chipi-stack 2.0.0__py3-none-any.whl

chipi_sdk/encryption.py

@@ -0,0 +1,179 @@
+"""Encryption utilities for private key protection."""
+
+import base64
+import hashlib
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+
+
+def encrypt_private_key(private_key: str, password: str) -> str:
+    """
+    Encrypt private key using AES-256-CBC.
+    
+    This implementation is compatible with crypto-es library used in TypeScript SDK.
+    Uses OpenSSL-compatible format: "Salted__" + salt + ciphertext
+    
+    Args:
+        private_key: Private key to encrypt
+        password: Password for encryption
+        
+    Returns:
+        Base64 encoded encrypted string
+    """
+    # Generate random salt (8 bytes)
+    import os
+    salt = os.urandom(8)
+    
+    # Derive key and IV from password using OpenSSL's EVP_BytesToKey equivalent
+    # This matches crypto-es behavior
+    key_iv = _derive_key_and_iv(password.encode('utf-8'), salt, 32, 16)
+    key = key_iv[:32]
+    iv = key_iv[32:48]
+    
+    # Pad the private key (PKCS7 padding)
+    padded_key = _pkcs7_pad(private_key.encode('utf-8'), 16)
+    
+    # Encrypt
+    cipher = Cipher(
+        algorithms.AES(key),
+        modes.CBC(iv),
+        backend=default_backend()
+    )
+    encryptor = cipher.encryptor()
+    ciphertext = encryptor.update(padded_key) + encryptor.finalize()
+    
+    # Format as OpenSSL compatible: "Salted__" + salt + ciphertext
+    encrypted_data = b'Salted__' + salt + ciphertext
+    
+    # Base64 encode
+    return base64.b64encode(encrypted_data).decode('utf-8')
+
+
+def decrypt_private_key(encrypted_private_key: str, password: str) -> str:
+    """
+    Decrypt private key using AES-256-CBC.
+    
+    This implementation is compatible with crypto-es library used in TypeScript SDK.
+    
+    Args:
+        encrypted_private_key: Base64 encoded encrypted private key
+        password: Password for decryption
+        
+    Returns:
+        Decrypted private key
+        
+    Raises:
+        ValueError: If decryption fails
+    """
+    try:
+        # Decode base64
+        encrypted_data = base64.b64decode(encrypted_private_key)
+        
+        # Check for "Salted__" prefix
+        if not encrypted_data.startswith(b'Salted__'):
+            raise ValueError("Invalid encrypted data format")
+        
+        # Extract salt and ciphertext
+        salt = encrypted_data[8:16]
+        ciphertext = encrypted_data[16:]
+        
+        # Derive key and IV from password
+        key_iv = _derive_key_and_iv(password.encode('utf-8'), salt, 32, 16)
+        key = key_iv[:32]
+        iv = key_iv[32:48]
+        
+        # Decrypt
+        cipher = Cipher(
+            algorithms.AES(key),
+            modes.CBC(iv),
+            backend=default_backend()
+        )
+        decryptor = cipher.decryptor()
+        padded_plaintext = decryptor.update(ciphertext) + decryptor.finalize()
+        
+        # Remove PKCS7 padding
+        plaintext = _pkcs7_unpad(padded_plaintext)
+        
+        # Convert to string
+        decrypted = plaintext.decode('utf-8')
+        
+        if not decrypted:
+            raise ValueError("Decryption resulted in empty string")
+        
+        return decrypted
+    except Exception as e:
+        raise ValueError(f"Decryption failed: {str(e)}")
+
+
+def _derive_key_and_iv(password: bytes, salt: bytes, key_len: int, iv_len: int) -> bytes:
+    """
+    Derive key and IV using OpenSSL's EVP_BytesToKey algorithm.
+    
+    This matches the behavior of crypto-es to ensure compatibility.
+    Uses MD5 hashing in multiple rounds.
+    
+    Args:
+        password: Password bytes
+        salt: Salt bytes
+        key_len: Desired key length
+        iv_len: Desired IV length
+        
+    Returns:
+        Concatenated key + IV bytes
+    """
+    target_len = key_len + iv_len
+    derived = b''
+    last_hash = b''
+    
+    while len(derived) < target_len:
+        last_hash = hashlib.md5(last_hash + password + salt).digest()
+        derived += last_hash
+    
+    return derived[:target_len]
+
+
+def _pkcs7_pad(data: bytes, block_size: int) -> bytes:
+    """
+    Apply PKCS7 padding to data.
+    
+    Args:
+        data: Data to pad
+        block_size: Block size in bytes
+        
+    Returns:
+        Padded data
+    """
+    padding_len = block_size - (len(data) % block_size)
+    padding = bytes([padding_len] * padding_len)
+    return data + padding
+
+
+def _pkcs7_unpad(data: bytes) -> bytes:
+    """
+    Remove PKCS7 padding from data.
+    
+    Args:
+        data: Padded data
+        
+    Returns:
+        Unpadded data
+        
+    Raises:
+        ValueError: If padding is invalid
+    """
+    if not data:
+        raise ValueError("Cannot unpad empty data")
+    
+    padding_len = data[-1]
+    
+    if padding_len > len(data) or padding_len == 0:
+        raise ValueError("Invalid padding")
+    
+    # Verify all padding bytes are correct
+    for i in range(padding_len):
+        if data[-(i + 1)] != padding_len:
+            raise ValueError("Invalid padding")
+    
+    return data[:-padding_len]

chipi_sdk/errors.py

@@ -0,0 +1,130 @@
+"""Error classes and utilities for Chipi SDK."""
+
+from typing import Any, Optional
+
+
+class ChipiError(Exception):
+    """Base exception for Chipi SDK."""
+
+    def __init__(
+        self, message: str, code: str = "UNKNOWN_ERROR", status: Optional[int] = None
+    ):
+        super().__init__(message)
+        self.message = message
+        self.code = code
+        self.status = status
+
+
+class ChipiApiError(ChipiError):
+    """API request errors."""
+
+    def __init__(self, message: str, code: str, status: int):
+        super().__init__(message, code, status)
+
+
+class ChipiWalletError(ChipiError):
+    """Wallet operation errors."""
+
+    def __init__(self, message: str, code: str = "WALLET_ERROR"):
+        super().__init__(message, code)
+
+
+class ChipiTransactionError(ChipiError):
+    """Transaction execution errors."""
+
+    def __init__(self, message: str, code: str = "TRANSACTION_ERROR"):
+        super().__init__(message, code)
+
+
+class ChipiSessionError(ChipiError):
+    """Session management errors."""
+
+    def __init__(self, message: str, code: str = "SESSION_ERROR"):
+        super().__init__(message, code)
+
+
+class ChipiSkuError(ChipiError):
+    """SKU-related errors."""
+
+    def __init__(self, message: str, code: str = "SKU_ERROR"):
+        super().__init__(message, code)
+
+
+class ChipiValidationError(ChipiError):
+    """Validation errors."""
+
+    def __init__(self, message: str, code: str = "VALIDATION_ERROR"):
+        super().__init__(message, code, 400)
+
+
+class ChipiAuthError(ChipiError):
+    """Authentication errors."""
+
+    def __init__(self, message: str, code: str = "AUTH_ERROR"):
+        super().__init__(message, code, 401)
+
+
+class WalletNotCompatibleError(ChipiWalletError):
+    """Thrown when attempting an operation the wallet type doesn't support."""
+
+    def __init__(self, message: str):
+        super().__init__(message, "WALLET_NOT_COMPATIBLE")
+
+
+class WalletClassHashNotFoundError(ChipiWalletError):
+    """Thrown when a custom wallet type's class hash isn't registered."""
+
+    def __init__(self, wallet_type: str):
+        super().__init__(
+            f"No class hash registered for wallet type '{wallet_type}'. "
+            "Register it via custom_wallet_types in SDK config.",
+            "WALLET_CLASS_HASH_NOT_FOUND",
+        )
+
+
+class PaymasterIncompatibleError(ChipiError):
+    """Thrown when wallet account doesn't support SNIP-9 outside execution."""
+
+    def __init__(self, class_hash: str):
+        super().__init__(
+            f"Wallet class hash {class_hash} is not compatible with Chipi paymaster. "
+            "Account must implement SNIP-9 (outside_execution_v2).",
+            "PAYMASTER_INCOMPATIBLE",
+            400,
+        )
+
+
+def is_chipi_error(error: Any) -> bool:
+    """Check if an error is a ChipiError instance."""
+    return isinstance(error, ChipiError)
+
+
+def handle_api_error(error: Any) -> ChipiError:
+    """
+    Convert various error types to ChipiError.
+
+    Args:
+        error: Any exception or error object
+
+    Returns:
+        ChipiError instance
+    """
+    if is_chipi_error(error):
+        return error
+
+    # Handle httpx or requests errors
+    if hasattr(error, "response"):
+        status = getattr(error.response, "status_code", None)
+        if status:
+            try:
+                data = error.response.json()
+                message = data.get("message", str(error))
+                code = data.get("code", f"HTTP_{status}")
+            except Exception:
+                message = str(error)
+                code = f"HTTP_{status}"
+            return ChipiApiError(message, code, status)
+
+    # Default case
+    message = str(error) if error else "An unknown error occurred"
+    return ChipiError(message, "UNKNOWN_ERROR")