Fix sslcrypto thread safety (#2454)

* Use sslcrypto instead of pyelliptic and pybitcointools * Fix CryptMessage * Support Python 3.4 * Fix user creation * Get rid of pyelliptic and pybitcointools * Fix typo * Delete test file * Add sslcrypto to tree * Update sslcrypto * Add pyaes to src/lib * Fix typo in tests * Update sslcrypto version * Use privatekey_bin instead of privatekey for bytes objects * Fix sslcrypto * Fix Benchmark plugin * Don't calculate the same thing twice * Only import sslcrypto once * Handle fallback sslcrypto implementation during tests * Fix sslcrypto fallback implementation selection * Fix thread safety * Add derivation * Bring split back * Fix typo * v3.3 * Fix custom OpenSSL discovery
2020-03-05 17:54:46 +01:00 · 2020-03-05 17:54:46 +01:00 · 296e4aab57
commit 296e4aab57
parent 7ba2c9344d
57 changed files with 3781 additions and 7306 deletions
--- a/plugins/CryptMessage/CryptMessage.py
+++ b/plugins/CryptMessage/CryptMessage.py
@ -1,28 +1,22 @@
 import hashlib
 import base64
 import struct
-
-import lib.pybitcointools as btctools
+from lib import sslcrypto
 from Crypt import Crypt

-ecc_cache = {}
+
+curve = sslcrypto.ecc.get_curve("secp256k1")


-def eciesEncrypt(data, pubkey, ephemcurve=None, ciphername='aes-256-cbc'):
-    from lib import pyelliptic
-    pubkey_openssl = toOpensslPublickey(base64.b64decode(pubkey))
-    curve, pubkey_x, pubkey_y, i = pyelliptic.ECC._decode_pubkey(pubkey_openssl)
-    if ephemcurve is None:
-        ephemcurve = curve
-    ephem = pyelliptic.ECC(curve=ephemcurve)
-    key = hashlib.sha512(ephem.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
-    key_e, key_m = key[:32], key[32:]
-    pubkey = ephem.get_pubkey()
-    iv = pyelliptic.OpenSSL.rand(pyelliptic.OpenSSL.get_cipher(ciphername).get_blocksize())
-    ctx = pyelliptic.Cipher(key_e, iv, 1, ciphername)
-    ciphertext = iv + pubkey + ctx.ciphering(data)
-    mac = pyelliptic.hmac_sha256(key_m, ciphertext)
-    return key_e, ciphertext + mac
+def eciesEncrypt(data, pubkey, ciphername="aes-256-cbc"):
+    ciphertext, key_e = curve.encrypt(
+        data,
+        base64.b64decode(pubkey),
+        algo=ciphername,
+        derivation="sha512",
+        return_aes_key=True
+    )
+    return key_e, ciphertext


@Crypt.thread_pool_crypt.wrap
@ -37,9 +31,8 @@ def eciesDecryptMulti(encrypted_datas, privatekey):
    return texts


-def eciesDecrypt(encrypted_data, privatekey):
-    ecc_key = getEcc(privatekey)
-    return ecc_key.decrypt(base64.b64decode(encrypted_data))
+def eciesDecrypt(ciphertext, privatekey):
+    return curve.decrypt(base64.b64decode(ciphertext), curve.wif_to_private(privatekey), derivation="sha512")


 def decodePubkey(pubkey):
@ -63,29 +56,3 @@ def split(encrypted):
    ciphertext = encrypted[16 + i:-32]

    return iv, ciphertext
-
-
-def getEcc(privatekey=None):
-    from lib import pyelliptic
-    global ecc_cache
-    if privatekey not in ecc_cache:
-        if privatekey:
-            publickey_bin = btctools.encode_pubkey(btctools.privtopub(privatekey), "bin")
-            publickey_openssl = toOpensslPublickey(publickey_bin)
-            privatekey_openssl = toOpensslPrivatekey(privatekey)
-            ecc_cache[privatekey] = pyelliptic.ECC(curve='secp256k1', privkey=privatekey_openssl, pubkey=publickey_openssl)
-        else:
-            ecc_cache[None] = pyelliptic.ECC()
-    return ecc_cache[privatekey]
-
-
-def toOpensslPrivatekey(privatekey):
-    privatekey_bin = btctools.encode_privkey(privatekey, "bin")
-    return b'\x02\xca\x00\x20' + privatekey_bin
-
-
-def toOpensslPublickey(publickey):
-    publickey_bin = btctools.encode_pubkey(publickey, "bin")
-    publickey_bin = publickey_bin[1:]
-    publickey_openssl = b'\x02\xca\x00 ' + publickey_bin[:32] + b'\x00 ' + publickey_bin[32:]
-    return publickey_openssl