oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rev260, Fix SIGSEGV on CentOS and other platforms that dont has secp256k1 support in OpenSSL, SSLBenchmark new psutil support and use cert from data dir

Browse source
This commit is contained in:
HelloZeroNet 2015-07-01 22:04:38 +02:00
parent dc791a31ab
commit 0ca0c754e6
3 changed files with 339 additions and 292 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Config.py
View file

@ -4,7 +4,7 @@ import ConfigParser
class Config(object): class Config(object):
def __init__(self): def __init__(self):
self.version = "0.3.1" self.version = "0.3.1"
self.rev = 259 self.rev = 260
self.parser = self.createArguments() self.parser = self.createArguments()
argv = sys.argv[:] # Copy command line arguments argv = sys.argv[:] # Copy command line arguments
argv = self.parseConfig(argv) # Add arguments from config file argv = self.parseConfig(argv) # Add arguments from config file

10
src/Test/BenchmarkSsl.py
View file

@ -31,7 +31,7 @@ def handle(sock_raw, addr):
break break
elif line == "gotssl\n": elif line == "gotssl\n":
sock.sendall("yes\n") sock.sendall("yes\n")
sock = gevent.ssl.wrap_socket(sock_raw, server_side=True, keyfile='src/Test/testdata/key-rsa.pem', certfile='src/Test/testdata/cert-rsa.pem', ciphers=ciphers) sock = gevent.ssl.wrap_socket(sock_raw, server_side=True, keyfile='data/key-rsa.pem', certfile='data/cert-rsa.pem', ciphers=ciphers)
else: else:
sock.sendall(data) sock.sendall(data)
except Exception, err: except Exception, err:
@ -69,7 +69,7 @@ def getData():
#clipher = sock.cipher() #clipher = sock.cipher()
sock.send("gotssl\n") sock.send("gotssl\n")
if sock.recv(128) == "yes\n": if sock.recv(128) == "yes\n":
sock = ssl.wrap_socket(sock, ciphers=ciphers) sock = ssl.wrap_socket(sock, ciphers=ciphers, ssl_version=ssl.PROTOCOL_TLSv1)
sock.do_handshake() sock.do_handshake()
clipher = sock.cipher() clipher = sock.cipher()
@ -98,8 +98,12 @@ s = time.time()
def info(): def info():
import psutil, os import psutil, os
process = psutil.Process(os.getpid()) process = psutil.Process(os.getpid())
if "memory_info" in dir(process):
memory_info = process.memory_info
else:
memory_info = process.get_memory_info
while 1: while 1:
print total_num, "req", (total_bytes/1024), "kbytes", "transfered in", time.time()-s, "using", clipher, "Mem:", process.get_memory_info()[0] / float(2 ** 20) print total_num, "req", (total_bytes/1024), "kbytes", "transfered in", time.time()-s, "using", clipher, "Mem:", memory_info()[0] / float(2 ** 20)
time.sleep(1) time.sleep(1)
gevent.spawn(info) gevent.spawn(info)

77
src/lib/opensslVerify/opensslVerify.py
View file

@ -12,12 +12,16 @@ import hashlib
import base64 import base64
import time import time
import logging import logging
import sys
addrtype = 0 addrtype = 0
class _OpenSSL: class _OpenSSL:
""" """
Wrapper for OpenSSL using ctypes Wrapper for OpenSSL using ctypes
""" """
def __init__(self, library): def __init__(self, library):
self.time_opened = time.time() self.time_opened = time.time()
""" """
@ -183,11 +187,16 @@ class _OpenSSL:
self.EC_POINT_free.restype = None self.EC_POINT_free.restype = None
self.EC_POINT_free.argtypes = [ctypes.c_void_p] self.EC_POINT_free.argtypes = [ctypes.c_void_p]
ssl = None
def openLibrary(): def openLibrary():
global ssl global ssl
try: try:
if sys.platform.startswith("win"):
ssl = _OpenSSL("src/lib/opensslVerify/libeay32.dll") ssl = _OpenSSL("src/lib/opensslVerify/libeay32.dll")
else: # Try to use self-compiled first
ssl = _OpenSSL("/usr/local/ssl/lib/libcrypto.so")
except: except:
ssl = _OpenSSL(ctypes.util.find_library('ssl') or ctypes.util.find_library('crypto') or 'libeay32') ssl = _OpenSSL(ctypes.util.find_library('ssl') or ctypes.util.find_library('crypto') or 'libeay32')
@ -196,6 +205,7 @@ openssl_version = "%.9X" % ssl._lib.SSLeay()
NID_secp256k1 = 714 NID_secp256k1 = 714
def check_result(val, func, args): def check_result(val, func, args):
if val == 0: if val == 0:
raise ValueError raise ValueError
@ -211,6 +221,7 @@ POINT_CONVERSION_UNCOMPRESSED = 4
__b58chars = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' __b58chars = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
__b58base = len(__b58chars) __b58base = len(__b58chars)
def b58encode(v): def b58encode(v):
""" encode v, which is a string of bytes, to base58. """ encode v, which is a string of bytes, to base58.
""" """
@ -230,26 +241,32 @@ def b58encode(v):
# leading 0-bytes in the input become leading-1s # leading 0-bytes in the input become leading-1s
nPad = 0 nPad = 0
for c in v: for c in v:
if c == '\0': nPad += 1 if c == '\0':
else: break nPad += 1
else:
break
return (__b58chars[0] * nPad) + result return (__b58chars[0] * nPad) + result
def hash_160(public_key): def hash_160(public_key):
md = hashlib.new('ripemd160') md = hashlib.new('ripemd160')
md.update(hashlib.sha256(public_key).digest()) md.update(hashlib.sha256(public_key).digest())
return md.digest() return md.digest()
def hash_160_to_bc_address(h160): def hash_160_to_bc_address(h160):
vh160 = chr(addrtype) + h160 vh160 = chr(addrtype) + h160
h = Hash(vh160) h = Hash(vh160)
addr = vh160 + h[0:4] addr = vh160 + h[0:4]
return b58encode(addr) return b58encode(addr)
def public_key_to_bc_address(public_key): def public_key_to_bc_address(public_key):
h160 = hash_160(public_key) h160 = hash_160(public_key)
return hash_160_to_bc_address(h160) return hash_160_to_bc_address(h160)
def encode(val, base, minlen=0): def encode(val, base, minlen=0):
base, minlen = int(base), int(minlen) base, minlen = int(base), int(minlen)
code_string = ''.join([chr(x) for x in range(256)]) code_string = ''.join([chr(x) for x in range(256)])
@ -259,36 +276,47 @@ def encode(val, base, minlen=0):
val //= base val //= base
return code_string[0] * max(minlen - len(result), 0) + result return code_string[0] * max(minlen - len(result), 0) + result
def num_to_var_int(x): def num_to_var_int(x):
x = int(x) x = int(x)
if x < 253: return chr(x) if x < 253:
elif x < 65536: return chr(253)+encode(x, 256, 2)[::-1] return chr(x)
elif x < 4294967296: return chr(254) + encode(x, 256, 4)[::-1] elif x < 65536:
else: return chr(255) + encode(x, 256, 8)[::-1] return chr(253) + encode(x, 256, 2)[::-1]
elif x < 4294967296:
return chr(254) + encode(x, 256, 4)[::-1]
else:
return chr(255) + encode(x, 256, 8)[::-1]
def msg_magic(message): def msg_magic(message):
return "\x18Bitcoin Signed Message:\n" + num_to_var_int(len(message)) + message return "\x18Bitcoin Signed Message:\n" + num_to_var_int(len(message)) + message
def get_address(eckey): def get_address(eckey):
size = ssl.i2o_ECPublicKey(eckey, 0) size = ssl.i2o_ECPublicKey(eckey, 0)
mb = ctypes.create_string_buffer(size) mb = ctypes.create_string_buffer(size)
ssl.i2o_ECPublicKey(eckey, ctypes.byref(ctypes.pointer(mb))) ssl.i2o_ECPublicKey(eckey, ctypes.byref(ctypes.pointer(mb)))
return public_key_to_bc_address(mb.raw) return public_key_to_bc_address(mb.raw)
def Hash(data): def Hash(data):
return hashlib.sha256(hashlib.sha256(data).digest()).digest() return hashlib.sha256(hashlib.sha256(data).digest()).digest()
def bx(bn, size=32): def bx(bn, size=32):
b = ctypes.create_string_buffer(size) b = ctypes.create_string_buffer(size)
ssl.BN_bn2bin(bn, b); ssl.BN_bn2bin(bn, b)
return b.raw.encode('hex') return b.raw.encode('hex')
def verify_message(address, signature, message): def verify_message(address, signature, message):
pkey = ssl.EC_KEY_new_by_curve_name(NID_secp256k1) pkey = ssl.EC_KEY_new_by_curve_name(NID_secp256k1)
eckey = SetCompactSignature(pkey, Hash(msg_magic(message)), signature) eckey = SetCompactSignature(pkey, Hash(msg_magic(message)), signature)
addr = get_address(eckey) addr = get_address(eckey)
return (address == addr) return (address == addr)
def SetCompactSignature(pkey, hash, signature): def SetCompactSignature(pkey, hash, signature):
sig = base64.b64decode(signature) sig = base64.b64decode(signature)
if len(sig) != 65: if len(sig) != 65:
@ -302,9 +330,10 @@ def SetCompactSignature(pkey, hash, signature):
r = ssl.BN_bin2bn(sig[1:33], 32, None) r = ssl.BN_bin2bn(sig[1:33], 32, None)
s = ssl.BN_bin2bn(sig[33:], 32, None) s = ssl.BN_bin2bn(sig[33:], 32, None)
eckey = ECDSA_SIG_recover_key_GFp(pkey, r, s, hash, len(hash), nV - 27, eckey = ECDSA_SIG_recover_key_GFp(pkey, r, s, hash, len(hash), nV - 27,
False); False)
return eckey return eckey
def ECDSA_SIG_recover_key_GFp(eckey, r, s, msg, msglen, recid, check): def ECDSA_SIG_recover_key_GFp(eckey, r, s, msg, msglen, recid, check):
n = 0 n = 0
i = recid / 2 i = recid / 2
@ -317,8 +346,8 @@ def ECDSA_SIG_recover_key_GFp(eckey, r, s, msg, msglen, recid, check):
order = ssl.BN_CTX_get(ctx) order = ssl.BN_CTX_get(ctx)
ssl.EC_GROUP_get_order(group, order, ctx) ssl.EC_GROUP_get_order(group, order, ctx)
x = ssl.BN_CTX_get(ctx) x = ssl.BN_CTX_get(ctx)
ssl.BN_copy(x, order); ssl.BN_copy(x, order)
ssl.BN_mul_word(x, i); ssl.BN_mul_word(x, i)
ssl.BN_add(x, x, r) ssl.BN_add(x, x, r)
field = ssl.BN_CTX_get(ctx) field = ssl.BN_CTX_get(ctx)
ssl.EC_GROUP_get_curve_GFp(group, field, None, None, ctx) ssl.EC_GROUP_get_curve_GFp(group, field, None, None, ctx)
@ -339,12 +368,13 @@ def ECDSA_SIG_recover_key_GFp(eckey, r, s, msg, msglen, recid, check):
n = ssl.EC_GROUP_get_degree(group) n = ssl.EC_GROUP_get_degree(group)
e = ssl.BN_CTX_get(ctx) e = ssl.BN_CTX_get(ctx)
ssl.BN_bin2bn(msg, msglen, e) ssl.BN_bin2bn(msg, msglen, e)
if 8 * msglen > n: ssl.BN_rshift(e, e, 8 - (n & 7)) if 8 * msglen > n:
ssl.BN_rshift(e, e, 8 - (n & 7))
zero = ssl.BN_CTX_get(ctx) zero = ssl.BN_CTX_get(ctx)
ssl.BN_set_word(zero, 0) ssl.BN_set_word(zero, 0)
ssl.BN_mod_sub(e, zero, e, order, ctx) ssl.BN_mod_sub(e, zero, e, order, ctx)
rr = ssl.BN_CTX_get(ctx); rr = ssl.BN_CTX_get(ctx)
ssl.BN_mod_inverse(rr, r, order, ctx) ssl.BN_mod_inverse(rr, r, order, ctx)
sor = ssl.BN_CTX_get(ctx) sor = ssl.BN_CTX_get(ctx)
ssl.BN_mod_mul(sor, s, rr, order, ctx) ssl.BN_mod_mul(sor, s, rr, order, ctx)
@ -354,10 +384,15 @@ def ECDSA_SIG_recover_key_GFp(eckey, r, s, msg, msglen, recid, check):
ssl.EC_KEY_set_public_key(eckey, Q) ssl.EC_KEY_set_public_key(eckey, Q)
return eckey return eckey
finally: finally:
if ctx: ssl.BN_CTX_free(ctx) if ctx:
if R: ssl.EC_POINT_free(R) ssl.BN_CTX_free(ctx)
if O: ssl.EC_POINT_free(O) if R:
if Q: ssl.EC_POINT_free(Q) ssl.EC_POINT_free(R)
if O:
ssl.EC_POINT_free(O)
if Q:
ssl.EC_POINT_free(Q)
def closeLibrary(): def closeLibrary():
import _ctypes import _ctypes
@ -369,6 +404,11 @@ def closeLibrary():
def getMessagePubkey(message, sig): def getMessagePubkey(message, sig):
pkey = ssl.EC_KEY_new_by_curve_name(NID_secp256k1) pkey = ssl.EC_KEY_new_by_curve_name(NID_secp256k1)
if not pkey.value:
raise Exception(
"OpenSSL %s (%s) EC_KEY_new_by_curve_name failed: %s, probably your OpenSSL lib does not support secp256k1 elliptic curve. Please check: https://github.com/HelloZeroNet/ZeroNet/issues/132" %
(openssl_version, ssl._lib._name, pkey.value)
)
eckey = SetCompactSignature(pkey, Hash(msg_magic(message)), sig) eckey = SetCompactSignature(pkey, Hash(msg_magic(message)), sig)
size = ssl.i2o_ECPublicKey(eckey, 0) size = ssl.i2o_ECPublicKey(eckey, 0)
mb = ctypes.create_string_buffer(size) mb = ctypes.create_string_buffer(size)
@ -380,6 +420,7 @@ def getMessagePubkey(message, sig):
openLibrary() openLibrary()
return pub return pub
def test(): def test():
sign = "HGbib2kv9gm9IJjDt1FXbXFczZi35u0rZR3iPUIt5GglDDCeIQ7v8eYXVNIaLoJRI4URGZrhwmsYQ9aVtRTnTfQ=" sign = "HGbib2kv9gm9IJjDt1FXbXFczZi35u0rZR3iPUIt5GglDDCeIQ7v8eYXVNIaLoJRI4URGZrhwmsYQ9aVtRTnTfQ="
pubkey = "044827c756561b8ef6b28b5e53a000805adbf4938ab82e1c2b7f7ea16a0d6face9a509a0a13e794d742210b00581f3e249ebcc705240af2540ea19591091ac1d41" pubkey = "044827c756561b8ef6b28b5e53a000805adbf4938ab82e1c2b7f7ea16a0d6face9a509a0a13e794d742210b00581f3e249ebcc705240af2540ea19591091ac1d41"
@ -388,7 +429,9 @@ def test():
test() # Make sure it working right test() # Make sure it working right
if __name__ == "__main__": if __name__ == "__main__":
import time, os, sys import time
import os
import sys
sys.path.append("..") sys.path.append("..")
from pybitcointools import bitcoin as btctools from pybitcointools import bitcoin as btctools
print "OpenSSL version %s" % openssl_version print "OpenSSL version %s" % openssl_version