def encrypt_message(pubkey, message, display_only):
pk = tools.public_key_to_point(pubkey)
if not ecdsa.ecdsa.point_is_valid(ecdsa.ecdsa.generator_secp256k1, pk.x(), pk.y()):
raise Exception('invalid pubkey')
deter = hmac.new(message, pubkey, sha512).digest()
secexp, iv = deter[:32], deter[32:48]
ephemeral_exponent = ecdsa.util.number_to_string(ecdsa.util.string_to_number(secexp), ecdsa.ecdsa.generator_secp256k1.order())
ephemeral = tools.EcKey(ephemeral_exponent)
ecdh_key = (pk * ephemeral.privkey.secret_multiplier).x()
ecdh_key = ('%064x' % ecdh_key).decode('hex')
if display_only:
ecdh_key += '\x00'
key = sha512(ecdh_key).digest()
key_e, key_m = key[:32], key[32:]
assert len(message) % 16 == 0
aes = pyaes.AESModeOfOperationCBC(key=key_e, iv=iv)
ciphertext = ''.join([aes.encrypt(message[i:i+16]) for i in range(0, len(message), 16)])
ephemeral_pubkey = ephemeral.get_public_key(compressed=True).decode('hex')
encrypted = 'BIE1' + ephemeral_pubkey + iv + ciphertext
mac = hmac.new(key_m, encrypted, sha256).digest()
return encrypted + mac
def decrypt_message(bip32, address_n, nonce_pub, payload, msg_hmac):
priv_node = bip32.get_private_node(address_n)
priv_key = tools.EcKey(priv_node.private_key)
shared_secret_point = tools.public_key_to_point(nonce_pub) * priv_key.privkey.secret_multiplier
shared_secret = tools.point_to_public_key(shared_secret_point, True)
keying_bytes = PBKDF2(shared_secret, "Bitcoin Secure Message" + nonce_pub, iterations=2048, macmodule=hmac, digestmodule=sha256).read(80)
aes_key = keying_bytes[:32]
hmac_key = keying_bytes[32:64]
aes_iv = keying_bytes[64:]
msg_hmac_new = hmac.HMAC(key=hmac_key, msg=payload, digestmod=sha256).digest()[:8]
if msg_hmac_new != msg_hmac:
raise Exception('Message_HMAC does not match')
decrypter = pyaes.Decrypter(pyaes.AESModeOfOperationCFB(key=aes_key, iv=aes_iv, segment_size=16))
payload = decrypter.feed(payload) + decrypter.feed()
if not ord(payload[0]) in [0x00, 0x01, 0x80, 0x81]:
raise Exception('AES decryption failed')
signing = (ord(payload[0]) & 0x01) > 0
display_only = (ord(payload[0]) & 0x80) > 0
if signing:
message = tools.deser_length_string(payload[1:-(21+65)])
address_bin = payload[-(21+65):-65]
signature = payload[-65:]
address = tools.hash_160_to_bc_address(address_bin[1:], ord(address_bin[0]))
verify_message(address, signature, message)
else:
message = tools.deser_length_string(payload[1:])
address = None
return (message, address, display_only)
def decrypt_message(bip32, address_n, encrypted):
if len(encrypted) < 85:
raise Exception('invalid ciphertext length')
magic = encrypted[:4]
ephemeral_pubkey = encrypted[4:37]
iv = encrypted[37:53]
ciphertext = encrypted[53:-32]
mac = encrypted[-32:]
if magic != 'BIE1':
raise Exception('invalid ciphertext: invalid magic bytes')
try:
ephemeral_pubkey = tools.public_key_to_point(ephemeral_pubkey)
except AssertionError, e:
raise Exception('invalid ciphertext: invalid ephemeral pubkey')
def encrypt_message(pubkey, message, display_only, bip32, coin, address_n):
if len(address_n) > 0:
priv_node = bip32.get_private_node(address_n)
priv_key = tools.EcKey(priv_node.private_key)
signing = True
else:
signing = False
if signing:
if display_only:
payload = chr(0x80 + 1)
else:
payload = chr(1)
address, signature = sign_message(bip32, coin, address_n, message)
address_bin = tools.bc_address_decode(address)[:21]
payload += tools.ser_length(len(message)) + message + address_bin + signature
else:
if display_only:
payload = chr(0x80)
else:
payload = chr(0)
payload += tools.ser_length(len(message)) + message
nonce = tools.get_local_entropy()
nonce_key = tools.EcKey(nonce)
nonce_pub = binascii.unhexlify(nonce_key.get_public_key(True))
dest_pub = tools.public_key_to_point(pubkey)
shared_secret_point = dest_pub * nonce_key.privkey.secret_multiplier
shared_secret = tools.point_to_public_key(shared_secret_point, True)
keying_bytes = PBKDF2(shared_secret, "Bitcoin Secure Message" + nonce_pub, iterations=2048, macmodule=hmac, digestmodule=sha256).read(80)
aes_key = keying_bytes[:32]
hmac_key = keying_bytes[32:64]
aes_iv = keying_bytes[64:]
encrypter = pyaes.Encrypter(pyaes.AESModeOfOperationCFB(key=aes_key, iv=aes_iv, segment_size=16))
payload = encrypter.feed(payload) + encrypter.feed()
msg_hmac = hmac.HMAC(key=hmac_key, msg=payload, digestmod=sha256).digest()[:8]
return (nonce_pub, payload, msg_hmac)
