kevacoin/test/functional/test_framework/key.py

# Copyright (c) 2011 Sam Rushing
"""ECC secp256k1 OpenSSL wrapper.

WARNING: This module does not mlock() secrets; your private keys may end up on
disk in swap! Use with caution!

This file is modified from python-bitcoinlib.
"""

import ctypes
import ctypes.util
import hashlib
import sys

ssl = ctypes.cdll.LoadLibrary(ctypes.util.find_library ('ssl') or 'libeay32')

ssl.BN_new.restype = ctypes.c_void_p
ssl.BN_new.argtypes = []

ssl.BN_bin2bn.restype = ctypes.c_void_p
ssl.BN_bin2bn.argtypes = [ctypes.c_char_p, ctypes.c_int, ctypes.c_void_p]

ssl.BN_CTX_free.restype = None
ssl.BN_CTX_free.argtypes = [ctypes.c_void_p]

ssl.BN_CTX_new.restype = ctypes.c_void_p
ssl.BN_CTX_new.argtypes = []

ssl.ECDH_compute_key.restype = ctypes.c_int
ssl.ECDH_compute_key.argtypes = [ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p]

ssl.ECDSA_sign.restype = ctypes.c_int
ssl.ECDSA_sign.argtypes = [ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]

ssl.ECDSA_verify.restype = ctypes.c_int
ssl.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]

ssl.EC_KEY_free.restype = None
ssl.EC_KEY_free.argtypes = [ctypes.c_void_p]

ssl.EC_KEY_new_by_curve_name.restype = ctypes.c_void_p
ssl.EC_KEY_new_by_curve_name.argtypes = [ctypes.c_int]

ssl.EC_KEY_get0_group.restype = ctypes.c_void_p
ssl.EC_KEY_get0_group.argtypes = [ctypes.c_void_p]

ssl.EC_KEY_get0_public_key.restype = ctypes.c_void_p
ssl.EC_KEY_get0_public_key.argtypes = [ctypes.c_void_p]

ssl.EC_KEY_set_private_key.restype = ctypes.c_int
ssl.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p, ctypes.c_void_p]

ssl.EC_KEY_set_conv_form.restype = None
ssl.EC_KEY_set_conv_form.argtypes = [ctypes.c_void_p, ctypes.c_int]

ssl.EC_KEY_set_public_key.restype = ctypes.c_int
ssl.EC_KEY_set_public_key.argtypes = [ctypes.c_void_p, ctypes.c_void_p]

ssl.i2o_ECPublicKey.restype = ctypes.c_void_p
ssl.i2o_ECPublicKey.argtypes = [ctypes.c_void_p, ctypes.c_void_p]

ssl.EC_POINT_new.restype = ctypes.c_void_p
ssl.EC_POINT_new.argtypes = [ctypes.c_void_p]

ssl.EC_POINT_free.restype = None
ssl.EC_POINT_free.argtypes = [ctypes.c_void_p]

ssl.EC_POINT_mul.restype = ctypes.c_int
ssl.EC_POINT_mul.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]

# this specifies the curve used with ECDSA.
NID_secp256k1 = 714 # from openssl/obj_mac.h

SECP256K1_ORDER = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
SECP256K1_ORDER_HALF = SECP256K1_ORDER // 2

# Thx to Sam Devlin for the ctypes magic 64-bit fix.
def _check_result(val, func, args):
    if val == 0:
        raise ValueError
    else:
        return ctypes.c_void_p (val)

ssl.EC_KEY_new_by_curve_name.restype = ctypes.c_void_p
ssl.EC_KEY_new_by_curve_name.errcheck = _check_result

class CECKey(object):
    """Wrapper around OpenSSL's EC_KEY"""

    POINT_CONVERSION_COMPRESSED = 2
    POINT_CONVERSION_UNCOMPRESSED = 4

    def __init__(self):
        self.k = ssl.EC_KEY_new_by_curve_name(NID_secp256k1)

    def __del__(self):
        if ssl:
            ssl.EC_KEY_free(self.k)
        self.k = None

    def set_secretbytes(self, secret):
        priv_key = ssl.BN_bin2bn(secret, 32, ssl.BN_new())
        group = ssl.EC_KEY_get0_group(self.k)
        pub_key = ssl.EC_POINT_new(group)
        ctx = ssl.BN_CTX_new()
        if not ssl.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx):
            raise ValueError("Could not derive public key from the supplied secret.")
        ssl.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx)
        ssl.EC_KEY_set_private_key(self.k, priv_key)
        ssl.EC_KEY_set_public_key(self.k, pub_key)
        ssl.EC_POINT_free(pub_key)
        ssl.BN_CTX_free(ctx)
        return self.k

    def set_privkey(self, key):
        self.mb = ctypes.create_string_buffer(key)
        return ssl.d2i_ECPrivateKey(ctypes.byref(self.k), ctypes.byref(ctypes.pointer(self.mb)), len(key))

    def set_pubkey(self, key):
        self.mb = ctypes.create_string_buffer(key)
        return ssl.o2i_ECPublicKey(ctypes.byref(self.k), ctypes.byref(ctypes.pointer(self.mb)), len(key))

    def get_privkey(self):
        size = ssl.i2d_ECPrivateKey(self.k, 0)
        mb_pri = ctypes.create_string_buffer(size)
        ssl.i2d_ECPrivateKey(self.k, ctypes.byref(ctypes.pointer(mb_pri)))
        return mb_pri.raw

    def get_pubkey(self):
        size = ssl.i2o_ECPublicKey(self.k, 0)
        mb = ctypes.create_string_buffer(size)
        ssl.i2o_ECPublicKey(self.k, ctypes.byref(ctypes.pointer(mb)))
        return mb.raw

    def get_raw_ecdh_key(self, other_pubkey):
        ecdh_keybuffer = ctypes.create_string_buffer(32)
        r = ssl.ECDH_compute_key(ctypes.pointer(ecdh_keybuffer), 32,
                                 ssl.EC_KEY_get0_public_key(other_pubkey.k),
                                 self.k, 0)
        if r != 32:
            raise Exception('CKey.get_ecdh_key(): ECDH_compute_key() failed')
        return ecdh_keybuffer.raw

    def get_ecdh_key(self, other_pubkey, kdf=lambda k: hashlib.sha256(k).digest()):
        # FIXME: be warned it's not clear what the kdf should be as a default
        r = self.get_raw_ecdh_key(other_pubkey)
        return kdf(r)

    def sign(self, hash, low_s = True):
        # FIXME: need unit tests for below cases
        if not isinstance(hash, bytes):
            raise TypeError('Hash must be bytes instance; got %r' % hash.__class__)
        if len(hash) != 32:
            raise ValueError('Hash must be exactly 32 bytes long')

        sig_size0 = ctypes.c_uint32()
        sig_size0.value = ssl.ECDSA_size(self.k)
        mb_sig = ctypes.create_string_buffer(sig_size0.value)
        result = ssl.ECDSA_sign(0, hash, len(hash), mb_sig, ctypes.byref(sig_size0), self.k)
        assert 1 == result
        assert mb_sig.raw[0] == 0x30
        assert mb_sig.raw[1] == sig_size0.value - 2
        total_size = mb_sig.raw[1]
        assert mb_sig.raw[2] == 2
        r_size = mb_sig.raw[3]
        assert mb_sig.raw[4 + r_size] == 2
        s_size = mb_sig.raw[5 + r_size]
        s_value = int.from_bytes(mb_sig.raw[6+r_size:6+r_size+s_size], byteorder='big')
        if (not low_s) or s_value <= SECP256K1_ORDER_HALF:
            return mb_sig.raw[:sig_size0.value]
        else:
            low_s_value = SECP256K1_ORDER - s_value
            low_s_bytes = (low_s_value).to_bytes(33, byteorder='big')
            while len(low_s_bytes) > 1 and low_s_bytes[0] == 0 and low_s_bytes[1] < 0x80:
                low_s_bytes = low_s_bytes[1:]
            new_s_size = len(low_s_bytes)
            new_total_size_byte = (total_size + new_s_size - s_size).to_bytes(1,byteorder='big')
            new_s_size_byte = (new_s_size).to_bytes(1,byteorder='big')
            return b'\x30' + new_total_size_byte + mb_sig.raw[2:5+r_size] + new_s_size_byte + low_s_bytes

    def verify(self, hash, sig):
        """Verify a DER signature"""
        return ssl.ECDSA_verify(0, hash, len(hash), sig, len(sig), self.k) == 1

    def set_compressed(self, compressed):
        if compressed:
            form = self.POINT_CONVERSION_COMPRESSED
        else:
            form = self.POINT_CONVERSION_UNCOMPRESSED
        ssl.EC_KEY_set_conv_form(self.k, form)


class CPubKey(bytes):
    """An encapsulated public key

    Attributes:

    is_valid      - Corresponds to CPubKey.IsValid()
    is_fullyvalid - Corresponds to CPubKey.IsFullyValid()
    is_compressed - Corresponds to CPubKey.IsCompressed()
    """

    def __new__(cls, buf, _cec_key=None):
        self = super(CPubKey, cls).__new__(cls, buf)
        if _cec_key is None:
            _cec_key = CECKey()
        self._cec_key = _cec_key
        self.is_fullyvalid = _cec_key.set_pubkey(self) != 0
        return self

    @property
    def is_valid(self):
        return len(self) > 0

    @property
    def is_compressed(self):
        return len(self) == 33

    def verify(self, hash, sig):
        return self._cec_key.verify(hash, sig)

    def __str__(self):
        return repr(self)

    def __repr__(self):
        # Always have represent as b'<secret>' so test cases don't have to
        # change for py2/3
        if sys.version > '3':
            return '%s(%s)' % (self.__class__.__name__, super(CPubKey, self).__repr__())
        else:
            return '%s(b%s)' % (self.__class__.__name__, super(CPubKey, self).__repr__())
Add p2p-fullblocktest.py 9 years ago			`# Copyright (c) 2011 Sam Rushing`
Fix docstrings in qa tests This commit fixes the module-level docstrings for the tests and helper modules in qa. Many of these tests were uncommented previously - this commit ensures that every test case has at least a minimum level of commenting. 8 years ago			`"""ECC secp256k1 OpenSSL wrapper.`
Add p2p-fullblocktest.py 9 years ago
			`WARNING: This module does not mlock() secrets; your private keys may end up on`
			`disk in swap! Use with caution!`
Fix docstrings in qa tests This commit fixes the module-level docstrings for the tests and helper modules in qa. Many of these tests were uncommented previously - this commit ensures that every test case has at least a minimum level of commenting. 8 years ago
			`This file is modified from python-bitcoinlib.`
Add p2p-fullblocktest.py 9 years ago			`"""`

			`import ctypes`
			`import ctypes.util`
			`import hashlib`
			`import sys`

			`ssl = ctypes.cdll.LoadLibrary(ctypes.util.find_library ('ssl') or 'libeay32')`

			`ssl.BN_new.restype = ctypes.c_void_p`
			`ssl.BN_new.argtypes = []`

			`ssl.BN_bin2bn.restype = ctypes.c_void_p`
			`ssl.BN_bin2bn.argtypes = [ctypes.c_char_p, ctypes.c_int, ctypes.c_void_p]`

			`ssl.BN_CTX_free.restype = None`
			`ssl.BN_CTX_free.argtypes = [ctypes.c_void_p]`

			`ssl.BN_CTX_new.restype = ctypes.c_void_p`
			`ssl.BN_CTX_new.argtypes = []`

			`ssl.ECDH_compute_key.restype = ctypes.c_int`
			`ssl.ECDH_compute_key.argtypes = [ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p]`

			`ssl.ECDSA_sign.restype = ctypes.c_int`
			`ssl.ECDSA_sign.argtypes = [ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]`

			`ssl.ECDSA_verify.restype = ctypes.c_int`
			`ssl.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]`

			`ssl.EC_KEY_free.restype = None`
			`ssl.EC_KEY_free.argtypes = [ctypes.c_void_p]`

			`ssl.EC_KEY_new_by_curve_name.restype = ctypes.c_void_p`
			`ssl.EC_KEY_new_by_curve_name.argtypes = [ctypes.c_int]`

			`ssl.EC_KEY_get0_group.restype = ctypes.c_void_p`
			`ssl.EC_KEY_get0_group.argtypes = [ctypes.c_void_p]`

			`ssl.EC_KEY_get0_public_key.restype = ctypes.c_void_p`
			`ssl.EC_KEY_get0_public_key.argtypes = [ctypes.c_void_p]`

			`ssl.EC_KEY_set_private_key.restype = ctypes.c_int`
			`ssl.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p, ctypes.c_void_p]`

			`ssl.EC_KEY_set_conv_form.restype = None`
			`ssl.EC_KEY_set_conv_form.argtypes = [ctypes.c_void_p, ctypes.c_int]`

			`ssl.EC_KEY_set_public_key.restype = ctypes.c_int`
			`ssl.EC_KEY_set_public_key.argtypes = [ctypes.c_void_p, ctypes.c_void_p]`

			`ssl.i2o_ECPublicKey.restype = ctypes.c_void_p`
			`ssl.i2o_ECPublicKey.argtypes = [ctypes.c_void_p, ctypes.c_void_p]`

			`ssl.EC_POINT_new.restype = ctypes.c_void_p`
			`ssl.EC_POINT_new.argtypes = [ctypes.c_void_p]`

			`ssl.EC_POINT_free.restype = None`
			`ssl.EC_POINT_free.argtypes = [ctypes.c_void_p]`

			`ssl.EC_POINT_mul.restype = ctypes.c_int`
			`ssl.EC_POINT_mul.argtypes = [ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p, ctypes.c_void_p]`

			`# this specifies the curve used with ECDSA.`
			`NID_secp256k1 = 714 # from openssl/obj_mac.h`

Make test framework produce lowS signatures 8 years ago			`SECP256K1_ORDER = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141`
			`SECP256K1_ORDER_HALF = SECP256K1_ORDER // 2`

Add p2p-fullblocktest.py 9 years ago			`# Thx to Sam Devlin for the ctypes magic 64-bit fix.`
			`def _check_result(val, func, args):`
			`if val == 0:`
			`raise ValueError`
			`else:`
			`return ctypes.c_void_p (val)`

			`ssl.EC_KEY_new_by_curve_name.restype = ctypes.c_void_p`
			`ssl.EC_KEY_new_by_curve_name.errcheck = _check_result`

			`class CECKey(object):`
			`"""Wrapper around OpenSSL's EC_KEY"""`

			`POINT_CONVERSION_COMPRESSED = 2`
			`POINT_CONVERSION_UNCOMPRESSED = 4`

			`def __init__(self):`
			`self.k = ssl.EC_KEY_new_by_curve_name(NID_secp256k1)`

			`def __del__(self):`
			`if ssl:`
			`ssl.EC_KEY_free(self.k)`
			`self.k = None`

			`def set_secretbytes(self, secret):`
			`priv_key = ssl.BN_bin2bn(secret, 32, ssl.BN_new())`
			`group = ssl.EC_KEY_get0_group(self.k)`
			`pub_key = ssl.EC_POINT_new(group)`
			`ctx = ssl.BN_CTX_new()`
			`if not ssl.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx):`
			`raise ValueError("Could not derive public key from the supplied secret.")`
			`ssl.EC_POINT_mul(group, pub_key, priv_key, None, None, ctx)`
			`ssl.EC_KEY_set_private_key(self.k, priv_key)`
			`ssl.EC_KEY_set_public_key(self.k, pub_key)`
			`ssl.EC_POINT_free(pub_key)`
			`ssl.BN_CTX_free(ctx)`
			`return self.k`

			`def set_privkey(self, key):`
			`self.mb = ctypes.create_string_buffer(key)`
			`return ssl.d2i_ECPrivateKey(ctypes.byref(self.k), ctypes.byref(ctypes.pointer(self.mb)), len(key))`

			`def set_pubkey(self, key):`
			`self.mb = ctypes.create_string_buffer(key)`
			`return ssl.o2i_ECPublicKey(ctypes.byref(self.k), ctypes.byref(ctypes.pointer(self.mb)), len(key))`

			`def get_privkey(self):`
			`size = ssl.i2d_ECPrivateKey(self.k, 0)`
			`mb_pri = ctypes.create_string_buffer(size)`
			`ssl.i2d_ECPrivateKey(self.k, ctypes.byref(ctypes.pointer(mb_pri)))`
			`return mb_pri.raw`

			`def get_pubkey(self):`
			`size = ssl.i2o_ECPublicKey(self.k, 0)`
			`mb = ctypes.create_string_buffer(size)`
			`ssl.i2o_ECPublicKey(self.k, ctypes.byref(ctypes.pointer(mb)))`
			`return mb.raw`

			`def get_raw_ecdh_key(self, other_pubkey):`
			`ecdh_keybuffer = ctypes.create_string_buffer(32)`
			`r = ssl.ECDH_compute_key(ctypes.pointer(ecdh_keybuffer), 32,`
			`ssl.EC_KEY_get0_public_key(other_pubkey.k),`
			`self.k, 0)`
			`if r != 32:`
			`raise Exception('CKey.get_ecdh_key(): ECDH_compute_key() failed')`
			`return ecdh_keybuffer.raw`

			`def get_ecdh_key(self, other_pubkey, kdf=lambda k: hashlib.sha256(k).digest()):`
			`# FIXME: be warned it's not clear what the kdf should be as a default`
			`r = self.get_raw_ecdh_key(other_pubkey)`
			`return kdf(r)`

Make test framework produce lowS signatures 8 years ago			`def sign(self, hash, low_s = True):`
Add p2p-fullblocktest.py 9 years ago			`# FIXME: need unit tests for below cases`
			`if not isinstance(hash, bytes):`
			`raise TypeError('Hash must be bytes instance; got %r' % hash.__class__)`
			`if len(hash) != 32:`
			`raise ValueError('Hash must be exactly 32 bytes long')`

			`sig_size0 = ctypes.c_uint32()`
			`sig_size0.value = ssl.ECDSA_size(self.k)`
			`mb_sig = ctypes.create_string_buffer(sig_size0.value)`
			`result = ssl.ECDSA_sign(0, hash, len(hash), mb_sig, ctypes.byref(sig_size0), self.k)`
			`assert 1 == result`
Make test framework produce lowS signatures 8 years ago			`assert mb_sig.raw[0] == 0x30`
			`assert mb_sig.raw[1] == sig_size0.value - 2`
			`total_size = mb_sig.raw[1]`
			`assert mb_sig.raw[2] == 2`
			`r_size = mb_sig.raw[3]`
			`assert mb_sig.raw[4 + r_size] == 2`
			`s_size = mb_sig.raw[5 + r_size]`
			`s_value = int.from_bytes(mb_sig.raw[6+r_size:6+r_size+s_size], byteorder='big')`
			`if (not low_s) or s_value <= SECP256K1_ORDER_HALF:`
			`return mb_sig.raw[:sig_size0.value]`
			`else:`
			`low_s_value = SECP256K1_ORDER - s_value`
			`low_s_bytes = (low_s_value).to_bytes(33, byteorder='big')`
			`while len(low_s_bytes) > 1 and low_s_bytes[0] == 0 and low_s_bytes[1] < 0x80:`
			`low_s_bytes = low_s_bytes[1:]`
			`new_s_size = len(low_s_bytes)`
			`new_total_size_byte = (total_size + new_s_size - s_size).to_bytes(1,byteorder='big')`
			`new_s_size_byte = (new_s_size).to_bytes(1,byteorder='big')`
			`return b'\x30' + new_total_size_byte + mb_sig.raw[2:5+r_size] + new_s_size_byte + low_s_bytes`
Add p2p-fullblocktest.py 9 years ago
			`def verify(self, hash, sig):`
			`"""Verify a DER signature"""`
			`return ssl.ECDSA_verify(0, hash, len(hash), sig, len(sig), self.k) == 1`

			`def set_compressed(self, compressed):`
			`if compressed:`
			`form = self.POINT_CONVERSION_COMPRESSED`
			`else:`
			`form = self.POINT_CONVERSION_UNCOMPRESSED`
			`ssl.EC_KEY_set_conv_form(self.k, form)`


			`class CPubKey(bytes):`
			`"""An encapsulated public key`

			`Attributes:`

			`is_valid - Corresponds to CPubKey.IsValid()`
			`is_fullyvalid - Corresponds to CPubKey.IsFullyValid()`
			`is_compressed - Corresponds to CPubKey.IsCompressed()`
			`"""`

			`def __new__(cls, buf, _cec_key=None):`
			`self = super(CPubKey, cls).__new__(cls, buf)`
			`if _cec_key is None:`
			`_cec_key = CECKey()`
			`self._cec_key = _cec_key`
			`self.is_fullyvalid = _cec_key.set_pubkey(self) != 0`
			`return self`

			`@property`
			`def is_valid(self):`
			`return len(self) > 0`

			`@property`
			`def is_compressed(self):`
			`return len(self) == 33`

			`def verify(self, hash, sig):`
			`return self._cec_key.verify(hash, sig)`

			`def __str__(self):`
			`return repr(self)`

			`def __repr__(self):`
			`# Always have represent as b'<secret>' so test cases don't have to`
			`# change for py2/3`
			`if sys.version > '3':`
			`return '%s(%s)' % (self.__class__.__name__, super(CPubKey, self).__repr__())`
			`else:`
			`return '%s(b%s)' % (self.__class__.__name__, super(CPubKey, self).__repr__())`