diff --git a/.travis.yml b/.travis.yml
index 067013d0..dfe577ce 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,6 +7,7 @@ install:
before_script:
- openssl version -a
script:
+ - python -m pytest plugins/CryptMessage/Test
- python -m pytest src/Test --cov=src --cov-config src/Test/coverage.ini
before_install:
- pip install -U pytest mock pytest-cov
diff --git a/plugins/CryptMessage/CryptMessage.py b/plugins/CryptMessage/CryptMessage.py
new file mode 100644
index 00000000..955dd9b1
--- /dev/null
+++ b/plugins/CryptMessage/CryptMessage.py
@@ -0,0 +1,53 @@
+from lib.pybitcointools import bitcoin as btctools
+import hashlib
+
+ecc_cache = {}
+
+
+def encrypt(data, pubkey, ephemcurve=None, ciphername='aes-256-cbc'):
+ from lib import pyelliptic
+ curve, pubkey_x, pubkey_y, i = pyelliptic.ECC._decode_pubkey(pubkey)
+ if ephemcurve is None:
+ ephemcurve = curve
+ ephem = pyelliptic.ECC(curve=ephemcurve)
+ key = hashlib.sha512(ephem.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
+ key_e, key_m = key[:32], key[32:]
+ pubkey = ephem.get_pubkey()
+ iv = pyelliptic.OpenSSL.rand(pyelliptic.OpenSSL.get_cipher(ciphername).get_blocksize())
+ ctx = pyelliptic.Cipher(key_e, iv, 1, ciphername)
+ ciphertext = iv + pubkey + ctx.ciphering(data)
+ mac = pyelliptic.hmac_sha256(key_m, ciphertext)
+ return key_e, ciphertext + mac
+
+
+def split(encrypted):
+ iv = encrypted[0:16]
+ ciphertext = encrypted[16+70:-32]
+
+ return iv, ciphertext
+
+
+def getEcc(privatekey=None):
+ from lib import pyelliptic
+ global eccs
+ if privatekey not in ecc_cache:
+ if privatekey:
+ publickey_bin = btctools.encode_pubkey(btctools.privtopub(privatekey), "bin")
+ publickey_openssl = toOpensslPublickey(publickey_bin)
+ privatekey_openssl = toOpensslPrivatekey(privatekey)
+ ecc_cache[privatekey] = pyelliptic.ECC(curve='secp256k1', privkey=privatekey_openssl, pubkey=publickey_openssl)
+ else:
+ ecc_cache[None] = pyelliptic.ECC()
+ return ecc_cache[privatekey]
+
+
+def toOpensslPrivatekey(privatekey):
+ privatekey_bin = btctools.encode_privkey(privatekey, "bin")
+ return '\x02\xca\x00\x20' + privatekey_bin
+
+
+def toOpensslPublickey(publickey):
+ publickey_bin = btctools.encode_pubkey(publickey, "bin")
+ publickey_bin = publickey_bin[1:]
+ publickey_openssl = '\x02\xca\x00 ' + publickey_bin[:32] + '\x00 ' + publickey_bin[32:]
+ return publickey_openssl
diff --git a/plugins/CryptMessage/CryptMessagePlugin.py b/plugins/CryptMessage/CryptMessagePlugin.py
new file mode 100644
index 00000000..0302c83a
--- /dev/null
+++ b/plugins/CryptMessage/CryptMessagePlugin.py
@@ -0,0 +1,149 @@
+import base64
+import os
+
+from Plugin import PluginManager
+from Crypt import CryptBitcoin
+from lib.pybitcointools import bitcoin as btctools
+
+import CryptMessage
+
+
+@PluginManager.registerTo("UiWebsocket")
+class UiWebsocketPlugin(object):
+ def encrypt(self, text, publickey):
+ encrypted = CryptMessage.encrypt(text, CryptMessage.toOpensslPublickey(publickey))
+ return encrypted
+
+ def decrypt(self, encrypted, privatekey):
+ back = CryptMessage.getEcc(privatekey).decrypt(encrypted)
+ return back.decode("utf8")
+
+ # - Actions -
+
+ # Returns user's public key unique to site
+ # Return: Public key
+ def actionUserPublickey(self, to, index=0):
+ publickey = self.user.getEncryptPublickey(self.site.address, index)
+ self.response(to, publickey)
+
+ # Encrypt a text using the publickey or user's sites unique publickey
+ # Return: Encrypted text using base64 encoding
+ def actionEciesEncrypt(self, to, text, publickey=0, return_aes_key=False):
+ if type(publickey) is int: # Encrypt using user's publickey
+ publickey = self.user.getEncryptPublickey(self.site.address, publickey)
+ aes_key, encrypted = self.encrypt(text.encode("utf8"), publickey.decode("base64"))
+ if return_aes_key:
+ self.response(to, [base64.b64encode(encrypted), base64.b64encode(aes_key)])
+ else:
+ self.response(to, base64.b64encode(encrypted))
+
+ # Decrypt a text using privatekey or the user's site unique private key
+ # Return: Decrypted text or list of decrypted texts
+ def actionEciesDecrypt(self, to, param, privatekey=0):
+ if type(privatekey) is int: # Decrypt using user's privatekey
+ privatekey = self.user.getEncryptPrivatekey(self.site.address, privatekey)
+
+ if type(param) == list:
+ encrypted_texts = param
+ else:
+ encrypted_texts = [param]
+
+ texts = [] # Decoded texts
+ for encrypted_text in encrypted_texts:
+ try:
+ text = self.decrypt(encrypted_text.decode("base64"), privatekey)
+ texts.append(text)
+ except Exception, err:
+ texts.append(None)
+
+ if type(param) == list:
+ self.response(to, texts)
+ else:
+ self.response(to, texts[0])
+
+ # Encrypt a text using AES
+ # Return: Iv, AES key, Encrypted text
+ def actionAesEncrypt(self, to, text, key=None, iv=None):
+ from lib import pyelliptic
+
+ if key:
+ key = key.decode("base64")
+ else:
+ key = os.urandom(32)
+
+ if iv: # Generate new AES key if not definied
+ iv = iv.decode("base64")
+ else:
+ iv = pyelliptic.Cipher.gen_IV('aes-256-cbc')
+
+ if text:
+ encrypted = pyelliptic.Cipher(key, iv, 1, ciphername='aes-256-cbc').ciphering(text.encode("utf8"))
+ else:
+ encrypted = ""
+
+ self.response(to, [base64.b64encode(key), base64.b64encode(iv), base64.b64encode(encrypted)])
+
+ # Decrypt a text using AES
+ # Return: Decrypted text
+ def actionAesDecrypt(self, to, *args):
+ from lib import pyelliptic
+
+ if len(args) == 3: # Single decrypt
+ encrypted_texts = [(args[0], args[1])]
+ keys = [args[2]]
+ else: # Batch decrypt
+ encrypted_texts, keys = args
+
+ texts = [] # Decoded texts
+ for iv, encrypted_text in encrypted_texts:
+ encrypted_text = encrypted_text.decode("base64")
+ iv = iv.decode("base64")
+ text = None
+ for key in keys:
+ ctx = pyelliptic.Cipher(key.decode("base64"), iv, 0, ciphername='aes-256-cbc')
+ try:
+ decrypted = ctx.ciphering(encrypted_text)
+ if decrypted and decrypted.decode("utf8"): # Valid text decoded
+ text = decrypted
+ except Exception, err:
+ pass
+ texts.append(text)
+
+ if len(args) == 3:
+ self.response(to, texts[0])
+ else:
+ self.response(to, texts)
+
+
+@PluginManager.registerTo("User")
+class UserPlugin(object):
+ def getEncryptPrivatekey(self, address, param_index=0):
+ assert param_index >= 0 and param_index <= 1000
+ site_data = self.getSiteData(address)
+
+ if site_data.get("cert"): # Different privatekey for different cert provider
+ index = param_index + self.getAddressAuthIndex(site_data["cert"])
+ else:
+ index = param_index
+
+ if "encrypt_privatekey_%s" % index not in site_data:
+ address_index = self.getAddressAuthIndex(address)
+ crypt_index = address_index + 1000 + index
+ site_data["encrypt_privatekey_%s" % index] = CryptBitcoin.hdPrivatekey(self.master_seed, crypt_index)
+ self.log.debug("New encrypt privatekey generated for %s:%s" % (address, index))
+ return site_data["encrypt_privatekey_%s" % index]
+
+ def getEncryptPublickey(self, address, param_index=0):
+ assert param_index >= 0 and param_index <= 1000
+ site_data = self.getSiteData(address)
+
+ if site_data.get("cert"): # Different privatekey for different cert provider
+ index = param_index + self.getAddressAuthIndex(site_data["cert"])
+ else:
+ index = param_index
+
+ if "encrypt_publickey_%s" % index not in site_data:
+ privatekey = self.getEncryptPrivatekey(address, param_index)
+ publickey = btctools.encode_pubkey(btctools.privtopub(privatekey), "bin_compressed")
+ site_data["encrypt_publickey_%s" % index] = base64.b64encode(publickey)
+ return site_data["encrypt_publickey_%s" % index]
diff --git a/plugins/CryptMessage/Test/TestCrypt.py b/plugins/CryptMessage/Test/TestCrypt.py
new file mode 100644
index 00000000..8e16cba2
--- /dev/null
+++ b/plugins/CryptMessage/Test/TestCrypt.py
@@ -0,0 +1,106 @@
+import pytest
+from CryptMessage import CryptMessage
+
+@pytest.mark.usefixtures("resetSettings")
+class TestCrypt:
+ def testPublickey(self, ui_websocket):
+ pub = ui_websocket.testAction("UserPublickey", 0)
+ assert len(pub) == 44 # Compressed, b64 encoded publickey
+
+ # Different pubkey for specificed index
+ assert ui_websocket.testAction("UserPublickey", 1) != ui_websocket.testAction("UserPublickey", 0)
+
+ # Same publickey for same index
+ assert ui_websocket.testAction("UserPublickey", 2) == ui_websocket.testAction("UserPublickey", 2)
+
+ # Different publickey for different cert
+ pub1 = ui_websocket.testAction("UserPublickey", 0)
+ site_data = ui_websocket.user.getSiteData(ui_websocket.site.address)
+ site_data["cert"] = "zeroid.bit"
+ pub2 = ui_websocket.testAction("UserPublickey", 0)
+ assert pub1 != pub2
+
+
+
+ def testEcies(self, ui_websocket):
+ ui_websocket.actionUserPublickey(0, 0)
+ pub = ui_websocket.ws.result
+
+ ui_websocket.actionEciesEncrypt(0, "hello", pub)
+ encrypted = ui_websocket.ws.result
+ assert len(encrypted) == 180
+
+ # Don't allow decrypt using other privatekey index
+ ui_websocket.actionEciesDecrypt(0, encrypted, 123)
+ decrypted = ui_websocket.ws.result
+ assert decrypted != "hello"
+
+ # Decrypt using correct privatekey
+ ui_websocket.actionEciesDecrypt(0, encrypted)
+ decrypted = ui_websocket.ws.result
+ assert decrypted == "hello"
+
+ # Decrypt batch
+ ui_websocket.actionEciesDecrypt(0, [encrypted, "baad", encrypted])
+ decrypted = ui_websocket.ws.result
+ assert decrypted == ["hello", None, "hello"]
+
+
+ def testEciesUtf8(self, ui_websocket):
+ # Utf8 test
+ utf8_text = u'\xc1rv\xedzt\xfbr\xf5t\xfck\xf6rf\xfar\xf3g\xe9p'
+ ui_websocket.actionEciesEncrypt(0, utf8_text)
+ encrypted = ui_websocket.ws.result
+
+ ui_websocket.actionEciesDecrypt(0, encrypted)
+ assert ui_websocket.ws.result == utf8_text
+
+
+ def testEciesAes(self, ui_websocket):
+ ui_websocket.actionEciesEncrypt(0, "hello", return_aes_key=True)
+ ecies_encrypted, aes_key = ui_websocket.ws.result
+
+ # Decrypt using Ecies
+ ui_websocket.actionEciesDecrypt(0, ecies_encrypted)
+ assert ui_websocket.ws.result == "hello"
+
+ # Decrypt using AES
+ aes_iv, aes_encrypted = CryptMessage.split(ecies_encrypted.decode("base64"))
+
+ ui_websocket.actionAesDecrypt(0, aes_iv.encode("base64"), aes_encrypted.encode("base64"), aes_key)
+ assert ui_websocket.ws.result == "hello"
+
+
+ def testAes(self, ui_websocket):
+ ui_websocket.actionAesEncrypt(0, "hello")
+ key, iv, encrypted = ui_websocket.ws.result
+
+ assert len(key) == 44
+ assert len(iv) == 24
+ assert len(encrypted) == 24
+
+ # Single decrypt
+ ui_websocket.actionAesDecrypt(0, iv, encrypted, key)
+ assert ui_websocket.ws.result == "hello"
+
+ # Batch decrypt
+ ui_websocket.actionAesEncrypt(0, "hello")
+ key2, iv2, encrypted2 = ui_websocket.ws.result
+
+ assert [key, iv, encrypted] != [key2, iv2, encrypted2]
+
+ # 2 correct key
+ ui_websocket.actionAesDecrypt(0, [[iv, encrypted], [iv, encrypted], [iv, "baad"], [iv2, encrypted2]], [key])
+ assert ui_websocket.ws.result == ["hello", "hello", None, None]
+
+ # 3 key
+ ui_websocket.actionAesDecrypt(0, [[iv, encrypted], [iv, encrypted], [iv, "baad"], [iv2, encrypted2]], [key, key2])
+ assert ui_websocket.ws.result == ["hello", "hello", None, "hello"]
+
+ def testAesUtf8(self, ui_websocket):
+ utf8_text = u'\xc1rv\xedzt\xfbr\xf5t\xfck\xf6rf\xfar\xf3g\xe9'
+ ui_websocket.actionAesEncrypt(0, utf8_text)
+ key, iv, encrypted = ui_websocket.ws.result
+
+ ui_websocket.actionAesDecrypt(0, iv, encrypted, key)
+ assert ui_websocket.ws.result == utf8_text
diff --git a/plugins/CryptMessage/Test/conftest.py b/plugins/CryptMessage/Test/conftest.py
new file mode 100644
index 00000000..8c1df5b2
--- /dev/null
+++ b/plugins/CryptMessage/Test/conftest.py
@@ -0,0 +1 @@
+from src.Test.conftest import *
\ No newline at end of file
diff --git a/plugins/CryptMessage/Test/pytest.ini b/plugins/CryptMessage/Test/pytest.ini
new file mode 100644
index 00000000..d09210d1
--- /dev/null
+++ b/plugins/CryptMessage/Test/pytest.ini
@@ -0,0 +1,5 @@
+[pytest]
+python_files = Test*.py
+addopts = -rsxX -v --durations=6
+markers =
+ webtest: mark a test as a webtest.
\ No newline at end of file
diff --git a/plugins/CryptMessage/__init__.py b/plugins/CryptMessage/__init__.py
new file mode 100644
index 00000000..3eb41820
--- /dev/null
+++ b/plugins/CryptMessage/__init__.py
@@ -0,0 +1 @@
+import CryptMessagePlugin
\ No newline at end of file
diff --git a/src/Config.py b/src/Config.py
index cfd466a4..8ce384cd 100644
--- a/src/Config.py
+++ b/src/Config.py
@@ -7,8 +7,8 @@ import ConfigParser
class Config(object):
def __init__(self, argv):
- self.version = "0.3.3"
- self.rev = 619
+ self.version = "0.3.4"
+ self.rev = 656
self.argv = argv
self.action = None
self.createParser()
diff --git a/src/Content/ContentManager.py b/src/Content/ContentManager.py
index dd310b95..df400b99 100644
--- a/src/Content/ContentManager.py
+++ b/src/Content/ContentManager.py
@@ -26,7 +26,7 @@ class ContentManager(object):
# Load content.json to self.content
# Return: Changed files ["index.html", "data/messages.json"], Deleted files ["old.jpg"]
- def loadContent(self, content_inner_path="content.json", add_bad_files=True, delete_removed_files=True, load_includes=True):
+ def loadContent(self, content_inner_path="content.json", add_bad_files=True, delete_removed_files=True, load_includes=True, force=False):
content_inner_path = content_inner_path.strip("/") # Remove / from begning
old_content = self.contents.get(content_inner_path)
content_path = self.site.storage.getPath(content_inner_path)
@@ -36,13 +36,14 @@ class ContentManager(object):
if os.path.isfile(content_path):
try:
# Check if file is newer than what we have
- if old_content:
+ if not force and old_content and not self.site.settings.get("own"):
for line in open(content_path):
- if '"modified"' in line:
- match = re.search("([0-9\.]+),$", line.strip(" \r\n"))
- if match and float(match.group(1)) <= old_content.get("modified", 0):
- self.log.debug("loadContent same json file, skipping")
- return [], []
+ if '"modified"' not in line:
+ continue
+ match = re.search("([0-9\.]+),$", line.strip(" \r\n"))
+ if match and float(match.group(1)) <= old_content.get("modified", 0):
+ self.log.debug("loadContent same json file, skipping")
+ return [], []
new_content = json.load(open(content_path))
except Exception, err:
@@ -427,6 +428,7 @@ class ContentManager(object):
if filewrite:
self.log.info("Saving to %s..." % inner_path)
self.site.storage.writeJson(inner_path, new_content)
+ self.contents[inner_path] = new_content
self.log.info("File %s signed!" % inner_path)
diff --git a/src/Db/DbCursor.py b/src/Db/DbCursor.py
index 1c8b8876..a34f9157 100644
--- a/src/Db/DbCursor.py
+++ b/src/Db/DbCursor.py
@@ -15,10 +15,19 @@ class DbCursor:
def execute(self, query, params=None):
if isinstance(params, dict): # Make easier select and insert by allowing dict params
if query.startswith("SELECT") or query.startswith("DELETE"):
- # Convert param dict to SELECT * FROM table WHERE key = ?, key2 = ? format
- wheres = "AND ".join([key + " = ?" for key in params])
+ # Convert param dict to SELECT * FROM table WHERE key = ? AND key2 = ? format
+ query_wheres = []
+ values = []
+ for key, value in params.items():
+ if type(value) is list:
+ query_wheres.append(key+" IN ("+",".join(["?"]*len(value))+")")
+ values += value
+ else:
+ query_wheres.append(key+" = ?")
+ values.append(value)
+ wheres = " AND ".join(query_wheres)
query = query.replace("?", wheres)
- params = params.values()
+ params = values
else:
# Convert param dict to INSERT INTO table (key, key2) VALUES (?, ?) format
keys = ", ".join(params.keys())
diff --git a/src/Test/TestContent.py b/src/Test/TestContent.py
index 232439b0..17ae9a55 100644
--- a/src/Test/TestContent.py
+++ b/src/Test/TestContent.py
@@ -96,9 +96,9 @@ class TestContent:
# Everything should be same as before except the modified timestamp and the signs
assert (
- {key: val for key, val in content_old.items() if key not in ["modified", "signs", "sign"]}
+ {key: val for key, val in content_old.items() if key not in ["modified", "signs", "sign", "zeronet_version"]}
==
- {key: val for key, val in content.items() if key not in ["modified", "signs", "sign"]}
+ {key: val for key, val in content.items() if key not in ["modified", "signs", "sign", "zeronet_version"]}
)
def testSignOptionalFiles(self, site):
diff --git a/src/Test/TestDb.py b/src/Test/TestDb.py
index f012d31a..55ae103d 100644
--- a/src/Test/TestDb.py
+++ b/src/Test/TestDb.py
@@ -68,3 +68,51 @@ class TestDb:
# Cleanup
os.unlink(db_path)
+
+ def testQueries(self):
+ db_path = "%s/zeronet.db" % config.data_dir
+ schema = {
+ "db_name": "TestDb",
+ "db_file": "%s/zeronet.db" % config.data_dir,
+ "map": {
+ "data.json": {
+ "to_table": {
+ "test": "test"
+ }
+ }
+ },
+ "tables": {
+ "test": {
+ "cols": [
+ ["test_id", "INTEGER"],
+ ["title", "TEXT"],
+ ],
+ "indexes": ["CREATE UNIQUE INDEX test_id ON test(test_id)"],
+ "schema_changed": 1426195822
+ }
+ }
+ }
+
+ if os.path.isfile(db_path):
+ os.unlink(db_path)
+ db = Db(schema, db_path)
+ db.checkTables()
+
+ # Test insert
+ for i in range(100):
+ db.execute("INSERT INTO test ?", {"test_id": i, "title": "Test #%s" % i})
+
+ assert db.execute("SELECT COUNT(*) AS num FROM test").fetchone()["num"] == 100
+
+ # Test single select
+ assert db.execute("SELECT COUNT(*) AS num FROM test WHERE ?", {"test_id": 1}).fetchone()["num"] == 1
+
+ # Test multiple select
+ assert db.execute("SELECT COUNT(*) AS num FROM test WHERE ?", {"test_id": [1,2,3]}).fetchone()["num"] == 3
+ assert db.execute("SELECT COUNT(*) AS num FROM test WHERE ?", {"test_id": [1,2,3], "title": "Test #2"}).fetchone()["num"] == 1
+ assert db.execute("SELECT COUNT(*) AS num FROM test WHERE ?", {"test_id": [1,2,3], "title": ["Test #2", "Test #3", "Test #4"]}).fetchone()["num"] == 2
+
+ db.close()
+
+ # Cleanup
+ os.unlink(db_path)
diff --git a/src/Test/conftest.py b/src/Test/conftest.py
index 751700eb..80da90ba 100644
--- a/src/Test/conftest.py
+++ b/src/Test/conftest.py
@@ -3,6 +3,7 @@ import sys
import urllib
import time
import logging
+import json
import pytest
import mock
@@ -25,11 +26,15 @@ config.data_dir = "src/Test/testdata" # Use test data for unittests
config.debug_socket = True # Use test data for unittests
logging.basicConfig(level=logging.DEBUG, stream=sys.stdout)
+from Plugin import PluginManager
+PluginManager.plugin_manager.loadPlugins()
+
from Site import Site
from User import UserManager
from File import FileServer
from Connection import ConnectionServer
from Crypt import CryptConnection
+from Ui import UiWebsocket
import gevent
from gevent import monkey
monkey.patch_all(thread=False)
@@ -85,8 +90,9 @@ def site():
@pytest.fixture()
def site_temp(request):
- with mock.patch("Config.config.data_dir", config.data_dir+"-temp"):
+ with mock.patch("Config.config.data_dir", config.data_dir + "-temp"):
site_temp = Site("1TeSTvb4w2PWE81S2rEELgmX2GCCExQGT")
+
def cleanup():
site_temp.storage.deleteFiles()
request.addfinalizer(cleanup)
@@ -128,8 +134,29 @@ def file_server(request):
gevent.spawn(lambda: ConnectionServer.start(file_server))
time.sleep(0) # Port opening
assert file_server.running
+
def stop():
file_server.stop()
request.addfinalizer(stop)
return file_server
+
+@pytest.fixture()
+def ui_websocket(site, file_server, user):
+ class WsMock:
+ def __init__(self):
+ self.result = None
+
+ def send(self, data):
+ self.result = json.loads(data)["result"]
+
+ ws_mock = WsMock()
+ ui_websocket = UiWebsocket(ws_mock, site, file_server, user, None)
+
+ def testAction(action, *args, **kwargs):
+ func = getattr(ui_websocket, "action%s" % action)
+ func(0, *args, **kwargs)
+ return ui_websocket.ws.result
+
+ ui_websocket.testAction = testAction
+ return ui_websocket
diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py
index b834dcd9..04f728fe 100644
--- a/src/Ui/UiWebsocket.py
+++ b/src/Ui/UiWebsocket.py
@@ -128,12 +128,12 @@ class UiWebsocket(object):
if cmd == "response": # It's a response to a command
return self.actionResponse(req["to"], req["result"])
elif cmd in admin_commands and "ADMIN" not in permissions: # Admin commands
- return self.response(req["id"], "You don't have permission to run %s" % cmd)
+ return self.response(req["id"], {"error:", "You don't have permission to run %s" % cmd})
else: # Normal command
func_name = "action" + cmd[0].upper() + cmd[1:]
func = getattr(self, func_name, None)
if not func: # Unknown command
- self.response(req["id"], "Unknown command: %s" % cmd)
+ self.response(req["id"], {"error": "Unknown command: %s" % cmd})
return
# Support calling as named, unnamed paramters and raw first argument too
@@ -234,7 +234,7 @@ class UiWebsocket(object):
self.response(to, ret)
# Sign content.json
- def actionSiteSign(self, to, privatekey=None, inner_path="content.json"):
+ def actionSiteSign(self, to, privatekey=None, inner_path="content.json", response_ok=True):
site = self.site
extend = {} # Extended info for signing
if not inner_path.endswith("content.json"): # Find the content.json first
@@ -250,32 +250,32 @@ class UiWebsocket(object):
not site.settings["own"] and
self.user.getAuthAddress(self.site.address) not in self.site.content_manager.getValidSigners(inner_path)
):
- return self.response(to, "Forbidden, you can only modify your own sites")
+ return self.response(to, {"error": "Forbidden, you can only modify your own sites"})
if privatekey == "stored":
privatekey = self.user.getSiteData(self.site.address).get("privatekey")
if not privatekey: # Get privatekey from users.json auth_address
privatekey = self.user.getAuthPrivatekey(self.site.address)
# Signing
- site.content_manager.loadContent(add_bad_files=False) # Reload content.json, ignore errors to make it up-to-date
+ site.content_manager.loadContent(add_bad_files=False, force=True) # Reload content.json, ignore errors to make it up-to-date
signed = site.content_manager.sign(inner_path, privatekey, extend=extend) # Sign using private key sent by user
if not signed:
self.cmd("notification", ["error", "Content sign failed: invalid private key."])
- self.response(to, "Site sign failed")
+ self.response(to, {"error": "Site sign failed"})
return
site.content_manager.loadContent(add_bad_files=False) # Load new content.json, ignore errors
- self.response(to, "ok")
+ if response_ok:
+ self.response(to, "ok")
return inner_path
# Sign and publish content.json
def actionSitePublish(self, to, privatekey=None, inner_path="content.json", sign=True):
if sign:
- inner_path = self.actionSiteSign(to, privatekey, inner_path)
+ inner_path = self.actionSiteSign(to, privatekey, inner_path, response_ok=False)
if not inner_path:
return
-
# Publishing
if not self.site.settings["serving"]: # Enable site if paused
self.site.settings["serving"] = True
@@ -295,15 +295,14 @@ class UiWebsocket(object):
if published > 0: # Successfuly published
if notification:
self.cmd("notification", ["done", "Content published to %s peers." % published, 5000])
- self.response(to, "ok")
- if notification:
+ self.response(to, "ok")
site.updateWebsocket() # Send updated site data to local websocket clients
else:
if len(site.peers) == 0:
if sys.modules["main"].file_server.port_opened:
if notification:
self.cmd("notification", ["info", "No peers found, but your content is ready to access.", 5000])
- self.response(to, "ok")
+ self.response(to, "ok")
else:
if notification:
self.cmd("notification", [
@@ -311,12 +310,12 @@ class UiWebsocket(object):
"""Your network connection is restricted. Please, open %s port
on your router to make your site accessible for everyone.""" % config.fileserver_port
])
- self.response(to, "Port not opened.")
+ self.response(to, {"error": "Port not opened."})
else:
if notification:
self.cmd("notification", ["error", "Content publish failed."])
- self.response(to, "Content publish failed.")
+ self.response(to, {"error": "Content publish failed."})
# Write a file to disk
def actionFileWrite(self, to, inner_path, content_base64):
@@ -324,17 +323,17 @@ class UiWebsocket(object):
not self.site.settings["own"] and
self.user.getAuthAddress(self.site.address) not in self.site.content_manager.getValidSigners(inner_path)
):
- return self.response(to, "Forbidden, you can only modify your own files")
+ return self.response(to, {"error": "Forbidden, you can only modify your own files"})
try:
import base64
content = base64.b64decode(content_base64)
self.site.storage.write(inner_path, content)
except Exception, err:
- return self.response(to, "Write error: %s" % err)
+ return self.response(to, {"error": "Write error: %s" % err})
if inner_path.endswith("content.json"):
- self.site.content_manager.loadContent(inner_path, add_bad_files=False)
+ self.site.content_manager.loadContent(inner_path, add_bad_files=False, force=True)
self.response(to, "ok")
@@ -348,12 +347,12 @@ class UiWebsocket(object):
not self.site.settings["own"] and
self.user.getAuthAddress(self.site.address) not in self.site.content_manager.getValidSigners(inner_path)
):
- return self.response(to, "Forbidden, you can only modify your own files")
+ return self.response(to, {"error": "Forbidden, you can only modify your own files"})
try:
self.site.storage.delete(inner_path)
except Exception, err:
- return self.response(to, "Delete error: %s" % err)
+ return self.response(to, {"error": "Delete error: %s" % err})
self.response(to, "ok")
@@ -385,10 +384,11 @@ class UiWebsocket(object):
# Return file content
def actionFileGet(self, to, inner_path, required=True):
try:
- if required:
- self.site.needFile(inner_path, priority=1)
+ if required or inner_path in self.site.bad_files:
+ self.site.needFile(inner_path, priority=6)
body = self.site.storage.read(inner_path)
- except:
+ except Exception, err:
+ self.log.debug("%s fileGet error: %s" % (inner_path, err))
body = None
return self.response(to, body)
diff --git a/src/Ui/media/Wrapper.coffee b/src/Ui/media/Wrapper.coffee
index b832c87b..708756d4 100644
--- a/src/Ui/media/Wrapper.coffee
+++ b/src/Ui/media/Wrapper.coffee
@@ -92,12 +92,26 @@ class Wrapper
@actionGetLocalStorage(message)
else if cmd == "wrapperSetLocalStorage"
@actionSetLocalStorage(message)
+ else if cmd == "wrapperPushState"
+ query = @toRelativeQuery(message.params[2])
+ window.history.pushState(message.params[0], message.params[1], query)
+ else if cmd == "wrapperReplaceState"
+ query = @toRelativeQuery(message.params[2])
+ window.history.replaceState(message.params[0], message.params[1], query)
else # Send to websocket
if message.id < 1000000
@ws.send(message) # Pass message to websocket
else
@log "Invalid inner message id"
+ toRelativeQuery: (query) ->
+ back = window.location.pathname
+ if back.slice(-1) != "/"
+ back += "/"
+ if query.replace("?", "")
+ back += "?"+query.replace("?", "")
+ return back
+
# - Actions -
@@ -178,13 +192,19 @@ class Wrapper
actionGetLocalStorage: (message) ->
$.when(@event_site_info).done =>
- data = localStorage.getItem "site.#{@site_info.address}"
+ data = localStorage.getItem "site.#{@site_info.address}.#{@site_info.auth_address}"
+ if not data # Migrate from non auth_address based local storage
+ data = localStorage.getItem "site.#{@site_info.address}"
+ if data
+ localStorage.setItem "site.#{@site_info.address}.#{@site_info.auth_address}", data
+ localStorage.removeItem "site.#{@site_info.address}"
+ @log "Migrated LocalStorage from global to auth_address based"
if data then data = JSON.parse(data)
@sendInner {"cmd": "response", "to": message.id, "result": data}
actionSetLocalStorage: (message) ->
- back = localStorage.setItem "site.#{@site_info.address}", JSON.stringify(message.params)
+ back = localStorage.setItem "site.#{@site_info.address}.#{@site_info.auth_address}", JSON.stringify(message.params)
# EOF actions
diff --git a/src/Ui/media/all.js b/src/Ui/media/all.js
index 6d12c7fb..ed8b4cca 100644
--- a/src/Ui/media/all.js
+++ b/src/Ui/media/all.js
@@ -834,7 +834,7 @@ jQuery.extend( jQuery.easing,
};
Wrapper.prototype.onMessageInner = function(e) {
- var cmd, message;
+ var cmd, message, query;
message = e.data;
cmd = message.cmd;
if (cmd === "innerReady") {
@@ -864,6 +864,12 @@ jQuery.extend( jQuery.easing,
return this.actionGetLocalStorage(message);
} else if (cmd === "wrapperSetLocalStorage") {
return this.actionSetLocalStorage(message);
+ } else if (cmd === "wrapperPushState") {
+ query = this.toRelativeQuery(message.params[2]);
+ return window.history.pushState(message.params[0], message.params[1], query);
+ } else if (cmd === "wrapperReplaceState") {
+ query = this.toRelativeQuery(message.params[2]);
+ return window.history.replaceState(message.params[0], message.params[1], query);
} else {
if (message.id < 1000000) {
return this.ws.send(message);
@@ -873,6 +879,18 @@ jQuery.extend( jQuery.easing,
}
};
+ Wrapper.prototype.toRelativeQuery = function(query) {
+ var back;
+ back = window.location.pathname;
+ if (back.slice(-1) !== "/") {
+ back += "/";
+ }
+ if (query.replace("?", "")) {
+ back += "?" + query.replace("?", "");
+ }
+ return back;
+ };
+
Wrapper.prototype.actionNotification = function(message) {
var body;
message.params = this.toHtmlSafe(message.params);
@@ -987,7 +1005,15 @@ jQuery.extend( jQuery.easing,
return $.when(this.event_site_info).done((function(_this) {
return function() {
var data;
- data = localStorage.getItem("site." + _this.site_info.address);
+ data = localStorage.getItem("site." + _this.site_info.address + "." + _this.site_info.auth_address);
+ if (!data) {
+ data = localStorage.getItem("site." + _this.site_info.address);
+ if (data) {
+ localStorage.setItem("site." + _this.site_info.address + "." + _this.site_info.auth_address, data);
+ localStorage.removeItem("site." + _this.site_info.address);
+ _this.log("Migrated LocalStorage from global to auth_address based");
+ }
+ }
if (data) {
data = JSON.parse(data);
}
@@ -1002,7 +1028,7 @@ jQuery.extend( jQuery.easing,
Wrapper.prototype.actionSetLocalStorage = function(message) {
var back;
- return back = localStorage.setItem("site." + this.site_info.address, JSON.stringify(message.params));
+ return back = localStorage.setItem("site." + this.site_info.address + "." + this.site_info.auth_address, JSON.stringify(message.params));
};
Wrapper.prototype.onOpenWebsocket = function(e) {
diff --git a/src/lib/pyelliptic/LICENSE b/src/lib/pyelliptic/LICENSE
new file mode 100644
index 00000000..94a9ed02
--- /dev/null
+++ b/src/lib/pyelliptic/LICENSE
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ Copyright (C)
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
diff --git a/src/lib/pyelliptic/README.md b/src/lib/pyelliptic/README.md
new file mode 100644
index 00000000..587b1445
--- /dev/null
+++ b/src/lib/pyelliptic/README.md
@@ -0,0 +1,67 @@
+# PyElliptic
+
+PyElliptic is a high level wrapper for the cryptographic library : OpenSSL.
+Under the GNU General Public License
+
+Python3 compatible. For GNU/Linux and Windows.
+Require OpenSSL
+
+## Features
+
+### Asymmetric cryptography using Elliptic Curve Cryptography (ECC)
+
+* Key agreement : ECDH
+* Digital signatures : ECDSA
+* Hybrid encryption : ECIES (like RSA)
+
+### Symmetric cryptography
+
+* AES-128 (CBC, OFB, CFB)
+* AES-256 (CBC, OFB, CFB)
+* Blowfish (CFB and CBC)
+* RC4
+
+### Other
+
+* CSPRNG
+* HMAC (using SHA512)
+* PBKDF2 (SHA256 and SHA512)
+
+## Example
+
+```python
+#!/usr/bin/python
+
+import pyelliptic
+
+# Symmetric encryption
+iv = pyelliptic.Cipher.gen_IV('aes-256-cfb')
+ctx = pyelliptic.Cipher("secretkey", iv, 1, ciphername='aes-256-cfb')
+
+ciphertext = ctx.update('test1')
+ciphertext += ctx.update('test2')
+ciphertext += ctx.final()
+
+ctx2 = pyelliptic.Cipher("secretkey", iv, 0, ciphername='aes-256-cfb')
+print ctx2.ciphering(ciphertext)
+
+# Asymmetric encryption
+alice = pyelliptic.ECC() # default curve: sect283r1
+bob = pyelliptic.ECC(curve='sect571r1')
+
+ciphertext = alice.encrypt("Hello Bob", bob.get_pubkey())
+print bob.decrypt(ciphertext)
+
+signature = bob.sign("Hello Alice")
+# alice's job :
+print pyelliptic.ECC(pubkey=bob.get_pubkey()).verify(signature, "Hello Alice")
+
+# ERROR !!!
+try:
+ key = alice.get_ecdh_key(bob.get_pubkey())
+except: print("For ECDH key agreement, the keys must be defined on the same curve !")
+
+alice = pyelliptic.ECC(curve='sect571r1')
+print alice.get_ecdh_key(bob.get_pubkey()).encode('hex')
+print bob.get_ecdh_key(alice.get_pubkey()).encode('hex')
+```
diff --git a/src/lib/pyelliptic/__init__.py b/src/lib/pyelliptic/__init__.py
new file mode 100644
index 00000000..761d08af
--- /dev/null
+++ b/src/lib/pyelliptic/__init__.py
@@ -0,0 +1,19 @@
+# Copyright (C) 2010
+# Author: Yann GUIBET
+# Contact:
+
+__version__ = '1.3'
+
+__all__ = [
+ 'OpenSSL',
+ 'ECC',
+ 'Cipher',
+ 'hmac_sha256',
+ 'hmac_sha512',
+ 'pbkdf2'
+]
+
+from .openssl import OpenSSL
+from .ecc import ECC
+from .cipher import Cipher
+from .hash import hmac_sha256, hmac_sha512, pbkdf2
diff --git a/src/lib/pyelliptic/arithmetic.py b/src/lib/pyelliptic/arithmetic.py
new file mode 100644
index 00000000..1eec381a
--- /dev/null
+++ b/src/lib/pyelliptic/arithmetic.py
@@ -0,0 +1,106 @@
+import hashlib, re
+
+P = 2**256-2**32-2**9-2**8-2**7-2**6-2**4-1
+A = 0
+Gx = 55066263022277343669578718895168534326250603453777594175500187360389116729240
+Gy = 32670510020758816978083085130507043184471273380659243275938904335757337482424
+G = (Gx,Gy)
+
+def inv(a,n):
+ lm, hm = 1,0
+ low, high = a%n,n
+ while low > 1:
+ r = high/low
+ nm, new = hm-lm*r, high-low*r
+ lm, low, hm, high = nm, new, lm, low
+ return lm % n
+
+def get_code_string(base):
+ if base == 2: return '01'
+ elif base == 10: return '0123456789'
+ elif base == 16: return "0123456789abcdef"
+ elif base == 58: return "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
+ elif base == 256: return ''.join([chr(x) for x in range(256)])
+ else: raise ValueError("Invalid base!")
+
+def encode(val,base,minlen=0):
+ code_string = get_code_string(base)
+ result = ""
+ while val > 0:
+ result = code_string[val % base] + result
+ val /= base
+ if len(result) < minlen:
+ result = code_string[0]*(minlen-len(result))+result
+ return result
+
+def decode(string,base):
+ code_string = get_code_string(base)
+ result = 0
+ if base == 16: string = string.lower()
+ while len(string) > 0:
+ result *= base
+ result += code_string.find(string[0])
+ string = string[1:]
+ return result
+
+def changebase(string,frm,to,minlen=0):
+ return encode(decode(string,frm),to,minlen)
+
+def base10_add(a,b):
+ if a == None: return b[0],b[1]
+ if b == None: return a[0],a[1]
+ if a[0] == b[0]:
+ if a[1] == b[1]: return base10_double(a[0],a[1])
+ else: return None
+ m = ((b[1]-a[1]) * inv(b[0]-a[0],P)) % P
+ x = (m*m-a[0]-b[0]) % P
+ y = (m*(a[0]-x)-a[1]) % P
+ return (x,y)
+
+def base10_double(a):
+ if a == None: return None
+ m = ((3*a[0]*a[0]+A)*inv(2*a[1],P)) % P
+ x = (m*m-2*a[0]) % P
+ y = (m*(a[0]-x)-a[1]) % P
+ return (x,y)
+
+def base10_multiply(a,n):
+ if n == 0: return G
+ if n == 1: return a
+ if (n%2) == 0: return base10_double(base10_multiply(a,n/2))
+ if (n%2) == 1: return base10_add(base10_double(base10_multiply(a,n/2)),a)
+
+def hex_to_point(h): return (decode(h[2:66],16),decode(h[66:],16))
+
+def point_to_hex(p): return '04'+encode(p[0],16,64)+encode(p[1],16,64)
+
+def multiply(privkey,pubkey):
+ return point_to_hex(base10_multiply(hex_to_point(pubkey),decode(privkey,16)))
+
+def privtopub(privkey):
+ return point_to_hex(base10_multiply(G,decode(privkey,16)))
+
+def add(p1,p2):
+ if (len(p1)==32):
+ return encode(decode(p1,16) + decode(p2,16) % P,16,32)
+ else:
+ return point_to_hex(base10_add(hex_to_point(p1),hex_to_point(p2)))
+
+def hash_160(string):
+ intermed = hashlib.sha256(string).digest()
+ ripemd160 = hashlib.new('ripemd160')
+ ripemd160.update(intermed)
+ return ripemd160.digest()
+
+def dbl_sha256(string):
+ return hashlib.sha256(hashlib.sha256(string).digest()).digest()
+
+def bin_to_b58check(inp):
+ inp_fmtd = '\x00' + inp
+ leadingzbytes = len(re.match('^\x00*',inp_fmtd).group(0))
+ checksum = dbl_sha256(inp_fmtd)[:4]
+ return '1' * leadingzbytes + changebase(inp_fmtd+checksum,256,58)
+
+#Convert a public key (in hex) to a Bitcoin address
+def pubkey_to_address(pubkey):
+ return bin_to_b58check(hash_160(changebase(pubkey,16,256)))
diff --git a/src/lib/pyelliptic/cipher.py b/src/lib/pyelliptic/cipher.py
new file mode 100644
index 00000000..4a76a344
--- /dev/null
+++ b/src/lib/pyelliptic/cipher.py
@@ -0,0 +1,81 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2011 Yann GUIBET
+# See LICENSE for details.
+
+from .openssl import OpenSSL
+
+
+class Cipher:
+ """
+ Symmetric encryption
+
+ import pyelliptic
+ iv = pyelliptic.Cipher.gen_IV('aes-256-cfb')
+ ctx = pyelliptic.Cipher("secretkey", iv, 1, ciphername='aes-256-cfb')
+ ciphertext = ctx.update('test1')
+ ciphertext += ctx.update('test2')
+ ciphertext += ctx.final()
+
+ ctx2 = pyelliptic.Cipher("secretkey", iv, 0, ciphername='aes-256-cfb')
+ print ctx2.ciphering(ciphertext)
+ """
+ def __init__(self, key, iv, do, ciphername='aes-256-cbc'):
+ """
+ do == 1 => Encrypt; do == 0 => Decrypt
+ """
+ self.cipher = OpenSSL.get_cipher(ciphername)
+ self.ctx = OpenSSL.EVP_CIPHER_CTX_new()
+ if do == 1 or do == 0:
+ k = OpenSSL.malloc(key, len(key))
+ IV = OpenSSL.malloc(iv, len(iv))
+ OpenSSL.EVP_CipherInit_ex(
+ self.ctx, self.cipher.get_pointer(), 0, k, IV, do)
+ else:
+ raise Exception("RTFM ...")
+
+ @staticmethod
+ def get_all_cipher():
+ """
+ static method, returns all ciphers available
+ """
+ return OpenSSL.cipher_algo.keys()
+
+ @staticmethod
+ def get_blocksize(ciphername):
+ cipher = OpenSSL.get_cipher(ciphername)
+ return cipher.get_blocksize()
+
+ @staticmethod
+ def gen_IV(ciphername):
+ cipher = OpenSSL.get_cipher(ciphername)
+ return OpenSSL.rand(cipher.get_blocksize())
+
+ def update(self, input):
+ i = OpenSSL.c_int(0)
+ buffer = OpenSSL.malloc(b"", len(input) + self.cipher.get_blocksize())
+ inp = OpenSSL.malloc(input, len(input))
+ if OpenSSL.EVP_CipherUpdate(self.ctx, OpenSSL.byref(buffer),
+ OpenSSL.byref(i), inp, len(input)) == 0:
+ raise Exception("[OpenSSL] EVP_CipherUpdate FAIL ...")
+ return buffer.raw[0:i.value]
+
+ def final(self):
+ i = OpenSSL.c_int(0)
+ buffer = OpenSSL.malloc(b"", self.cipher.get_blocksize())
+ if (OpenSSL.EVP_CipherFinal_ex(self.ctx, OpenSSL.byref(buffer),
+ OpenSSL.byref(i))) == 0:
+ raise Exception("[OpenSSL] EVP_CipherFinal_ex FAIL ...")
+ return buffer.raw[0:i.value]
+
+ def ciphering(self, input):
+ """
+ Do update and final in one method
+ """
+ buff = self.update(input)
+ return buff + self.final()
+
+ def __del__(self):
+ OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx)
+ OpenSSL.EVP_CIPHER_CTX_free(self.ctx)
diff --git a/src/lib/pyelliptic/ecc.py b/src/lib/pyelliptic/ecc.py
new file mode 100644
index 00000000..b36806df
--- /dev/null
+++ b/src/lib/pyelliptic/ecc.py
@@ -0,0 +1,460 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2011 Yann GUIBET
+# See LICENSE for details.
+
+from hashlib import sha512
+from .openssl import OpenSSL
+from .cipher import Cipher
+from .hash import hmac_sha256, equals
+from struct import pack, unpack
+
+
+class ECC:
+ """
+ Asymmetric encryption with Elliptic Curve Cryptography (ECC)
+ ECDH, ECDSA and ECIES
+
+ import pyelliptic
+
+ alice = pyelliptic.ECC() # default curve: sect283r1
+ bob = pyelliptic.ECC(curve='sect571r1')
+
+ ciphertext = alice.encrypt("Hello Bob", bob.get_pubkey())
+ print bob.decrypt(ciphertext)
+
+ signature = bob.sign("Hello Alice")
+ # alice's job :
+ print pyelliptic.ECC(
+ pubkey=bob.get_pubkey()).verify(signature, "Hello Alice")
+
+ # ERROR !!!
+ try:
+ key = alice.get_ecdh_key(bob.get_pubkey())
+ except: print("For ECDH key agreement,\
+ the keys must be defined on the same curve !")
+
+ alice = pyelliptic.ECC(curve='sect571r1')
+ print alice.get_ecdh_key(bob.get_pubkey()).encode('hex')
+ print bob.get_ecdh_key(alice.get_pubkey()).encode('hex')
+
+ """
+ def __init__(self, pubkey=None, privkey=None, pubkey_x=None,
+ pubkey_y=None, raw_privkey=None, curve='sect283r1'):
+ """
+ For a normal and High level use, specifie pubkey,
+ privkey (if you need) and the curve
+ """
+ if type(curve) == str:
+ self.curve = OpenSSL.get_curve(curve)
+ else:
+ self.curve = curve
+
+ if pubkey_x is not None and pubkey_y is not None:
+ self._set_keys(pubkey_x, pubkey_y, raw_privkey)
+ elif pubkey is not None:
+ curve, pubkey_x, pubkey_y, i = ECC._decode_pubkey(pubkey)
+ if privkey is not None:
+ curve2, raw_privkey, i = ECC._decode_privkey(privkey)
+ if curve != curve2:
+ raise Exception("Bad ECC keys ...")
+ self.curve = curve
+ self._set_keys(pubkey_x, pubkey_y, raw_privkey)
+ else:
+ self.privkey, self.pubkey_x, self.pubkey_y = self._generate()
+
+ def _set_keys(self, pubkey_x, pubkey_y, privkey):
+ if self.raw_check_key(privkey, pubkey_x, pubkey_y) < 0:
+ self.pubkey_x = None
+ self.pubkey_y = None
+ self.privkey = None
+ raise Exception("Bad ECC keys ...")
+ else:
+ self.pubkey_x = pubkey_x
+ self.pubkey_y = pubkey_y
+ self.privkey = privkey
+
+ @staticmethod
+ def get_curves():
+ """
+ static method, returns the list of all the curves available
+ """
+ return OpenSSL.curves.keys()
+
+ def get_curve(self):
+ return OpenSSL.get_curve_by_id(self.curve)
+
+ def get_curve_id(self):
+ return self.curve
+
+ def get_pubkey(self):
+ """
+ High level function which returns :
+ curve(2) + len_of_pubkeyX(2) + pubkeyX + len_of_pubkeyY + pubkeyY
+ """
+ return b''.join((pack('!H', self.curve),
+ pack('!H', len(self.pubkey_x)),
+ self.pubkey_x,
+ pack('!H', len(self.pubkey_y)),
+ self.pubkey_y
+ ))
+
+ def get_privkey(self):
+ """
+ High level function which returns
+ curve(2) + len_of_privkey(2) + privkey
+ """
+ return b''.join((pack('!H', self.curve),
+ pack('!H', len(self.privkey)),
+ self.privkey
+ ))
+
+ @staticmethod
+ def _decode_pubkey(pubkey):
+ i = 0
+ curve = unpack('!H', pubkey[i:i + 2])[0]
+ i += 2
+ tmplen = unpack('!H', pubkey[i:i + 2])[0]
+ i += 2
+ pubkey_x = pubkey[i:i + tmplen]
+ i += tmplen
+ tmplen = unpack('!H', pubkey[i:i + 2])[0]
+ i += 2
+ pubkey_y = pubkey[i:i + tmplen]
+ i += tmplen
+ return curve, pubkey_x, pubkey_y, i
+
+ @staticmethod
+ def _decode_privkey(privkey):
+ i = 0
+ curve = unpack('!H', privkey[i:i + 2])[0]
+ i += 2
+ tmplen = unpack('!H', privkey[i:i + 2])[0]
+ i += 2
+ privkey = privkey[i:i + tmplen]
+ i += tmplen
+ return curve, privkey, i
+
+ def _generate(self):
+ try:
+ pub_key_x = OpenSSL.BN_new()
+ pub_key_y = OpenSSL.BN_new()
+
+ key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+ if key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+ if (OpenSSL.EC_KEY_generate_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+ priv_key = OpenSSL.EC_KEY_get0_private_key(key)
+
+ group = OpenSSL.EC_KEY_get0_group(key)
+ pub_key = OpenSSL.EC_KEY_get0_public_key(key)
+
+ if (OpenSSL.EC_POINT_get_affine_coordinates_GFp(group, pub_key,
+ pub_key_x,
+ pub_key_y, 0
+ )) == 0:
+ raise Exception(
+ "[OpenSSL] EC_POINT_get_affine_coordinates_GFp FAIL ...")
+
+ privkey = OpenSSL.malloc(0, OpenSSL.BN_num_bytes(priv_key))
+ pubkeyx = OpenSSL.malloc(0, OpenSSL.BN_num_bytes(pub_key_x))
+ pubkeyy = OpenSSL.malloc(0, OpenSSL.BN_num_bytes(pub_key_y))
+ OpenSSL.BN_bn2bin(priv_key, privkey)
+ privkey = privkey.raw
+ OpenSSL.BN_bn2bin(pub_key_x, pubkeyx)
+ pubkeyx = pubkeyx.raw
+ OpenSSL.BN_bn2bin(pub_key_y, pubkeyy)
+ pubkeyy = pubkeyy.raw
+ self.raw_check_key(privkey, pubkeyx, pubkeyy)
+
+ return privkey, pubkeyx, pubkeyy
+
+ finally:
+ OpenSSL.EC_KEY_free(key)
+ OpenSSL.BN_free(pub_key_x)
+ OpenSSL.BN_free(pub_key_y)
+
+ def get_ecdh_key(self, pubkey):
+ """
+ High level function. Compute public key with the local private key
+ and returns a 512bits shared key
+ """
+ curve, pubkey_x, pubkey_y, i = ECC._decode_pubkey(pubkey)
+ if curve != self.curve:
+ raise Exception("ECC keys must be from the same curve !")
+ return sha512(self.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
+
+ def raw_get_ecdh_key(self, pubkey_x, pubkey_y):
+ try:
+ ecdh_keybuffer = OpenSSL.malloc(0, 32)
+
+ other_key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+ if other_key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+
+ other_pub_key_x = OpenSSL.BN_bin2bn(pubkey_x, len(pubkey_x), 0)
+ other_pub_key_y = OpenSSL.BN_bin2bn(pubkey_y, len(pubkey_y), 0)
+
+ other_group = OpenSSL.EC_KEY_get0_group(other_key)
+ other_pub_key = OpenSSL.EC_POINT_new(other_group)
+
+ if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(other_group,
+ other_pub_key,
+ other_pub_key_x,
+ other_pub_key_y,
+ 0)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
+ if (OpenSSL.EC_KEY_set_public_key(other_key, other_pub_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(other_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+
+ own_key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+ if own_key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+ own_priv_key = OpenSSL.BN_bin2bn(
+ self.privkey, len(self.privkey), 0)
+
+ if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
+
+ OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL())
+ ecdh_keylen = OpenSSL.ECDH_compute_key(
+ ecdh_keybuffer, 32, other_pub_key, own_key, 0)
+
+ if ecdh_keylen != 32:
+ raise Exception("[OpenSSL] ECDH keylen FAIL ...")
+
+ return ecdh_keybuffer.raw
+
+ finally:
+ OpenSSL.EC_KEY_free(other_key)
+ OpenSSL.BN_free(other_pub_key_x)
+ OpenSSL.BN_free(other_pub_key_y)
+ OpenSSL.EC_POINT_free(other_pub_key)
+ OpenSSL.EC_KEY_free(own_key)
+ OpenSSL.BN_free(own_priv_key)
+
+ def check_key(self, privkey, pubkey):
+ """
+ Check the public key and the private key.
+ The private key is optional (replace by None)
+ """
+ curve, pubkey_x, pubkey_y, i = ECC._decode_pubkey(pubkey)
+ if privkey is None:
+ raw_privkey = None
+ curve2 = curve
+ else:
+ curve2, raw_privkey, i = ECC._decode_privkey(privkey)
+ if curve != curve2:
+ raise Exception("Bad public and private key")
+ return self.raw_check_key(raw_privkey, pubkey_x, pubkey_y, curve)
+
+ def raw_check_key(self, privkey, pubkey_x, pubkey_y, curve=None):
+ if curve is None:
+ curve = self.curve
+ elif type(curve) == str:
+ curve = OpenSSL.get_curve(curve)
+ else:
+ curve = curve
+ try:
+ key = OpenSSL.EC_KEY_new_by_curve_name(curve)
+ if key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+ if privkey is not None:
+ priv_key = OpenSSL.BN_bin2bn(privkey, len(privkey), 0)
+ pub_key_x = OpenSSL.BN_bin2bn(pubkey_x, len(pubkey_x), 0)
+ pub_key_y = OpenSSL.BN_bin2bn(pubkey_y, len(pubkey_y), 0)
+
+ if privkey is not None:
+ if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_KEY_set_private_key FAIL ...")
+
+ group = OpenSSL.EC_KEY_get0_group(key)
+ pub_key = OpenSSL.EC_POINT_new(group)
+
+ if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
+ pub_key_x,
+ pub_key_y,
+ 0)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
+ if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+ return 0
+
+ finally:
+ OpenSSL.EC_KEY_free(key)
+ OpenSSL.BN_free(pub_key_x)
+ OpenSSL.BN_free(pub_key_y)
+ OpenSSL.EC_POINT_free(pub_key)
+ if privkey is not None:
+ OpenSSL.BN_free(priv_key)
+
+ def sign(self, inputb, digest_alg=OpenSSL.EVP_ecdsa):
+ """
+ Sign the input with ECDSA method and returns the signature
+ """
+ try:
+ size = len(inputb)
+ buff = OpenSSL.malloc(inputb, size)
+ digest = OpenSSL.malloc(0, 64)
+ md_ctx = OpenSSL.EVP_MD_CTX_create()
+ dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
+ siglen = OpenSSL.pointer(OpenSSL.c_int(0))
+ sig = OpenSSL.malloc(0, 151)
+
+ key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+ if key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+
+ priv_key = OpenSSL.BN_bin2bn(self.privkey, len(self.privkey), 0)
+ pub_key_x = OpenSSL.BN_bin2bn(self.pubkey_x, len(self.pubkey_x), 0)
+ pub_key_y = OpenSSL.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), 0)
+
+ if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
+
+ group = OpenSSL.EC_KEY_get0_group(key)
+ pub_key = OpenSSL.EC_POINT_new(group)
+
+ if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
+ pub_key_x,
+ pub_key_y,
+ 0)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
+ if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+
+ OpenSSL.EVP_MD_CTX_init(md_ctx)
+ OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
+
+ if (OpenSSL.EVP_DigestUpdate(md_ctx, buff, size)) == 0:
+ raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
+ OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
+ OpenSSL.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key)
+ if (OpenSSL.ECDSA_verify(0, digest, dgst_len.contents, sig,
+ siglen.contents, key)) != 1:
+ raise Exception("[OpenSSL] ECDSA_verify FAIL ...")
+
+ return sig.raw[:siglen.contents.value]
+
+ finally:
+ OpenSSL.EC_KEY_free(key)
+ OpenSSL.BN_free(pub_key_x)
+ OpenSSL.BN_free(pub_key_y)
+ OpenSSL.BN_free(priv_key)
+ OpenSSL.EC_POINT_free(pub_key)
+ OpenSSL.EVP_MD_CTX_destroy(md_ctx)
+
+ def verify(self, sig, inputb, digest_alg=OpenSSL.EVP_ecdsa):
+ """
+ Verify the signature with the input and the local public key.
+ Returns a boolean
+ """
+ try:
+ bsig = OpenSSL.malloc(sig, len(sig))
+ binputb = OpenSSL.malloc(inputb, len(inputb))
+ digest = OpenSSL.malloc(0, 64)
+ dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
+ md_ctx = OpenSSL.EVP_MD_CTX_create()
+
+ key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+
+ if key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+
+ pub_key_x = OpenSSL.BN_bin2bn(self.pubkey_x, len(self.pubkey_x), 0)
+ pub_key_y = OpenSSL.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), 0)
+ group = OpenSSL.EC_KEY_get0_group(key)
+ pub_key = OpenSSL.EC_POINT_new(group)
+
+ if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
+ pub_key_x,
+ pub_key_y,
+ 0)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
+ if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+
+ OpenSSL.EVP_MD_CTX_init(md_ctx)
+ OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
+ if (OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb))) == 0:
+ raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
+
+ OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
+ ret = OpenSSL.ECDSA_verify(
+ 0, digest, dgst_len.contents, bsig, len(sig), key)
+
+ if ret == -1:
+ return False # Fail to Check
+ else:
+ if ret == 0:
+ return False # Bad signature !
+ else:
+ return True # Good
+ return False
+
+ finally:
+ OpenSSL.EC_KEY_free(key)
+ OpenSSL.BN_free(pub_key_x)
+ OpenSSL.BN_free(pub_key_y)
+ OpenSSL.EC_POINT_free(pub_key)
+ OpenSSL.EVP_MD_CTX_destroy(md_ctx)
+
+ @staticmethod
+ def encrypt(data, pubkey, ephemcurve=None, ciphername='aes-256-cbc'):
+ """
+ Encrypt data with ECIES method using the public key of the recipient.
+ """
+ curve, pubkey_x, pubkey_y, i = ECC._decode_pubkey(pubkey)
+ return ECC.raw_encrypt(data, pubkey_x, pubkey_y, curve=curve,
+ ephemcurve=ephemcurve, ciphername=ciphername)
+
+ @staticmethod
+ def raw_encrypt(data, pubkey_x, pubkey_y, curve='sect283r1',
+ ephemcurve=None, ciphername='aes-256-cbc'):
+ if ephemcurve is None:
+ ephemcurve = curve
+ ephem = ECC(curve=ephemcurve)
+ key = sha512(ephem.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
+ key_e, key_m = key[:32], key[32:]
+ pubkey = ephem.get_pubkey()
+ iv = OpenSSL.rand(OpenSSL.get_cipher(ciphername).get_blocksize())
+ ctx = Cipher(key_e, iv, 1, ciphername)
+ ciphertext = iv + pubkey + ctx.ciphering(data)
+ mac = hmac_sha256(key_m, ciphertext)
+ return ciphertext + mac
+
+ def decrypt(self, data, ciphername='aes-256-cbc'):
+ """
+ Decrypt data with ECIES method using the local private key
+ """
+ blocksize = OpenSSL.get_cipher(ciphername).get_blocksize()
+ iv = data[:blocksize]
+ i = blocksize
+ curve, pubkey_x, pubkey_y, i2 = ECC._decode_pubkey(data[i:])
+ i += i2
+ ciphertext = data[i:len(data)-32]
+ i += len(ciphertext)
+ mac = data[i:]
+ key = sha512(self.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
+ key_e, key_m = key[:32], key[32:]
+ if not equals(hmac_sha256(key_m, data[:len(data) - 32]), mac):
+ raise RuntimeError("Fail to verify data")
+ ctx = Cipher(key_e, iv, 0, ciphername)
+ return ctx.ciphering(ciphertext)
diff --git a/src/lib/pyelliptic/hash.py b/src/lib/pyelliptic/hash.py
new file mode 100644
index 00000000..d6a15811
--- /dev/null
+++ b/src/lib/pyelliptic/hash.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2011 Yann GUIBET
+# See LICENSE for details.
+
+from .openssl import OpenSSL
+
+
+# For python3
+def _equals_bytes(a, b):
+ if len(a) != len(b):
+ return False
+ result = 0
+ for x, y in zip(a, b):
+ result |= x ^ y
+ return result == 0
+
+
+def _equals_str(a, b):
+ if len(a) != len(b):
+ return False
+ result = 0
+ for x, y in zip(a, b):
+ result |= ord(x) ^ ord(y)
+ return result == 0
+
+
+def equals(a, b):
+ if isinstance(a, str):
+ return _equals_str(a, b)
+ else:
+ return _equals_bytes(a, b)
+
+
+def hmac_sha256(k, m):
+ """
+ Compute the key and the message with HMAC SHA5256
+ """
+ key = OpenSSL.malloc(k, len(k))
+ d = OpenSSL.malloc(m, len(m))
+ md = OpenSSL.malloc(0, 32)
+ i = OpenSSL.pointer(OpenSSL.c_int(0))
+ OpenSSL.HMAC(OpenSSL.EVP_sha256(), key, len(k), d, len(m), md, i)
+ return md.raw
+
+
+def hmac_sha512(k, m):
+ """
+ Compute the key and the message with HMAC SHA512
+ """
+ key = OpenSSL.malloc(k, len(k))
+ d = OpenSSL.malloc(m, len(m))
+ md = OpenSSL.malloc(0, 64)
+ i = OpenSSL.pointer(OpenSSL.c_int(0))
+ OpenSSL.HMAC(OpenSSL.EVP_sha512(), key, len(k), d, len(m), md, i)
+ return md.raw
+
+
+def pbkdf2(password, salt=None, i=10000, keylen=64):
+ if salt is None:
+ salt = OpenSSL.rand(8)
+ p_password = OpenSSL.malloc(password, len(password))
+ p_salt = OpenSSL.malloc(salt, len(salt))
+ output = OpenSSL.malloc(0, keylen)
+ OpenSSL.PKCS5_PBKDF2_HMAC(p_password, len(password), p_salt,
+ len(p_salt), i, OpenSSL.EVP_sha256(),
+ keylen, output)
+ return salt, output.raw
diff --git a/src/lib/pyelliptic/openssl.py b/src/lib/pyelliptic/openssl.py
new file mode 100644
index 00000000..eda17668
--- /dev/null
+++ b/src/lib/pyelliptic/openssl.py
@@ -0,0 +1,448 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2011 Yann GUIBET
+# See LICENSE for details.
+#
+# Software slightly changed by Jonathan Warren
+
+import sys
+import ctypes
+
+OpenSSL = None
+
+
+class CipherName:
+ def __init__(self, name, pointer, blocksize):
+ self._name = name
+ self._pointer = pointer
+ self._blocksize = blocksize
+
+ def __str__(self):
+ return "Cipher : " + self._name + " | Blocksize : " + str(self._blocksize) + " | Fonction pointer : " + str(self._pointer)
+
+ def get_pointer(self):
+ return self._pointer()
+
+ def get_name(self):
+ return self._name
+
+ def get_blocksize(self):
+ return self._blocksize
+
+
+class _OpenSSL:
+ """
+ Wrapper for OpenSSL using ctypes
+ """
+ def __init__(self, library):
+ """
+ Build the wrapper
+ """
+ self._lib = ctypes.CDLL(library)
+
+ self.pointer = ctypes.pointer
+ self.c_int = ctypes.c_int
+ self.byref = ctypes.byref
+ self.create_string_buffer = ctypes.create_string_buffer
+
+ self.BN_new = self._lib.BN_new
+ self.BN_new.restype = ctypes.c_void_p
+ self.BN_new.argtypes = []
+
+ self.BN_free = self._lib.BN_free
+ self.BN_free.restype = None
+ self.BN_free.argtypes = [ctypes.c_void_p]
+
+ self.BN_num_bits = self._lib.BN_num_bits
+ self.BN_num_bits.restype = ctypes.c_int
+ self.BN_num_bits.argtypes = [ctypes.c_void_p]
+
+ self.BN_bn2bin = self._lib.BN_bn2bin
+ self.BN_bn2bin.restype = ctypes.c_int
+ self.BN_bn2bin.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.BN_bin2bn = self._lib.BN_bin2bn
+ self.BN_bin2bn.restype = ctypes.c_void_p
+ self.BN_bin2bn.argtypes = [ctypes.c_void_p, ctypes.c_int,
+ ctypes.c_void_p]
+
+ self.EC_KEY_free = self._lib.EC_KEY_free
+ self.EC_KEY_free.restype = None
+ self.EC_KEY_free.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_new_by_curve_name = self._lib.EC_KEY_new_by_curve_name
+ self.EC_KEY_new_by_curve_name.restype = ctypes.c_void_p
+ self.EC_KEY_new_by_curve_name.argtypes = [ctypes.c_int]
+
+ self.EC_KEY_generate_key = self._lib.EC_KEY_generate_key
+ self.EC_KEY_generate_key.restype = ctypes.c_int
+ self.EC_KEY_generate_key.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_check_key = self._lib.EC_KEY_check_key
+ self.EC_KEY_check_key.restype = ctypes.c_int
+ self.EC_KEY_check_key.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_get0_private_key = self._lib.EC_KEY_get0_private_key
+ self.EC_KEY_get0_private_key.restype = ctypes.c_void_p
+ self.EC_KEY_get0_private_key.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_get0_public_key = self._lib.EC_KEY_get0_public_key
+ self.EC_KEY_get0_public_key.restype = ctypes.c_void_p
+ self.EC_KEY_get0_public_key.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_get0_group = self._lib.EC_KEY_get0_group
+ self.EC_KEY_get0_group.restype = ctypes.c_void_p
+ self.EC_KEY_get0_group.argtypes = [ctypes.c_void_p]
+
+ self.EC_POINT_get_affine_coordinates_GFp = self._lib.EC_POINT_get_affine_coordinates_GFp
+ self.EC_POINT_get_affine_coordinates_GFp.restype = ctypes.c_int
+ self.EC_POINT_get_affine_coordinates_GFp.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EC_KEY_set_private_key = self._lib.EC_KEY_set_private_key
+ self.EC_KEY_set_private_key.restype = ctypes.c_int
+ self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p]
+
+ self.EC_KEY_set_public_key = self._lib.EC_KEY_set_public_key
+ self.EC_KEY_set_public_key.restype = ctypes.c_int
+ self.EC_KEY_set_public_key.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p]
+
+ self.EC_KEY_set_group = self._lib.EC_KEY_set_group
+ self.EC_KEY_set_group.restype = ctypes.c_int
+ self.EC_KEY_set_group.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EC_POINT_set_affine_coordinates_GFp = self._lib.EC_POINT_set_affine_coordinates_GFp
+ self.EC_POINT_set_affine_coordinates_GFp.restype = ctypes.c_int
+ self.EC_POINT_set_affine_coordinates_GFp.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EC_POINT_new = self._lib.EC_POINT_new
+ self.EC_POINT_new.restype = ctypes.c_void_p
+ self.EC_POINT_new.argtypes = [ctypes.c_void_p]
+
+ self.EC_POINT_free = self._lib.EC_POINT_free
+ self.EC_POINT_free.restype = None
+ self.EC_POINT_free.argtypes = [ctypes.c_void_p]
+
+ self.BN_CTX_free = self._lib.BN_CTX_free
+ self.BN_CTX_free.restype = None
+ self.BN_CTX_free.argtypes = [ctypes.c_void_p]
+
+ self.EC_POINT_mul = self._lib.EC_POINT_mul
+ self.EC_POINT_mul.restype = None
+ self.EC_POINT_mul.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EC_KEY_set_private_key = self._lib.EC_KEY_set_private_key
+ self.EC_KEY_set_private_key.restype = ctypes.c_int
+ self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p]
+
+ self.ECDH_OpenSSL = self._lib.ECDH_OpenSSL
+ self._lib.ECDH_OpenSSL.restype = ctypes.c_void_p
+ self._lib.ECDH_OpenSSL.argtypes = []
+
+ self.BN_CTX_new = self._lib.BN_CTX_new
+ self._lib.BN_CTX_new.restype = ctypes.c_void_p
+ self._lib.BN_CTX_new.argtypes = []
+
+ self.ECDH_set_method = self._lib.ECDH_set_method
+ self._lib.ECDH_set_method.restype = ctypes.c_int
+ self._lib.ECDH_set_method.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.ECDH_compute_key = self._lib.ECDH_compute_key
+ self.ECDH_compute_key.restype = ctypes.c_int
+ self.ECDH_compute_key.argtypes = [ctypes.c_void_p,
+ ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_CipherInit_ex = self._lib.EVP_CipherInit_ex
+ self.EVP_CipherInit_ex.restype = ctypes.c_int
+ self.EVP_CipherInit_ex.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_CIPHER_CTX_new = self._lib.EVP_CIPHER_CTX_new
+ self.EVP_CIPHER_CTX_new.restype = ctypes.c_void_p
+ self.EVP_CIPHER_CTX_new.argtypes = []
+
+ # Cipher
+ self.EVP_aes_128_cfb128 = self._lib.EVP_aes_128_cfb128
+ self.EVP_aes_128_cfb128.restype = ctypes.c_void_p
+ self.EVP_aes_128_cfb128.argtypes = []
+
+ self.EVP_aes_256_cfb128 = self._lib.EVP_aes_256_cfb128
+ self.EVP_aes_256_cfb128.restype = ctypes.c_void_p
+ self.EVP_aes_256_cfb128.argtypes = []
+
+ self.EVP_aes_128_cbc = self._lib.EVP_aes_128_cbc
+ self.EVP_aes_128_cbc.restype = ctypes.c_void_p
+ self.EVP_aes_128_cbc.argtypes = []
+
+ self.EVP_aes_256_cbc = self._lib.EVP_aes_256_cbc
+ self.EVP_aes_256_cbc.restype = ctypes.c_void_p
+ self.EVP_aes_256_cbc.argtypes = []
+
+ #self.EVP_aes_128_ctr = self._lib.EVP_aes_128_ctr
+ #self.EVP_aes_128_ctr.restype = ctypes.c_void_p
+ #self.EVP_aes_128_ctr.argtypes = []
+
+ #self.EVP_aes_256_ctr = self._lib.EVP_aes_256_ctr
+ #self.EVP_aes_256_ctr.restype = ctypes.c_void_p
+ #self.EVP_aes_256_ctr.argtypes = []
+
+ self.EVP_aes_128_ofb = self._lib.EVP_aes_128_ofb
+ self.EVP_aes_128_ofb.restype = ctypes.c_void_p
+ self.EVP_aes_128_ofb.argtypes = []
+
+ self.EVP_aes_256_ofb = self._lib.EVP_aes_256_ofb
+ self.EVP_aes_256_ofb.restype = ctypes.c_void_p
+ self.EVP_aes_256_ofb.argtypes = []
+
+ self.EVP_bf_cbc = self._lib.EVP_bf_cbc
+ self.EVP_bf_cbc.restype = ctypes.c_void_p
+ self.EVP_bf_cbc.argtypes = []
+
+ self.EVP_bf_cfb64 = self._lib.EVP_bf_cfb64
+ self.EVP_bf_cfb64.restype = ctypes.c_void_p
+ self.EVP_bf_cfb64.argtypes = []
+
+ self.EVP_rc4 = self._lib.EVP_rc4
+ self.EVP_rc4.restype = ctypes.c_void_p
+ self.EVP_rc4.argtypes = []
+
+ self.EVP_CIPHER_CTX_cleanup = self._lib.EVP_CIPHER_CTX_cleanup
+ self.EVP_CIPHER_CTX_cleanup.restype = ctypes.c_int
+ self.EVP_CIPHER_CTX_cleanup.argtypes = [ctypes.c_void_p]
+
+ self.EVP_CIPHER_CTX_free = self._lib.EVP_CIPHER_CTX_free
+ self.EVP_CIPHER_CTX_free.restype = None
+ self.EVP_CIPHER_CTX_free.argtypes = [ctypes.c_void_p]
+
+ self.EVP_CipherUpdate = self._lib.EVP_CipherUpdate
+ self.EVP_CipherUpdate.restype = ctypes.c_int
+ self.EVP_CipherUpdate.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_int]
+
+ self.EVP_CipherFinal_ex = self._lib.EVP_CipherFinal_ex
+ self.EVP_CipherFinal_ex.restype = ctypes.c_int
+ self.EVP_CipherFinal_ex.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_DigestInit = self._lib.EVP_DigestInit
+ self.EVP_DigestInit.restype = ctypes.c_int
+ self._lib.EVP_DigestInit.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_DigestInit_ex = self._lib.EVP_DigestInit_ex
+ self.EVP_DigestInit_ex.restype = ctypes.c_int
+ self._lib.EVP_DigestInit_ex.argtypes = 3 * [ctypes.c_void_p]
+
+ self.EVP_DigestUpdate = self._lib.EVP_DigestUpdate
+ self.EVP_DigestUpdate.restype = ctypes.c_int
+ self.EVP_DigestUpdate.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_int]
+
+ self.EVP_DigestFinal = self._lib.EVP_DigestFinal
+ self.EVP_DigestFinal.restype = ctypes.c_int
+ self.EVP_DigestFinal.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_DigestFinal_ex = self._lib.EVP_DigestFinal_ex
+ self.EVP_DigestFinal_ex.restype = ctypes.c_int
+ self.EVP_DigestFinal_ex.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_ecdsa = self._lib.EVP_ecdsa
+ self._lib.EVP_ecdsa.restype = ctypes.c_void_p
+ self._lib.EVP_ecdsa.argtypes = []
+
+ self.ECDSA_sign = self._lib.ECDSA_sign
+ self.ECDSA_sign.restype = ctypes.c_int
+ self.ECDSA_sign.argtypes = [ctypes.c_int, ctypes.c_void_p,
+ ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.ECDSA_verify = self._lib.ECDSA_verify
+ self.ECDSA_verify.restype = ctypes.c_int
+ self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
+ ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]
+
+ self.EVP_MD_CTX_create = self._lib.EVP_MD_CTX_create
+ self.EVP_MD_CTX_create.restype = ctypes.c_void_p
+ self.EVP_MD_CTX_create.argtypes = []
+
+ self.EVP_MD_CTX_init = self._lib.EVP_MD_CTX_init
+ self.EVP_MD_CTX_init.restype = None
+ self.EVP_MD_CTX_init.argtypes = [ctypes.c_void_p]
+
+ self.EVP_MD_CTX_destroy = self._lib.EVP_MD_CTX_destroy
+ self.EVP_MD_CTX_destroy.restype = None
+ self.EVP_MD_CTX_destroy.argtypes = [ctypes.c_void_p]
+
+ self.RAND_bytes = self._lib.RAND_bytes
+ self.RAND_bytes.restype = ctypes.c_int
+ self.RAND_bytes.argtypes = [ctypes.c_void_p, ctypes.c_int]
+
+
+ self.EVP_sha256 = self._lib.EVP_sha256
+ self.EVP_sha256.restype = ctypes.c_void_p
+ self.EVP_sha256.argtypes = []
+
+ self.i2o_ECPublicKey = self._lib.i2o_ECPublicKey
+ self.i2o_ECPublicKey.restype = ctypes.c_void_p
+ self.i2o_ECPublicKey.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_sha512 = self._lib.EVP_sha512
+ self.EVP_sha512.restype = ctypes.c_void_p
+ self.EVP_sha512.argtypes = []
+
+ self.HMAC = self._lib.HMAC
+ self.HMAC.restype = ctypes.c_void_p
+ self.HMAC.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_int,
+ ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p]
+
+ try:
+ self.PKCS5_PBKDF2_HMAC = self._lib.PKCS5_PBKDF2_HMAC
+ except:
+ # The above is not compatible with all versions of OSX.
+ self.PKCS5_PBKDF2_HMAC = self._lib.PKCS5_PBKDF2_HMAC_SHA1
+
+ self.PKCS5_PBKDF2_HMAC.restype = ctypes.c_int
+ self.PKCS5_PBKDF2_HMAC.argtypes = [ctypes.c_void_p, ctypes.c_int,
+ ctypes.c_void_p, ctypes.c_int,
+ ctypes.c_int, ctypes.c_void_p,
+ ctypes.c_int, ctypes.c_void_p]
+
+ self._set_ciphers()
+ self._set_curves()
+
+ def _set_ciphers(self):
+ self.cipher_algo = {
+ 'aes-128-cbc': CipherName('aes-128-cbc', self.EVP_aes_128_cbc, 16),
+ 'aes-256-cbc': CipherName('aes-256-cbc', self.EVP_aes_256_cbc, 16),
+ 'aes-128-cfb': CipherName('aes-128-cfb', self.EVP_aes_128_cfb128, 16),
+ 'aes-256-cfb': CipherName('aes-256-cfb', self.EVP_aes_256_cfb128, 16),
+ 'aes-128-ofb': CipherName('aes-128-ofb', self._lib.EVP_aes_128_ofb, 16),
+ 'aes-256-ofb': CipherName('aes-256-ofb', self._lib.EVP_aes_256_ofb, 16),
+ #'aes-128-ctr': CipherName('aes-128-ctr', self._lib.EVP_aes_128_ctr, 16),
+ #'aes-256-ctr': CipherName('aes-256-ctr', self._lib.EVP_aes_256_ctr, 16),
+ 'bf-cfb': CipherName('bf-cfb', self.EVP_bf_cfb64, 8),
+ 'bf-cbc': CipherName('bf-cbc', self.EVP_bf_cbc, 8),
+ 'rc4': CipherName('rc4', self.EVP_rc4, 128), # 128 is the initialisation size not block size
+ }
+
+ def _set_curves(self):
+ self.curves = {
+ 'secp112r1': 704,
+ 'secp112r2': 705,
+ 'secp128r1': 706,
+ 'secp128r2': 707,
+ 'secp160k1': 708,
+ 'secp160r1': 709,
+ 'secp160r2': 710,
+ 'secp192k1': 711,
+ 'secp224k1': 712,
+ 'secp224r1': 713,
+ 'secp256k1': 714,
+ 'secp384r1': 715,
+ 'secp521r1': 716,
+ 'sect113r1': 717,
+ 'sect113r2': 718,
+ 'sect131r1': 719,
+ 'sect131r2': 720,
+ 'sect163k1': 721,
+ 'sect163r1': 722,
+ 'sect163r2': 723,
+ 'sect193r1': 724,
+ 'sect193r2': 725,
+ 'sect233k1': 726,
+ 'sect233r1': 727,
+ 'sect239k1': 728,
+ 'sect283k1': 729,
+ 'sect283r1': 730,
+ 'sect409k1': 731,
+ 'sect409r1': 732,
+ 'sect571k1': 733,
+ 'sect571r1': 734,
+ }
+
+ def BN_num_bytes(self, x):
+ """
+ returns the length of a BN (OpenSSl API)
+ """
+ return int((self.BN_num_bits(x) + 7) / 8)
+
+ def get_cipher(self, name):
+ """
+ returns the OpenSSL cipher instance
+ """
+ if name not in self.cipher_algo:
+ raise Exception("Unknown cipher")
+ return self.cipher_algo[name]
+
+ def get_curve(self, name):
+ """
+ returns the id of a elliptic curve
+ """
+ if name not in self.curves:
+ raise Exception("Unknown curve")
+ return self.curves[name]
+
+ def get_curve_by_id(self, id):
+ """
+ returns the name of a elliptic curve with his id
+ """
+ res = None
+ for i in self.curves:
+ if self.curves[i] == id:
+ res = i
+ break
+ if res is None:
+ raise Exception("Unknown curve")
+ return res
+
+ def rand(self, size):
+ """
+ OpenSSL random function
+ """
+ buffer = self.malloc(0, size)
+ # This pyelliptic library, by default, didn't check the return value of RAND_bytes. It is
+ # evidently possible that it returned an error and not-actually-random data. However, in
+ # tests on various operating systems, while generating hundreds of gigabytes of random
+ # strings of various sizes I could not get an error to occur. Also Bitcoin doesn't check
+ # the return value of RAND_bytes either.
+ # Fixed in Bitmessage version 0.4.2 (in source code on 2013-10-13)
+ while self.RAND_bytes(buffer, size) != 1:
+ import time
+ time.sleep(1)
+ return buffer.raw
+
+ def malloc(self, data, size):
+ """
+ returns a create_string_buffer (ctypes)
+ """
+ buffer = None
+ if data != 0:
+ if sys.version_info.major == 3 and isinstance(data, type('')):
+ data = data.encode()
+ buffer = self.create_string_buffer(data, size)
+ else:
+ buffer = self.create_string_buffer(size)
+ return buffer
+
+
+def openLibrary():
+ global OpenSSL
+ try:
+ if sys.platform.startswith("win"):
+ OpenSSL = _OpenSSL("src/lib/opensslVerify/libeay32.dll")
+ else: # Try to use self-compiled first
+ OpenSSL = _OpenSSL("/usr/local/ssl/lib/libcrypto.so")
+ except:
+ OpenSSL = _OpenSSL(ctypes.util.find_library('ssl') or ctypes.util.find_library('crypto') or 'libeay32')
+
+
+def closeLibrary():
+ if "FreeLibrary" in dir(_ctypes):
+ _ctypes.FreeLibrary(OpenSSL._lib._handle)
+ else:
+ _ctypes.dlclose(OpenSSL._lib._handle)
+
+openLibrary()
diff --git a/src/lib/subtl/subtl.py b/src/lib/subtl/subtl.py
index a2eb966d..e98ac69e 100644
--- a/src/lib/subtl/subtl.py
+++ b/src/lib/subtl/subtl.py
@@ -43,7 +43,7 @@ class UdpTrackerClient:
self.conn_id = 0x41727101980
self.transactions = {}
self.peer_id = self._generate_peer_id()
- self.timeout = 5
+ self.timeout = 9
def connect(self):
return self._send(CONNECT)