From dd3dee5b7a79696654caa71e313e6774378644a8 Mon Sep 17 00:00:00 2001 From: Sergi Delgado Segura Date: Thu, 20 Jun 2019 18:26:34 +0100 Subject: [PATCH] Replaces KDF Uses H(txid) for locator and H(txid|txid) for master_key now --- pisa-btc/apps/blob.py | 25 ++++++++----------------- pisa-btc/pisa/encrypted_blob.py | 25 +++++++------------------ 2 files changed, 15 insertions(+), 35 deletions(-) diff --git a/pisa-btc/apps/blob.py b/pisa-btc/apps/blob.py index 6c751ff..5a12c06 100644 --- a/pisa-btc/apps/blob.py +++ b/pisa-btc/apps/blob.py @@ -1,9 +1,7 @@ from binascii import hexlify, unhexlify +from hashlib import sha256 from cryptography.hazmat.primitives.ciphers.aead import AESGCM -from cryptography.hazmat.primitives.kdf.hkdf import HKDF -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.backends import default_backend -from conf import SALT, SUPPORTED_HASH_FUNCTIONS, SUPPORTED_CIPHERS +from conf import SUPPORTED_HASH_FUNCTIONS, SUPPORTED_CIPHERS class Blob: @@ -31,19 +29,12 @@ class Blob: # Extend the key using HKDF tx_id = unhexlify(tx_id) - hkdf = HKDF( - algorithm=hashes.SHA256(), - length=32, - salt=SALT.encode(), - info=None, - backend=default_backend() - ) + # master_key = H(tx_id | tx_id) + master_key = sha256(tx_id + tx_id).digest() - extended_key = hkdf.derive(tx_id[16:]) - - # The 16 MSB of the extended key will serve as the AES GCM 128 secret key. The 16 LSB will serve as the IV. - sk = extended_key[:16] - nonce = extended_key[16:] + # The 16 MSB of the master key will serve as the AES GCM 128 secret key. The 16 LSB will serve as the IV. + sk = master_key[:16] + nonce = master_key[16:] # Encrypt the data aesgcm = AESGCM(sk) @@ -52,7 +43,7 @@ class Blob: if debug: logging.info("[Client] creating new blob") - logging.info("[Client] master key: {}".format(hexlify(tx_id[16:]).decode())) + logging.info("[Client] master key: {}".format(hexlify(master_key).decode())) logging.info("[Client] sk: {}".format(hexlify(sk).decode())) logging.info("[Client] nonce: {}".format(hexlify(nonce).decode())) logging.info("[Client] encrypted_blob: {}".format(encrypted_blob)) diff --git a/pisa-btc/pisa/encrypted_blob.py b/pisa-btc/pisa/encrypted_blob.py index 9832b00..49fd4af 100644 --- a/pisa-btc/pisa/encrypted_blob.py +++ b/pisa-btc/pisa/encrypted_blob.py @@ -1,9 +1,6 @@ from binascii import unhexlify, hexlify +from hashlib import sha256 from cryptography.hazmat.primitives.ciphers.aead import AESGCM -from cryptography.hazmat.primitives.kdf.hkdf import HKDF -from cryptography.hazmat.primitives import hashes -from cryptography.hazmat.backends import default_backend -from conf import SALT class EncryptedBlob: @@ -11,24 +8,16 @@ class EncryptedBlob: self.data = data def decrypt(self, key, debug, logging): - # Extend the key using HKDF - hkdf = HKDF( - algorithm=hashes.SHA256(), - length=32, - salt=SALT.encode(), - info=None, - backend=default_backend() - ) + # master_key = H(tx_id | tx_id) + master_key = sha256(key + key).digest() - extended_key = hkdf.derive(key) - - # The 16 MSB of the extended key will serve as the AES GCM 128 secret key. The 16 LSB will serve as the IV. - sk = extended_key[:16] - nonce = extended_key[16:] + # The 16 MSB of the master key will serve as the AES GCM 128 secret key. The 16 LSB will serve as the IV. + sk = master_key[:16] + nonce = master_key[16:] if debug: logging.info("[Watcher] creating new blob") - logging.info("[Watcher] master key: {}".format(hexlify(key).decode())) + logging.info("[Watcher] master key: {}".format(hexlify(master_key).decode())) logging.info("[Watcher] sk: {}".format(hexlify(sk).decode())) logging.info("[Watcher] nonce: {}".format(hexlify(nonce).decode())) logging.info("[Watcher] encrypted_blob: {}".format(self.data))