diff --git a/plugins/CryptMessage/CryptMessage.py b/plugins/CryptMessage/CryptMessage.py
index 00c5d7c6..6f2cbdc2 100644
--- a/plugins/CryptMessage/CryptMessage.py
+++ b/plugins/CryptMessage/CryptMessage.py
@@ -7,7 +7,7 @@ ecc_cache = {}
def eciesEncrypt(data, pubkey, ephemcurve=None, ciphername='aes-256-cbc'):
- import pyelliptic
+ from lib import pyelliptic
pubkey_openssl = toOpensslPublickey(base64.b64decode(pubkey))
curve, pubkey_x, pubkey_y, i = pyelliptic.ECC._decode_pubkey(pubkey_openssl)
if ephemcurve is None:
@@ -34,7 +34,7 @@ def split(encrypted):
def getEcc(privatekey=None):
- import pyelliptic
+ from lib import pyelliptic
global ecc_cache
if privatekey not in ecc_cache:
if privatekey:
diff --git a/plugins/CryptMessage/CryptMessagePlugin.py b/plugins/CryptMessage/CryptMessagePlugin.py
index 6cfb8fc5..64c8ac81 100644
--- a/plugins/CryptMessage/CryptMessagePlugin.py
+++ b/plugins/CryptMessage/CryptMessagePlugin.py
@@ -60,7 +60,7 @@ class UiWebsocketPlugin(object):
# Encrypt a text using AES
# Return: Iv, AES key, Encrypted text
def actionAesEncrypt(self, to, text, key=None, iv=None):
- import pyelliptic
+ from lib import pyelliptic
if key:
key = base64.b64decode(key)
@@ -83,7 +83,7 @@ class UiWebsocketPlugin(object):
# Decrypt a text using AES
# Return: Decrypted text
def actionAesDecrypt(self, to, *args):
- import pyelliptic
+ from lib import pyelliptic
if len(args) == 3: # Single decrypt
encrypted_texts = [(args[0], args[1])]
diff --git a/src/lib/pyelliptic/LICENSE b/src/lib/pyelliptic/LICENSE
new file mode 100644
index 00000000..94a9ed02
--- /dev/null
+++ b/src/lib/pyelliptic/LICENSE
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ Copyright (C)
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+.
diff --git a/src/lib/pyelliptic/README.md b/src/lib/pyelliptic/README.md
new file mode 100644
index 00000000..3acf819c
--- /dev/null
+++ b/src/lib/pyelliptic/README.md
@@ -0,0 +1,96 @@
+# PyElliptic
+
+PyElliptic is a high level wrapper for the cryptographic library : OpenSSL.
+Under the GNU General Public License
+
+Python3 compatible. For GNU/Linux and Windows.
+Require OpenSSL
+
+## Version
+
+The [upstream pyelliptic](https://github.com/yann2192/pyelliptic) has been
+deprecated by the author at 1.5.8 and ECC API has been removed.
+
+This version is a fork of the pyelliptic extracted from the [BitMessage source
+tree](https://github.com/Bitmessage/PyBitmessage), and does contain the ECC
+API. To minimize confusion but to avoid renaming the module, major version has
+been bumped.
+
+BitMessage is actively maintained, and this fork of pyelliptic will track and
+incorporate any changes to pyelliptic from BitMessage. Ideally, in the future,
+BitMessage would import this module as a dependency instead of maintaining a
+copy of the source in its repository.
+
+The BitMessage fork forked from v1.3 of upstream pyelliptic. The commits in
+this repository are the commits extracted from the BitMessage repository and
+applied to pyelliptic v1.3 upstream repository (i.e. to the base of the fork),
+so history with athorship is preserved.
+
+Some of the changes in upstream pyelliptic between 1.3 and 1.5.8 came from
+BitMessage, those changes are present in this fork. Other changes do not exist
+in this fork (they may be added in the future).
+
+Also, a few minor changes exist in this fork but is not (yet) present in
+BitMessage source. See:
+
+ git log 1.3-PyBitmessage-37489cf7feff8d5047f24baa8f6d27f353a6d6ac..HEAD
+
+## Features
+
+### Asymmetric cryptography using Elliptic Curve Cryptography (ECC)
+
+* Key agreement : ECDH
+* Digital signatures : ECDSA
+* Hybrid encryption : ECIES (like RSA)
+
+### Symmetric cryptography
+
+* AES-128 (CBC, OFB, CFB, CTR)
+* AES-256 (CBC, OFB, CFB, CTR)
+* Blowfish (CFB and CBC)
+* RC4
+
+### Other
+
+* CSPRNG
+* HMAC (using SHA512)
+* PBKDF2 (SHA256 and SHA512)
+
+## Example
+
+```python
+#!/usr/bin/python
+
+import pyelliptic
+
+# Symmetric encryption
+iv = pyelliptic.Cipher.gen_IV('aes-256-cfb')
+ctx = pyelliptic.Cipher("secretkey", iv, 1, ciphername='aes-256-cfb')
+
+ciphertext = ctx.update('test1')
+ciphertext += ctx.update('test2')
+ciphertext += ctx.final()
+
+ctx2 = pyelliptic.Cipher("secretkey", iv, 0, ciphername='aes-256-cfb')
+print ctx2.ciphering(ciphertext)
+
+# Asymmetric encryption
+alice = pyelliptic.ECC() # default curve: sect283r1
+bob = pyelliptic.ECC(curve='sect571r1')
+
+ciphertext = alice.encrypt("Hello Bob", bob.get_pubkey())
+print bob.decrypt(ciphertext)
+
+signature = bob.sign("Hello Alice")
+# alice's job :
+print pyelliptic.ECC(pubkey=bob.get_pubkey()).verify(signature, "Hello Alice")
+
+# ERROR !!!
+try:
+ key = alice.get_ecdh_key(bob.get_pubkey())
+except: print("For ECDH key agreement, the keys must be defined on the same curve !")
+
+alice = pyelliptic.ECC(curve='sect571r1')
+print alice.get_ecdh_key(bob.get_pubkey()).encode('hex')
+print bob.get_ecdh_key(alice.get_pubkey()).encode('hex')
+```
diff --git a/src/lib/pyelliptic/__init__.py b/src/lib/pyelliptic/__init__.py
new file mode 100644
index 00000000..761d08af
--- /dev/null
+++ b/src/lib/pyelliptic/__init__.py
@@ -0,0 +1,19 @@
+# Copyright (C) 2010
+# Author: Yann GUIBET
+# Contact:
+
+__version__ = '1.3'
+
+__all__ = [
+ 'OpenSSL',
+ 'ECC',
+ 'Cipher',
+ 'hmac_sha256',
+ 'hmac_sha512',
+ 'pbkdf2'
+]
+
+from .openssl import OpenSSL
+from .ecc import ECC
+from .cipher import Cipher
+from .hash import hmac_sha256, hmac_sha512, pbkdf2
diff --git a/src/lib/pyelliptic/arithmetic.py b/src/lib/pyelliptic/arithmetic.py
new file mode 100644
index 00000000..95c85b93
--- /dev/null
+++ b/src/lib/pyelliptic/arithmetic.py
@@ -0,0 +1,144 @@
+# pylint: disable=missing-docstring,too-many-function-args
+
+import hashlib
+import re
+
+P = 2**256 - 2**32 - 2**9 - 2**8 - 2**7 - 2**6 - 2**4 - 1
+A = 0
+Gx = 55066263022277343669578718895168534326250603453777594175500187360389116729240
+Gy = 32670510020758816978083085130507043184471273380659243275938904335757337482424
+G = (Gx, Gy)
+
+
+def inv(a, n):
+ lm, hm = 1, 0
+ low, high = a % n, n
+ while low > 1:
+ r = high / low
+ nm, new = hm - lm * r, high - low * r
+ lm, low, hm, high = nm, new, lm, low
+ return lm % n
+
+
+def get_code_string(base):
+ if base == 2:
+ return '01'
+ elif base == 10:
+ return '0123456789'
+ elif base == 16:
+ return "0123456789abcdef"
+ elif base == 58:
+ return "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"
+ elif base == 256:
+ return ''.join([chr(x) for x in range(256)])
+ else:
+ raise ValueError("Invalid base!")
+
+
+def encode(val, base, minlen=0):
+ code_string = get_code_string(base)
+ result = ""
+ while val > 0:
+ result = code_string[val % base] + result
+ val /= base
+ if len(result) < minlen:
+ result = code_string[0] * (minlen - len(result)) + result
+ return result
+
+
+def decode(string, base):
+ code_string = get_code_string(base)
+ result = 0
+ if base == 16:
+ string = string.lower()
+ while string:
+ result *= base
+ result += code_string.find(string[0])
+ string = string[1:]
+ return result
+
+
+def changebase(string, frm, to, minlen=0):
+ return encode(decode(string, frm), to, minlen)
+
+
+def base10_add(a, b):
+ if a is None:
+ return b[0], b[1]
+ if b is None:
+ return a[0], a[1]
+ if a[0] == b[0]:
+ if a[1] == b[1]:
+ return base10_double(a[0], a[1])
+ return None
+ m = ((b[1] - a[1]) * inv(b[0] - a[0], P)) % P
+ x = (m * m - a[0] - b[0]) % P
+ y = (m * (a[0] - x) - a[1]) % P
+ return (x, y)
+
+
+def base10_double(a):
+ if a is None:
+ return None
+ m = ((3 * a[0] * a[0] + A) * inv(2 * a[1], P)) % P
+ x = (m * m - 2 * a[0]) % P
+ y = (m * (a[0] - x) - a[1]) % P
+ return (x, y)
+
+
+def base10_multiply(a, n):
+ if n == 0:
+ return G
+ if n == 1:
+ return a
+ if (n % 2) == 0:
+ return base10_double(base10_multiply(a, n / 2))
+ if (n % 2) == 1:
+ return base10_add(base10_double(base10_multiply(a, n / 2)), a)
+ return None
+
+
+def hex_to_point(h):
+ return (decode(h[2:66], 16), decode(h[66:], 16))
+
+
+def point_to_hex(p):
+ return '04' + encode(p[0], 16, 64) + encode(p[1], 16, 64)
+
+
+def multiply(privkey, pubkey):
+ return point_to_hex(base10_multiply(hex_to_point(pubkey), decode(privkey, 16)))
+
+
+def privtopub(privkey):
+ return point_to_hex(base10_multiply(G, decode(privkey, 16)))
+
+
+def add(p1, p2):
+ if len(p1) == 32:
+ return encode(decode(p1, 16) + decode(p2, 16) % P, 16, 32)
+ return point_to_hex(base10_add(hex_to_point(p1), hex_to_point(p2)))
+
+
+def hash_160(string):
+ intermed = hashlib.sha256(string).digest()
+ ripemd160 = hashlib.new('ripemd160')
+ ripemd160.update(intermed)
+ return ripemd160.digest()
+
+
+def dbl_sha256(string):
+ return hashlib.sha256(hashlib.sha256(string).digest()).digest()
+
+
+def bin_to_b58check(inp):
+ inp_fmtd = '\x00' + inp
+ leadingzbytes = len(re.match('^\x00*', inp_fmtd).group(0))
+ checksum = dbl_sha256(inp_fmtd)[:4]
+ return '1' * leadingzbytes + changebase(inp_fmtd + checksum, 256, 58)
+
+# Convert a public key (in hex) to a Bitcoin address
+
+
+def pubkey_to_address(pubkey):
+ return bin_to_b58check(hash_160(changebase(pubkey, 16, 256)))
diff --git a/src/lib/pyelliptic/cipher.py b/src/lib/pyelliptic/cipher.py
new file mode 100644
index 00000000..b597cafa
--- /dev/null
+++ b/src/lib/pyelliptic/cipher.py
@@ -0,0 +1,84 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2011 Yann GUIBET
+# See LICENSE for details.
+
+from pyelliptic.openssl import OpenSSL
+
+
+class Cipher:
+ """
+ Symmetric encryption
+
+ import pyelliptic
+ iv = pyelliptic.Cipher.gen_IV('aes-256-cfb')
+ ctx = pyelliptic.Cipher("secretkey", iv, 1, ciphername='aes-256-cfb')
+ ciphertext = ctx.update('test1')
+ ciphertext += ctx.update('test2')
+ ciphertext += ctx.final()
+
+ ctx2 = pyelliptic.Cipher("secretkey", iv, 0, ciphername='aes-256-cfb')
+ print ctx2.ciphering(ciphertext)
+ """
+ def __init__(self, key, iv, do, ciphername='aes-256-cbc'):
+ """
+ do == 1 => Encrypt; do == 0 => Decrypt
+ """
+ self.cipher = OpenSSL.get_cipher(ciphername)
+ self.ctx = OpenSSL.EVP_CIPHER_CTX_new()
+ if do == 1 or do == 0:
+ k = OpenSSL.malloc(key, len(key))
+ IV = OpenSSL.malloc(iv, len(iv))
+ OpenSSL.EVP_CipherInit_ex(
+ self.ctx, self.cipher.get_pointer(), 0, k, IV, do)
+ else:
+ raise Exception("RTFM ...")
+
+ @staticmethod
+ def get_all_cipher():
+ """
+ static method, returns all ciphers available
+ """
+ return OpenSSL.cipher_algo.keys()
+
+ @staticmethod
+ def get_blocksize(ciphername):
+ cipher = OpenSSL.get_cipher(ciphername)
+ return cipher.get_blocksize()
+
+ @staticmethod
+ def gen_IV(ciphername):
+ cipher = OpenSSL.get_cipher(ciphername)
+ return OpenSSL.rand(cipher.get_blocksize())
+
+ def update(self, input):
+ i = OpenSSL.c_int(0)
+ buffer = OpenSSL.malloc(b"", len(input) + self.cipher.get_blocksize())
+ inp = OpenSSL.malloc(input, len(input))
+ if OpenSSL.EVP_CipherUpdate(self.ctx, OpenSSL.byref(buffer),
+ OpenSSL.byref(i), inp, len(input)) == 0:
+ raise Exception("[OpenSSL] EVP_CipherUpdate FAIL ...")
+ return buffer.raw[0:i.value]
+
+ def final(self):
+ i = OpenSSL.c_int(0)
+ buffer = OpenSSL.malloc(b"", self.cipher.get_blocksize())
+ if (OpenSSL.EVP_CipherFinal_ex(self.ctx, OpenSSL.byref(buffer),
+ OpenSSL.byref(i))) == 0:
+ raise Exception("[OpenSSL] EVP_CipherFinal_ex FAIL ...")
+ return buffer.raw[0:i.value]
+
+ def ciphering(self, input):
+ """
+ Do update and final in one method
+ """
+ buff = self.update(input)
+ return buff + self.final()
+
+ def __del__(self):
+ if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
+ OpenSSL.EVP_CIPHER_CTX_reset(self.ctx)
+ else:
+ OpenSSL.EVP_CIPHER_CTX_cleanup(self.ctx)
+ OpenSSL.EVP_CIPHER_CTX_free(self.ctx)
diff --git a/src/lib/pyelliptic/ecc.py b/src/lib/pyelliptic/ecc.py
new file mode 100644
index 00000000..a70a1a5b
--- /dev/null
+++ b/src/lib/pyelliptic/ecc.py
@@ -0,0 +1,505 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+"""
+pyelliptic/ecc.py
+=====================
+"""
+# pylint: disable=protected-access
+
+# Copyright (C) 2011 Yann GUIBET
+# See LICENSE for details.
+
+from hashlib import sha512
+from struct import pack, unpack
+
+from pyelliptic.cipher import Cipher
+from pyelliptic.hash import equals, hmac_sha256
+from pyelliptic.openssl import OpenSSL
+
+
+class ECC(object):
+ """
+ Asymmetric encryption with Elliptic Curve Cryptography (ECC)
+ ECDH, ECDSA and ECIES
+
+ >>> import pyelliptic
+
+ >>> alice = pyelliptic.ECC() # default curve: sect283r1
+ >>> bob = pyelliptic.ECC(curve='sect571r1')
+
+ >>> ciphertext = alice.encrypt("Hello Bob", bob.get_pubkey())
+ >>> print bob.decrypt(ciphertext)
+
+ >>> signature = bob.sign("Hello Alice")
+ >>> # alice's job :
+ >>> print pyelliptic.ECC(
+ >>> pubkey=bob.get_pubkey()).verify(signature, "Hello Alice")
+
+ >>> # ERROR !!!
+ >>> try:
+ >>> key = alice.get_ecdh_key(bob.get_pubkey())
+ >>> except:
+ >>> print("For ECDH key agreement, the keys must be defined on the same curve !")
+
+ >>> alice = pyelliptic.ECC(curve='sect571r1')
+ >>> print alice.get_ecdh_key(bob.get_pubkey()).encode('hex')
+ >>> print bob.get_ecdh_key(alice.get_pubkey()).encode('hex')
+
+ """
+
+ def __init__(
+ self,
+ pubkey=None,
+ privkey=None,
+ pubkey_x=None,
+ pubkey_y=None,
+ raw_privkey=None,
+ curve='sect283r1',
+ ): # pylint: disable=too-many-arguments
+ """
+ For a normal and High level use, specifie pubkey,
+ privkey (if you need) and the curve
+ """
+ if isinstance(curve, str):
+ self.curve = OpenSSL.get_curve(curve)
+ else:
+ self.curve = curve
+
+ if pubkey_x is not None and pubkey_y is not None:
+ self._set_keys(pubkey_x, pubkey_y, raw_privkey)
+ elif pubkey is not None:
+ curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
+ if privkey is not None:
+ curve2, raw_privkey, _ = ECC._decode_privkey(privkey)
+ if curve != curve2:
+ raise Exception("Bad ECC keys ...")
+ self.curve = curve
+ self._set_keys(pubkey_x, pubkey_y, raw_privkey)
+ else:
+ self.privkey, self.pubkey_x, self.pubkey_y = self._generate()
+
+ def _set_keys(self, pubkey_x, pubkey_y, privkey):
+ if self.raw_check_key(privkey, pubkey_x, pubkey_y) < 0:
+ self.pubkey_x = None
+ self.pubkey_y = None
+ self.privkey = None
+ raise Exception("Bad ECC keys ...")
+ else:
+ self.pubkey_x = pubkey_x
+ self.pubkey_y = pubkey_y
+ self.privkey = privkey
+
+ @staticmethod
+ def get_curves():
+ """
+ static method, returns the list of all the curves available
+ """
+ return OpenSSL.curves.keys()
+
+ def get_curve(self):
+ """Encryption object from curve name"""
+ return OpenSSL.get_curve_by_id(self.curve)
+
+ def get_curve_id(self):
+ """Currently used curve"""
+ return self.curve
+
+ def get_pubkey(self):
+ """
+ High level function which returns :
+ curve(2) + len_of_pubkeyX(2) + pubkeyX + len_of_pubkeyY + pubkeyY
+ """
+ return b''.join((
+ pack('!H', self.curve),
+ pack('!H', len(self.pubkey_x)),
+ self.pubkey_x,
+ pack('!H', len(self.pubkey_y)),
+ self.pubkey_y,
+ ))
+
+ def get_privkey(self):
+ """
+ High level function which returns
+ curve(2) + len_of_privkey(2) + privkey
+ """
+ return b''.join((
+ pack('!H', self.curve),
+ pack('!H', len(self.privkey)),
+ self.privkey,
+ ))
+
+ @staticmethod
+ def _decode_pubkey(pubkey):
+ i = 0
+ curve = unpack('!H', pubkey[i:i + 2])[0]
+ i += 2
+ tmplen = unpack('!H', pubkey[i:i + 2])[0]
+ i += 2
+ pubkey_x = pubkey[i:i + tmplen]
+ i += tmplen
+ tmplen = unpack('!H', pubkey[i:i + 2])[0]
+ i += 2
+ pubkey_y = pubkey[i:i + tmplen]
+ i += tmplen
+ return curve, pubkey_x, pubkey_y, i
+
+ @staticmethod
+ def _decode_privkey(privkey):
+ i = 0
+ curve = unpack('!H', privkey[i:i + 2])[0]
+ i += 2
+ tmplen = unpack('!H', privkey[i:i + 2])[0]
+ i += 2
+ privkey = privkey[i:i + tmplen]
+ i += tmplen
+ return curve, privkey, i
+
+ def _generate(self):
+ try:
+ pub_key_x = OpenSSL.BN_new()
+ pub_key_y = OpenSSL.BN_new()
+
+ key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+ if key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+ if (OpenSSL.EC_KEY_generate_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+ priv_key = OpenSSL.EC_KEY_get0_private_key(key)
+
+ group = OpenSSL.EC_KEY_get0_group(key)
+ pub_key = OpenSSL.EC_KEY_get0_public_key(key)
+
+ if OpenSSL.EC_POINT_get_affine_coordinates_GFp(
+ group, pub_key, pub_key_x, pub_key_y, 0) == 0:
+ raise Exception("[OpenSSL] EC_POINT_get_affine_coordinates_GFp FAIL ...")
+
+ privkey = OpenSSL.malloc(0, OpenSSL.BN_num_bytes(priv_key))
+ pubkeyx = OpenSSL.malloc(0, OpenSSL.BN_num_bytes(pub_key_x))
+ pubkeyy = OpenSSL.malloc(0, OpenSSL.BN_num_bytes(pub_key_y))
+ OpenSSL.BN_bn2bin(priv_key, privkey)
+ privkey = privkey.raw
+ OpenSSL.BN_bn2bin(pub_key_x, pubkeyx)
+ pubkeyx = pubkeyx.raw
+ OpenSSL.BN_bn2bin(pub_key_y, pubkeyy)
+ pubkeyy = pubkeyy.raw
+ self.raw_check_key(privkey, pubkeyx, pubkeyy)
+
+ return privkey, pubkeyx, pubkeyy
+
+ finally:
+ OpenSSL.EC_KEY_free(key)
+ OpenSSL.BN_free(pub_key_x)
+ OpenSSL.BN_free(pub_key_y)
+
+ def get_ecdh_key(self, pubkey):
+ """
+ High level function. Compute public key with the local private key
+ and returns a 512bits shared key
+ """
+ curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
+ if curve != self.curve:
+ raise Exception("ECC keys must be from the same curve !")
+ return sha512(self.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
+
+ def raw_get_ecdh_key(self, pubkey_x, pubkey_y):
+ """ECDH key as binary data"""
+ try:
+ ecdh_keybuffer = OpenSSL.malloc(0, 32)
+
+ other_key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+ if other_key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+
+ other_pub_key_x = OpenSSL.BN_bin2bn(pubkey_x, len(pubkey_x), 0)
+ other_pub_key_y = OpenSSL.BN_bin2bn(pubkey_y, len(pubkey_y), 0)
+
+ other_group = OpenSSL.EC_KEY_get0_group(other_key)
+ other_pub_key = OpenSSL.EC_POINT_new(other_group)
+
+ if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(other_group,
+ other_pub_key,
+ other_pub_key_x,
+ other_pub_key_y,
+ 0)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
+ if (OpenSSL.EC_KEY_set_public_key(other_key, other_pub_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(other_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+
+ own_key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+ if own_key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+ own_priv_key = OpenSSL.BN_bin2bn(
+ self.privkey, len(self.privkey), 0)
+
+ if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
+
+ if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
+ OpenSSL.EC_KEY_set_method(own_key, OpenSSL.EC_KEY_OpenSSL())
+ else:
+ OpenSSL.ECDH_set_method(own_key, OpenSSL.ECDH_OpenSSL())
+ ecdh_keylen = OpenSSL.ECDH_compute_key(
+ ecdh_keybuffer, 32, other_pub_key, own_key, 0)
+
+ if ecdh_keylen != 32:
+ raise Exception("[OpenSSL] ECDH keylen FAIL ...")
+
+ return ecdh_keybuffer.raw
+
+ finally:
+ OpenSSL.EC_KEY_free(other_key)
+ OpenSSL.BN_free(other_pub_key_x)
+ OpenSSL.BN_free(other_pub_key_y)
+ OpenSSL.EC_POINT_free(other_pub_key)
+ OpenSSL.EC_KEY_free(own_key)
+ OpenSSL.BN_free(own_priv_key)
+
+ def check_key(self, privkey, pubkey):
+ """
+ Check the public key and the private key.
+ The private key is optional (replace by None)
+ """
+ curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
+ if privkey is None:
+ raw_privkey = None
+ curve2 = curve
+ else:
+ curve2, raw_privkey, _ = ECC._decode_privkey(privkey)
+ if curve != curve2:
+ raise Exception("Bad public and private key")
+ return self.raw_check_key(raw_privkey, pubkey_x, pubkey_y, curve)
+
+ def raw_check_key(self, privkey, pubkey_x, pubkey_y, curve=None):
+ """Check key validity, key is supplied as binary data"""
+ # pylint: disable=too-many-branches
+ if curve is None:
+ curve = self.curve
+ elif isinstance(curve, str):
+ curve = OpenSSL.get_curve(curve)
+ else:
+ curve = curve
+ try:
+ key = OpenSSL.EC_KEY_new_by_curve_name(curve)
+ if key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+ if privkey is not None:
+ priv_key = OpenSSL.BN_bin2bn(privkey, len(privkey), 0)
+ pub_key_x = OpenSSL.BN_bin2bn(pubkey_x, len(pubkey_x), 0)
+ pub_key_y = OpenSSL.BN_bin2bn(pubkey_y, len(pubkey_y), 0)
+
+ if privkey is not None:
+ if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_KEY_set_private_key FAIL ...")
+
+ group = OpenSSL.EC_KEY_get0_group(key)
+ pub_key = OpenSSL.EC_POINT_new(group)
+
+ if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
+ pub_key_x,
+ pub_key_y,
+ 0)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
+ if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+ return 0
+
+ finally:
+ OpenSSL.EC_KEY_free(key)
+ OpenSSL.BN_free(pub_key_x)
+ OpenSSL.BN_free(pub_key_y)
+ OpenSSL.EC_POINT_free(pub_key)
+ if privkey is not None:
+ OpenSSL.BN_free(priv_key)
+
+ def sign(self, inputb, digest_alg=OpenSSL.digest_ecdsa_sha1):
+ """
+ Sign the input with ECDSA method and returns the signature
+ """
+ # pylint: disable=too-many-branches,too-many-locals
+ try:
+ size = len(inputb)
+ buff = OpenSSL.malloc(inputb, size)
+ digest = OpenSSL.malloc(0, 64)
+ if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
+ md_ctx = OpenSSL.EVP_MD_CTX_new()
+ else:
+ md_ctx = OpenSSL.EVP_MD_CTX_create()
+ dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
+ siglen = OpenSSL.pointer(OpenSSL.c_int(0))
+ sig = OpenSSL.malloc(0, 151)
+
+ key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+ if key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+
+ priv_key = OpenSSL.BN_bin2bn(self.privkey, len(self.privkey), 0)
+ pub_key_x = OpenSSL.BN_bin2bn(self.pubkey_x, len(self.pubkey_x), 0)
+ pub_key_y = OpenSSL.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), 0)
+
+ if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
+
+ group = OpenSSL.EC_KEY_get0_group(key)
+ pub_key = OpenSSL.EC_POINT_new(group)
+
+ if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
+ pub_key_x,
+ pub_key_y,
+ 0)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
+ if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+
+ if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
+ OpenSSL.EVP_MD_CTX_new(md_ctx)
+ else:
+ OpenSSL.EVP_MD_CTX_init(md_ctx)
+ OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
+
+ if (OpenSSL.EVP_DigestUpdate(md_ctx, buff, size)) == 0:
+ raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
+ OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
+ OpenSSL.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key)
+ if (OpenSSL.ECDSA_verify(0, digest, dgst_len.contents, sig,
+ siglen.contents, key)) != 1:
+ raise Exception("[OpenSSL] ECDSA_verify FAIL ...")
+
+ return sig.raw[:siglen.contents.value]
+
+ finally:
+ OpenSSL.EC_KEY_free(key)
+ OpenSSL.BN_free(pub_key_x)
+ OpenSSL.BN_free(pub_key_y)
+ OpenSSL.BN_free(priv_key)
+ OpenSSL.EC_POINT_free(pub_key)
+ if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
+ OpenSSL.EVP_MD_CTX_free(md_ctx)
+ else:
+ OpenSSL.EVP_MD_CTX_destroy(md_ctx)
+
+ def verify(self, sig, inputb, digest_alg=OpenSSL.digest_ecdsa_sha1):
+ """
+ Verify the signature with the input and the local public key.
+ Returns a boolean
+ """
+ # pylint: disable=too-many-branches
+ try:
+ bsig = OpenSSL.malloc(sig, len(sig))
+ binputb = OpenSSL.malloc(inputb, len(inputb))
+ digest = OpenSSL.malloc(0, 64)
+ dgst_len = OpenSSL.pointer(OpenSSL.c_int(0))
+ if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
+ md_ctx = OpenSSL.EVP_MD_CTX_new()
+ else:
+ md_ctx = OpenSSL.EVP_MD_CTX_create()
+ key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
+
+ if key == 0:
+ raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
+
+ pub_key_x = OpenSSL.BN_bin2bn(self.pubkey_x, len(self.pubkey_x), 0)
+ pub_key_y = OpenSSL.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), 0)
+ group = OpenSSL.EC_KEY_get0_group(key)
+ pub_key = OpenSSL.EC_POINT_new(group)
+
+ if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
+ pub_key_x,
+ pub_key_y,
+ 0)) == 0:
+ raise Exception(
+ "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
+ if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
+ if (OpenSSL.EC_KEY_check_key(key)) == 0:
+ raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
+ if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
+ OpenSSL.EVP_MD_CTX_new(md_ctx)
+ else:
+ OpenSSL.EVP_MD_CTX_init(md_ctx)
+ OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
+ if (OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb))) == 0:
+ raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
+
+ OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
+ ret = OpenSSL.ECDSA_verify(
+ 0, digest, dgst_len.contents, bsig, len(sig), key)
+
+ if ret == -1:
+ return False # Fail to Check
+ if ret == 0:
+ return False # Bad signature !
+ return True # Good
+
+ finally:
+ OpenSSL.EC_KEY_free(key)
+ OpenSSL.BN_free(pub_key_x)
+ OpenSSL.BN_free(pub_key_y)
+ OpenSSL.EC_POINT_free(pub_key)
+ if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
+ OpenSSL.EVP_MD_CTX_free(md_ctx)
+ else:
+ OpenSSL.EVP_MD_CTX_destroy(md_ctx)
+
+ @staticmethod
+ def encrypt(data, pubkey, ephemcurve=None, ciphername='aes-256-cbc'):
+ """
+ Encrypt data with ECIES method using the public key of the recipient.
+ """
+ curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
+ return ECC.raw_encrypt(data, pubkey_x, pubkey_y, curve=curve,
+ ephemcurve=ephemcurve, ciphername=ciphername)
+
+ @staticmethod
+ def raw_encrypt(
+ data,
+ pubkey_x,
+ pubkey_y,
+ curve='sect283r1',
+ ephemcurve=None,
+ ciphername='aes-256-cbc',
+ ): # pylint: disable=too-many-arguments
+ """ECHD encryption, keys supplied in binary data format"""
+
+ if ephemcurve is None:
+ ephemcurve = curve
+ ephem = ECC(curve=ephemcurve)
+ key = sha512(ephem.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
+ key_e, key_m = key[:32], key[32:]
+ pubkey = ephem.get_pubkey()
+ iv = OpenSSL.rand(OpenSSL.get_cipher(ciphername).get_blocksize())
+ ctx = Cipher(key_e, iv, 1, ciphername)
+ ciphertext = iv + pubkey + ctx.ciphering(data)
+ mac = hmac_sha256(key_m, ciphertext)
+ return ciphertext + mac
+
+ def decrypt(self, data, ciphername='aes-256-cbc'):
+ """
+ Decrypt data with ECIES method using the local private key
+ """
+ # pylint: disable=too-many-locals
+ blocksize = OpenSSL.get_cipher(ciphername).get_blocksize()
+ iv = data[:blocksize]
+ i = blocksize
+ _, pubkey_x, pubkey_y, i2 = ECC._decode_pubkey(data[i:])
+ i += i2
+ ciphertext = data[i:len(data) - 32]
+ i += len(ciphertext)
+ mac = data[i:]
+ key = sha512(self.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
+ key_e, key_m = key[:32], key[32:]
+ if not equals(hmac_sha256(key_m, data[:len(data) - 32]), mac):
+ raise RuntimeError("Fail to verify data")
+ ctx = Cipher(key_e, iv, 0, ciphername)
+ return ctx.ciphering(ciphertext)
diff --git a/src/lib/pyelliptic/hash.py b/src/lib/pyelliptic/hash.py
new file mode 100644
index 00000000..fb910dd4
--- /dev/null
+++ b/src/lib/pyelliptic/hash.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2011 Yann GUIBET
+# See LICENSE for details.
+
+from pyelliptic.openssl import OpenSSL
+
+
+# For python3
+def _equals_bytes(a, b):
+ if len(a) != len(b):
+ return False
+ result = 0
+ for x, y in zip(a, b):
+ result |= x ^ y
+ return result == 0
+
+
+def _equals_str(a, b):
+ if len(a) != len(b):
+ return False
+ result = 0
+ for x, y in zip(a, b):
+ result |= ord(x) ^ ord(y)
+ return result == 0
+
+
+def equals(a, b):
+ if isinstance(a, str):
+ return _equals_str(a, b)
+ else:
+ return _equals_bytes(a, b)
+
+
+def hmac_sha256(k, m):
+ """
+ Compute the key and the message with HMAC SHA5256
+ """
+ key = OpenSSL.malloc(k, len(k))
+ d = OpenSSL.malloc(m, len(m))
+ md = OpenSSL.malloc(0, 32)
+ i = OpenSSL.pointer(OpenSSL.c_int(0))
+ OpenSSL.HMAC(OpenSSL.EVP_sha256(), key, len(k), d, len(m), md, i)
+ return md.raw
+
+
+def hmac_sha512(k, m):
+ """
+ Compute the key and the message with HMAC SHA512
+ """
+ key = OpenSSL.malloc(k, len(k))
+ d = OpenSSL.malloc(m, len(m))
+ md = OpenSSL.malloc(0, 64)
+ i = OpenSSL.pointer(OpenSSL.c_int(0))
+ OpenSSL.HMAC(OpenSSL.EVP_sha512(), key, len(k), d, len(m), md, i)
+ return md.raw
+
+
+def pbkdf2(password, salt=None, i=10000, keylen=64):
+ if salt is None:
+ salt = OpenSSL.rand(8)
+ p_password = OpenSSL.malloc(password, len(password))
+ p_salt = OpenSSL.malloc(salt, len(salt))
+ output = OpenSSL.malloc(0, keylen)
+ OpenSSL.PKCS5_PBKDF2_HMAC(p_password, len(password), p_salt,
+ len(p_salt), i, OpenSSL.EVP_sha256(),
+ keylen, output)
+ return salt, output.raw
diff --git a/src/lib/pyelliptic/openssl.py b/src/lib/pyelliptic/openssl.py
new file mode 100644
index 00000000..02551267
--- /dev/null
+++ b/src/lib/pyelliptic/openssl.py
@@ -0,0 +1,551 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright (C) 2011 Yann GUIBET
+# See LICENSE for details.
+#
+# Software slightly changed by Jonathan Warren
+
+import sys
+import ctypes
+
+OpenSSL = None
+
+
+class CipherName:
+ def __init__(self, name, pointer, blocksize):
+ self._name = name
+ self._pointer = pointer
+ self._blocksize = blocksize
+
+ def __str__(self):
+ return "Cipher : " + self._name + " | Blocksize : " + str(self._blocksize) + " | Fonction pointer : " + str(self._pointer)
+
+ def get_pointer(self):
+ return self._pointer()
+
+ def get_name(self):
+ return self._name
+
+ def get_blocksize(self):
+ return self._blocksize
+
+
+def get_version(library):
+ version = None
+ hexversion = None
+ cflags = None
+ try:
+ #OpenSSL 1.1
+ OPENSSL_VERSION = 0
+ OPENSSL_CFLAGS = 1
+ library.OpenSSL_version.argtypes = [ctypes.c_int]
+ library.OpenSSL_version.restype = ctypes.c_char_p
+ version = library.OpenSSL_version(OPENSSL_VERSION)
+ cflags = library.OpenSSL_version(OPENSSL_CFLAGS)
+ library.OpenSSL_version_num.restype = ctypes.c_long
+ hexversion = library.OpenSSL_version_num()
+ except AttributeError:
+ try:
+ #OpenSSL 1.0
+ SSLEAY_VERSION = 0
+ SSLEAY_CFLAGS = 2
+ library.SSLeay.restype = ctypes.c_long
+ library.SSLeay_version.restype = ctypes.c_char_p
+ library.SSLeay_version.argtypes = [ctypes.c_int]
+ version = library.SSLeay_version(SSLEAY_VERSION)
+ cflags = library.SSLeay_version(SSLEAY_CFLAGS)
+ hexversion = library.SSLeay()
+ except AttributeError:
+ #raise NotImplementedError('Cannot determine version of this OpenSSL library.')
+ pass
+ return (version, hexversion, cflags)
+
+
+class _OpenSSL:
+ """
+ Wrapper for OpenSSL using ctypes
+ """
+ def __init__(self, library):
+ """
+ Build the wrapper
+ """
+ self._lib = ctypes.CDLL(library)
+ self._version, self._hexversion, self._cflags = get_version(self._lib)
+ self._libreSSL = self._version.startswith(b"LibreSSL")
+
+ self.pointer = ctypes.pointer
+ self.c_int = ctypes.c_int
+ self.byref = ctypes.byref
+ self.create_string_buffer = ctypes.create_string_buffer
+
+ self.BN_new = self._lib.BN_new
+ self.BN_new.restype = ctypes.c_void_p
+ self.BN_new.argtypes = []
+
+ self.BN_free = self._lib.BN_free
+ self.BN_free.restype = None
+ self.BN_free.argtypes = [ctypes.c_void_p]
+
+ self.BN_num_bits = self._lib.BN_num_bits
+ self.BN_num_bits.restype = ctypes.c_int
+ self.BN_num_bits.argtypes = [ctypes.c_void_p]
+
+ self.BN_bn2bin = self._lib.BN_bn2bin
+ self.BN_bn2bin.restype = ctypes.c_int
+ self.BN_bn2bin.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.BN_bin2bn = self._lib.BN_bin2bn
+ self.BN_bin2bn.restype = ctypes.c_void_p
+ self.BN_bin2bn.argtypes = [ctypes.c_void_p, ctypes.c_int,
+ ctypes.c_void_p]
+
+ self.EC_KEY_free = self._lib.EC_KEY_free
+ self.EC_KEY_free.restype = None
+ self.EC_KEY_free.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_new_by_curve_name = self._lib.EC_KEY_new_by_curve_name
+ self.EC_KEY_new_by_curve_name.restype = ctypes.c_void_p
+ self.EC_KEY_new_by_curve_name.argtypes = [ctypes.c_int]
+
+ self.EC_KEY_generate_key = self._lib.EC_KEY_generate_key
+ self.EC_KEY_generate_key.restype = ctypes.c_int
+ self.EC_KEY_generate_key.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_check_key = self._lib.EC_KEY_check_key
+ self.EC_KEY_check_key.restype = ctypes.c_int
+ self.EC_KEY_check_key.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_get0_private_key = self._lib.EC_KEY_get0_private_key
+ self.EC_KEY_get0_private_key.restype = ctypes.c_void_p
+ self.EC_KEY_get0_private_key.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_get0_public_key = self._lib.EC_KEY_get0_public_key
+ self.EC_KEY_get0_public_key.restype = ctypes.c_void_p
+ self.EC_KEY_get0_public_key.argtypes = [ctypes.c_void_p]
+
+ self.EC_KEY_get0_group = self._lib.EC_KEY_get0_group
+ self.EC_KEY_get0_group.restype = ctypes.c_void_p
+ self.EC_KEY_get0_group.argtypes = [ctypes.c_void_p]
+
+ self.EC_POINT_get_affine_coordinates_GFp = self._lib.EC_POINT_get_affine_coordinates_GFp
+ self.EC_POINT_get_affine_coordinates_GFp.restype = ctypes.c_int
+ self.EC_POINT_get_affine_coordinates_GFp.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EC_KEY_set_private_key = self._lib.EC_KEY_set_private_key
+ self.EC_KEY_set_private_key.restype = ctypes.c_int
+ self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p]
+
+ self.EC_KEY_set_public_key = self._lib.EC_KEY_set_public_key
+ self.EC_KEY_set_public_key.restype = ctypes.c_int
+ self.EC_KEY_set_public_key.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p]
+
+ self.EC_KEY_set_group = self._lib.EC_KEY_set_group
+ self.EC_KEY_set_group.restype = ctypes.c_int
+ self.EC_KEY_set_group.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EC_POINT_set_affine_coordinates_GFp = self._lib.EC_POINT_set_affine_coordinates_GFp
+ self.EC_POINT_set_affine_coordinates_GFp.restype = ctypes.c_int
+ self.EC_POINT_set_affine_coordinates_GFp.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EC_POINT_new = self._lib.EC_POINT_new
+ self.EC_POINT_new.restype = ctypes.c_void_p
+ self.EC_POINT_new.argtypes = [ctypes.c_void_p]
+
+ self.EC_POINT_free = self._lib.EC_POINT_free
+ self.EC_POINT_free.restype = None
+ self.EC_POINT_free.argtypes = [ctypes.c_void_p]
+
+ self.BN_CTX_free = self._lib.BN_CTX_free
+ self.BN_CTX_free.restype = None
+ self.BN_CTX_free.argtypes = [ctypes.c_void_p]
+
+ self.EC_POINT_mul = self._lib.EC_POINT_mul
+ self.EC_POINT_mul.restype = ctypes.c_int
+ self.EC_POINT_mul.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EC_KEY_set_private_key = self._lib.EC_KEY_set_private_key
+ self.EC_KEY_set_private_key.restype = ctypes.c_int
+ self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p]
+
+ if self._hexversion >= 0x10100000 and not self._libreSSL:
+ self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL
+ self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p
+ self._lib.EC_KEY_OpenSSL.argtypes = []
+
+ self.EC_KEY_set_method = self._lib.EC_KEY_set_method
+ self._lib.EC_KEY_set_method.restype = ctypes.c_int
+ self._lib.EC_KEY_set_method.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+ else:
+ self.ECDH_OpenSSL = self._lib.ECDH_OpenSSL
+ self._lib.ECDH_OpenSSL.restype = ctypes.c_void_p
+ self._lib.ECDH_OpenSSL.argtypes = []
+
+ self.ECDH_set_method = self._lib.ECDH_set_method
+ self._lib.ECDH_set_method.restype = ctypes.c_int
+ self._lib.ECDH_set_method.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.BN_CTX_new = self._lib.BN_CTX_new
+ self._lib.BN_CTX_new.restype = ctypes.c_void_p
+ self._lib.BN_CTX_new.argtypes = []
+
+ self.ECDH_compute_key = self._lib.ECDH_compute_key
+ self.ECDH_compute_key.restype = ctypes.c_int
+ self.ECDH_compute_key.argtypes = [ctypes.c_void_p,
+ ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_CipherInit_ex = self._lib.EVP_CipherInit_ex
+ self.EVP_CipherInit_ex.restype = ctypes.c_int
+ self.EVP_CipherInit_ex.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_CIPHER_CTX_new = self._lib.EVP_CIPHER_CTX_new
+ self.EVP_CIPHER_CTX_new.restype = ctypes.c_void_p
+ self.EVP_CIPHER_CTX_new.argtypes = []
+
+ # Cipher
+ self.EVP_aes_128_cfb128 = self._lib.EVP_aes_128_cfb128
+ self.EVP_aes_128_cfb128.restype = ctypes.c_void_p
+ self.EVP_aes_128_cfb128.argtypes = []
+
+ self.EVP_aes_256_cfb128 = self._lib.EVP_aes_256_cfb128
+ self.EVP_aes_256_cfb128.restype = ctypes.c_void_p
+ self.EVP_aes_256_cfb128.argtypes = []
+
+ self.EVP_aes_128_cbc = self._lib.EVP_aes_128_cbc
+ self.EVP_aes_128_cbc.restype = ctypes.c_void_p
+ self.EVP_aes_128_cbc.argtypes = []
+
+ self.EVP_aes_256_cbc = self._lib.EVP_aes_256_cbc
+ self.EVP_aes_256_cbc.restype = ctypes.c_void_p
+ self.EVP_aes_256_cbc.argtypes = []
+
+ #self.EVP_aes_128_ctr = self._lib.EVP_aes_128_ctr
+ #self.EVP_aes_128_ctr.restype = ctypes.c_void_p
+ #self.EVP_aes_128_ctr.argtypes = []
+
+ #self.EVP_aes_256_ctr = self._lib.EVP_aes_256_ctr
+ #self.EVP_aes_256_ctr.restype = ctypes.c_void_p
+ #self.EVP_aes_256_ctr.argtypes = []
+
+ self.EVP_aes_128_ofb = self._lib.EVP_aes_128_ofb
+ self.EVP_aes_128_ofb.restype = ctypes.c_void_p
+ self.EVP_aes_128_ofb.argtypes = []
+
+ self.EVP_aes_256_ofb = self._lib.EVP_aes_256_ofb
+ self.EVP_aes_256_ofb.restype = ctypes.c_void_p
+ self.EVP_aes_256_ofb.argtypes = []
+
+ self.EVP_bf_cbc = self._lib.EVP_bf_cbc
+ self.EVP_bf_cbc.restype = ctypes.c_void_p
+ self.EVP_bf_cbc.argtypes = []
+
+ self.EVP_bf_cfb64 = self._lib.EVP_bf_cfb64
+ self.EVP_bf_cfb64.restype = ctypes.c_void_p
+ self.EVP_bf_cfb64.argtypes = []
+
+ self.EVP_rc4 = self._lib.EVP_rc4
+ self.EVP_rc4.restype = ctypes.c_void_p
+ self.EVP_rc4.argtypes = []
+
+ if self._hexversion >= 0x10100000 and not self._libreSSL:
+ self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset
+ self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int
+ self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p]
+ else:
+ self.EVP_CIPHER_CTX_cleanup = self._lib.EVP_CIPHER_CTX_cleanup
+ self.EVP_CIPHER_CTX_cleanup.restype = ctypes.c_int
+ self.EVP_CIPHER_CTX_cleanup.argtypes = [ctypes.c_void_p]
+
+ self.EVP_CIPHER_CTX_free = self._lib.EVP_CIPHER_CTX_free
+ self.EVP_CIPHER_CTX_free.restype = None
+ self.EVP_CIPHER_CTX_free.argtypes = [ctypes.c_void_p]
+
+ self.EVP_CipherUpdate = self._lib.EVP_CipherUpdate
+ self.EVP_CipherUpdate.restype = ctypes.c_int
+ self.EVP_CipherUpdate.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_int]
+
+ self.EVP_CipherFinal_ex = self._lib.EVP_CipherFinal_ex
+ self.EVP_CipherFinal_ex.restype = ctypes.c_int
+ self.EVP_CipherFinal_ex.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_DigestInit = self._lib.EVP_DigestInit
+ self.EVP_DigestInit.restype = ctypes.c_int
+ self._lib.EVP_DigestInit.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_DigestInit_ex = self._lib.EVP_DigestInit_ex
+ self.EVP_DigestInit_ex.restype = ctypes.c_int
+ self._lib.EVP_DigestInit_ex.argtypes = 3 * [ctypes.c_void_p]
+
+ self.EVP_DigestUpdate = self._lib.EVP_DigestUpdate
+ self.EVP_DigestUpdate.restype = ctypes.c_int
+ self.EVP_DigestUpdate.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_int]
+
+ self.EVP_DigestFinal = self._lib.EVP_DigestFinal
+ self.EVP_DigestFinal.restype = ctypes.c_int
+ self.EVP_DigestFinal.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_DigestFinal_ex = self._lib.EVP_DigestFinal_ex
+ self.EVP_DigestFinal_ex.restype = ctypes.c_int
+ self.EVP_DigestFinal_ex.argtypes = [ctypes.c_void_p,
+ ctypes.c_void_p, ctypes.c_void_p]
+
+ self.ECDSA_sign = self._lib.ECDSA_sign
+ self.ECDSA_sign.restype = ctypes.c_int
+ self.ECDSA_sign.argtypes = [ctypes.c_int, ctypes.c_void_p,
+ ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]
+
+ self.ECDSA_verify = self._lib.ECDSA_verify
+ self.ECDSA_verify.restype = ctypes.c_int
+ self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
+ ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]
+
+ if self._hexversion >= 0x10100000 and not self._libreSSL:
+ self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new
+ self.EVP_MD_CTX_new.restype = ctypes.c_void_p
+ self.EVP_MD_CTX_new.argtypes = []
+
+ self.EVP_MD_CTX_reset = self._lib.EVP_MD_CTX_reset
+ self.EVP_MD_CTX_reset.restype = None
+ self.EVP_MD_CTX_reset.argtypes = [ctypes.c_void_p]
+
+ self.EVP_MD_CTX_free = self._lib.EVP_MD_CTX_free
+ self.EVP_MD_CTX_free.restype = None
+ self.EVP_MD_CTX_free.argtypes = [ctypes.c_void_p]
+
+ self.EVP_sha1 = self._lib.EVP_sha1
+ self.EVP_sha1.restype = ctypes.c_void_p
+ self.EVP_sha1.argtypes = []
+
+ self.digest_ecdsa_sha1 = self.EVP_sha1
+ else:
+ self.EVP_MD_CTX_create = self._lib.EVP_MD_CTX_create
+ self.EVP_MD_CTX_create.restype = ctypes.c_void_p
+ self.EVP_MD_CTX_create.argtypes = []
+
+ self.EVP_MD_CTX_init = self._lib.EVP_MD_CTX_init
+ self.EVP_MD_CTX_init.restype = None
+ self.EVP_MD_CTX_init.argtypes = [ctypes.c_void_p]
+
+ self.EVP_MD_CTX_destroy = self._lib.EVP_MD_CTX_destroy
+ self.EVP_MD_CTX_destroy.restype = None
+ self.EVP_MD_CTX_destroy.argtypes = [ctypes.c_void_p]
+
+ self.EVP_ecdsa = self._lib.EVP_ecdsa
+ self._lib.EVP_ecdsa.restype = ctypes.c_void_p
+ self._lib.EVP_ecdsa.argtypes = []
+
+ self.digest_ecdsa_sha1 = self.EVP_ecdsa
+
+ self.RAND_bytes = self._lib.RAND_bytes
+ self.RAND_bytes.restype = ctypes.c_int
+ self.RAND_bytes.argtypes = [ctypes.c_void_p, ctypes.c_int]
+
+ self.EVP_sha256 = self._lib.EVP_sha256
+ self.EVP_sha256.restype = ctypes.c_void_p
+ self.EVP_sha256.argtypes = []
+
+ self.i2o_ECPublicKey = self._lib.i2o_ECPublicKey
+ self.i2o_ECPublicKey.restype = ctypes.c_int
+ self.i2o_ECPublicKey.argtypes = [ctypes.c_void_p, ctypes.c_void_p]
+
+ self.EVP_sha512 = self._lib.EVP_sha512
+ self.EVP_sha512.restype = ctypes.c_void_p
+ self.EVP_sha512.argtypes = []
+
+ self.HMAC = self._lib.HMAC
+ self.HMAC.restype = ctypes.c_void_p
+ self.HMAC.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_int,
+ ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p]
+
+ try:
+ self.PKCS5_PBKDF2_HMAC = self._lib.PKCS5_PBKDF2_HMAC
+ except:
+ # The above is not compatible with all versions of OSX.
+ self.PKCS5_PBKDF2_HMAC = self._lib.PKCS5_PBKDF2_HMAC_SHA1
+
+ self.PKCS5_PBKDF2_HMAC.restype = ctypes.c_int
+ self.PKCS5_PBKDF2_HMAC.argtypes = [ctypes.c_void_p, ctypes.c_int,
+ ctypes.c_void_p, ctypes.c_int,
+ ctypes.c_int, ctypes.c_void_p,
+ ctypes.c_int, ctypes.c_void_p]
+
+ self._set_ciphers()
+ self._set_curves()
+
+ def _set_ciphers(self):
+ self.cipher_algo = {
+ 'aes-128-cbc': CipherName('aes-128-cbc', self.EVP_aes_128_cbc, 16),
+ 'aes-256-cbc': CipherName('aes-256-cbc', self.EVP_aes_256_cbc, 16),
+ 'aes-128-cfb': CipherName('aes-128-cfb', self.EVP_aes_128_cfb128, 16),
+ 'aes-256-cfb': CipherName('aes-256-cfb', self.EVP_aes_256_cfb128, 16),
+ 'aes-128-ofb': CipherName('aes-128-ofb', self._lib.EVP_aes_128_ofb, 16),
+ 'aes-256-ofb': CipherName('aes-256-ofb', self._lib.EVP_aes_256_ofb, 16),
+ #'aes-128-ctr': CipherName('aes-128-ctr', self._lib.EVP_aes_128_ctr, 16),
+ #'aes-256-ctr': CipherName('aes-256-ctr', self._lib.EVP_aes_256_ctr, 16),
+ 'bf-cfb': CipherName('bf-cfb', self.EVP_bf_cfb64, 8),
+ 'bf-cbc': CipherName('bf-cbc', self.EVP_bf_cbc, 8),
+ 'rc4': CipherName('rc4', self.EVP_rc4, 128), # 128 is the initialisation size not block size
+ }
+
+ def _set_curves(self):
+ self.curves = {
+ 'secp112r1': 704,
+ 'secp112r2': 705,
+ 'secp128r1': 706,
+ 'secp128r2': 707,
+ 'secp160k1': 708,
+ 'secp160r1': 709,
+ 'secp160r2': 710,
+ 'secp192k1': 711,
+ 'secp224k1': 712,
+ 'secp224r1': 713,
+ 'secp256k1': 714,
+ 'secp384r1': 715,
+ 'secp521r1': 716,
+ 'sect113r1': 717,
+ 'sect113r2': 718,
+ 'sect131r1': 719,
+ 'sect131r2': 720,
+ 'sect163k1': 721,
+ 'sect163r1': 722,
+ 'sect163r2': 723,
+ 'sect193r1': 724,
+ 'sect193r2': 725,
+ 'sect233k1': 726,
+ 'sect233r1': 727,
+ 'sect239k1': 728,
+ 'sect283k1': 729,
+ 'sect283r1': 730,
+ 'sect409k1': 731,
+ 'sect409r1': 732,
+ 'sect571k1': 733,
+ 'sect571r1': 734,
+ }
+
+ def BN_num_bytes(self, x):
+ """
+ returns the length of a BN (OpenSSl API)
+ """
+ return int((self.BN_num_bits(x) + 7) / 8)
+
+ def get_cipher(self, name):
+ """
+ returns the OpenSSL cipher instance
+ """
+ if name not in self.cipher_algo:
+ raise Exception("Unknown cipher")
+ return self.cipher_algo[name]
+
+ def get_curve(self, name):
+ """
+ returns the id of a elliptic curve
+ """
+ if name not in self.curves:
+ raise Exception("Unknown curve")
+ return self.curves[name]
+
+ def get_curve_by_id(self, id):
+ """
+ returns the name of a elliptic curve with his id
+ """
+ res = None
+ for i in self.curves:
+ if self.curves[i] == id:
+ res = i
+ break
+ if res is None:
+ raise Exception("Unknown curve")
+ return res
+
+ def rand(self, size):
+ """
+ OpenSSL random function
+ """
+ buffer = self.malloc(0, size)
+ # This pyelliptic library, by default, didn't check the return value of RAND_bytes. It is
+ # evidently possible that it returned an error and not-actually-random data. However, in
+ # tests on various operating systems, while generating hundreds of gigabytes of random
+ # strings of various sizes I could not get an error to occur. Also Bitcoin doesn't check
+ # the return value of RAND_bytes either.
+ # Fixed in Bitmessage version 0.4.2 (in source code on 2013-10-13)
+ while self.RAND_bytes(buffer, size) != 1:
+ import time
+ time.sleep(1)
+ return buffer.raw
+
+ def malloc(self, data, size):
+ """
+ returns a create_string_buffer (ctypes)
+ """
+ buffer = None
+ if data != 0:
+ if sys.version_info.major == 3 and isinstance(data, type('')):
+ data = data.encode()
+ buffer = self.create_string_buffer(data, size)
+ else:
+ buffer = self.create_string_buffer(size)
+ return buffer
+
+def loadOpenSSL():
+ global OpenSSL
+ from os import path, environ
+ from ctypes.util import find_library
+
+ libdir = []
+ if getattr(sys,'frozen', None):
+ if 'darwin' in sys.platform:
+ libdir.extend([
+ path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.dylib'),
+ path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.1.1.0.dylib'),
+ path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.1.0.2.dylib'),
+ path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.1.0.1.dylib'),
+ path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.1.0.0.dylib'),
+ path.join(environ['RESOURCEPATH'], '..', 'Frameworks','libcrypto.0.9.8.dylib'),
+ ])
+ elif 'win32' in sys.platform or 'win64' in sys.platform:
+ libdir.append(path.join(sys._MEIPASS, 'libeay32.dll'))
+ else:
+ libdir.extend([
+ path.join(sys._MEIPASS, 'libcrypto.so'),
+ path.join(sys._MEIPASS, 'libssl.so'),
+ path.join(sys._MEIPASS, 'libcrypto.so.1.1.0'),
+ path.join(sys._MEIPASS, 'libssl.so.1.1.0'),
+ path.join(sys._MEIPASS, 'libcrypto.so.1.0.2'),
+ path.join(sys._MEIPASS, 'libssl.so.1.0.2'),
+ path.join(sys._MEIPASS, 'libcrypto.so.1.0.1'),
+ path.join(sys._MEIPASS, 'libssl.so.1.0.1'),
+ path.join(sys._MEIPASS, 'libcrypto.so.1.0.0'),
+ path.join(sys._MEIPASS, 'libssl.so.1.0.0'),
+ path.join(sys._MEIPASS, 'libcrypto.so.0.9.8'),
+ path.join(sys._MEIPASS, 'libssl.so.0.9.8'),
+ ])
+ if 'darwin' in sys.platform:
+ libdir.extend(['libcrypto.dylib', '/usr/local/opt/openssl/lib/libcrypto.dylib'])
+ elif 'win32' in sys.platform or 'win64' in sys.platform:
+ libdir.append('libeay32.dll')
+ else:
+ libdir.append('libcrypto.so')
+ libdir.append('libssl.so')
+ libdir.append('libcrypto.so.1.0.0')
+ libdir.append('libssl.so.1.0.0')
+ if 'linux' in sys.platform or 'darwin' in sys.platform or 'bsd' in sys.platform:
+ libdir.append(find_library('ssl'))
+ elif 'win32' in sys.platform or 'win64' in sys.platform:
+ libdir.append(find_library('libeay32'))
+ for library in libdir:
+ try:
+ OpenSSL = _OpenSSL(library)
+ return
+ except:
+ pass
+ raise Exception("Failed to load OpenSSL library, searched for: " + " ".join(libdir))
+
+loadOpenSSL()
diff --git a/src/lib/pyelliptic/setup.py b/src/lib/pyelliptic/setup.py
new file mode 100644
index 00000000..cc9c0a21
--- /dev/null
+++ b/src/lib/pyelliptic/setup.py
@@ -0,0 +1,23 @@
+from setuptools import setup, find_packages
+
+setup(
+ name="pyelliptic",
+ version='2.0.1',
+ url='https://github.com/radfish/pyelliptic',
+ license='GPL',
+ description="Python OpenSSL wrapper for ECC (ECDSA, ECIES), AES, HMAC, Blowfish, ...",
+ author='Yann GUIBET',
+ author_email='yannguibet@gmail.com',
+ maintainer="redfish",
+ maintainer_email='redfish@galactica.pw',
+ packages=find_packages(),
+ classifiers=[
+ 'Operating System :: Unix',
+ 'Operating System :: Microsoft :: Windows',
+ 'Environment :: MacOS X',
+ 'Programming Language :: Python',
+ 'Programming Language :: Python :: 2.7',
+ 'Programming Language :: Python :: 3.7',
+ 'Topic :: Security :: Cryptography',
+ ],
+)