ecies: use the same KDF to derive aes init vector and aes and hmac keys.
This commit is contained in:
parent
eed37c41b5
commit
a97375dbb4
|
@ -46,6 +46,31 @@ EncodeAES = lambda secret, s: base64.b64encode(aes.encryptData(secret,s))
|
||||||
DecodeAES = lambda secret, e: aes.decryptData(secret, base64.b64decode(e))
|
DecodeAES = lambda secret, e: aes.decryptData(secret, base64.b64decode(e))
|
||||||
|
|
||||||
|
|
||||||
|
def aes_encrypt_with_iv(key, iv, data):
|
||||||
|
mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
|
||||||
|
key = map(ord, key)
|
||||||
|
iv = map(ord, iv)
|
||||||
|
data = aes.append_PKCS7_padding(data)
|
||||||
|
keysize = len(key)
|
||||||
|
assert keysize in aes.AES.keySize.values(), 'invalid key size: %s' % keysize
|
||||||
|
moo = aes.AESModeOfOperation()
|
||||||
|
(mode, length, ciph) = moo.encrypt(data, mode, key, keysize, iv)
|
||||||
|
return ''.join(map(chr, ciph))
|
||||||
|
|
||||||
|
def aes_decrypt_with_iv(key, iv, data):
|
||||||
|
mode = aes.AESModeOfOperation.modeOfOperation["CBC"]
|
||||||
|
key = map(ord, key)
|
||||||
|
iv = map(ord, iv)
|
||||||
|
keysize = len(key)
|
||||||
|
assert keysize in aes.AES.keySize.values(), 'invalid key size: %s' % keysize
|
||||||
|
data = map(ord, data)
|
||||||
|
moo = aes.AESModeOfOperation()
|
||||||
|
decr = moo.decrypt(data, None, mode, key, keysize, iv)
|
||||||
|
decr = aes.strip_PKCS7_padding(decr)
|
||||||
|
return decr
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def pw_encode(s, password):
|
def pw_encode(s, password):
|
||||||
if password:
|
if password:
|
||||||
secret = Hash(password)
|
secret = Hash(password)
|
||||||
|
@ -521,15 +546,12 @@ class EC_KEY(object):
|
||||||
|
|
||||||
ephemeral_exponent = number_to_string(ecdsa.util.randrange(pow(2,256)), generator_secp256k1.order())
|
ephemeral_exponent = number_to_string(ecdsa.util.randrange(pow(2,256)), generator_secp256k1.order())
|
||||||
ephemeral = EC_KEY(ephemeral_exponent)
|
ephemeral = EC_KEY(ephemeral_exponent)
|
||||||
|
|
||||||
ecdh_key = point_to_ser(pk * ephemeral.privkey.secret_multiplier)
|
ecdh_key = point_to_ser(pk * ephemeral.privkey.secret_multiplier)
|
||||||
key = hashlib.sha512(ecdh_key).digest()
|
key = hashlib.sha512(ecdh_key).digest()
|
||||||
key_e, key_m = key[:32], key[32:]
|
iv, key_e, key_m = key[0:16], key[16:32], key[32:]
|
||||||
|
ciphertext = aes_encrypt_with_iv(key_e, iv, message)
|
||||||
iv_ciphertext = aes.encryptData(key_e, message)
|
|
||||||
|
|
||||||
ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
|
ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
|
||||||
encrypted = 'BIE1' + ephemeral_pubkey + iv_ciphertext
|
encrypted = 'BIE1' + ephemeral_pubkey + ciphertext
|
||||||
mac = hmac.new(key_m, encrypted, hashlib.sha256).digest()
|
mac = hmac.new(key_m, encrypted, hashlib.sha256).digest()
|
||||||
|
|
||||||
return base64.b64encode(encrypted + mac)
|
return base64.b64encode(encrypted + mac)
|
||||||
|
@ -544,7 +566,7 @@ class EC_KEY(object):
|
||||||
|
|
||||||
magic = encrypted[:4]
|
magic = encrypted[:4]
|
||||||
ephemeral_pubkey = encrypted[4:37]
|
ephemeral_pubkey = encrypted[4:37]
|
||||||
iv_ciphertext = encrypted[37:-32]
|
ciphertext = encrypted[37:-32]
|
||||||
mac = encrypted[-32:]
|
mac = encrypted[-32:]
|
||||||
|
|
||||||
if magic != 'BIE1':
|
if magic != 'BIE1':
|
||||||
|
@ -560,11 +582,11 @@ class EC_KEY(object):
|
||||||
|
|
||||||
ecdh_key = point_to_ser(ephemeral_pubkey * self.privkey.secret_multiplier)
|
ecdh_key = point_to_ser(ephemeral_pubkey * self.privkey.secret_multiplier)
|
||||||
key = hashlib.sha512(ecdh_key).digest()
|
key = hashlib.sha512(ecdh_key).digest()
|
||||||
key_e, key_m = key[:32], key[32:]
|
iv, key_e, key_m = key[0:16], key[16:32], key[32:]
|
||||||
if mac != hmac.new(key_m, encrypted[:-32], hashlib.sha256).digest():
|
if mac != hmac.new(key_m, encrypted[:-32], hashlib.sha256).digest():
|
||||||
raise Exception('invalid ciphertext: invalid mac')
|
raise Exception('invalid ciphertext: invalid mac')
|
||||||
|
|
||||||
return aes.decryptData(key_e, iv_ciphertext)
|
return aes_decrypt_with_iv(key_e, iv, ciphertext)
|
||||||
|
|
||||||
|
|
||||||
###################################### BIP32 ##############################
|
###################################### BIP32 ##############################
|
||||||
|
|
Loading…
Reference in New Issue