chaintool/funga-eth
4
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Implement PBKDF2 support in keyfile

Browse Source 
---

Squashed commit of the following:

commit 4a4f76b19c
Author: idaapayo <idaapayo@gmail.com>
Date:   Mon Jan 24 20:12:34 2022 +0300

    remove unused import and renaming pbkdf2 default params

commit 23a94c3ba1
Author: idaapayo <idaapayo@gmail.com>
Date:   Mon Jan 24 20:07:22 2022 +0300

    defaulting to scrypt in to_dict fun

commit 1c0047398a
Author: idaapayo <idaapayo@gmail.com>
Date:   Mon Jan 24 15:12:38 2022 +0300

    making final review  changes

commit 0a4f3eaa98
Merge: b208533 903f659
Author: Mohamed Sohail <kamikazechaser@noreply.localhost>
Date:   Mon Jan 24 11:10:35 2022 +0000

    Merge branch 'master' into Ida/pbkdf2

commit b20853312d
Author: idaapayo <idaapayo@gmail.com>
Date:   Mon Jan 24 13:23:12 2022 +0300

    review changes with tests

commit b9c6db414b
Author: idaapayo <idaapayo@gmail.com>
Date:   Fri Jan 21 11:13:35 2022 +0300

    making review changes

commit 1f5d057a9a
Author: idaapayo <idaapayo@gmail.com>
Date:   Wed Jan 19 14:37:22 2022 +0300

    second pbkdf2 implementation

commit 01598a8c59
Author: idaapayo <idaapayo@gmail.com>
Date:   Wed Jan 19 13:49:29 2022 +0300

    pkdf2 implementation
This commit is contained in:
lash
2022-01-24 17:54:59 +00:00
parent 903f65936e
commit e5cd1cad58
5 changed files with 151 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
funga/eth/keystore/keyfile.py
View File

@@ -13,28 +13,35 @@ import sha3
# local imports
from funga.error import (
DecryptError,
KeyfileError,
)
DecryptError,
KeyfileError,
)
from funga.eth.encoding import private_key_to_address
logg = logging.getLogger(__name__)
algo_keywords = [
'aes-128-ctr',
]
]
hash_keywords = [
'scrypt'
]
'scrypt',
'pbkdf2'
]
default_kdfparams = {
default_scrypt_kdfparams = {
'dklen': 32,
'n': 1 << 18,
'p': 1,
'r': 8,
'salt': os.urandom(32).hex(),
}
}
default_pbkdf2_kdfparams = {
'c': 100000,
'dklen': 32,
'prf': 'sha256',
'salt': os.urandom(32).hex(),
}
def to_mac(mac_key, ciphertext_bytes):
h = sha3.keccak_256()
@@ -46,18 +53,32 @@ def to_mac(mac_key, ciphertext_bytes):
class Hashes:
@staticmethod
def from_scrypt(kdfparams=default_kdfparams, passphrase=''):
dklen = int(kdfparams['dklen'])
n = int(kdfparams['n'])
p = int(kdfparams['p'])
r = int(kdfparams['r'])
def from_scrypt(kdfparams=default_scrypt_kdfparams, passphrase=''):
dklen = int(kdfparams['dklen'])
n = int(kdfparams['n'])
p = int(kdfparams['p'])
r = int(kdfparams['r'])
salt = bytes.fromhex(kdfparams['salt'])
return hashlib.scrypt(passphrase.encode('utf-8'), salt=salt,n=n, p=p, r=r, maxmem=1024*1024*1024, dklen=dklen)
return hashlib.scrypt(passphrase.encode('utf-8'), salt=salt, n=n, p=p, r=r, maxmem=1024 * 1024 * 1024,
dklen=dklen)
@staticmethod
def from_pbkdf2(kdfparams=default_pbkdf2_kdfparams, passphrase=''):
if kdfparams['prf'] == 'hmac-sha256':
kdfparams['prf'].replace('hmac-sha256','sha256')
derived_key = hashlib.pbkdf2_hmac(
hash_name='sha256',
password=passphrase.encode('utf-8'),
salt=bytes.fromhex(kdfparams['salt']),
iterations=int(kdfparams['c']),
dklen=int(kdfparams['dklen'])
)
return derived_key
class Ciphers:
aes_128_block_size = 1 << 7
aes_iv_len = 16
@@ -68,7 +89,6 @@ class Ciphers:
plaintext = cipher.decrypt(ciphertext)
return plaintext
@staticmethod
def encrypt_aes_128_ctr(plaintext, encryption_key, iv):
ctr = Counter.new(Ciphers.aes_128_block_size, initial_value=iv)
@@ -77,11 +97,19 @@ class Ciphers:
return ciphertext
def to_dict(private_key_bytes, passphrase=''):
def to_dict(private_key_bytes, kdf='scrypt', passphrase=''):
private_key = coincurve.PrivateKey(secret=private_key_bytes)
encryption_key = Hashes.from_scrypt(passphrase=passphrase)
if kdf == 'scrypt':
encryption_key = Hashes.from_scrypt(passphrase=passphrase)
kdfparams = default_scrypt_kdfparams
elif kdf == 'pbkdf2':
encryption_key = Hashes.from_pbkdf2(passphrase=passphrase)
kdfparams = pbkdf2_kdfparams
else:
raise NotImplementedError("KDF not implemented: {0}".format(kdf))
address_hex = private_key_to_address(private_key)
iv_bytes = os.urandom(Ciphers.aes_iv_len)
@@ -95,11 +123,11 @@ def to_dict(private_key_bytes, passphrase=''):
'ciphertext': ciphertext_bytes.hex(),
'cipherparams': {
'iv': iv_bytes.hex(),
},
'kdf': 'scrypt',
'kdfparams': default_kdfparams,
},
'kdf': kdf,
'kdfparams': kdfparams,
'mac': mac.hex(),
}
}
uu = uuid.uuid1()
o = {
@@ -107,12 +135,11 @@ def to_dict(private_key_bytes, passphrase=''):
'version': 3,
'crypto': crypto_dict,
'id': str(uu),
}
}
return o
def from_dict(o, passphrase=''):
cipher = o['crypto']['cipher']
if cipher not in algo_keywords:
raise NotImplementedError('cipher "{}" not implemented'.format(cipher))
@@ -121,19 +148,19 @@ def from_dict(o, passphrase=''):
if kdf not in hash_keywords:
raise NotImplementedError('kdf "{}" not implemented'.format(kdf))
m = getattr(Hashes, 'from_{}'.format(kdf.replace('-', '_')))
m = getattr(Hashes, 'from_{}'.format(kdf.replace('-', '_')))
decryption_key = m(o['crypto']['kdfparams'], passphrase)
control_mac = bytes.fromhex(o['crypto']['mac'])
iv_bytes = bytes.fromhex(o['crypto']['cipherparams']['iv'])
iv = int.from_bytes(iv_bytes, "big")
ciphertext_bytes = bytes.fromhex(o['crypto']['ciphertext'])
# check mac
calculated_mac = to_mac(decryption_key[16:], ciphertext_bytes)
if control_mac != calculated_mac:
raise DecryptError('mac mismatch when decrypting passphrase')
m = getattr(Ciphers, 'decrypt_{}'.format(cipher.replace('-', '_')))
try:
@@ -145,7 +172,6 @@ def from_dict(o, passphrase=''):
def from_file(filepath, passphrase=''):
f = open(filepath, 'r')
try:
o = json.load(f)