Add OpenSSL 1.1 support to CryptMessage plugin by using radfish's pyelliptic version
This commit is contained in:
parent
be742c78e7
commit
fbafd23177
11 changed files with 2169 additions and 4 deletions
|
@ -7,7 +7,7 @@ ecc_cache = {}
|
|||
|
||||
|
||||
def eciesEncrypt(data, pubkey, ephemcurve=None, ciphername='aes-256-cbc'):
|
||||
import pyelliptic
|
||||
from lib import pyelliptic
|
||||
pubkey_openssl = toOpensslPublickey(base64.b64decode(pubkey))
|
||||
curve, pubkey_x, pubkey_y, i = pyelliptic.ECC._decode_pubkey(pubkey_openssl)
|
||||
if ephemcurve is None:
|
||||
|
@ -34,7 +34,7 @@ def split(encrypted):
|
|||
|
||||
|
||||
def getEcc(privatekey=None):
|
||||
import pyelliptic
|
||||
from lib import pyelliptic
|
||||
global ecc_cache
|
||||
if privatekey not in ecc_cache:
|
||||
if privatekey:
|
||||
|
|
|
@ -60,7 +60,7 @@ class UiWebsocketPlugin(object):
|
|||
# Encrypt a text using AES
|
||||
# Return: Iv, AES key, Encrypted text
|
||||
def actionAesEncrypt(self, to, text, key=None, iv=None):
|
||||
import pyelliptic
|
||||
from lib import pyelliptic
|
||||
|
||||
if key:
|
||||
key = base64.b64decode(key)
|
||||
|
@ -83,7 +83,7 @@ class UiWebsocketPlugin(object):
|
|||
# Decrypt a text using AES
|
||||
# Return: Decrypted text
|
||||
def actionAesDecrypt(self, to, *args):
|
||||
import pyelliptic
|
||||
from lib import pyelliptic
|
||||
|
||||
if len(args) == 3: # Single decrypt
|
||||
encrypted_texts = [(args[0], args[1])]
|
||||
|
|
674
src/lib/pyelliptic/LICENSE
Normal file
674
src/lib/pyelliptic/LICENSE
Normal file
|
@ -0,0 +1,674 @@
|
|||
GNU GENERAL PUBLIC LICENSE
|
||||
Version 3, 29 June 2007
|
||||
|
||||
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
|
||||
Everyone is permitted to copy and distribute verbatim copies
|
||||
of this license document, but changing it is not allowed.
|
||||
|
||||
Preamble
|
||||
|
||||
The GNU General Public License is a free, copyleft license for
|
||||
software and other kinds of works.
|
||||
|
||||
The licenses for most software and other practical works are designed
|
||||
to take away your freedom to share and change the works. By contrast,
|
||||
the GNU General Public License is intended to guarantee your freedom to
|
||||
share and change all versions of a program--to make sure it remains free
|
||||
software for all its users. We, the Free Software Foundation, use the
|
||||
GNU General Public License for most of our software; it applies also to
|
||||
any other work released this way by its authors. You can apply it to
|
||||
your programs, too.
|
||||
|
||||
When we speak of free software, we are referring to freedom, not
|
||||
price. Our General Public Licenses are designed to make sure that you
|
||||
have the freedom to distribute copies of free software (and charge for
|
||||
them if you wish), that you receive source code or can get it if you
|
||||
want it, that you can change the software or use pieces of it in new
|
||||
free programs, and that you know you can do these things.
|
||||
|
||||
To protect your rights, we need to prevent others from denying you
|
||||
these rights or asking you to surrender the rights. Therefore, you have
|
||||
certain responsibilities if you distribute copies of the software, or if
|
||||
you modify it: responsibilities to respect the freedom of others.
|
||||
|
||||
For example, if you distribute copies of such a program, whether
|
||||
gratis or for a fee, you must pass on to the recipients the same
|
||||
freedoms that you received. You must make sure that they, too, receive
|
||||
or can get the source code. And you must show them these terms so they
|
||||
know their rights.
|
||||
|
||||
Developers that use the GNU GPL protect your rights with two steps:
|
||||
(1) assert copyright on the software, and (2) offer you this License
|
||||
giving you legal permission to copy, distribute and/or modify it.
|
||||
|
||||
For the developers' and authors' protection, the GPL clearly explains
|
||||
that there is no warranty for this free software. For both users' and
|
||||
authors' sake, the GPL requires that modified versions be marked as
|
||||
changed, so that their problems will not be attributed erroneously to
|
||||
authors of previous versions.
|
||||
|
||||
Some devices are designed to deny users access to install or run
|
||||
modified versions of the software inside them, although the manufacturer
|
||||
can do so. This is fundamentally incompatible with the aim of
|
||||
protecting users' freedom to change the software. The systematic
|
||||
pattern of such abuse occurs in the area of products for individuals to
|
||||
use, which is precisely where it is most unacceptable. Therefore, we
|
||||
have designed this version of the GPL to prohibit the practice for those
|
||||
products. If such problems arise substantially in other domains, we
|
||||
stand ready to extend this provision to those domains in future versions
|
||||
of the GPL, as needed to protect the freedom of users.
|
||||
|
||||
Finally, every program is threatened constantly by software patents.
|
||||
States should not allow patents to restrict development and use of
|
||||
software on general-purpose computers, but in those that do, we wish to
|
||||
avoid the special danger that patents applied to a free program could
|
||||
make it effectively proprietary. To prevent this, the GPL assures that
|
||||
patents cannot be used to render the program non-free.
|
||||
|
||||
The precise terms and conditions for copying, distribution and
|
||||
modification follow.
|
||||
|
||||
TERMS AND CONDITIONS
|
||||
|
||||
0. Definitions.
|
||||
|
||||
"This License" refers to version 3 of the GNU General Public License.
|
||||
|
||||
"Copyright" also means copyright-like laws that apply to other kinds of
|
||||
works, such as semiconductor masks.
|
||||
|
||||
"The Program" refers to any copyrightable work licensed under this
|
||||
License. Each licensee is addressed as "you". "Licensees" and
|
||||
"recipients" may be individuals or organizations.
|
||||
|
||||
To "modify" a work means to copy from or adapt all or part of the work
|
||||
in a fashion requiring copyright permission, other than the making of an
|
||||
exact copy. The resulting work is called a "modified version" of the
|
||||
earlier work or a work "based on" the earlier work.
|
||||
|
||||
A "covered work" means either the unmodified Program or a work based
|
||||
on the Program.
|
||||
|
||||
To "propagate" a work means to do anything with it that, without
|
||||
permission, would make you directly or secondarily liable for
|
||||
infringement under applicable copyright law, except executing it on a
|
||||
computer or modifying a private copy. Propagation includes copying,
|
||||
distribution (with or without modification), making available to the
|
||||
public, and in some countries other activities as well.
|
||||
|
||||
To "convey" a work means any kind of propagation that enables other
|
||||
parties to make or receive copies. Mere interaction with a user through
|
||||
a computer network, with no transfer of a copy, is not conveying.
|
||||
|
||||
An interactive user interface displays "Appropriate Legal Notices"
|
||||
to the extent that it includes a convenient and prominently visible
|
||||
feature that (1) displays an appropriate copyright notice, and (2)
|
||||
tells the user that there is no warranty for the work (except to the
|
||||
extent that warranties are provided), that licensees may convey the
|
||||
work under this License, and how to view a copy of this License. If
|
||||
the interface presents a list of user commands or options, such as a
|
||||
menu, a prominent item in the list meets this criterion.
|
||||
|
||||
1. Source Code.
|
||||
|
||||
The "source code" for a work means the preferred form of the work
|
||||
for making modifications to it. "Object code" means any non-source
|
||||
form of a work.
|
||||
|
||||
A "Standard Interface" means an interface that either is an official
|
||||
standard defined by a recognized standards body, or, in the case of
|
||||
interfaces specified for a particular programming language, one that
|
||||
is widely used among developers working in that language.
|
||||
|
||||
The "System Libraries" of an executable work include anything, other
|
||||
than the work as a whole, that (a) is included in the normal form of
|
||||
packaging a Major Component, but which is not part of that Major
|
||||
Component, and (b) serves only to enable use of the work with that
|
||||
Major Component, or to implement a Standard Interface for which an
|
||||
implementation is available to the public in source code form. A
|
||||
"Major Component", in this context, means a major essential component
|
||||
(kernel, window system, and so on) of the specific operating system
|
||||
(if any) on which the executable work runs, or a compiler used to
|
||||
produce the work, or an object code interpreter used to run it.
|
||||
|
||||
The "Corresponding Source" for a work in object code form means all
|
||||
the source code needed to generate, install, and (for an executable
|
||||
work) run the object code and to modify the work, including scripts to
|
||||
control those activities. However, it does not include the work's
|
||||
System Libraries, or general-purpose tools or generally available free
|
||||
programs which are used unmodified in performing those activities but
|
||||
which are not part of the work. For example, Corresponding Source
|
||||
includes interface definition files associated with source files for
|
||||
the work, and the source code for shared libraries and dynamically
|
||||
linked subprograms that the work is specifically designed to require,
|
||||
such as by intimate data communication or control flow between those
|
||||
subprograms and other parts of the work.
|
||||
|
||||
The Corresponding Source need not include anything that users
|
||||
can regenerate automatically from other parts of the Corresponding
|
||||
Source.
|
||||
|
||||
The Corresponding Source for a work in source code form is that
|
||||
same work.
|
||||
|
||||
2. Basic Permissions.
|
||||
|
||||
All rights granted under this License are granted for the term of
|
||||
copyright on the Program, and are irrevocable provided the stated
|
||||
conditions are met. This License explicitly affirms your unlimited
|
||||
permission to run the unmodified Program. The output from running a
|
||||
covered work is covered by this License only if the output, given its
|
||||
content, constitutes a covered work. This License acknowledges your
|
||||
rights of fair use or other equivalent, as provided by copyright law.
|
||||
|
||||
You may make, run and propagate covered works that you do not
|
||||
convey, without conditions so long as your license otherwise remains
|
||||
in force. You may convey covered works to others for the sole purpose
|
||||
of having them make modifications exclusively for you, or provide you
|
||||
with facilities for running those works, provided that you comply with
|
||||
the terms of this License in conveying all material for which you do
|
||||
not control copyright. Those thus making or running the covered works
|
||||
for you must do so exclusively on your behalf, under your direction
|
||||
and control, on terms that prohibit them from making any copies of
|
||||
your copyrighted material outside their relationship with you.
|
||||
|
||||
Conveying under any other circumstances is permitted solely under
|
||||
the conditions stated below. Sublicensing is not allowed; section 10
|
||||
makes it unnecessary.
|
||||
|
||||
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||
|
||||
No covered work shall be deemed part of an effective technological
|
||||
measure under any applicable law fulfilling obligations under article
|
||||
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||
similar laws prohibiting or restricting circumvention of such
|
||||
measures.
|
||||
|
||||
When you convey a covered work, you waive any legal power to forbid
|
||||
circumvention of technological measures to the extent such circumvention
|
||||
is effected by exercising rights under this License with respect to
|
||||
the covered work, and you disclaim any intention to limit operation or
|
||||
modification of the work as a means of enforcing, against the work's
|
||||
users, your or third parties' legal rights to forbid circumvention of
|
||||
technological measures.
|
||||
|
||||
4. Conveying Verbatim Copies.
|
||||
|
||||
You may convey verbatim copies of the Program's source code as you
|
||||
receive it, in any medium, provided that you conspicuously and
|
||||
appropriately publish on each copy an appropriate copyright notice;
|
||||
keep intact all notices stating that this License and any
|
||||
non-permissive terms added in accord with section 7 apply to the code;
|
||||
keep intact all notices of the absence of any warranty; and give all
|
||||
recipients a copy of this License along with the Program.
|
||||
|
||||
You may charge any price or no price for each copy that you convey,
|
||||
and you may offer support or warranty protection for a fee.
|
||||
|
||||
5. Conveying Modified Source Versions.
|
||||
|
||||
You may convey a work based on the Program, or the modifications to
|
||||
produce it from the Program, in the form of source code under the
|
||||
terms of section 4, provided that you also meet all of these conditions:
|
||||
|
||||
a) The work must carry prominent notices stating that you modified
|
||||
it, and giving a relevant date.
|
||||
|
||||
b) The work must carry prominent notices stating that it is
|
||||
released under this License and any conditions added under section
|
||||
7. This requirement modifies the requirement in section 4 to
|
||||
"keep intact all notices".
|
||||
|
||||
c) You must license the entire work, as a whole, under this
|
||||
License to anyone who comes into possession of a copy. This
|
||||
License will therefore apply, along with any applicable section 7
|
||||
additional terms, to the whole of the work, and all its parts,
|
||||
regardless of how they are packaged. This License gives no
|
||||
permission to license the work in any other way, but it does not
|
||||
invalidate such permission if you have separately received it.
|
||||
|
||||
d) If the work has interactive user interfaces, each must display
|
||||
Appropriate Legal Notices; however, if the Program has interactive
|
||||
interfaces that do not display Appropriate Legal Notices, your
|
||||
work need not make them do so.
|
||||
|
||||
A compilation of a covered work with other separate and independent
|
||||
works, which are not by their nature extensions of the covered work,
|
||||
and which are not combined with it such as to form a larger program,
|
||||
in or on a volume of a storage or distribution medium, is called an
|
||||
"aggregate" if the compilation and its resulting copyright are not
|
||||
used to limit the access or legal rights of the compilation's users
|
||||
beyond what the individual works permit. Inclusion of a covered work
|
||||
in an aggregate does not cause this License to apply to the other
|
||||
parts of the aggregate.
|
||||
|
||||
6. Conveying Non-Source Forms.
|
||||
|
||||
You may convey a covered work in object code form under the terms
|
||||
of sections 4 and 5, provided that you also convey the
|
||||
machine-readable Corresponding Source under the terms of this License,
|
||||
in one of these ways:
|
||||
|
||||
a) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by the
|
||||
Corresponding Source fixed on a durable physical medium
|
||||
customarily used for software interchange.
|
||||
|
||||
b) Convey the object code in, or embodied in, a physical product
|
||||
(including a physical distribution medium), accompanied by a
|
||||
written offer, valid for at least three years and valid for as
|
||||
long as you offer spare parts or customer support for that product
|
||||
model, to give anyone who possesses the object code either (1) a
|
||||
copy of the Corresponding Source for all the software in the
|
||||
product that is covered by this License, on a durable physical
|
||||
medium customarily used for software interchange, for a price no
|
||||
more than your reasonable cost of physically performing this
|
||||
conveying of source, or (2) access to copy the
|
||||
Corresponding Source from a network server at no charge.
|
||||
|
||||
c) Convey individual copies of the object code with a copy of the
|
||||
written offer to provide the Corresponding Source. This
|
||||
alternative is allowed only occasionally and noncommercially, and
|
||||
only if you received the object code with such an offer, in accord
|
||||
with subsection 6b.
|
||||
|
||||
d) Convey the object code by offering access from a designated
|
||||
place (gratis or for a charge), and offer equivalent access to the
|
||||
Corresponding Source in the same way through the same place at no
|
||||
further charge. You need not require recipients to copy the
|
||||
Corresponding Source along with the object code. If the place to
|
||||
copy the object code is a network server, the Corresponding Source
|
||||
may be on a different server (operated by you or a third party)
|
||||
that supports equivalent copying facilities, provided you maintain
|
||||
clear directions next to the object code saying where to find the
|
||||
Corresponding Source. Regardless of what server hosts the
|
||||
Corresponding Source, you remain obligated to ensure that it is
|
||||
available for as long as needed to satisfy these requirements.
|
||||
|
||||
e) Convey the object code using peer-to-peer transmission, provided
|
||||
you inform other peers where the object code and Corresponding
|
||||
Source of the work are being offered to the general public at no
|
||||
charge under subsection 6d.
|
||||
|
||||
A separable portion of the object code, whose source code is excluded
|
||||
from the Corresponding Source as a System Library, need not be
|
||||
included in conveying the object code work.
|
||||
|
||||
A "User Product" is either (1) a "consumer product", which means any
|
||||
tangible personal property which is normally used for personal, family,
|
||||
or household purposes, or (2) anything designed or sold for incorporation
|
||||
into a dwelling. In determining whether a product is a consumer product,
|
||||
doubtful cases shall be resolved in favor of coverage. For a particular
|
||||
product received by a particular user, "normally used" refers to a
|
||||
typical or common use of that class of product, regardless of the status
|
||||
of the particular user or of the way in which the particular user
|
||||
actually uses, or expects or is expected to use, the product. A product
|
||||
is a consumer product regardless of whether the product has substantial
|
||||
commercial, industrial or non-consumer uses, unless such uses represent
|
||||
the only significant mode of use of the product.
|
||||
|
||||
"Installation Information" for a User Product means any methods,
|
||||
procedures, authorization keys, or other information required to install
|
||||
and execute modified versions of a covered work in that User Product from
|
||||
a modified version of its Corresponding Source. The information must
|
||||
suffice to ensure that the continued functioning of the modified object
|
||||
code is in no case prevented or interfered with solely because
|
||||
modification has been made.
|
||||
|
||||
If you convey an object code work under this section in, or with, or
|
||||
specifically for use in, a User Product, and the conveying occurs as
|
||||
part of a transaction in which the right of possession and use of the
|
||||
User Product is transferred to the recipient in perpetuity or for a
|
||||
fixed term (regardless of how the transaction is characterized), the
|
||||
Corresponding Source conveyed under this section must be accompanied
|
||||
by the Installation Information. But this requirement does not apply
|
||||
if neither you nor any third party retains the ability to install
|
||||
modified object code on the User Product (for example, the work has
|
||||
been installed in ROM).
|
||||
|
||||
The requirement to provide Installation Information does not include a
|
||||
requirement to continue to provide support service, warranty, or updates
|
||||
for a work that has been modified or installed by the recipient, or for
|
||||
the User Product in which it has been modified or installed. Access to a
|
||||
network may be denied when the modification itself materially and
|
||||
adversely affects the operation of the network or violates the rules and
|
||||
protocols for communication across the network.
|
||||
|
||||
Corresponding Source conveyed, and Installation Information provided,
|
||||
in accord with this section must be in a format that is publicly
|
||||
documented (and with an implementation available to the public in
|
||||
source code form), and must require no special password or key for
|
||||
unpacking, reading or copying.
|
||||
|
||||
7. Additional Terms.
|
||||
|
||||
"Additional permissions" are terms that supplement the terms of this
|
||||
License by making exceptions from one or more of its conditions.
|
||||
Additional permissions that are applicable to the entire Program shall
|
||||
be treated as though they were included in this License, to the extent
|
||||
that they are valid under applicable law. If additional permissions
|
||||
apply only to part of the Program, that part may be used separately
|
||||
under those permissions, but the entire Program remains governed by
|
||||
this License without regard to the additional permissions.
|
||||
|
||||
When you convey a copy of a covered work, you may at your option
|
||||
remove any additional permissions from that copy, or from any part of
|
||||
it. (Additional permissions may be written to require their own
|
||||
removal in certain cases when you modify the work.) You may place
|
||||
additional permissions on material, added by you to a covered work,
|
||||
for which you have or can give appropriate copyright permission.
|
||||
|
||||
Notwithstanding any other provision of this License, for material you
|
||||
add to a covered work, you may (if authorized by the copyright holders of
|
||||
that material) supplement the terms of this License with terms:
|
||||
|
||||
a) Disclaiming warranty or limiting liability differently from the
|
||||
terms of sections 15 and 16 of this License; or
|
||||
|
||||
b) Requiring preservation of specified reasonable legal notices or
|
||||
author attributions in that material or in the Appropriate Legal
|
||||
Notices displayed by works containing it; or
|
||||
|
||||
c) Prohibiting misrepresentation of the origin of that material, or
|
||||
requiring that modified versions of such material be marked in
|
||||
reasonable ways as different from the original version; or
|
||||
|
||||
d) Limiting the use for publicity purposes of names of licensors or
|
||||
authors of the material; or
|
||||
|
||||
e) Declining to grant rights under trademark law for use of some
|
||||
trade names, trademarks, or service marks; or
|
||||
|
||||
f) Requiring indemnification of licensors and authors of that
|
||||
material by anyone who conveys the material (or modified versions of
|
||||
it) with contractual assumptions of liability to the recipient, for
|
||||
any liability that these contractual assumptions directly impose on
|
||||
those licensors and authors.
|
||||
|
||||
All other non-permissive additional terms are considered "further
|
||||
restrictions" within the meaning of section 10. If the Program as you
|
||||
received it, or any part of it, contains a notice stating that it is
|
||||
governed by this License along with a term that is a further
|
||||
restriction, you may remove that term. If a license document contains
|
||||
a further restriction but permits relicensing or conveying under this
|
||||
License, you may add to a covered work material governed by the terms
|
||||
of that license document, provided that the further restriction does
|
||||
not survive such relicensing or conveying.
|
||||
|
||||
If you add terms to a covered work in accord with this section, you
|
||||
must place, in the relevant source files, a statement of the
|
||||
additional terms that apply to those files, or a notice indicating
|
||||
where to find the applicable terms.
|
||||
|
||||
Additional terms, permissive or non-permissive, may be stated in the
|
||||
form of a separately written license, or stated as exceptions;
|
||||
the above requirements apply either way.
|
||||
|
||||
8. Termination.
|
||||
|
||||
You may not propagate or modify a covered work except as expressly
|
||||
provided under this License. Any attempt otherwise to propagate or
|
||||
modify it is void, and will automatically terminate your rights under
|
||||
this License (including any patent licenses granted under the third
|
||||
paragraph of section 11).
|
||||
|
||||
However, if you cease all violation of this License, then your
|
||||
license from a particular copyright holder is reinstated (a)
|
||||
provisionally, unless and until the copyright holder explicitly and
|
||||
finally terminates your license, and (b) permanently, if the copyright
|
||||
holder fails to notify you of the violation by some reasonable means
|
||||
prior to 60 days after the cessation.
|
||||
|
||||
Moreover, your license from a particular copyright holder is
|
||||
reinstated permanently if the copyright holder notifies you of the
|
||||
violation by some reasonable means, this is the first time you have
|
||||
received notice of violation of this License (for any work) from that
|
||||
copyright holder, and you cure the violation prior to 30 days after
|
||||
your receipt of the notice.
|
||||
|
||||
Termination of your rights under this section does not terminate the
|
||||
licenses of parties who have received copies or rights from you under
|
||||
this License. If your rights have been terminated and not permanently
|
||||
reinstated, you do not qualify to receive new licenses for the same
|
||||
material under section 10.
|
||||
|
||||
9. Acceptance Not Required for Having Copies.
|
||||
|
||||
You are not required to accept this License in order to receive or
|
||||
run a copy of the Program. Ancillary propagation of a covered work
|
||||
occurring solely as a consequence of using peer-to-peer transmission
|
||||
to receive a copy likewise does not require acceptance. However,
|
||||
nothing other than this License grants you permission to propagate or
|
||||
modify any covered work. These actions infringe copyright if you do
|
||||
not accept this License. Therefore, by modifying or propagating a
|
||||
covered work, you indicate your acceptance of this License to do so.
|
||||
|
||||
10. Automatic Licensing of Downstream Recipients.
|
||||
|
||||
Each time you convey a covered work, the recipient automatically
|
||||
receives a license from the original licensors, to run, modify and
|
||||
propagate that work, subject to this License. You are not responsible
|
||||
for enforcing compliance by third parties with this License.
|
||||
|
||||
An "entity transaction" is a transaction transferring control of an
|
||||
organization, or substantially all assets of one, or subdividing an
|
||||
organization, or merging organizations. If propagation of a covered
|
||||
work results from an entity transaction, each party to that
|
||||
transaction who receives a copy of the work also receives whatever
|
||||
licenses to the work the party's predecessor in interest had or could
|
||||
give under the previous paragraph, plus a right to possession of the
|
||||
Corresponding Source of the work from the predecessor in interest, if
|
||||
the predecessor has it or can get it with reasonable efforts.
|
||||
|
||||
You may not impose any further restrictions on the exercise of the
|
||||
rights granted or affirmed under this License. For example, you may
|
||||
not impose a license fee, royalty, or other charge for exercise of
|
||||
rights granted under this License, and you may not initiate litigation
|
||||
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||
any patent claim is infringed by making, using, selling, offering for
|
||||
sale, or importing the Program or any portion of it.
|
||||
|
||||
11. Patents.
|
||||
|
||||
A "contributor" is a copyright holder who authorizes use under this
|
||||
License of the Program or a work on which the Program is based. The
|
||||
work thus licensed is called the contributor's "contributor version".
|
||||
|
||||
A contributor's "essential patent claims" are all patent claims
|
||||
owned or controlled by the contributor, whether already acquired or
|
||||
hereafter acquired, that would be infringed by some manner, permitted
|
||||
by this License, of making, using, or selling its contributor version,
|
||||
but do not include claims that would be infringed only as a
|
||||
consequence of further modification of the contributor version. For
|
||||
purposes of this definition, "control" includes the right to grant
|
||||
patent sublicenses in a manner consistent with the requirements of
|
||||
this License.
|
||||
|
||||
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||
patent license under the contributor's essential patent claims, to
|
||||
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||
propagate the contents of its contributor version.
|
||||
|
||||
In the following three paragraphs, a "patent license" is any express
|
||||
agreement or commitment, however denominated, not to enforce a patent
|
||||
(such as an express permission to practice a patent or covenant not to
|
||||
sue for patent infringement). To "grant" such a patent license to a
|
||||
party means to make such an agreement or commitment not to enforce a
|
||||
patent against the party.
|
||||
|
||||
If you convey a covered work, knowingly relying on a patent license,
|
||||
and the Corresponding Source of the work is not available for anyone
|
||||
to copy, free of charge and under the terms of this License, through a
|
||||
publicly available network server or other readily accessible means,
|
||||
then you must either (1) cause the Corresponding Source to be so
|
||||
available, or (2) arrange to deprive yourself of the benefit of the
|
||||
patent license for this particular work, or (3) arrange, in a manner
|
||||
consistent with the requirements of this License, to extend the patent
|
||||
license to downstream recipients. "Knowingly relying" means you have
|
||||
actual knowledge that, but for the patent license, your conveying the
|
||||
covered work in a country, or your recipient's use of the covered work
|
||||
in a country, would infringe one or more identifiable patents in that
|
||||
country that you have reason to believe are valid.
|
||||
|
||||
If, pursuant to or in connection with a single transaction or
|
||||
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||
covered work, and grant a patent license to some of the parties
|
||||
receiving the covered work authorizing them to use, propagate, modify
|
||||
or convey a specific copy of the covered work, then the patent license
|
||||
you grant is automatically extended to all recipients of the covered
|
||||
work and works based on it.
|
||||
|
||||
A patent license is "discriminatory" if it does not include within
|
||||
the scope of its coverage, prohibits the exercise of, or is
|
||||
conditioned on the non-exercise of one or more of the rights that are
|
||||
specifically granted under this License. You may not convey a covered
|
||||
work if you are a party to an arrangement with a third party that is
|
||||
in the business of distributing software, under which you make payment
|
||||
to the third party based on the extent of your activity of conveying
|
||||
the work, and under which the third party grants, to any of the
|
||||
parties who would receive the covered work from you, a discriminatory
|
||||
patent license (a) in connection with copies of the covered work
|
||||
conveyed by you (or copies made from those copies), or (b) primarily
|
||||
for and in connection with specific products or compilations that
|
||||
contain the covered work, unless you entered into that arrangement,
|
||||
or that patent license was granted, prior to 28 March 2007.
|
||||
|
||||
Nothing in this License shall be construed as excluding or limiting
|
||||
any implied license or other defenses to infringement that may
|
||||
otherwise be available to you under applicable patent law.
|
||||
|
||||
12. No Surrender of Others' Freedom.
|
||||
|
||||
If conditions are imposed on you (whether by court order, agreement or
|
||||
otherwise) that contradict the conditions of this License, they do not
|
||||
excuse you from the conditions of this License. If you cannot convey a
|
||||
covered work so as to satisfy simultaneously your obligations under this
|
||||
License and any other pertinent obligations, then as a consequence you may
|
||||
not convey it at all. For example, if you agree to terms that obligate you
|
||||
to collect a royalty for further conveying from those to whom you convey
|
||||
the Program, the only way you could satisfy both those terms and this
|
||||
License would be to refrain entirely from conveying the Program.
|
||||
|
||||
13. Use with the GNU Affero General Public License.
|
||||
|
||||
Notwithstanding any other provision of this License, you have
|
||||
permission to link or combine any covered work with a work licensed
|
||||
under version 3 of the GNU Affero General Public License into a single
|
||||
combined work, and to convey the resulting work. The terms of this
|
||||
License will continue to apply to the part which is the covered work,
|
||||
but the special requirements of the GNU Affero General Public License,
|
||||
section 13, concerning interaction through a network will apply to the
|
||||
combination as such.
|
||||
|
||||
14. Revised Versions of this License.
|
||||
|
||||
The Free Software Foundation may publish revised and/or new versions of
|
||||
the GNU General Public License from time to time. Such new versions will
|
||||
be similar in spirit to the present version, but may differ in detail to
|
||||
address new problems or concerns.
|
||||
|
||||
Each version is given a distinguishing version number. If the
|
||||
Program specifies that a certain numbered version of the GNU General
|
||||
Public License "or any later version" applies to it, you have the
|
||||
option of following the terms and conditions either of that numbered
|
||||
version or of any later version published by the Free Software
|
||||
Foundation. If the Program does not specify a version number of the
|
||||
GNU General Public License, you may choose any version ever published
|
||||
by the Free Software Foundation.
|
||||
|
||||
If the Program specifies that a proxy can decide which future
|
||||
versions of the GNU General Public License can be used, that proxy's
|
||||
public statement of acceptance of a version permanently authorizes you
|
||||
to choose that version for the Program.
|
||||
|
||||
Later license versions may give you additional or different
|
||||
permissions. However, no additional obligations are imposed on any
|
||||
author or copyright holder as a result of your choosing to follow a
|
||||
later version.
|
||||
|
||||
15. Disclaimer of Warranty.
|
||||
|
||||
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
|
||||
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
|
||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
|
||||
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||
|
||||
16. Limitation of Liability.
|
||||
|
||||
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
|
||||
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
||||
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
|
||||
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
||||
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
||||
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGES.
|
||||
|
||||
17. Interpretation of Sections 15 and 16.
|
||||
|
||||
If the disclaimer of warranty and limitation of liability provided
|
||||
above cannot be given local legal effect according to their terms,
|
||||
reviewing courts shall apply local law that most closely approximates
|
||||
an absolute waiver of all civil liability in connection with the
|
||||
Program, unless a warranty or assumption of liability accompanies a
|
||||
copy of the Program in return for a fee.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
How to Apply These Terms to Your New Programs
|
||||
|
||||
If you develop a new program, and you want it to be of the greatest
|
||||
possible use to the public, the best way to achieve this is to make it
|
||||
free software which everyone can redistribute and change under these terms.
|
||||
|
||||
To do so, attach the following notices to the program. It is safest
|
||||
to attach them to the start of each source file to most effectively
|
||||
state the exclusion of warranty; and each file should have at least
|
||||
the "copyright" line and a pointer to where the full notice is found.
|
||||
|
||||
<one line to give the program's name and a brief idea of what it does.>
|
||||
Copyright (C) <year> <name of author>
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
Also add information on how to contact you by electronic and paper mail.
|
||||
|
||||
If the program does terminal interaction, make it output a short
|
||||
notice like this when it starts in an interactive mode:
|
||||
|
||||
<program> Copyright (C) <year> <name of author>
|
||||
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||
This is free software, and you are welcome to redistribute it
|
||||
under certain conditions; type `show c' for details.
|
||||
|
||||
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||
parts of the General Public License. Of course, your program's commands
|
||||
might be different; for a GUI interface, you would use an "about box".
|
||||
|
||||
You should also get your employer (if you work as a programmer) or school,
|
||||
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
||||
For more information on this, and how to apply and follow the GNU GPL, see
|
||||
<http://www.gnu.org/licenses/>.
|
||||
|
||||
The GNU General Public License does not permit incorporating your program
|
||||
into proprietary programs. If your program is a subroutine library, you
|
||||
may consider it more useful to permit linking proprietary applications with
|
||||
the library. If this is what you want to do, use the GNU Lesser General
|
||||
Public License instead of this License. But first, please read
|
||||
<http://www.gnu.org/philosophy/why-not-lgpl.html>.
|
96
src/lib/pyelliptic/README.md
Normal file
96
src/lib/pyelliptic/README.md
Normal file
|
@ -0,0 +1,96 @@
|
|||
# PyElliptic
|
||||
|
||||
PyElliptic is a high level wrapper for the cryptographic library : OpenSSL.
|
||||
Under the GNU General Public License
|
||||
|
||||
Python3 compatible. For GNU/Linux and Windows.
|
||||
Require OpenSSL
|
||||
|
||||
## Version
|
||||
|
||||
The [upstream pyelliptic](https://github.com/yann2192/pyelliptic) has been
|
||||
deprecated by the author at 1.5.8 and ECC API has been removed.
|
||||
|
||||
This version is a fork of the pyelliptic extracted from the [BitMessage source
|
||||
tree](https://github.com/Bitmessage/PyBitmessage), and does contain the ECC
|
||||
API. To minimize confusion but to avoid renaming the module, major version has
|
||||
been bumped.
|
||||
|
||||
BitMessage is actively maintained, and this fork of pyelliptic will track and
|
||||
incorporate any changes to pyelliptic from BitMessage. Ideally, in the future,
|
||||
BitMessage would import this module as a dependency instead of maintaining a
|
||||
copy of the source in its repository.
|
||||
|
||||
The BitMessage fork forked from v1.3 of upstream pyelliptic. The commits in
|
||||
this repository are the commits extracted from the BitMessage repository and
|
||||
applied to pyelliptic v1.3 upstream repository (i.e. to the base of the fork),
|
||||
so history with athorship is preserved.
|
||||
|
||||
Some of the changes in upstream pyelliptic between 1.3 and 1.5.8 came from
|
||||
BitMessage, those changes are present in this fork. Other changes do not exist
|
||||
in this fork (they may be added in the future).
|
||||
|
||||
Also, a few minor changes exist in this fork but is not (yet) present in
|
||||
BitMessage source. See:
|
||||
|
||||
git log 1.3-PyBitmessage-37489cf7feff8d5047f24baa8f6d27f353a6d6ac..HEAD
|
||||
|
||||
## Features
|
||||
|
||||
### Asymmetric cryptography using Elliptic Curve Cryptography (ECC)
|
||||
|
||||
* Key agreement : ECDH
|
||||
* Digital signatures : ECDSA
|
||||
* Hybrid encryption : ECIES (like RSA)
|
||||
|
||||
### Symmetric cryptography
|
||||
|
||||
* AES-128 (CBC, OFB, CFB, CTR)
|
||||
* AES-256 (CBC, OFB, CFB, CTR)
|
||||
* Blowfish (CFB and CBC)
|
||||
* RC4
|
||||
|
||||
### Other
|
||||
|
||||
* CSPRNG
|
||||
* HMAC (using SHA512)
|
||||
* PBKDF2 (SHA256 and SHA512)
|
||||
|
||||
## Example
|
||||
|
||||
```python
|
||||
#!/usr/bin/python
|
||||
|
||||
import pyelliptic
|
||||
|
||||
# Symmetric encryption
|
||||
iv = pyelliptic.Cipher.gen_IV('aes-256-cfb')
|
||||
ctx = pyelliptic.Cipher("secretkey", iv, 1, ciphername='aes-256-cfb')
|
||||
|
||||
ciphertext = ctx.update('test1')
|
||||
ciphertext += ctx.update('test2')
|
||||
ciphertext += ctx.final()
|
||||
|
||||
ctx2 = pyelliptic.Cipher("secretkey", iv, 0, ciphername='aes-256-cfb')
|
||||
print ctx2.ciphering(ciphertext)
|
||||
|
||||
# Asymmetric encryption
|
||||
alice = pyelliptic.ECC() # default curve: sect283r1
|
||||
bob = pyelliptic.ECC(curve='sect571r1')
|
||||
|
||||
ciphertext = alice.encrypt("Hello Bob", bob.get_pubkey())
|
||||
print bob.decrypt(ciphertext)
|
||||
|
||||
signature = bob.sign("Hello Alice")
|
||||
# alice's job :
|
||||
print pyelliptic.ECC(pubkey=bob.get_pubkey()).verify(signature, "Hello Alice")
|
||||
|
||||
# ERROR !!!
|
||||
try:
|
||||
key = alice.get_ecdh_key(bob.get_pubkey())
|
||||
except: print("For ECDH key agreement, the keys must be defined on the same curve !")
|
||||
|
||||
alice = pyelliptic.ECC(curve='sect571r1')
|
||||
print alice.get_ecdh_key(bob.get_pubkey()).encode('hex')
|
||||
print bob.get_ecdh_key(alice.get_pubkey()).encode('hex')
|
||||
```
|
19
src/lib/pyelliptic/__init__.py
Normal file
19
src/lib/pyelliptic/__init__.py
Normal file
|
@ -0,0 +1,19 @@
|
|||
# Copyright (C) 2010
|
||||
# Author: Yann GUIBET
|
||||
# Contact: <yannguibet@gmail.com>
|
||||
|
||||
__version__ = '1.3'
|
||||
|
||||
__all__ = [
|
||||
'OpenSSL',
|
||||
'ECC',
|
||||
'Cipher',
|
||||
'hmac_sha256',
|
||||
'hmac_sha512',
|
||||
'pbkdf2'
|
||||
]
|
||||
|
||||
from .openssl import OpenSSL
|
||||
from .ecc import ECC
|
||||
from .cipher import Cipher
|
||||
from .hash import hmac_sha256, hmac_sha512, pbkdf2
|
144
src/lib/pyelliptic/arithmetic.py
Normal file
144
src/lib/pyelliptic/arithmetic.py
Normal file
|
@ -0,0 +1,144 @@
|
|||
# pylint: disable=missing-docstring,too-many-function-args
|
||||
|
||||
import hashlib
|
||||
import re
|
||||
|
||||
P = 2**256 - 2**32 - 2**9 - 2**8 - 2**7 - 2**6 - 2**4 - 1
|
||||
A = 0
|
||||
Gx = 55066263022277343669578718895168534326250603453777594175500187360389116729240
|
||||
Gy = 32670510020758816978083085130507043184471273380659243275938904335757337482424
|
||||
G = (Gx, Gy)
|
||||
|
||||
|
||||
def inv(a, n):
|
||||
lm, hm = 1, 0
|
||||
low, high = a % n, n
|
||||
while low > 1:
|
||||
r = high / low
|
||||
nm, new = hm - lm * r, high - low * r
|
||||
lm, low, hm, high = nm, new, lm, low
|
||||
return lm % n
|
||||
|
||||
|
||||
def get_code_string(base):
|
||||
if base == 2:
|
||||
return '01'
|
||||
elif base == 10:
|
||||
return '0123456789'
|
||||
elif base == 16:
|
||||
return "0123456789abcdef"
|
||||
elif base == 58:
|
||||
return "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
|
||||
elif base == 256:
|
||||
return ''.join([chr(x) for x in range(256)])
|
||||
else:
|
||||
raise ValueError("Invalid base!")
|
||||
|
||||
|
||||
def encode(val, base, minlen=0):
|
||||
code_string = get_code_string(base)
|
||||
result = ""
|
||||
while val > 0:
|
||||
result = code_string[val % base] + result
|
||||
val /= base
|
||||
if len(result) < minlen:
|
||||
result = code_string[0] * (minlen - len(result)) + result
|
||||
return result
|
||||
|
||||
|
||||
def decode(string, base):
|
||||
code_string = get_code_string(base)
|
||||
result = 0
|
||||
if base == 16:
|
||||
string = string.lower()
|
||||
while string:
|
||||
result *= base
|
||||
result += code_string.find(string[0])
|
||||
string = string[1:]
|
||||
return result
|
||||
|
||||
|
||||
def changebase(string, frm, to, minlen=0):
|
||||
return encode(decode(string, frm), to, minlen)
|
||||
|
||||
|
||||
def base10_add(a, b):
|
||||
if a is None:
|
||||
return b[0], b[1]
|
||||
if b is None:
|
||||
return a[0], a[1]
|
||||
if a[0] == b[0]:
|
||||
if a[1] == b[1]:
|
||||
return base10_double(a[0], a[1])
|
||||
return None
|
||||
m = ((b[1] - a[1]) * inv(b[0] - a[0], P)) % P
|
||||
x = (m * m - a[0] - b[0]) % P
|
||||
y = (m * (a[0] - x) - a[1]) % P
|
||||
return (x, y)
|
||||
|
||||
|
||||
def base10_double(a):
|
||||
if a is None:
|
||||
return None
|
||||
m = ((3 * a[0] * a[0] + A) * inv(2 * a[1], P)) % P
|
||||
x = (m * m - 2 * a[0]) % P
|
||||
y = (m * (a[0] - x) - a[1]) % P
|
||||
return (x, y)
|
||||
|
||||
|
||||
def base10_multiply(a, n):
|
||||
if n == 0:
|
||||
return G
|
||||
if n == 1:
|
||||
return a
|
||||
if (n % 2) == 0:
|
||||
return base10_double(base10_multiply(a, n / 2))
|
||||
if (n % 2) == 1:
|
||||
return base10_add(base10_double(base10_multiply(a, n / 2)), a)
|
||||
return None
|
||||
|
||||
|
||||
def hex_to_point(h):
|
||||
return (decode(h[2:66], 16), decode(h[66:], 16))
|
||||
|
||||
|
||||
def point_to_hex(p):
|
||||
return '04' + encode(p[0], 16, 64) + encode(p[1], 16, 64)
|
||||
|
||||
|
||||
def multiply(privkey, pubkey):
|
||||
return point_to_hex(base10_multiply(hex_to_point(pubkey), decode(privkey, 16)))
|
||||
|
||||
|
||||
def privtopub(privkey):
|
||||
return point_to_hex(base10_multiply(G, decode(privkey, 16)))
|
||||
|
||||
|
||||
def add(p1, p2):
|
||||
if len(p1) == 32:
|
||||
return encode(decode(p1, 16) + decode(p2, 16) % P, 16, 32)
|
||||
return point_to_hex(base10_add(hex_to_point(p1), hex_to_point(p2)))
|
||||
|
||||
|
||||
def hash_160(string):
|
||||
intermed = hashlib.sha256(string).digest()
|
||||
ripemd160 = hashlib.new('ripemd160')
|
||||
ripemd160.update(intermed)
|
||||
return ripemd160.digest()
|
||||
|
||||
|
||||
def dbl_sha256(string):
|
||||
return hashlib.sha256(hashlib.sha256(string).digest()).digest()
|
||||
|
||||
|
||||
def bin_to_b58check(inp):
|
||||
inp_fmtd = '\x00' + inp
|
||||
leadingzbytes = len(re.match('^\x00*', inp_fmtd).group(0))
|
||||
checksum = dbl_sha256(inp_fmtd)[:4]
|
||||
return '1' * leadingzbytes + changebase(inp_fmtd + checksum, 256, 58)
|
||||
|
||||
# Convert a public key (in hex) to a Bitcoin address
|
||||
|
||||
|
||||
def pubkey_to_address(pubkey):
|
||||
return bin_to_b58check(hash_160(changebase(pubkey, 16, 256)))
|
84
src/lib/pyelliptic/cipher.py
Normal file
84
src/lib/pyelliptic/cipher.py
Normal file
|
@ -0,0 +1,84 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright (C) 2011 Yann GUIBET <yannguibet@gmail.com>
|
||||
# See LICENSE for details.
|
||||
|
||||
from pyelliptic.openssl import OpenSSL
|
||||
|
||||
|
||||
class Cipher:
|
||||
"""
|
||||
Symmetric encryption
|
||||
|
||||
import pyelliptic
|
||||
iv = pyelliptic.Cipher.gen_IV('aes-256-cfb')
|
||||
ctx = pyelliptic.Cipher("secretkey", iv, 1, ciphername='aes-256-cfb')
|
||||
ciphertext = ctx.update('test1')
|
||||
ciphertext += ctx.update('test2')
|
||||
ciphertext += ctx.final()
|
||||
|
||||
ctx2 = pyelliptic.Cipher("secretkey", iv, 0, ciphername='aes-256-cfb')
|
||||
print ctx2.ciphering(ciphertext)
|
||||
"""
|
||||
def __init__(self, key, iv, do, ciphername='aes-256-cbc'):
|
||||
"""
|
||||
do == 1 => Encrypt; do == 0 => Decrypt
|
||||
"""
|
||||
self.cipher = OpenSSL.get_cipher(ciphername)
|
||||
self.ctx = OpenSSL.EVP_CIPHER_CTX_new()
|
||||
if do == 1 or do == 0:
|
||||
k = OpenSSL.malloc(key, len(key))
|
||||
IV = OpenSSL.malloc(iv, len(iv))
|
||||
OpenSSL.EVP_CipherInit_ex(
|
||||
self.ctx, self.cipher.get_pointer(), 0, k, IV, do)
|
||||
else:
|
||||
raise Exception("RTFM ...")
|
||||
|
||||
@staticmethod
|
||||
def get_all_cipher():
|
||||
"""
|
||||
static method, returns all ciphers available
|
||||
"""
|
||||
return OpenSSL.cipher_algo.keys()
|
||||
|
||||
@staticmethod
|
||||
def get_blocksize(ciphername):
|
||||
cipher = OpenSSL.get_cipher(ciphername)
|
||||
return cipher.get_blocksize()
|
||||
|
||||
@staticmethod
|
||||
def gen_IV(ciphername):
|
||||
cipher = OpenSSL.get_cipher(ciphername)
|
||||
return OpenSSL.rand(cipher.get_blocksize())
|
||||
|
||||
def update(self, input):
|
||||
i = OpenSSL.c_int(0)
|
||||
buffer = OpenSSL.malloc(b"", len(input) + self.cipher.get_blocksize())
|
||||
inp = OpenSSL.malloc(input, len(input))
|
||||
if OpenSSL.EVP_CipherUpdate(self.ctx, OpenSSL.byref(buffer),
|
||||
OpenSSL.byref(i), inp, len(input)) == 0:
|
||||
raise Exception("[OpenSSL] EVP_CipherUpdate FAIL ...")
|
||||
return buffer.raw[0:i.value]
|
||||
|
||||
def final(self):
|
||||
i = OpenSSL.c_int(0)
|
||||
buffer = OpenSSL.malloc(b"", self.cipher.get_blocksize())
|
||||
if (OpenSSL.EVP_CipherFinal_ex(self.ctx, OpenSSL.byref(buffer),
|
||||
OpenSSL.byref(i))) == 0:
|
||||
raise Exception("[OpenSSL] EVP_CipherFinal_ex FAIL ...")
|
||||
return buffer.raw[0:i.value]
|
||||
|
||||
def ciphering(self, input):
|
||||
"""
|
||||
Do update and final in one method
|
||||
"""
|
||||
buff = self.update(input)
|
||||
return buff + self.final()
|
||||
|
||||
def __del__(self):
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_CIPHER_CTX_reset(self.ctx)
|
||||
else:
|
||||
OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx)
|
||||
OpenSSL.EVP_CIPHER_CTX_free(self.ctx)
|
505
src/lib/pyelliptic/ecc.py
Normal file
505
src/lib/pyelliptic/ecc.py
Normal file
|
@ -0,0 +1,505 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
"""
|
||||
pyelliptic/ecc.py
|
||||
=====================
|
||||
"""
|
||||
# pylint: disable=protected-access
|
||||
|
||||
# Copyright (C) 2011 Yann GUIBET <yannguibet@gmail.com>
|
||||
# See LICENSE for details.
|
||||
|
||||
from hashlib import sha512
|
||||
from struct import pack, unpack
|
||||
|
||||
from pyelliptic.cipher import Cipher
|
||||
from pyelliptic.hash import equals, hmac_sha256
|
||||
from pyelliptic.openssl import OpenSSL
|
||||
|
||||
|
||||
class ECC(object):
|
||||
"""
|
||||
Asymmetric encryption with Elliptic Curve Cryptography (ECC)
|
||||
ECDH, ECDSA and ECIES
|
||||
|
||||
>>> import pyelliptic
|
||||
|
||||
>>> alice = pyelliptic.ECC() # default curve: sect283r1
|
||||
>>> bob = pyelliptic.ECC(curve='sect571r1')
|
||||
|
||||
>>> ciphertext = alice.encrypt("Hello Bob", bob.get_pubkey())
|
||||
>>> print bob.decrypt(ciphertext)
|
||||
|
||||
>>> signature = bob.sign("Hello Alice")
|
||||
>>> # alice's job :
|
||||
>>> print pyelliptic.ECC(
|
||||
>>> pubkey=bob.get_pubkey()).verify(signature, "Hello Alice")
|
||||
|
||||
>>> # ERROR !!!
|
||||
>>> try:
|
||||
>>> key = alice.get_ecdh_key(bob.get_pubkey())
|
||||
>>> except:
|
||||
>>> print("For ECDH key agreement, the keys must be defined on the same curve !")
|
||||
|
||||
>>> alice = pyelliptic.ECC(curve='sect571r1')
|
||||
>>> print alice.get_ecdh_key(bob.get_pubkey()).encode('hex')
|
||||
>>> print bob.get_ecdh_key(alice.get_pubkey()).encode('hex')
|
||||
|
||||
"""
|
||||
|
||||
def __init__(
|
||||
self,
|
||||
pubkey=None,
|
||||
privkey=None,
|
||||
pubkey_x=None,
|
||||
pubkey_y=None,
|
||||
raw_privkey=None,
|
||||
curve='sect283r1',
|
||||
): # pylint: disable=too-many-arguments
|
||||
"""
|
||||
For a normal and High level use, specifie pubkey,
|
||||
privkey (if you need) and the curve
|
||||
"""
|
||||
if isinstance(curve, str):
|
||||
self.curve = OpenSSL.get_curve(curve)
|
||||
else:
|
||||
self.curve = curve
|
||||
|
||||
if pubkey_x is not None and pubkey_y is not None:
|
||||
self._set_keys(pubkey_x, pubkey_y, raw_privkey)
|
||||
elif pubkey is not None:
|
||||
curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
|
||||
if privkey is not None:
|
||||
curve2, raw_privkey, _ = ECC._decode_privkey(privkey)
|
||||
if curve != curve2:
|
||||
raise Exception("Bad ECC keys ...")
|
||||
self.curve = curve
|
||||
self._set_keys(pubkey_x, pubkey_y, raw_privkey)
|
||||
else:
|
||||
self.privkey, self.pubkey_x, self.pubkey_y = self._generate()
|
||||
|
||||
def _set_keys(self, pubkey_x, pubkey_y, privkey):
|
||||
if self.raw_check_key(privkey, pubkey_x, pubkey_y) < 0:
|
||||
self.pubkey_x = None
|
||||
self.pubkey_y = None
|
||||
self.privkey = None
|
||||
raise Exception("Bad ECC keys ...")
|
||||
else:
|
||||
self.pubkey_x = pubkey_x
|
||||
self.pubkey_y = pubkey_y
|
||||
self.privkey = privkey
|
||||
|
||||
@staticmethod
|
||||
def get_curves():
|
||||
"""
|
||||
static method, returns the list of all the curves available
|
||||
"""
|
||||
return OpenSSL.curves.keys()
|
||||
|
||||
def get_curve(self):
|
||||
"""Encryption object from curve name"""
|
||||
return OpenSSL.get_curve_by_id(self.curve)
|
||||
|
||||
def get_curve_id(self):
|
||||
"""Currently used curve"""
|
||||
return self.curve
|
||||
|
||||
def get_pubkey(self):
|
||||
"""
|
||||
High level function which returns :
|
||||
curve(2) + len_of_pubkeyX(2) + pubkeyX + len_of_pubkeyY + pubkeyY
|
||||
"""
|
||||
return b''.join((
|
||||
pack('!H', self.curve),
|
||||
pack('!H', len(self.pubkey_x)),
|
||||
self.pubkey_x,
|
||||
pack('!H', len(self.pubkey_y)),
|
||||
self.pubkey_y,
|
||||
))
|
||||
|
||||
def get_privkey(self):
|
||||
"""
|
||||
High level function which returns
|
||||
curve(2) + len_of_privkey(2) + privkey
|
||||
"""
|
||||
return b''.join((
|
||||
pack('!H', self.curve),
|
||||
pack('!H', len(self.privkey)),
|
||||
self.privkey,
|
||||
))
|
||||
|
||||
@staticmethod
|
||||
def _decode_pubkey(pubkey):
|
||||
i = 0
|
||||
curve = unpack('!H', pubkey[i:i + 2])[0]
|
||||
i += 2
|
||||
tmplen = unpack('!H', pubkey[i:i + 2])[0]
|
||||
i += 2
|
||||
pubkey_x = pubkey[i:i + tmplen]
|
||||
i += tmplen
|
||||
tmplen = unpack('!H', pubkey[i:i + 2])[0]
|
||||
i += 2
|
||||
pubkey_y = pubkey[i:i + tmplen]
|
||||
i += tmplen
|
||||
return curve, pubkey_x, pubkey_y, i
|
||||
|
||||
@staticmethod
|
||||
def _decode_privkey(privkey):
|
||||
i = 0
|
||||
curve = unpack('!H', privkey[i:i + 2])[0]
|
||||
i += 2
|
||||
tmplen = unpack('!H', privkey[i:i + 2])[0]
|
||||
i += 2
|
||||
privkey = privkey[i:i + tmplen]
|
||||
i += tmplen
|
||||
return curve, privkey, i
|
||||
|
||||
def _generate(self):
|
||||
try:
|
||||
pub_key_x = OpenSSL.BN_new()
|
||||
pub_key_y = OpenSSL.BN_new()
|
||||
|
||||
key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
|
||||
if key == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
|
||||
if (OpenSSL.EC_KEY_generate_key(key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ...")
|
||||
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
||||
priv_key = OpenSSL.EC_KEY_get0_private_key(key)
|
||||
|
||||
group = OpenSSL.EC_KEY_get0_group(key)
|
||||
pub_key = OpenSSL.EC_KEY_get0_public_key(key)
|
||||
|
||||
if OpenSSL.EC_POINT_get_affine_coordinates_GFp(
|
||||
group, pub_key, pub_key_x, pub_key_y, 0) == 0:
|
||||
raise Exception("[OpenSSL] EC_POINT_get_affine_coordinates_GFp FAIL ...")
|
||||
|
||||
privkey = OpenSSL.malloc(0, OpenSSL.BN_num_bytes(priv_key))
|
||||
pubkeyx = OpenSSL.malloc(0, OpenSSL.BN_num_bytes(pub_key_x))
|
||||
pubkeyy = OpenSSL.malloc(0, OpenSSL.BN_num_bytes(pub_key_y))
|
||||
OpenSSL.BN_bn2bin(priv_key, privkey)
|
||||
privkey = privkey.raw
|
||||
OpenSSL.BN_bn2bin(pub_key_x, pubkeyx)
|
||||
pubkeyx = pubkeyx.raw
|
||||
OpenSSL.BN_bn2bin(pub_key_y, pubkeyy)
|
||||
pubkeyy = pubkeyy.raw
|
||||
self.raw_check_key(privkey, pubkeyx, pubkeyy)
|
||||
|
||||
return privkey, pubkeyx, pubkeyy
|
||||
|
||||
finally:
|
||||
OpenSSL.EC_KEY_free(key)
|
||||
OpenSSL.BN_free(pub_key_x)
|
||||
OpenSSL.BN_free(pub_key_y)
|
||||
|
||||
def get_ecdh_key(self, pubkey):
|
||||
"""
|
||||
High level function. Compute public key with the local private key
|
||||
and returns a 512bits shared key
|
||||
"""
|
||||
curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
|
||||
if curve != self.curve:
|
||||
raise Exception("ECC keys must be from the same curve !")
|
||||
return sha512(self.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
|
||||
|
||||
def raw_get_ecdh_key(self, pubkey_x, pubkey_y):
|
||||
"""ECDH key as binary data"""
|
||||
try:
|
||||
ecdh_keybuffer = OpenSSL.malloc(0, 32)
|
||||
|
||||
other_key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
|
||||
if other_key == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
|
||||
|
||||
other_pub_key_x = OpenSSL.BN_bin2bn(pubkey_x, len(pubkey_x), 0)
|
||||
other_pub_key_y = OpenSSL.BN_bin2bn(pubkey_y, len(pubkey_y), 0)
|
||||
|
||||
other_group = OpenSSL.EC_KEY_get0_group(other_key)
|
||||
other_pub_key = OpenSSL.EC_POINT_new(other_group)
|
||||
|
||||
if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(other_group,
|
||||
other_pub_key,
|
||||
other_pub_key_x,
|
||||
other_pub_key_y,
|
||||
0)) == 0:
|
||||
raise Exception(
|
||||
"[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
|
||||
if (OpenSSL.EC_KEY_set_public_key(other_key, other_pub_key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
|
||||
if (OpenSSL.EC_KEY_check_key(other_key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
||||
|
||||
own_key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
|
||||
if own_key == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
|
||||
own_priv_key = OpenSSL.BN_bin2bn(
|
||||
self.privkey, len(self.privkey), 0)
|
||||
|
||||
if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
|
||||
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EC_KEY_set_method(own_key, OpenSSL.EC_KEY_OpenSSL())
|
||||
else:
|
||||
OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL())
|
||||
ecdh_keylen = OpenSSL.ECDH_compute_key(
|
||||
ecdh_keybuffer, 32, other_pub_key, own_key, 0)
|
||||
|
||||
if ecdh_keylen != 32:
|
||||
raise Exception("[OpenSSL] ECDH keylen FAIL ...")
|
||||
|
||||
return ecdh_keybuffer.raw
|
||||
|
||||
finally:
|
||||
OpenSSL.EC_KEY_free(other_key)
|
||||
OpenSSL.BN_free(other_pub_key_x)
|
||||
OpenSSL.BN_free(other_pub_key_y)
|
||||
OpenSSL.EC_POINT_free(other_pub_key)
|
||||
OpenSSL.EC_KEY_free(own_key)
|
||||
OpenSSL.BN_free(own_priv_key)
|
||||
|
||||
def check_key(self, privkey, pubkey):
|
||||
"""
|
||||
Check the public key and the private key.
|
||||
The private key is optional (replace by None)
|
||||
"""
|
||||
curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
|
||||
if privkey is None:
|
||||
raw_privkey = None
|
||||
curve2 = curve
|
||||
else:
|
||||
curve2, raw_privkey, _ = ECC._decode_privkey(privkey)
|
||||
if curve != curve2:
|
||||
raise Exception("Bad public and private key")
|
||||
return self.raw_check_key(raw_privkey, pubkey_x, pubkey_y, curve)
|
||||
|
||||
def raw_check_key(self, privkey, pubkey_x, pubkey_y, curve=None):
|
||||
"""Check key validity, key is supplied as binary data"""
|
||||
# pylint: disable=too-many-branches
|
||||
if curve is None:
|
||||
curve = self.curve
|
||||
elif isinstance(curve, str):
|
||||
curve = OpenSSL.get_curve(curve)
|
||||
else:
|
||||
curve = curve
|
||||
try:
|
||||
key = OpenSSL.EC_KEY_new_by_curve_name(curve)
|
||||
if key == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
|
||||
if privkey is not None:
|
||||
priv_key = OpenSSL.BN_bin2bn(privkey, len(privkey), 0)
|
||||
pub_key_x = OpenSSL.BN_bin2bn(pubkey_x, len(pubkey_x), 0)
|
||||
pub_key_y = OpenSSL.BN_bin2bn(pubkey_y, len(pubkey_y), 0)
|
||||
|
||||
if privkey is not None:
|
||||
if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0:
|
||||
raise Exception(
|
||||
"[OpenSSL] EC_KEY_set_private_key FAIL ...")
|
||||
|
||||
group = OpenSSL.EC_KEY_get0_group(key)
|
||||
pub_key = OpenSSL.EC_POINT_new(group)
|
||||
|
||||
if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
|
||||
pub_key_x,
|
||||
pub_key_y,
|
||||
0)) == 0:
|
||||
raise Exception(
|
||||
"[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
|
||||
if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
|
||||
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
||||
return 0
|
||||
|
||||
finally:
|
||||
OpenSSL.EC_KEY_free(key)
|
||||
OpenSSL.BN_free(pub_key_x)
|
||||
OpenSSL.BN_free(pub_key_y)
|
||||
OpenSSL.EC_POINT_free(pub_key)
|
||||
if privkey is not None:
|
||||
OpenSSL.BN_free(priv_key)
|
||||
|
||||
def sign(self, inputb, digest_alg=OpenSSL.digest_ecdsa_sha1):
|
||||
"""
|
||||
Sign the input with ECDSA method and returns the signature
|
||||
"""
|
||||
# pylint: disable=too-many-branches,too-many-locals
|
||||
try:
|
||||
size = len(inputb)
|
||||
buff = OpenSSL.malloc(inputb, size)
|
||||
digest = OpenSSL.malloc(0, 64)
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
md_ctx = OpenSSL.EVP_MD_CTX_new()
|
||||
else:
|
||||
md_ctx = OpenSSL.EVP_MD_CTX_create()
|
||||
dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
|
||||
siglen = OpenSSL.pointer(OpenSSL.c_int(0))
|
||||
sig = OpenSSL.malloc(0, 151)
|
||||
|
||||
key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
|
||||
if key == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
|
||||
|
||||
priv_key = OpenSSL.BN_bin2bn(self.privkey, len(self.privkey), 0)
|
||||
pub_key_x = OpenSSL.BN_bin2bn(self.pubkey_x, len(self.pubkey_x), 0)
|
||||
pub_key_y = OpenSSL.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), 0)
|
||||
|
||||
if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
|
||||
|
||||
group = OpenSSL.EC_KEY_get0_group(key)
|
||||
pub_key = OpenSSL.EC_POINT_new(group)
|
||||
|
||||
if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
|
||||
pub_key_x,
|
||||
pub_key_y,
|
||||
0)) == 0:
|
||||
raise Exception(
|
||||
"[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
|
||||
if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
|
||||
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
||||
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_MD_CTX_new(md_ctx)
|
||||
else:
|
||||
OpenSSL.EVP_MD_CTX_init(md_ctx)
|
||||
OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
|
||||
|
||||
if (OpenSSL.EVP_DigestUpdate(md_ctx, buff, size)) == 0:
|
||||
raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
|
||||
OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
|
||||
OpenSSL.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key)
|
||||
if (OpenSSL.ECDSA_verify(0, digest, dgst_len.contents, sig,
|
||||
siglen.contents, key)) != 1:
|
||||
raise Exception("[OpenSSL] ECDSA_verify FAIL ...")
|
||||
|
||||
return sig.raw[:siglen.contents.value]
|
||||
|
||||
finally:
|
||||
OpenSSL.EC_KEY_free(key)
|
||||
OpenSSL.BN_free(pub_key_x)
|
||||
OpenSSL.BN_free(pub_key_y)
|
||||
OpenSSL.BN_free(priv_key)
|
||||
OpenSSL.EC_POINT_free(pub_key)
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_MD_CTX_free(md_ctx)
|
||||
else:
|
||||
OpenSSL.EVP_MD_CTX_destroy(md_ctx)
|
||||
|
||||
def verify(self, sig, inputb, digest_alg=OpenSSL.digest_ecdsa_sha1):
|
||||
"""
|
||||
Verify the signature with the input and the local public key.
|
||||
Returns a boolean
|
||||
"""
|
||||
# pylint: disable=too-many-branches
|
||||
try:
|
||||
bsig = OpenSSL.malloc(sig, len(sig))
|
||||
binputb = OpenSSL.malloc(inputb, len(inputb))
|
||||
digest = OpenSSL.malloc(0, 64)
|
||||
dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
md_ctx = OpenSSL.EVP_MD_CTX_new()
|
||||
else:
|
||||
md_ctx = OpenSSL.EVP_MD_CTX_create()
|
||||
key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
|
||||
|
||||
if key == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
|
||||
|
||||
pub_key_x = OpenSSL.BN_bin2bn(self.pubkey_x, len(self.pubkey_x), 0)
|
||||
pub_key_y = OpenSSL.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), 0)
|
||||
group = OpenSSL.EC_KEY_get0_group(key)
|
||||
pub_key = OpenSSL.EC_POINT_new(group)
|
||||
|
||||
if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
|
||||
pub_key_x,
|
||||
pub_key_y,
|
||||
0)) == 0:
|
||||
raise Exception(
|
||||
"[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
|
||||
if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
|
||||
if (OpenSSL.EC_KEY_check_key(key)) == 0:
|
||||
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_MD_CTX_new(md_ctx)
|
||||
else:
|
||||
OpenSSL.EVP_MD_CTX_init(md_ctx)
|
||||
OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
|
||||
if (OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb))) == 0:
|
||||
raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
|
||||
|
||||
OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
|
||||
ret = OpenSSL.ECDSA_verify(
|
||||
0, digest, dgst_len.contents, bsig, len(sig), key)
|
||||
|
||||
if ret == -1:
|
||||
return False # Fail to Check
|
||||
if ret == 0:
|
||||
return False # Bad signature !
|
||||
return True # Good
|
||||
|
||||
finally:
|
||||
OpenSSL.EC_KEY_free(key)
|
||||
OpenSSL.BN_free(pub_key_x)
|
||||
OpenSSL.BN_free(pub_key_y)
|
||||
OpenSSL.EC_POINT_free(pub_key)
|
||||
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
|
||||
OpenSSL.EVP_MD_CTX_free(md_ctx)
|
||||
else:
|
||||
OpenSSL.EVP_MD_CTX_destroy(md_ctx)
|
||||
|
||||
@staticmethod
|
||||
def encrypt(data, pubkey, ephemcurve=None, ciphername='aes-256-cbc'):
|
||||
"""
|
||||
Encrypt data with ECIES method using the public key of the recipient.
|
||||
"""
|
||||
curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
|
||||
return ECC.raw_encrypt(data, pubkey_x, pubkey_y, curve=curve,
|
||||
ephemcurve=ephemcurve, ciphername=ciphername)
|
||||
|
||||
@staticmethod
|
||||
def raw_encrypt(
|
||||
data,
|
||||
pubkey_x,
|
||||
pubkey_y,
|
||||
curve='sect283r1',
|
||||
ephemcurve=None,
|
||||
ciphername='aes-256-cbc',
|
||||
): # pylint: disable=too-many-arguments
|
||||
"""ECHD encryption, keys supplied in binary data format"""
|
||||
|
||||
if ephemcurve is None:
|
||||
ephemcurve = curve
|
||||
ephem = ECC(curve=ephemcurve)
|
||||
key = sha512(ephem.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
|
||||
key_e, key_m = key[:32], key[32:]
|
||||
pubkey = ephem.get_pubkey()
|
||||
iv = OpenSSL.rand(OpenSSL.get_cipher(ciphername).get_blocksize())
|
||||
ctx = Cipher(key_e, iv, 1, ciphername)
|
||||
ciphertext = iv + pubkey + ctx.ciphering(data)
|
||||
mac = hmac_sha256(key_m, ciphertext)
|
||||
return ciphertext + mac
|
||||
|
||||
def decrypt(self, data, ciphername='aes-256-cbc'):
|
||||
"""
|
||||
Decrypt data with ECIES method using the local private key
|
||||
"""
|
||||
# pylint: disable=too-many-locals
|
||||
blocksize = OpenSSL.get_cipher(ciphername).get_blocksize()
|
||||
iv = data[:blocksize]
|
||||
i = blocksize
|
||||
_, pubkey_x, pubkey_y, i2 = ECC._decode_pubkey(data[i:])
|
||||
i += i2
|
||||
ciphertext = data[i:len(data) - 32]
|
||||
i += len(ciphertext)
|
||||
mac = data[i:]
|
||||
key = sha512(self.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
|
||||
key_e, key_m = key[:32], key[32:]
|
||||
if not equals(hmac_sha256(key_m, data[:len(data) - 32]), mac):
|
||||
raise RuntimeError("Fail to verify data")
|
||||
ctx = Cipher(key_e, iv, 0, ciphername)
|
||||
return ctx.ciphering(ciphertext)
|
69
src/lib/pyelliptic/hash.py
Normal file
69
src/lib/pyelliptic/hash.py
Normal file
|
@ -0,0 +1,69 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright (C) 2011 Yann GUIBET <yannguibet@gmail.com>
|
||||
# See LICENSE for details.
|
||||
|
||||
from pyelliptic.openssl import OpenSSL
|
||||
|
||||
|
||||
# For python3
|
||||
def _equals_bytes(a, b):
|
||||
if len(a) != len(b):
|
||||
return False
|
||||
result = 0
|
||||
for x, y in zip(a, b):
|
||||
result |= x ^ y
|
||||
return result == 0
|
||||
|
||||
|
||||
def _equals_str(a, b):
|
||||
if len(a) != len(b):
|
||||
return False
|
||||
result = 0
|
||||
for x, y in zip(a, b):
|
||||
result |= ord(x) ^ ord(y)
|
||||
return result == 0
|
||||
|
||||
|
||||
def equals(a, b):
|
||||
if isinstance(a, str):
|
||||
return _equals_str(a, b)
|
||||
else:
|
||||
return _equals_bytes(a, b)
|
||||
|
||||
|
||||
def hmac_sha256(k, m):
|
||||
"""
|
||||
Compute the key and the message with HMAC SHA5256
|
||||
"""
|
||||
key = OpenSSL.malloc(k, len(k))
|
||||
d = OpenSSL.malloc(m, len(m))
|
||||
md = OpenSSL.malloc(0, 32)
|
||||
i = OpenSSL.pointer(OpenSSL.c_int(0))
|
||||
OpenSSL.HMAC(OpenSSL.EVP_sha256(), key, len(k), d, len(m), md, i)
|
||||
return md.raw
|
||||
|
||||
|
||||
def hmac_sha512(k, m):
|
||||
"""
|
||||
Compute the key and the message with HMAC SHA512
|
||||
"""
|
||||
key = OpenSSL.malloc(k, len(k))
|
||||
d = OpenSSL.malloc(m, len(m))
|
||||
md = OpenSSL.malloc(0, 64)
|
||||
i = OpenSSL.pointer(OpenSSL.c_int(0))
|
||||
OpenSSL.HMAC(OpenSSL.EVP_sha512(), key, len(k), d, len(m), md, i)
|
||||
return md.raw
|
||||
|
||||
|
||||
def pbkdf2(password, salt=None, i=10000, keylen=64):
|
||||
if salt is None:
|
||||
salt = OpenSSL.rand(8)
|
||||
p_password = OpenSSL.malloc(password, len(password))
|
||||
p_salt = OpenSSL.malloc(salt, len(salt))
|
||||
output = OpenSSL.malloc(0, keylen)
|
||||
OpenSSL.PKCS5_PBKDF2_HMAC(p_password, len(password), p_salt,
|
||||
len(p_salt), i, OpenSSL.EVP_sha256(),
|
||||
keylen, output)
|
||||
return salt, output.raw
|
551
src/lib/pyelliptic/openssl.py
Normal file
551
src/lib/pyelliptic/openssl.py
Normal file
|
@ -0,0 +1,551 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright (C) 2011 Yann GUIBET <yannguibet@gmail.com>
|
||||
# See LICENSE for details.
|
||||
#
|
||||
# Software slightly changed by Jonathan Warren <bitmessage at-symbol jonwarren.org>
|
||||
|
||||
import sys
|
||||
import ctypes
|
||||
|
||||
OpenSSL = None
|
||||
|
||||
|
||||
class CipherName:
|
||||
def __init__(self, name, pointer, blocksize):
|
||||
self._name = name
|
||||
self._pointer = pointer
|
||||
self._blocksize = blocksize
|
||||
|
||||
def __str__(self):
|
||||
return "Cipher : " + self._name + " | Blocksize : " + str(self._blocksize) + " | Fonction pointer : " + str(self._pointer)
|
||||
|
||||
def get_pointer(self):
|
||||
return self._pointer()
|
||||
|
||||
def get_name(self):
|
||||
return self._name
|
||||
|
||||
def get_blocksize(self):
|
||||
return self._blocksize
|
||||
|
||||
|
||||
def get_version(library):
|
||||
version = None
|
||||
hexversion = None
|
||||
cflags = None
|
||||
try:
|
||||
#OpenSSL 1.1
|
||||
OPENSSL_VERSION = 0
|
||||
OPENSSL_CFLAGS = 1
|
||||
library.OpenSSL_version.argtypes = [ctypes.c_int]
|
||||
library.OpenSSL_version.restype = ctypes.c_char_p
|
||||
version = library.OpenSSL_version(OPENSSL_VERSION)
|
||||
cflags = library.OpenSSL_version(OPENSSL_CFLAGS)
|
||||
library.OpenSSL_version_num.restype = ctypes.c_long
|
||||
hexversion = library.OpenSSL_version_num()
|
||||
except AttributeError:
|
||||
try:
|
||||
#OpenSSL 1.0
|
||||
SSLEAY_VERSION = 0
|
||||
SSLEAY_CFLAGS = 2
|
||||
library.SSLeay.restype = ctypes.c_long
|
||||
library.SSLeay_version.restype = ctypes.c_char_p
|
||||
library.SSLeay_version.argtypes = [ctypes.c_int]
|
||||
version = library.SSLeay_version(SSLEAY_VERSION)
|
||||
cflags = library.SSLeay_version(SSLEAY_CFLAGS)
|
||||
hexversion = library.SSLeay()
|
||||
except AttributeError:
|
||||
#raise NotImplementedError('Cannot determine version of this OpenSSL library.')
|
||||
pass
|
||||
return (version, hexversion, cflags)
|
||||
|
||||
|
||||
class _OpenSSL:
|
||||
"""
|
||||
Wrapper for OpenSSL using ctypes
|
||||
"""
|
||||
def __init__(self, library):
|
||||
"""
|
||||
Build the wrapper
|
||||
"""
|
||||
self._lib = ctypes.CDLL(library)
|
||||
self._version, self._hexversion, self._cflags = get_version(self._lib)
|
||||
self._libreSSL = self._version.startswith(b"LibreSSL")
|
||||
|
||||
self.pointer = ctypes.pointer
|
||||
self.c_int = ctypes.c_int
|
||||
self.byref = ctypes.byref
|
||||
self.create_string_buffer = ctypes.create_string_buffer
|
||||
|
||||
self.BN_new = self._lib.BN_new
|
||||
self.BN_new.restype = ctypes.c_void_p
|
||||
self.BN_new.argtypes = []
|
||||
|
||||
self.BN_free = self._lib.BN_free
|
||||
self.BN_free.restype = None
|
||||
self.BN_free.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.BN_num_bits = self._lib.BN_num_bits
|
||||
self.BN_num_bits.restype = ctypes.c_int
|
||||
self.BN_num_bits.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.BN_bn2bin = self._lib.BN_bn2bin
|
||||
self.BN_bn2bin.restype = ctypes.c_int
|
||||
self.BN_bn2bin.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.BN_bin2bn = self._lib.BN_bin2bn
|
||||
self.BN_bin2bn.restype = ctypes.c_void_p
|
||||
self.BN_bin2bn.argtypes = [ctypes.c_void_p, ctypes.c_int,
|
||||
ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_free = self._lib.EC_KEY_free
|
||||
self.EC_KEY_free.restype = None
|
||||
self.EC_KEY_free.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_new_by_curve_name = self._lib.EC_KEY_new_by_curve_name
|
||||
self.EC_KEY_new_by_curve_name.restype = ctypes.c_void_p
|
||||
self.EC_KEY_new_by_curve_name.argtypes = [ctypes.c_int]
|
||||
|
||||
self.EC_KEY_generate_key = self._lib.EC_KEY_generate_key
|
||||
self.EC_KEY_generate_key.restype = ctypes.c_int
|
||||
self.EC_KEY_generate_key.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_check_key = self._lib.EC_KEY_check_key
|
||||
self.EC_KEY_check_key.restype = ctypes.c_int
|
||||
self.EC_KEY_check_key.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_get0_private_key = self._lib.EC_KEY_get0_private_key
|
||||
self.EC_KEY_get0_private_key.restype = ctypes.c_void_p
|
||||
self.EC_KEY_get0_private_key.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_get0_public_key = self._lib.EC_KEY_get0_public_key
|
||||
self.EC_KEY_get0_public_key.restype = ctypes.c_void_p
|
||||
self.EC_KEY_get0_public_key.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_get0_group = self._lib.EC_KEY_get0_group
|
||||
self.EC_KEY_get0_group.restype = ctypes.c_void_p
|
||||
self.EC_KEY_get0_group.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EC_POINT_get_affine_coordinates_GFp = self._lib.EC_POINT_get_affine_coordinates_GFp
|
||||
self.EC_POINT_get_affine_coordinates_GFp.restype = ctypes.c_int
|
||||
self.EC_POINT_get_affine_coordinates_GFp.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_set_private_key = self._lib.EC_KEY_set_private_key
|
||||
self.EC_KEY_set_private_key.restype = ctypes.c_int
|
||||
self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_set_public_key = self._lib.EC_KEY_set_public_key
|
||||
self.EC_KEY_set_public_key.restype = ctypes.c_int
|
||||
self.EC_KEY_set_public_key.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_set_group = self._lib.EC_KEY_set_group
|
||||
self.EC_KEY_set_group.restype = ctypes.c_int
|
||||
self.EC_KEY_set_group.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EC_POINT_set_affine_coordinates_GFp = self._lib.EC_POINT_set_affine_coordinates_GFp
|
||||
self.EC_POINT_set_affine_coordinates_GFp.restype = ctypes.c_int
|
||||
self.EC_POINT_set_affine_coordinates_GFp.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EC_POINT_new = self._lib.EC_POINT_new
|
||||
self.EC_POINT_new.restype = ctypes.c_void_p
|
||||
self.EC_POINT_new.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EC_POINT_free = self._lib.EC_POINT_free
|
||||
self.EC_POINT_free.restype = None
|
||||
self.EC_POINT_free.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.BN_CTX_free = self._lib.BN_CTX_free
|
||||
self.BN_CTX_free.restype = None
|
||||
self.BN_CTX_free.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EC_POINT_mul = self._lib.EC_POINT_mul
|
||||
self.EC_POINT_mul.restype = ctypes.c_int
|
||||
self.EC_POINT_mul.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EC_KEY_set_private_key = self._lib.EC_KEY_set_private_key
|
||||
self.EC_KEY_set_private_key.restype = ctypes.c_int
|
||||
self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p]
|
||||
|
||||
if self._hexversion >= 0x10100000 and not self._libreSSL:
|
||||
self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL
|
||||
self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p
|
||||
self._lib.EC_KEY_OpenSSL.argtypes = []
|
||||
|
||||
self.EC_KEY_set_method = self._lib.EC_KEY_set_method
|
||||
self._lib.EC_KEY_set_method.restype = ctypes.c_int
|
||||
self._lib.EC_KEY_set_method.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
|
||||
else:
|
||||
self.ECDH_OpenSSL = self._lib.ECDH_OpenSSL
|
||||
self._lib.ECDH_OpenSSL.restype = ctypes.c_void_p
|
||||
self._lib.ECDH_OpenSSL.argtypes = []
|
||||
|
||||
self.ECDH_set_method = self._lib.ECDH_set_method
|
||||
self._lib.ECDH_set_method.restype = ctypes.c_int
|
||||
self._lib.ECDH_set_method.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.BN_CTX_new = self._lib.BN_CTX_new
|
||||
self._lib.BN_CTX_new.restype = ctypes.c_void_p
|
||||
self._lib.BN_CTX_new.argtypes = []
|
||||
|
||||
self.ECDH_compute_key = self._lib.ECDH_compute_key
|
||||
self.ECDH_compute_key.restype = ctypes.c_int
|
||||
self.ECDH_compute_key.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EVP_CipherInit_ex = self._lib.EVP_CipherInit_ex
|
||||
self.EVP_CipherInit_ex.restype = ctypes.c_int
|
||||
self.EVP_CipherInit_ex.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EVP_CIPHER_CTX_new = self._lib.EVP_CIPHER_CTX_new
|
||||
self.EVP_CIPHER_CTX_new.restype = ctypes.c_void_p
|
||||
self.EVP_CIPHER_CTX_new.argtypes = []
|
||||
|
||||
# Cipher
|
||||
self.EVP_aes_128_cfb128 = self._lib.EVP_aes_128_cfb128
|
||||
self.EVP_aes_128_cfb128.restype = ctypes.c_void_p
|
||||
self.EVP_aes_128_cfb128.argtypes = []
|
||||
|
||||
self.EVP_aes_256_cfb128 = self._lib.EVP_aes_256_cfb128
|
||||
self.EVP_aes_256_cfb128.restype = ctypes.c_void_p
|
||||
self.EVP_aes_256_cfb128.argtypes = []
|
||||
|
||||
self.EVP_aes_128_cbc = self._lib.EVP_aes_128_cbc
|
||||
self.EVP_aes_128_cbc.restype = ctypes.c_void_p
|
||||
self.EVP_aes_128_cbc.argtypes = []
|
||||
|
||||
self.EVP_aes_256_cbc = self._lib.EVP_aes_256_cbc
|
||||
self.EVP_aes_256_cbc.restype = ctypes.c_void_p
|
||||
self.EVP_aes_256_cbc.argtypes = []
|
||||
|
||||
#self.EVP_aes_128_ctr = self._lib.EVP_aes_128_ctr
|
||||
#self.EVP_aes_128_ctr.restype = ctypes.c_void_p
|
||||
#self.EVP_aes_128_ctr.argtypes = []
|
||||
|
||||
#self.EVP_aes_256_ctr = self._lib.EVP_aes_256_ctr
|
||||
#self.EVP_aes_256_ctr.restype = ctypes.c_void_p
|
||||
#self.EVP_aes_256_ctr.argtypes = []
|
||||
|
||||
self.EVP_aes_128_ofb = self._lib.EVP_aes_128_ofb
|
||||
self.EVP_aes_128_ofb.restype = ctypes.c_void_p
|
||||
self.EVP_aes_128_ofb.argtypes = []
|
||||
|
||||
self.EVP_aes_256_ofb = self._lib.EVP_aes_256_ofb
|
||||
self.EVP_aes_256_ofb.restype = ctypes.c_void_p
|
||||
self.EVP_aes_256_ofb.argtypes = []
|
||||
|
||||
self.EVP_bf_cbc = self._lib.EVP_bf_cbc
|
||||
self.EVP_bf_cbc.restype = ctypes.c_void_p
|
||||
self.EVP_bf_cbc.argtypes = []
|
||||
|
||||
self.EVP_bf_cfb64 = self._lib.EVP_bf_cfb64
|
||||
self.EVP_bf_cfb64.restype = ctypes.c_void_p
|
||||
self.EVP_bf_cfb64.argtypes = []
|
||||
|
||||
self.EVP_rc4 = self._lib.EVP_rc4
|
||||
self.EVP_rc4.restype = ctypes.c_void_p
|
||||
self.EVP_rc4.argtypes = []
|
||||
|
||||
if self._hexversion >= 0x10100000 and not self._libreSSL:
|
||||
self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset
|
||||
self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int
|
||||
self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p]
|
||||
else:
|
||||
self.EVP_CIPHER_CTX_cleanup = self._lib.EVP_CIPHER_CTX_cleanup
|
||||
self.EVP_CIPHER_CTX_cleanup.restype = ctypes.c_int
|
||||
self.EVP_CIPHER_CTX_cleanup.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EVP_CIPHER_CTX_free = self._lib.EVP_CIPHER_CTX_free
|
||||
self.EVP_CIPHER_CTX_free.restype = None
|
||||
self.EVP_CIPHER_CTX_free.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EVP_CipherUpdate = self._lib.EVP_CipherUpdate
|
||||
self.EVP_CipherUpdate.restype = ctypes.c_int
|
||||
self.EVP_CipherUpdate.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_int]
|
||||
|
||||
self.EVP_CipherFinal_ex = self._lib.EVP_CipherFinal_ex
|
||||
self.EVP_CipherFinal_ex.restype = ctypes.c_int
|
||||
self.EVP_CipherFinal_ex.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EVP_DigestInit = self._lib.EVP_DigestInit
|
||||
self.EVP_DigestInit.restype = ctypes.c_int
|
||||
self._lib.EVP_DigestInit.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EVP_DigestInit_ex = self._lib.EVP_DigestInit_ex
|
||||
self.EVP_DigestInit_ex.restype = ctypes.c_int
|
||||
self._lib.EVP_DigestInit_ex.argtypes = 3 * [ctypes.c_void_p]
|
||||
|
||||
self.EVP_DigestUpdate = self._lib.EVP_DigestUpdate
|
||||
self.EVP_DigestUpdate.restype = ctypes.c_int
|
||||
self.EVP_DigestUpdate.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p, ctypes.c_int]
|
||||
|
||||
self.EVP_DigestFinal = self._lib.EVP_DigestFinal
|
||||
self.EVP_DigestFinal.restype = ctypes.c_int
|
||||
self.EVP_DigestFinal.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EVP_DigestFinal_ex = self._lib.EVP_DigestFinal_ex
|
||||
self.EVP_DigestFinal_ex.restype = ctypes.c_int
|
||||
self.EVP_DigestFinal_ex.argtypes = [ctypes.c_void_p,
|
||||
ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.ECDSA_sign = self._lib.ECDSA_sign
|
||||
self.ECDSA_sign.restype = ctypes.c_int
|
||||
self.ECDSA_sign.argtypes = [ctypes.c_int, ctypes.c_void_p,
|
||||
ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.ECDSA_verify = self._lib.ECDSA_verify
|
||||
self.ECDSA_verify.restype = ctypes.c_int
|
||||
self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
|
||||
ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]
|
||||
|
||||
if self._hexversion >= 0x10100000 and not self._libreSSL:
|
||||
self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new
|
||||
self.EVP_MD_CTX_new.restype = ctypes.c_void_p
|
||||
self.EVP_MD_CTX_new.argtypes = []
|
||||
|
||||
self.EVP_MD_CTX_reset = self._lib.EVP_MD_CTX_reset
|
||||
self.EVP_MD_CTX_reset.restype = None
|
||||
self.EVP_MD_CTX_reset.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EVP_MD_CTX_free = self._lib.EVP_MD_CTX_free
|
||||
self.EVP_MD_CTX_free.restype = None
|
||||
self.EVP_MD_CTX_free.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EVP_sha1 = self._lib.EVP_sha1
|
||||
self.EVP_sha1.restype = ctypes.c_void_p
|
||||
self.EVP_sha1.argtypes = []
|
||||
|
||||
self.digest_ecdsa_sha1 = self.EVP_sha1
|
||||
else:
|
||||
self.EVP_MD_CTX_create = self._lib.EVP_MD_CTX_create
|
||||
self.EVP_MD_CTX_create.restype = ctypes.c_void_p
|
||||
self.EVP_MD_CTX_create.argtypes = []
|
||||
|
||||
self.EVP_MD_CTX_init = self._lib.EVP_MD_CTX_init
|
||||
self.EVP_MD_CTX_init.restype = None
|
||||
self.EVP_MD_CTX_init.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EVP_MD_CTX_destroy = self._lib.EVP_MD_CTX_destroy
|
||||
self.EVP_MD_CTX_destroy.restype = None
|
||||
self.EVP_MD_CTX_destroy.argtypes = [ctypes.c_void_p]
|
||||
|
||||
self.EVP_ecdsa = self._lib.EVP_ecdsa
|
||||
self._lib.EVP_ecdsa.restype = ctypes.c_void_p
|
||||
self._lib.EVP_ecdsa.argtypes = []
|
||||
|
||||
self.digest_ecdsa_sha1 = self.EVP_ecdsa
|
||||
|
||||
self.RAND_bytes = self._lib.RAND_bytes
|
||||
self.RAND_bytes.restype = ctypes.c_int
|
||||
self.RAND_bytes.argtypes = [ctypes.c_void_p, ctypes.c_int]
|
||||
|
||||
self.EVP_sha256 = self._lib.EVP_sha256
|
||||
self.EVP_sha256.restype = ctypes.c_void_p
|
||||
self.EVP_sha256.argtypes = []
|
||||
|
||||
self.i2o_ECPublicKey = self._lib.i2o_ECPublicKey
|
||||
self.i2o_ECPublicKey.restype = ctypes.c_int
|
||||
self.i2o_ECPublicKey.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
self.EVP_sha512 = self._lib.EVP_sha512
|
||||
self.EVP_sha512.restype = ctypes.c_void_p
|
||||
self.EVP_sha512.argtypes = []
|
||||
|
||||
self.HMAC = self._lib.HMAC
|
||||
self.HMAC.restype = ctypes.c_void_p
|
||||
self.HMAC.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_int,
|
||||
ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p]
|
||||
|
||||
try:
|
||||
self.PKCS5_PBKDF2_HMAC = self._lib.PKCS5_PBKDF2_HMAC
|
||||
except:
|
||||
# The above is not compatible with all versions of OSX.
|
||||
self.PKCS5_PBKDF2_HMAC = self._lib.PKCS5_PBKDF2_HMAC_SHA1
|
||||
|
||||
self.PKCS5_PBKDF2_HMAC.restype = ctypes.c_int
|
||||
self.PKCS5_PBKDF2_HMAC.argtypes = [ctypes.c_void_p, ctypes.c_int,
|
||||
ctypes.c_void_p, ctypes.c_int,
|
||||
ctypes.c_int, ctypes.c_void_p,
|
||||
ctypes.c_int, ctypes.c_void_p]
|
||||
|
||||
self._set_ciphers()
|
||||
self._set_curves()
|
||||
|
||||
def _set_ciphers(self):
|
||||
self.cipher_algo = {
|
||||
'aes-128-cbc': CipherName('aes-128-cbc', self.EVP_aes_128_cbc, 16),
|
||||
'aes-256-cbc': CipherName('aes-256-cbc', self.EVP_aes_256_cbc, 16),
|
||||
'aes-128-cfb': CipherName('aes-128-cfb', self.EVP_aes_128_cfb128, 16),
|
||||
'aes-256-cfb': CipherName('aes-256-cfb', self.EVP_aes_256_cfb128, 16),
|
||||
'aes-128-ofb': CipherName('aes-128-ofb', self._lib.EVP_aes_128_ofb, 16),
|
||||
'aes-256-ofb': CipherName('aes-256-ofb', self._lib.EVP_aes_256_ofb, 16),
|
||||
#'aes-128-ctr': CipherName('aes-128-ctr', self._lib.EVP_aes_128_ctr, 16),
|
||||
#'aes-256-ctr': CipherName('aes-256-ctr', self._lib.EVP_aes_256_ctr, 16),
|
||||
'bf-cfb': CipherName('bf-cfb', self.EVP_bf_cfb64, 8),
|
||||
'bf-cbc': CipherName('bf-cbc', self.EVP_bf_cbc, 8),
|
||||
'rc4': CipherName('rc4', self.EVP_rc4, 128), # 128 is the initialisation size not block size
|
||||
}
|
||||
|
||||
def _set_curves(self):
|
||||
self.curves = {
|
||||
'secp112r1': 704,
|
||||
'secp112r2': 705,
|
||||
'secp128r1': 706,
|
||||
'secp128r2': 707,
|
||||
'secp160k1': 708,
|
||||
'secp160r1': 709,
|
||||
'secp160r2': 710,
|
||||
'secp192k1': 711,
|
||||
'secp224k1': 712,
|
||||
'secp224r1': 713,
|
||||
'secp256k1': 714,
|
||||
'secp384r1': 715,
|
||||
'secp521r1': 716,
|
||||
'sect113r1': 717,
|
||||
'sect113r2': 718,
|
||||
'sect131r1': 719,
|
||||
'sect131r2': 720,
|
||||
'sect163k1': 721,
|
||||
'sect163r1': 722,
|
||||
'sect163r2': 723,
|
||||
'sect193r1': 724,
|
||||
'sect193r2': 725,
|
||||
'sect233k1': 726,
|
||||
'sect233r1': 727,
|
||||
'sect239k1': 728,
|
||||
'sect283k1': 729,
|
||||
'sect283r1': 730,
|
||||
'sect409k1': 731,
|
||||
'sect409r1': 732,
|
||||
'sect571k1': 733,
|
||||
'sect571r1': 734,
|
||||
}
|
||||
|
||||
def BN_num_bytes(self, x):
|
||||
"""
|
||||
returns the length of a BN (OpenSSl API)
|
||||
"""
|
||||
return int((self.BN_num_bits(x) + 7) / 8)
|
||||
|
||||
def get_cipher(self, name):
|
||||
"""
|
||||
returns the OpenSSL cipher instance
|
||||
"""
|
||||
if name not in self.cipher_algo:
|
||||
raise Exception("Unknown cipher")
|
||||
return self.cipher_algo[name]
|
||||
|
||||
def get_curve(self, name):
|
||||
"""
|
||||
returns the id of a elliptic curve
|
||||
"""
|
||||
if name not in self.curves:
|
||||
raise Exception("Unknown curve")
|
||||
return self.curves[name]
|
||||
|
||||
def get_curve_by_id(self, id):
|
||||
"""
|
||||
returns the name of a elliptic curve with his id
|
||||
"""
|
||||
res = None
|
||||
for i in self.curves:
|
||||
if self.curves[i] == id:
|
||||
res = i
|
||||
break
|
||||
if res is None:
|
||||
raise Exception("Unknown curve")
|
||||
return res
|
||||
|
||||
def rand(self, size):
|
||||
"""
|
||||
OpenSSL random function
|
||||
"""
|
||||
buffer = self.malloc(0, size)
|
||||
# This pyelliptic library, by default, didn't check the return value of RAND_bytes. It is
|
||||
# evidently possible that it returned an error and not-actually-random data. However, in
|
||||
# tests on various operating systems, while generating hundreds of gigabytes of random
|
||||
# strings of various sizes I could not get an error to occur. Also Bitcoin doesn't check
|
||||
# the return value of RAND_bytes either.
|
||||
# Fixed in Bitmessage version 0.4.2 (in source code on 2013-10-13)
|
||||
while self.RAND_bytes(buffer, size) != 1:
|
||||
import time
|
||||
time.sleep(1)
|
||||
return buffer.raw
|
||||
|
||||
def malloc(self, data, size):
|
||||
"""
|
||||
returns a create_string_buffer (ctypes)
|
||||
"""
|
||||
buffer = None
|
||||
if data != 0:
|
||||
if sys.version_info.major == 3 and isinstance(data, type('')):
|
||||
data = data.encode()
|
||||
buffer = self.create_string_buffer(data, size)
|
||||
else:
|
||||
buffer = self.create_string_buffer(size)
|
||||
return buffer
|
||||
|
||||
def loadOpenSSL():
|
||||
global OpenSSL
|
||||
from os import path, environ
|
||||
from ctypes.util import find_library
|
||||
|
||||
libdir = []
|
||||
if getattr(sys,'frozen', None):
|
||||
if 'darwin' in sys.platform:
|
||||
libdir.extend([
|
||||
path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.dylib'),
|
||||
path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.1.1.0.dylib'),
|
||||
path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.1.0.2.dylib'),
|
||||
path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.1.0.1.dylib'),
|
||||
path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.1.0.0.dylib'),
|
||||
path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.0.9.8.dylib'),
|
||||
])
|
||||
elif 'win32' in sys.platform or 'win64' in sys.platform:
|
||||
libdir.append(path.join(sys._MEIPASS, 'libeay32.dll'))
|
||||
else:
|
||||
libdir.extend([
|
||||
path.join(sys._MEIPASS, 'libcrypto.so'),
|
||||
path.join(sys._MEIPASS, 'libssl.so'),
|
||||
path.join(sys._MEIPASS, 'libcrypto.so.1.1.0'),
|
||||
path.join(sys._MEIPASS, 'libssl.so.1.1.0'),
|
||||
path.join(sys._MEIPASS, 'libcrypto.so.1.0.2'),
|
||||
path.join(sys._MEIPASS, 'libssl.so.1.0.2'),
|
||||
path.join(sys._MEIPASS, 'libcrypto.so.1.0.1'),
|
||||
path.join(sys._MEIPASS, 'libssl.so.1.0.1'),
|
||||
path.join(sys._MEIPASS, 'libcrypto.so.1.0.0'),
|
||||
path.join(sys._MEIPASS, 'libssl.so.1.0.0'),
|
||||
path.join(sys._MEIPASS, 'libcrypto.so.0.9.8'),
|
||||
path.join(sys._MEIPASS, 'libssl.so.0.9.8'),
|
||||
])
|
||||
if 'darwin' in sys.platform:
|
||||
libdir.extend(['libcrypto.dylib', '/usr/local/opt/openssl/lib/libcrypto.dylib'])
|
||||
elif 'win32' in sys.platform or 'win64' in sys.platform:
|
||||
libdir.append('libeay32.dll')
|
||||
else:
|
||||
libdir.append('libcrypto.so')
|
||||
libdir.append('libssl.so')
|
||||
libdir.append('libcrypto.so.1.0.0')
|
||||
libdir.append('libssl.so.1.0.0')
|
||||
if 'linux' in sys.platform or 'darwin' in sys.platform or 'bsd' in sys.platform:
|
||||
libdir.append(find_library('ssl'))
|
||||
elif 'win32' in sys.platform or 'win64' in sys.platform:
|
||||
libdir.append(find_library('libeay32'))
|
||||
for library in libdir:
|
||||
try:
|
||||
OpenSSL = _OpenSSL(library)
|
||||
return
|
||||
except:
|
||||
pass
|
||||
raise Exception("Failed to load OpenSSL library, searched for: " + " ".join(libdir))
|
||||
|
||||
loadOpenSSL()
|
23
src/lib/pyelliptic/setup.py
Normal file
23
src/lib/pyelliptic/setup.py
Normal file
|
@ -0,0 +1,23 @@
|
|||
from setuptools import setup, find_packages
|
||||
|
||||
setup(
|
||||
name="pyelliptic",
|
||||
version='2.0.1',
|
||||
url='https://github.com/radfish/pyelliptic',
|
||||
license='GPL',
|
||||
description="Python OpenSSL wrapper for ECC (ECDSA, ECIES), AES, HMAC, Blowfish, ...",
|
||||
author='Yann GUIBET',
|
||||
author_email='yannguibet@gmail.com',
|
||||
maintainer="redfish",
|
||||
maintainer_email='redfish@galactica.pw',
|
||||
packages=find_packages(),
|
||||
classifiers=[
|
||||
'Operating System :: Unix',
|
||||
'Operating System :: Microsoft :: Windows',
|
||||
'Environment :: MacOS X',
|
||||
'Programming Language :: Python',
|
||||
'Programming Language :: Python :: 2.7',
|
||||
'Programming Language :: Python :: 3.7',
|
||||
'Topic :: Security :: Cryptography',
|
||||
],
|
||||
)
|
Loading…
Reference in a new issue