PyBitmessage-2021-04-27/src/highlevelcrypto.py

"""
High level cryptographic functions based on `.pyelliptic` OpenSSL bindings.

.. note::
  Upstream pyelliptic was upgraded from SHA1 to SHA256 for signing. We must
  `upgrade PyBitmessage gracefully. <https://github.com/Bitmessage/PyBitmessage/issues/953>`_
  `More discussion. <https://github.com/yann2192/pyelliptic/issues/32>`_
"""

from binascii import hexlify

import pyelliptic
from bmconfigparser import BMConfigParser
from pyelliptic import OpenSSL
from pyelliptic import arithmetic as a


def makeCryptor(privkey):
    """Return a private `.pyelliptic.ECC` instance"""
    private_key = a.changebase(privkey, 16, 256, minlen=32)
    public_key = pointMult(private_key)
    privkey_bin = '\x02\xca\x00\x20' + private_key
    pubkey_bin = '\x02\xca\x00\x20' + public_key[1:-32] + '\x00\x20' + public_key[-32:]
    cryptor = pyelliptic.ECC(
        curve='secp256k1', privkey=privkey_bin, pubkey=pubkey_bin)
    return cryptor


def hexToPubkey(pubkey):
    """Convert a pubkey from hex to binary"""
    pubkey_raw = a.changebase(pubkey[2:], 16, 256, minlen=64)
    pubkey_bin = '\x02\xca\x00 ' + pubkey_raw[:32] + '\x00 ' + pubkey_raw[32:]
    return pubkey_bin


def makePubCryptor(pubkey):
    """Return a public `.pyelliptic.ECC` instance"""
    pubkey_bin = hexToPubkey(pubkey)
    return pyelliptic.ECC(curve='secp256k1', pubkey=pubkey_bin)


def privToPub(privkey):
    """Converts hex private key into hex public key"""
    private_key = a.changebase(privkey, 16, 256, minlen=32)
    public_key = pointMult(private_key)
    return hexlify(public_key)


def encrypt(msg, hexPubkey):
    """Encrypts message with hex public key"""
    return pyelliptic.ECC(curve='secp256k1').encrypt(
        msg, hexToPubkey(hexPubkey))


def decrypt(msg, hexPrivkey):
    """Decrypts message with hex private key"""
    return makeCryptor(hexPrivkey).decrypt(msg)


def decryptFast(msg, cryptor):
    """Decrypts message with an existing `.pyelliptic.ECC` object"""
    return cryptor.decrypt(msg)


def sign(msg, hexPrivkey):
    """
    Signs with hex private key using SHA1 or SHA256 depending on
    "digestalg" setting
    """
    digestAlg = BMConfigParser().safeGet(
        'bitmessagesettings', 'digestalg', 'sha256')
    if digestAlg == "sha1":
        # SHA1, this will eventually be deprecated
        return makeCryptor(hexPrivkey).sign(
            msg, digest_alg=OpenSSL.digest_ecdsa_sha1)
    elif digestAlg == "sha256":
        # SHA256. Eventually this will become the default
        return makeCryptor(hexPrivkey).sign(msg, digest_alg=OpenSSL.EVP_sha256)
    else:
        raise ValueError("Unknown digest algorithm %s" % digestAlg)


def verify(msg, sig, hexPubkey):
    """Verifies with hex public key using SHA1 or SHA256"""
    # As mentioned above, we must upgrade gracefully to use SHA256. So
    # let us check the signature using both SHA1 and SHA256 and if one
    # of them passes then we will be satisfied. Eventually this can
    # be simplified and we'll only check with SHA256.
    try:
        # old SHA1 algorithm.
        sigVerifyPassed = makePubCryptor(hexPubkey).verify(
            sig, msg, digest_alg=OpenSSL.digest_ecdsa_sha1)
    except:
        sigVerifyPassed = False
    if sigVerifyPassed:
        # The signature check passed using SHA1
        return True
    # The signature check using SHA1 failed. Let us try it with SHA256.
    try:
        return makePubCryptor(hexPubkey).verify(
            sig, msg, digest_alg=OpenSSL.EVP_sha256)
    except:
        return False


def pointMult(secret):
    """
    Does an EC point multiplication; turns a private key into a public key.

    Evidently, this type of error can occur very rarely:

    >>> File "highlevelcrypto.py", line 54, in pointMult
    >>>  group = OpenSSL.EC_KEY_get0_group(k)
    >>> WindowsError: exception: access violation reading 0x0000000000000008
    """
    while True:
        try:
            k = OpenSSL.EC_KEY_new_by_curve_name(
                OpenSSL.get_curve('secp256k1'))
            priv_key = OpenSSL.BN_bin2bn(secret, 32, None)
            group = OpenSSL.EC_KEY_get0_group(k)
            pub_key = OpenSSL.EC_POINT_new(group)

            OpenSSL.EC_POINT_mul(group, pub_key, priv_key, None, None, None)
            OpenSSL.EC_KEY_set_private_key(k, priv_key)
            OpenSSL.EC_KEY_set_public_key(k, pub_key)

            size = OpenSSL.i2o_ECPublicKey(k, None)
            mb = OpenSSL.create_string_buffer(size)
            OpenSSL.i2o_ECPublicKey(k, OpenSSL.byref(OpenSSL.pointer(mb)))

            OpenSSL.EC_POINT_free(pub_key)
            OpenSSL.BN_free(priv_key)
            OpenSSL.EC_KEY_free(k)
            return mb.raw

        except Exception:
            import traceback
            import time
            traceback.print_exc()
            time.sleep(0.2)
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`"""`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			High level cryptographic functions based on `.pyelliptic` OpenSSL bindings.

			`.. note::`
Use default digestalg='sha256' in highlevelcrypto.sign() 2019-11-18 13:47:16 +01:00			`Upstream pyelliptic was upgraded from SHA1 to SHA256 for signing. We must`
			`upgrade PyBitmessage gracefully. <https://github.com/Bitmessage/PyBitmessage/issues/953>`_
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`More discussion. <https://github.com/yann2192/pyelliptic/issues/32>`_
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`"""`

Some preparations for python 3 2016-03-23 23:26:57 +01:00			`from binascii import hexlify`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00
some address generation work completed 2013-01-16 17:52:52 +01:00			`import pyelliptic`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`from bmconfigparser import BMConfigParser`
			`from pyelliptic import OpenSSL`
			`from pyelliptic import arithmetic as a`


some address generation work completed 2013-01-16 17:52:52 +01:00			`def makeCryptor(privkey):`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			"""Return a private `.pyelliptic.ECC` instance"""
resolve merge conflict 2014-07-15 00:01:56 +02:00			`private_key = a.changebase(privkey, 16, 256, minlen=32)`
			`public_key = pointMult(private_key)`
			`privkey_bin = '\x02\xca\x00\x20' + private_key`
			`pubkey_bin = '\x02\xca\x00\x20' + public_key[1:-32] + '\x00\x20' + public_key[-32:]`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`cryptor = pyelliptic.ECC(`
			`curve='secp256k1', privkey=privkey_bin, pubkey=pubkey_bin)`
resolve merge conflict 2014-07-15 00:01:56 +02:00			`return cryptor`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00

some address generation work completed 2013-01-16 17:52:52 +01:00			`def hexToPubkey(pubkey):`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`"""Convert a pubkey from hex to binary"""`
			`pubkey_raw = a.changebase(pubkey[2:], 16, 256, minlen=64)`
			`pubkey_bin = '\x02\xca\x00 ' + pubkey_raw[:32] + '\x00 ' + pubkey_raw[32:]`
resolve merge conflict 2014-07-15 00:01:56 +02:00			`return pubkey_bin`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00

some address generation work completed 2013-01-16 17:52:52 +01:00			`def makePubCryptor(pubkey):`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			"""Return a public `.pyelliptic.ECC` instance"""
resolve merge conflict 2014-07-15 00:01:56 +02:00			`pubkey_bin = hexToPubkey(pubkey)`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`return pyelliptic.ECC(curve='secp256k1', pubkey=pubkey_bin)`


some address generation work completed 2013-01-16 17:52:52 +01:00			`def privToPub(privkey):`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`"""Converts hex private key into hex public key"""`
resolve merge conflict 2014-07-15 00:01:56 +02:00			`private_key = a.changebase(privkey, 16, 256, minlen=32)`
			`public_key = pointMult(private_key)`
Some preparations for python 3 2016-03-23 23:26:57 +01:00			`return hexlify(public_key)`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00

			`def encrypt(msg, hexPubkey):`
			`"""Encrypts message with hex public key"""`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`return pyelliptic.ECC(curve='secp256k1').encrypt(`
			`msg, hexToPubkey(hexPubkey))`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00

			`def decrypt(msg, hexPrivkey):`
			`"""Decrypts message with hex private key"""`
resolve merge conflict 2014-07-15 00:01:56 +02:00			`return makeCryptor(hexPrivkey).decrypt(msg)`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00

			`def decryptFast(msg, cryptor):`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			"""Decrypts message with an existing `.pyelliptic.ECC` object"""
resolve merge conflict 2014-07-15 00:01:56 +02:00			`return cryptor.decrypt(msg)`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00

			`def sign(msg, hexPrivkey):`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`"""`
			`Signs with hex private key using SHA1 or SHA256 depending on`
			`"digestalg" setting`
			`"""`
			`digestAlg = BMConfigParser().safeGet(`
Use default digestalg='sha256' in highlevelcrypto.sign() 2019-11-18 13:47:16 +01:00			`'bitmessagesettings', 'digestalg', 'sha256')`
Phase 1 of SHA256 support - new variable "digestalg" which defaults to "sha1", but allows "sha256" for those who want to sign using this - Addresses #953 2017-03-02 15:03:08 +01:00			`if digestAlg == "sha1":`
			`# SHA1, this will eventually be deprecated`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`return makeCryptor(hexPrivkey).sign(`
			`msg, digest_alg=OpenSSL.digest_ecdsa_sha1)`
Phase 1 of SHA256 support - new variable "digestalg" which defaults to "sha1", but allows "sha256" for those who want to sign using this - Addresses #953 2017-03-02 15:03:08 +01:00			`elif digestAlg == "sha256":`
			`# SHA256. Eventually this will become the default`
			`return makeCryptor(hexPrivkey).sign(msg, digest_alg=OpenSSL.EVP_sha256)`
			`else:`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`raise ValueError("Unknown digest algorithm %s" % digestAlg)`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00

			`def verify(msg, sig, hexPubkey):`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`"""Verifies with hex public key using SHA1 or SHA256"""`
support SHA256 signatures 2015-03-27 20:25:32 +01:00			`# As mentioned above, we must upgrade gracefully to use SHA256. So`
			`# let us check the signature using both SHA1 and SHA256 and if one`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`# of them passes then we will be satisfied. Eventually this can`
			`# be simplified and we'll only check with SHA256.`
Bitmessage Protocol Version Three 2014-08-27 09:14:32 +02:00			`try:`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`# old SHA1 algorithm.`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`sigVerifyPassed = makePubCryptor(hexPubkey).verify(`
			`sig, msg, digest_alg=OpenSSL.digest_ecdsa_sha1)`
support SHA256 signatures 2015-03-27 20:25:32 +01:00			`except:`
			`sigVerifyPassed = False`
			`if sigVerifyPassed:`
			`# The signature check passed using SHA1`
			`return True`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`# The signature check using SHA1 failed. Let us try it with SHA256.`
support SHA256 signatures 2015-03-27 20:25:32 +01:00			`try:`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`return makePubCryptor(hexPubkey).verify(`
			`sig, msg, digest_alg=OpenSSL.EVP_sha256)`
Bitmessage Protocol Version Three 2014-08-27 09:14:32 +02:00			`except:`
			`return False`
Move pointMult function to highlevelcrypto Copy pointMult function from class_addressGenerator.py to highlevelcrypto.py 2014-05-21 11:59:08 +02:00
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00
Move pointMult function to highlevelcrypto Copy pointMult function from class_addressGenerator.py to highlevelcrypto.py 2014-05-21 11:59:08 +02:00			`def pointMult(secret):`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`"""`
			`Does an EC point multiplication; turns a private key into a public key.`

			`Evidently, this type of error can occur very rarely:`

Fixed badly formatted docstrings and some wrong text 2019-10-10 15:38:13 +02:00			`>>> File "highlevelcrypto.py", line 54, in pointMult`
			`>>> group = OpenSSL.EC_KEY_get0_group(k)`
			`>>> WindowsError: exception: access violation reading 0x0000000000000008`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`"""`
handle OpenSSL.EC_KEY_get0_group() exception 2015-02-06 22:31:23 +01:00			`while True:`
			`try:`
More docstrings and formatting fixes in highlevelcrypto and shutdown 2019-11-04 12:30:11 +01:00			`k = OpenSSL.EC_KEY_new_by_curve_name(`
			`OpenSSL.get_curve('secp256k1'))`
handle OpenSSL.EC_KEY_get0_group() exception 2015-02-06 22:31:23 +01:00			`priv_key = OpenSSL.BN_bin2bn(secret, 32, None)`
			`group = OpenSSL.EC_KEY_get0_group(k)`
			`pub_key = OpenSSL.EC_POINT_new(group)`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00
handle OpenSSL.EC_KEY_get0_group() exception 2015-02-06 22:31:23 +01:00			`OpenSSL.EC_POINT_mul(group, pub_key, priv_key, None, None, None)`
			`OpenSSL.EC_KEY_set_private_key(k, priv_key)`
			`OpenSSL.EC_KEY_set_public_key(k, pub_key)`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00
handle OpenSSL.EC_KEY_get0_group() exception 2015-02-06 22:31:23 +01:00			`size = OpenSSL.i2o_ECPublicKey(k, None)`
			`mb = OpenSSL.create_string_buffer(size)`
			`OpenSSL.i2o_ECPublicKey(k, OpenSSL.byref(OpenSSL.pointer(mb)))`
Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00
handle OpenSSL.EC_KEY_get0_group() exception 2015-02-06 22:31:23 +01:00			`OpenSSL.EC_POINT_free(pub_key)`
			`OpenSSL.BN_free(priv_key)`
			`OpenSSL.EC_KEY_free(k)`
			`return mb.raw`

Changes based on style and lint checks. (final_code_quality_17) 2018-10-21 18:14:20 +02:00			`except Exception:`
handle OpenSSL.EC_KEY_get0_group() exception 2015-02-06 22:31:23 +01:00			`import traceback`
			`import time`
			`traceback.print_exc()`
			`time.sleep(0.2)`