Merge pull request #792 from Atheros1/sha256

SHA256
This commit is contained in:
Jonathan Warren 2015-03-27 15:45:37 -04:00
commit b3afbb4308
5 changed files with 37 additions and 16 deletions

View File

@ -20,6 +20,8 @@ import socket
import ctypes import ctypes
from struct import pack from struct import pack
import sys import sys
from subprocess import call
import time
from SimpleXMLRPCServer import SimpleXMLRPCServer from SimpleXMLRPCServer import SimpleXMLRPCServer
from api import MySimpleXMLRPCRequestHandler from api import MySimpleXMLRPCRequestHandler
@ -30,16 +32,12 @@ from helper_sql import sqlQuery
import threading import threading
# Classes # Classes
#from helper_sql import *
#from class_sqlThread import *
from class_sqlThread import sqlThread from class_sqlThread import sqlThread
from class_singleCleaner import singleCleaner from class_singleCleaner import singleCleaner
#from class_singleWorker import *
from class_objectProcessor import objectProcessor from class_objectProcessor import objectProcessor
from class_outgoingSynSender import outgoingSynSender from class_outgoingSynSender import outgoingSynSender
from class_singleListener import singleListener from class_singleListener import singleListener
from class_singleWorker import singleWorker from class_singleWorker import singleWorker
#from class_addressGenerator import *
from class_addressGenerator import addressGenerator from class_addressGenerator import addressGenerator
from debug import logger from debug import logger
@ -47,9 +45,6 @@ from debug import logger
import helper_bootstrap import helper_bootstrap
import helper_generic import helper_generic
from subprocess import call
import time
def connectToStream(streamNumber): def connectToStream(streamNumber):
shared.streamsInWhichIAmParticipating[streamNumber] = 'no data' shared.streamsInWhichIAmParticipating[streamNumber] = 'no data'

View File

@ -145,5 +145,5 @@ def isOurOperatingSystemLimitedToHavingVeryFewHalfOpenConnections():
return StrictVersion("5.1.2600")<=VER_THIS and StrictVersion("6.0.6000")>=VER_THIS return StrictVersion("5.1.2600")<=VER_THIS and StrictVersion("6.0.6000")>=VER_THIS
return False return False
except Exception as err: except Exception as err:
print 'An Exception occurred within isOurOperatingSystemLimitedToHavingVeryFewHalfOpenConnections:', err print "Info: we could not tell whether your OS is limited to having very view half open connections because we couldn't interpret the platform version. Don't worry; we'll assume that it is not limited. This tends to occur on Raspberry Pis. :", err
return False return False

View File

@ -30,11 +30,28 @@ def decryptFast(msg,cryptor):
return cryptor.decrypt(msg) return cryptor.decrypt(msg)
# Signs with hex private key # Signs with hex private key
def sign(msg,hexPrivkey): def sign(msg,hexPrivkey):
return makeCryptor(hexPrivkey).sign(msg) # pyelliptic is upgrading from SHA1 to SHA256 for signing. We must
# upgrade PyBitmessage gracefully.
# https://github.com/yann2192/pyelliptic/pull/33
# More discussion: https://github.com/yann2192/pyelliptic/issues/32
return makeCryptor(hexPrivkey).sign(msg, digest_alg=OpenSSL.EVP_ecdsa) # SHA1
#return makeCryptor(hexPrivkey).sign(msg, digest_alg=OpenSSL.EVP_sha256) # SHA256. We should switch to this eventually.
# Verifies with hex public key # Verifies with hex public key
def verify(msg,sig,hexPubkey): def verify(msg,sig,hexPubkey):
# As mentioned above, we must upgrade gracefully to use SHA256. So
# let us check the signature using both SHA1 and SHA256 and if one
# of them passes then we will be satisfied. Eventually this can
# be simplified and we'll only check with SHA256.
try: try:
return makePubCryptor(hexPubkey).verify(sig,msg) sigVerifyPassed = makePubCryptor(hexPubkey).verify(sig,msg,digest_alg=OpenSSL.EVP_ecdsa) # old SHA1 algorithm.
except:
sigVerifyPassed = False
if sigVerifyPassed:
# The signature check passed using SHA1
return True
# The signature check using SHA1 failed. Let us try it with SHA256.
try:
return makePubCryptor(hexPubkey).verify(sig,msg,digest_alg=OpenSSL.EVP_sha256)
except: except:
return False return False

View File

@ -299,7 +299,7 @@ class ECC:
if privkey is not None: if privkey is not None:
OpenSSL.BN_free(priv_key) OpenSSL.BN_free(priv_key)
def sign(self, inputb): def sign(self, inputb, digest_alg=OpenSSL.EVP_ecdsa):
""" """
Sign the input with ECDSA method and returns the signature Sign the input with ECDSA method and returns the signature
""" """
@ -338,11 +338,11 @@ class ECC:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
OpenSSL.EVP_MD_CTX_init(md_ctx) OpenSSL.EVP_MD_CTX_init(md_ctx)
OpenSSL.EVP_DigestInit(md_ctx, OpenSSL.EVP_ecdsa()) OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
if (OpenSSL.EVP_DigestUpdate(md_ctx, buff, size)) == 0: if (OpenSSL.EVP_DigestUpdate(md_ctx, buff, size)) == 0:
raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...") raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
OpenSSL.EVP_DigestFinal(md_ctx, digest, dgst_len) OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
OpenSSL.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key) OpenSSL.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key)
if (OpenSSL.ECDSA_verify(0, digest, dgst_len.contents, sig, if (OpenSSL.ECDSA_verify(0, digest, dgst_len.contents, sig,
siglen.contents, key)) != 1: siglen.contents, key)) != 1:
@ -358,7 +358,7 @@ class ECC:
OpenSSL.EC_POINT_free(pub_key) OpenSSL.EC_POINT_free(pub_key)
OpenSSL.EVP_MD_CTX_destroy(md_ctx) OpenSSL.EVP_MD_CTX_destroy(md_ctx)
def verify(self, sig, inputb): def verify(self, sig, inputb, digest_alg=OpenSSL.EVP_ecdsa):
""" """
Verify the signature with the input and the local public key. Verify the signature with the input and the local public key.
Returns a boolean Returns a boolean
@ -392,11 +392,11 @@ class ECC:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
OpenSSL.EVP_MD_CTX_init(md_ctx) OpenSSL.EVP_MD_CTX_init(md_ctx)
OpenSSL.EVP_DigestInit(md_ctx, OpenSSL.EVP_ecdsa()) OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
if (OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb))) == 0: if (OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb))) == 0:
raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...") raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
OpenSSL.EVP_DigestFinal(md_ctx, digest, dgst_len) OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
ret = OpenSSL.ECDSA_verify( ret = OpenSSL.ECDSA_verify(
0, digest, dgst_len.contents, bsig, len(sig), key) 0, digest, dgst_len.contents, bsig, len(sig), key)

View File

@ -231,6 +231,10 @@ class _OpenSSL:
self.EVP_DigestInit.restype = ctypes.c_int self.EVP_DigestInit.restype = ctypes.c_int
self._lib.EVP_DigestInit.argtypes = [ctypes.c_void_p, ctypes.c_void_p] self._lib.EVP_DigestInit.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
self.EVP_DigestInit_ex = self._lib.EVP_DigestInit_ex
self.EVP_DigestInit_ex.restype = ctypes.c_int
self._lib.EVP_DigestInit_ex.argtypes = 3 * [ctypes.c_void_p]
self.EVP_DigestUpdate = self._lib.EVP_DigestUpdate self.EVP_DigestUpdate = self._lib.EVP_DigestUpdate
self.EVP_DigestUpdate.restype = ctypes.c_int self.EVP_DigestUpdate.restype = ctypes.c_int
self.EVP_DigestUpdate.argtypes = [ctypes.c_void_p, self.EVP_DigestUpdate.argtypes = [ctypes.c_void_p,
@ -241,6 +245,11 @@ class _OpenSSL:
self.EVP_DigestFinal.argtypes = [ctypes.c_void_p, self.EVP_DigestFinal.argtypes = [ctypes.c_void_p,
ctypes.c_void_p, ctypes.c_void_p] ctypes.c_void_p, ctypes.c_void_p]
self.EVP_DigestFinal_ex = self._lib.EVP_DigestFinal_ex
self.EVP_DigestFinal_ex.restype = ctypes.c_int
self.EVP_DigestFinal_ex.argtypes = [ctypes.c_void_p,
ctypes.c_void_p, ctypes.c_void_p]
self.EVP_ecdsa = self._lib.EVP_ecdsa self.EVP_ecdsa = self._lib.EVP_ecdsa
self._lib.EVP_ecdsa.restype = ctypes.c_void_p self._lib.EVP_ecdsa.restype = ctypes.c_void_p
self._lib.EVP_ecdsa.argtypes = [] self._lib.EVP_ecdsa.argtypes = []