implement support for dynamic decryption algorithms

doersf · doersf · commit 75a3bc9f5605 · 2021-06-06T18:03:40.000-07:00
diff --git a/block_io/__init__.py b/block_io/__init__.py
@@ -104,11 +104,41 @@ class Helper:
         @staticmethod
         def pinToAesKey(pin, salt = "", iterations = 2048, hashfn = sha256, phase1_key_length = 16, phase2_key_length = 32):
             # use pbkdf2 magic
-            # ( password, keylen, salt = "", itercount = 1024, hashfn = sha256 )
             ret = pbkdf2.pbkdf2(pin, phase1_key_length, salt, int(iterations/2), hashfn)
             ret = pbkdf2.pbkdf2(hexlify(ret), phase2_key_length, salt, int(iterations/2), hashfn)
             return hexlify(ret) # the encryption key
 
+        @staticmethod
+        def dynamicExtractKey(user_key, pin):
+            # uses the algorithm specified in the user_key object
+            # if no algorithm specified, uses the following default (legacy)
+            
+            algorithm = {
+                "pbkdf2_salt": "",
+                "pbkdf2_iterations": 2048,
+                "pbkdf2_hash_function": "SHA256",
+                "pbkdf2_phase1_key_length": 16,
+                "pbkdf2_phase2_key_length": 32,
+                "aes_iv": None,
+                "aes_cipher": "AES-256-ECB",
+                "aes_auth_tag": None,
+                "aes_auth_data": None
+            }
+
+            if 'algorithm' in user_key:
+                algorithm = user_key['algorithm']
+
+            if algorithm['pbkdf2_hash_function'] != "SHA256":
+                raise Exception("Unknown hash function specified. Are you using current version of this library?")
+            
+            aes_key = BlockIo.Helper.pinToAesKey(pin, algorithm['pbkdf2_salt'], algorithm['pbkdf2_iterations'],
+                                  sha256, algorithm['pbkdf2_phase1_key_length'], algorithm['pbkdf2_phase2_key_length'])
+
+            decrypted = BlockIo.Helper.decrypt(user_key['encrypted_passphrase'], aes_key,
+                                               algorithm['aes_iv'], algorithm['aes_cipher'], algorithm['aes_auth_tag'])
+
+            return BlockIo.Key.from_passphrase(unhexlify(decrypted))
+        
         @staticmethod
         def extractKey(encrypted_data, enc_key_hex):
             # encryption key is in hex
@@ -304,15 +334,13 @@ def create_and_sign_transaction(self, prepare_data, keys = []):
             cur_key = PrivateKey(secret_exponent=int(cur_key_hex,16))
             self.private_keys[cur_key.get_public_key().to_hex(compressed=True)] = cur_key
 
-        if self.encryption_key is None and self.pin is None and 'user_key' in prepare_data['data']:
+        if self.pin is None and 'user_key' in prepare_data['data'] and prepare_data['data']['user_key']['public_key'] not in self.private_keys:
             raise BlockIoUnknownError("No PIN provided to decrypt signer private key.")
         
-        if self.encryption_key is None and 'user_key' in prepare_data['data']:
-            self.encryption_key = self.Helper.pinToAesKey(self.pin)
-
         # decrypt the signer private key if we can
-        if self.encryption_key is not None and 'user_key' in prepare_data['data']:
-            key = self.Helper.extractKey(prepare_data['data']['user_key']['encrypted_passphrase'], self.encryption_key)
+        if self.pin is not None and 'user_key' in prepare_data['data'] and prepare_data['data']['user_key']['public_key'] not in self.private_keys:
+
+            key = self.Helper.dynamicExtractKey(prepare_data['data']['user_key'], self.pin)
 
             if (key.pubkey_hex().decode('utf-8') != prepare_data['data']['user_key']['public_key']):
                 raise Exception("Expected pubkey=",prepare_data['data']['user_key']['public_key'],"but got pubkey=",key.pubkey_hex(),". Invalid PIN provided.")
diff --git a/setup.py b/setup.py
@@ -4,7 +4,7 @@
     long_description = fh.read()
     
 setup(name='block-io',
-      version='2.0.3',
+      version='2.0.4',
       description='The easiest way to integrate Bitcoin, Dogecoin and Litecoin in your applications. Sign up at Block.io for your API key.',
       url='https://github.com/BlockIo/block_io-python',
       author='Atif Nazir',
diff --git a/tests/test_blockio.py b/tests/test_blockio.py
@@ -3,6 +3,7 @@
 import os
 import unittest
 import time
+import json
 
 from struct import pack
 from types import *
@@ -82,6 +83,28 @@ def test_aes256gcm_encryption(self):
         cleartext = BlockIo.Helper.decrypt(result['aes_cipher_text'], key, result['aes_iv'], result['aes_cipher'], result['aes_auth_tag'])
         self.assertEqual(cleartext, clear.encode('utf-8'))
 
+    def test_dynamic_extract_key_aes256ecb(self):
+        
+        user_key = json.loads('{"encrypted_passphrase":"3wIJtPoC8KO6S7x6LtrN0g==","public_key":"02f87f787bffb30396984cb6b3a9d6830f32d5b656b3e39b0abe4f3b3c35d99323","algorithm":{"pbkdf2_salt":"","pbkdf2_iterations":2048,"pbkdf2_hash_function":"SHA256","pbkdf2_phase1_key_length":16,"pbkdf2_phase2_key_length":32,"aes_iv":null,"aes_cipher":"AES-256-ECB","aes_auth_tag":null,"aes_auth_data":null}}')
+
+        key = BlockIo.Helper.dynamicExtractKey(user_key, "deadbeef")
+        self.assertEqual(key.pubkey_hex(), BlockIo.Key.from_passphrase(unhexlify("beadbeef")).pubkey_hex())
+        
+    def test_dynamic_extract_key_aes256cbc(self):
+
+        user_key = json.loads('{"encrypted_passphrase":"LExu1rUAtIBOekslc328Lw==","public_key":"02f87f787bffb30396984cb6b3a9d6830f32d5b656b3e39b0abe4f3b3c35d99323","algorithm":{"pbkdf2_salt":"922445847c173e90667a19d90729e1fb","pbkdf2_iterations":500000,"pbkdf2_hash_function":"SHA256","pbkdf2_phase1_key_length":16,"pbkdf2_phase2_key_length":32,"aes_iv":"11bc22166c8cf8560e5fa7e5c622bb0f","aes_cipher":"AES-256-CBC","aes_auth_tag":null,"aes_auth_data":null}}')
+
+        key = BlockIo.Helper.dynamicExtractKey(user_key, "deadbeef")
+        self.assertEqual(key.pubkey_hex(), BlockIo.Key.from_passphrase(unhexlify("beadbeef")).pubkey_hex())
+        
+    def test_dynamic_extract_key_aes256gcm(self):
+        
+        user_key = json.loads('{"encrypted_passphrase":"ELV56Z57KoA=","public_key":"02f87f787bffb30396984cb6b3a9d6830f32d5b656b3e39b0abe4f3b3c35d99323","algorithm":{"pbkdf2_salt":"922445847c173e90667a19d90729e1fb","pbkdf2_iterations":500000,"pbkdf2_hash_function":"SHA256","pbkdf2_phase1_key_length":16,"pbkdf2_phase2_key_length":32,"aes_iv":"a57414b88b67f977829cbdca","aes_cipher":"AES-256-GCM","aes_auth_tag":"adeb7dfe53027bdda5824dc524d5e55a","aes_auth_data":""}}')
+
+        key = BlockIo.Helper.dynamicExtractKey(user_key, "deadbeef")
+        self.assertEqual(key.pubkey_hex(), BlockIo.Key.from_passphrase(unhexlify("beadbeef")).pubkey_hex())
+        
+    
 class TestKeys(unittest.TestCase):
     def setUp(self):
         self.priv = "6b0e34587dece0ef042c4c7205ce6b3d4a64d0bc484735b9325f7971a0ead963"
