From 1d4a5052ef8c8aad8a7b8f1e9bac4fc79df53bbd Mon Sep 17 00:00:00 2001
From: SomberNight <somber.night@protonmail.com>
Date: Tue, 19 Dec 2023 01:24:17 +0000
Subject: [PATCH] labels plugin: add FIXMEs. don't roll your own crypto...

```
 23.76 | I | plugins.labels.qt.Plugin | set test_segwit_2 nonce to 180
set_label. label='a1'. item='444dffaf758a1b17893cbc8dda4032f9b6e9f61115e7c1a6d486a0950de50c11'. bundle['encryptedLabel']='WzqTZD+cnoQEUrfYsBz0rg=='
 28.10 | I | plugins.labels.qt.Plugin | set test_segwit_2 nonce to 181
set_label. label='a1'. item='4812e9844c958a913a71a5a728ea6d73e42d0618f96a4259bad1895b4f427f8e'. bundle['encryptedLabel']='WzqTZD+cnoQEUrfYsBz0rg=='
set_label. label='a1'. item='c5daddf7972e16e25c1362d492888a8bbf3d8dcfc789342d71dc83d9a8faaa6c'. bundle['encryptedLabel']='WzqTZD+cnoQEUrfYsBz0rg=='
 36.51 | I | plugins.labels.qt.Plugin | set test_segwit_2 nonce to 182
set_label. label='a1'. item='be5973ddf9b6ae6949e544c3cf43a16e2a8719dcf14a1171ec94cfa25d4a3325'. bundle['encryptedLabel']='WzqTZD+cnoQEUrfYsBz0rg=='
 45.68 | I | plugins.labels.qt.Plugin | set test_segwit_2 nonce to 183
set_label. label=''. item='444dffaf758a1b17893cbc8dda4032f9b6e9f61115e7c1a6d486a0950de50c11'. bundle['encryptedLabel']='yErvsmjQUEt4Ry8c55S3Mg=='
 55.99 | I | plugins.labels.qt.Plugin | set test_segwit_2 nonce to 184
 58.69 | I | plugins.labels.qt.Plugin | set test_segwit_2 nonce to 185
set_label. label=''. item='4812e9844c958a913a71a5a728ea6d73e42d0618f96a4259bad1895b4f427f8e'. bundle['encryptedLabel']='yErvsmjQUEt4Ry8c55S3Mg=='
set_label. label=''. item='c5daddf7972e16e25c1362d492888a8bbf3d8dcfc789342d71dc83d9a8faaa6c'. bundle['encryptedLabel']='yErvsmjQUEt4Ry8c55S3Mg=='
 60.98 | I | plugins.labels.qt.Plugin | set test_segwit_2 nonce to 186
set_label. label=''. item='be5973ddf9b6ae6949e544c3cf43a16e2a8719dcf14a1171ec94cfa25d4a3325'. bundle['encryptedLabel']='yErvsmjQUEt4Ry8c55S3Mg=='
 62.80 | I | plugins.labels.qt.Plugin | set test_segwit_2 nonce to 187
```
---
 electrum/plugins/labels/labels.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/electrum/plugins/labels/labels.py b/electrum/plugins/labels/labels.py
index a6dd40f2b..9d9d63233 100644
--- a/electrum/plugins/labels/labels.py
+++ b/electrum/plugins/labels/labels.py
@@ -39,6 +39,7 @@ class LabelsPlugin(BasePlugin):
     def encode(self, wallet: 'Abstract_Wallet', msg: str) -> str:
         password, iv, wallet_id = self.wallets[wallet]
         encrypted = aes_encrypt_with_iv(password, iv, msg.encode('utf8'))
+        # FIXME: ^ we are reusing the IV between all labels in the wallet, in CBC mode...
         return base64.b64encode(encrypted).decode()
 
     def decode(self, wallet: 'Abstract_Wallet', message: str) -> str:
@@ -66,7 +67,9 @@ class LabelsPlugin(BasePlugin):
         if not item:
             return
         if label is None:
-            # note: the server does not know whether a label is empty
+            # note: the server should not know whether a label is empty
+            #       FIXME but it does! we are reusing the IV with AES-CBC: there is no randomness between labels,
+            #       all empty labels in given wallet look the same.
             label = ''
         nonce = self.get_nonce(wallet)
         wallet_id = self.wallets[wallet][2]