Ida/pbkdf2 #2
@ -24,7 +24,8 @@ algo_keywords = [
|
||||
'aes-128-ctr',
|
||||
]
|
||||
hash_keywords = [
|
||||
'scrypt'
|
||||
'scrypt',
|
||||
'pbkdf2'
|
||||
]
|
||||
|
||||
default_kdfparams = {
|
||||
@ -35,6 +36,12 @@ default_kdfparams = {
|
||||
'salt': os.urandom(32).hex(),
|
||||
}
|
||||
|
||||
pbkdf2_kdfparams = {
|
||||
'c': 100000,
|
||||
'dklen': 32,
|
||||
'prf': 'sha256',
|
||||
'salt': os.urandom(32).hex(),
|
||||
}
|
||||
|
||||
def to_mac(mac_key, ciphertext_bytes):
|
||||
h = sha3.keccak_256()
|
||||
@ -53,11 +60,29 @@ class Hashes:
|
||||
r = int(kdfparams['r'])
|
||||
salt = bytes.fromhex(kdfparams['salt'])
|
||||
|
||||
return hashlib.scrypt(passphrase.encode('utf-8'), salt=salt,n=n, p=p, r=r, maxmem=1024*1024*1024, dklen=dklen)
|
||||
return hashlib.scrypt(passphrase.encode('utf-8'), salt=salt, n=n, p=p, r=r, maxmem=1024 * 1024 * 1024,
|
||||
dklen=dklen)
|
||||
|
||||
@staticmethod
|
||||
def from_pbkdf2(kdfparams=pbkdf2_kdfparams, passphrase=''):
|
||||
hashname = kdfparams['prf']
|
||||
pwd = passphrase.encode('utf-8')
|
||||
salt = bytes.fromhex(kdfparams['salt'])
|
||||
itr = int(kdfparams['c'])
|
||||
dklen = int(kdfparams['dklen'])
|
||||
|
||||
derived_key = hashlib.pbkdf2_hmac(
|
||||
hash_name=hashname,
|
||||
password=pwd,
|
||||
salt=salt,
|
||||
iterations=itr,
|
||||
dklen=dklen
|
||||
)
|
||||
|
||||
return derived_key
|
||||
|
||||
|
||||
class Ciphers:
|
||||
|
||||
aes_128_block_size = 1 << 7
|
||||
aes_iv_len = 16
|
||||
|
||||
@ -68,7 +93,6 @@ class Ciphers:
|
||||
plaintext = cipher.decrypt(ciphertext)
|
||||
return plaintext
|
||||
|
||||
|
||||
@staticmethod
|
||||
def encrypt_aes_128_ctr(plaintext, encryption_key, iv):
|
||||
ctr = Counter.new(Ciphers.aes_128_block_size, initial_value=iv)
|
||||
@ -77,11 +101,19 @@ class Ciphers:
|
||||
return ciphertext
|
||||
|
||||
|
||||
def to_dict(private_key_bytes, passphrase=''):
|
||||
|
||||
def to_dict(private_key_bytes, kdf :str, passphrase=''):
|
||||
|
||||
private_key = coincurve.PrivateKey(secret=private_key_bytes)
|
||||
|
||||
if kdf == 'scrypt':
|
||||
encryption_key = Hashes.from_scrypt(passphrase=passphrase)
|
||||
kdfparams = default_kdfparams
|
||||
|
||||
elif kdf == 'pbkdf2':
|
||||
encryption_key = Hashes.from_pbkdf2(passphrase=passphrase)
|
||||
kdfparams = pbkdf2_kdfparams
|
||||
|
||||
else:
|
||||
raise NotImplementedError("KDF not implemented: {0}".format(kdf))
|
||||
|
||||
address_hex = private_key_to_address(private_key)
|
||||
iv_bytes = os.urandom(Ciphers.aes_iv_len)
|
||||
@ -96,8 +128,8 @@ def to_dict(private_key_bytes, passphrase=''):
|
||||
'cipherparams': {
|
||||
'iv': iv_bytes.hex(),
|
||||
},
|
||||
'kdf': 'scrypt',
|
||||
'kdfparams': default_kdfparams,
|
||||
'kdf': kdf,
|
||||
'kdfparams': kdfparams,
|
||||
'mac': mac.hex(),
|
||||
}
|
||||
|
||||
@ -112,7 +144,6 @@ def to_dict(private_key_bytes, passphrase=''):
|
||||
|
||||
|
||||
def from_dict(o, passphrase=''):
|
||||
|
||||
cipher = o['crypto']['cipher']
|
||||
if cipher not in algo_keywords:
|
||||
raise NotImplementedError('cipher "{}" not implemented'.format(cipher))
|
||||
@ -145,7 +176,6 @@ def from_dict(o, passphrase=''):
|
||||
|
||||
|
||||
def from_file(filepath, passphrase=''):
|
||||
|
||||
f = open(filepath, 'r')
|
||||
try:
|
||||
o = json.load(f)
|
||||
|
@ -16,6 +16,10 @@ from funga.eth.keystore.keyfile import (
|
||||
from_file,
|
||||
to_dict,
|
||||
)
|
||||
# from testkeyfile import (
|
||||
# from_file,
|
||||
# to_dict
|
||||
# )
|
||||
from funga.eth.encoding import (
|
||||
private_key_to_address,
|
||||
private_key_from_bytes,
|
||||
@ -77,7 +81,7 @@ def main():
|
||||
else:
|
||||
pk_bytes = os.urandom(32)
|
||||
pk = coincurve.PrivateKey(secret=pk_bytes)
|
||||
o = to_dict(pk_bytes, passphrase)
|
||||
o = to_dict(pk_bytes, 'pbkdf2', passphrase)
|
||||
r = json.dumps(o)
|
||||
|
||||
print(r)
|
||||
|
Loading…
Reference in New Issue
Block a user
This is a potentially breaking change if this method is being used elsewhere. I suggest we default to
scrypt
for now.