Merge pull request #792 from Atheros1/sha256

SHA256
2015-03-27 15:45:37 -04:00 · 2015-03-27 15:45:37 -04:00 · b3afbb4308
commit b3afbb4308
parent bbb8c645af 6ebf8666dc
5 changed files with 37 additions and 16 deletions
--- a/src/bitmessagemain.py
+++ b/src/bitmessagemain.py
@ -20,6 +20,8 @@ import socket
 import ctypes
 from struct import pack
 import sys
+from subprocess import call
+import time

 from SimpleXMLRPCServer import SimpleXMLRPCServer
 from api import MySimpleXMLRPCRequestHandler
@ -30,16 +32,12 @@ from helper_sql import sqlQuery
 import threading

 # Classes
-#from helper_sql import *
-#from class_sqlThread import *
 from class_sqlThread import sqlThread
 from class_singleCleaner import singleCleaner
-#from class_singleWorker import *
 from class_objectProcessor import objectProcessor
 from class_outgoingSynSender import outgoingSynSender
 from class_singleListener import singleListener
 from class_singleWorker import singleWorker
-#from class_addressGenerator import *
 from class_addressGenerator import addressGenerator
 from debug import logger

@ -47,9 +45,6 @@ from debug import logger
 import helper_bootstrap
 import helper_generic
    
-from subprocess import call
-import time
-    

 def connectToStream(streamNumber):
    shared.streamsInWhichIAmParticipating[streamNumber] = 'no data'
--- a/src/helper_startup.py
+++ b/src/helper_startup.py
@ -145,5 +145,5 @@ def isOurOperatingSystemLimitedToHavingVeryFewHalfOpenConnections():
            return StrictVersion("5.1.2600")<=VER_THIS and StrictVersion("6.0.6000")>=VER_THIS
        return False
    except Exception as err:
-        print 'An Exception occurred within isOurOperatingSystemLimitedToHavingVeryFewHalfOpenConnections:', err
+        print "Info: we could not tell whether your OS is limited to having very view half open connections because we couldn't interpret the platform version. Don't worry; we'll assume that it is not limited. This tends to occur on Raspberry Pis. :", err
        return False
--- a/src/highlevelcrypto.py
+++ b/src/highlevelcrypto.py
@ -30,11 +30,28 @@ def decryptFast(msg,cryptor):
    return cryptor.decrypt(msg)
 # Signs with hex private key
 def sign(msg,hexPrivkey):
-    return makeCryptor(hexPrivkey).sign(msg)
+    # pyelliptic is upgrading from SHA1 to SHA256 for signing. We must 
+    # upgrade PyBitmessage gracefully. 
+    # https://github.com/yann2192/pyelliptic/pull/33
+    # More discussion: https://github.com/yann2192/pyelliptic/issues/32
+    return makeCryptor(hexPrivkey).sign(msg, digest_alg=OpenSSL.EVP_ecdsa) # SHA1
+    #return makeCryptor(hexPrivkey).sign(msg, digest_alg=OpenSSL.EVP_sha256) # SHA256. We should switch to this eventually.
 # Verifies with hex public key
 def verify(msg,sig,hexPubkey):
+    # As mentioned above, we must upgrade gracefully to use SHA256. So
+    # let us check the signature using both SHA1 and SHA256 and if one
+    # of them passes then we will be satisfied. Eventually this can 
+    # be simplified and we'll only check with SHA256. 
    try:
-        return makePubCryptor(hexPubkey).verify(sig,msg)
+        sigVerifyPassed = makePubCryptor(hexPubkey).verify(sig,msg,digest_alg=OpenSSL.EVP_ecdsa) # old SHA1 algorithm.
+    except:
+        sigVerifyPassed = False
+    if sigVerifyPassed:
+        # The signature check passed using SHA1
+        return True
+    # The signature check using SHA1 failed. Let us try it with SHA256. 
+    try:
+        return makePubCryptor(hexPubkey).verify(sig,msg,digest_alg=OpenSSL.EVP_sha256)
    except:
        return False

--- a/src/pyelliptic/ecc.py
+++ b/src/pyelliptic/ecc.py
@ -299,7 +299,7 @@ class ECC:
            if privkey is not None:
                OpenSSL.BN_free(priv_key)

-    def sign(self, inputb):
+    def sign(self, inputb, digest_alg=OpenSSL.EVP_ecdsa):
        """
        Sign the input with ECDSA method and returns the signature
        """
@ -338,11 +338,11 @@ class ECC:
                raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")

            OpenSSL.EVP_MD_CTX_init(md_ctx)
-            OpenSSL.EVP_DigestInit(md_ctx, OpenSSL.EVP_ecdsa())
+            OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)

            if (OpenSSL.EVP_DigestUpdate(md_ctx, buff, size)) == 0:
                raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
-            OpenSSL.EVP_DigestFinal(md_ctx, digest, dgst_len)
+            OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
            OpenSSL.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key)
            if (OpenSSL.ECDSA_verify(0, digest, dgst_len.contents, sig,
                                     siglen.contents, key)) != 1:
@ -358,7 +358,7 @@ class ECC:
            OpenSSL.EC_POINT_free(pub_key)
            OpenSSL.EVP_MD_CTX_destroy(md_ctx)

-    def verify(self, sig, inputb):
+    def verify(self, sig, inputb, digest_alg=OpenSSL.EVP_ecdsa):
        """
        Verify the signature with the input and the local public key.
        Returns a boolean
@ -392,11 +392,11 @@ class ECC:
                raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")

            OpenSSL.EVP_MD_CTX_init(md_ctx)
-            OpenSSL.EVP_DigestInit(md_ctx, OpenSSL.EVP_ecdsa())
+            OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
            if (OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb))) == 0:
                raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")

-            OpenSSL.EVP_DigestFinal(md_ctx, digest, dgst_len)
+            OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
            ret = OpenSSL.ECDSA_verify(
                0, digest, dgst_len.contents, bsig, len(sig), key)

--- a/src/pyelliptic/openssl.py
+++ b/src/pyelliptic/openssl.py
@ -231,6 +231,10 @@ class _OpenSSL:
        self.EVP_DigestInit.restype = ctypes.c_int
        self._lib.EVP_DigestInit.argtypes = [ctypes.c_void_p, ctypes.c_void_p]

+        self.EVP_DigestInit_ex = self._lib.EVP_DigestInit_ex
+        self.EVP_DigestInit_ex.restype = ctypes.c_int
+        self._lib.EVP_DigestInit_ex.argtypes = 3 * [ctypes.c_void_p]
+        
        self.EVP_DigestUpdate = self._lib.EVP_DigestUpdate
        self.EVP_DigestUpdate.restype = ctypes.c_int
        self.EVP_DigestUpdate.argtypes = [ctypes.c_void_p,
@ -241,6 +245,11 @@ class _OpenSSL:
        self.EVP_DigestFinal.argtypes = [ctypes.c_void_p,
                                         ctypes.c_void_p, ctypes.c_void_p]

+        self.EVP_DigestFinal_ex = self._lib.EVP_DigestFinal_ex
+        self.EVP_DigestFinal_ex.restype = ctypes.c_int
+        self.EVP_DigestFinal_ex.argtypes = [ctypes.c_void_p,
+                                            ctypes.c_void_p, ctypes.c_void_p]
+        
        self.EVP_ecdsa = self._lib.EVP_ecdsa
        self._lib.EVP_ecdsa.restype = ctypes.c_void_p
        self._lib.EVP_ecdsa.argtypes = []