EC_KEY(ephemeral_exponent)
-
        ecdh_key = point_to_ser(pk * ephemeral.privkey.secret_multiplier)
        key = hashlib.sha512(ecdh_key).digest()
-        key_e, key_m = key[:32], key[32:]
-
-        iv_ciphertext = aes.encryptData(key_e, message)
-
+        iv, key_e, key_m = key[0:16], key[16:32], key[32:]
+        ciphertext = aes_encrypt_with_iv(key_e, iv, message)
        ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
-        encrypted = 'BIE1' + ephemeral_pubkey + iv_ciphertext
+        encrypted = 'BIE1' + ephemeral_pubkey + ciphertext
        mac = hmac.new(key_m, encrypted, hashlib.sha256).digest()

        return base64.b64encode(encrypted + mac)
@ -544,7 +566,7 @@ class EC_KEY(object):

        magic = encrypted[:4]
        ephemeral_pubkey = encrypted[4:37]
-        iv_ciphertext = encrypted[37:-32]
+        ciphertext = encrypted[37:-32]
        mac = encrypted[-32:]

        if magic != 'BIE1':
@ -560,11 +582,11 @@ class EC_KEY(object):

        ecdh_key = point_to_ser(ephemeral_pubkey * self.privkey.secret_multiplier)
        key = hashlib.sha512(ecdh_key).digest()
-        key_e, key_m = key[:32], key[32:]
+        iv, key_e, key_m = key[0:16], key[16:32], key[32:]
        if mac != hmac.new(key_m, encrypted[:-32], hashlib.sha256).digest():
            raise Exception('invalid ciphertext: invalid mac')

-        return aes.decryptData(key_e, iv_ciphertext)
+        return aes_decrypt_with_iv(key_e, iv, ciphertext)


 ###################################### BIP32 ##############################