From 3289423d6d6a77bc606b32e20bd43df823f41b34 Mon Sep 17 00:00:00 2001 From: Boris Date: Wed, 26 Oct 2022 16:50:19 +0200 Subject: [PATCH] ajout Jaklis local pour gestion messages --- README.md | 7 + lib/DAO.class.php | 6 +- lib/GchangeUser.class.php | 23 +- lib/Jaklis.class.php | 119 ++++ lib/Keygen.class.php | 10 + messenger.php | 36 +- themes/spationaute/css/layout.css | 112 ++-- vendors/jaklis | 1 + vendors/keygen/keygen | 896 ++++++++++++++++++++++++++++++ 9 files changed, 1144 insertions(+), 66 deletions(-) create mode 100644 lib/Jaklis.class.php create mode 100644 lib/Keygen.class.php create mode 160000 vendors/jaklis create mode 100755 vendors/keygen/keygen diff --git a/README.md b/README.md index e45fb3e..cfa7593 100644 --- a/README.md +++ b/README.md @@ -3,3 +3,10 @@ > Life is short. > Play more. +## Installation + +``` +sudo apt install python3-gpg python3-jwcrypto +python3 -m pip install -U pgpy pynentry SecureBytes +``` + diff --git a/lib/DAO.class.php b/lib/DAO.class.php index 5f17890..86cedf8 100644 --- a/lib/DAO.class.php +++ b/lib/DAO.class.php @@ -401,7 +401,8 @@ class DAO { 'method' => 'POST', 'content' => json_encode($queryParams), // 'header' => $header, - 'timeout' => $nodeTimeout + 'timeout' => $nodeTimeout, + 'ignore_errors' => '1' ] ]; @@ -410,7 +411,8 @@ class DAO { $opts = [ 'http' => [ 'method' => 'GET', - 'timeout' => $nodeTimeout + 'timeout' => $nodeTimeout, + 'ignore_errors' => '1' ] ]; diff --git a/lib/GchangeUser.class.php b/lib/GchangeUser.class.php index 06abf47..2b5b244 100644 --- a/lib/GchangeUser.class.php +++ b/lib/GchangeUser.class.php @@ -17,19 +17,26 @@ class GchangeUser { $this->userGchangeId = $gchangeObject->_id; - $this->userName = $gchangeObject->_source->title; + if (!$gchangeObject->found) { - if (isset($gchangeObject->_source->geoPoint->lat, $gchangeObject->_source->geoPoint->lon)) { + $this->userName = substr($gchangeObject->_id, 0, 8); - $this->lat = $gchangeObject->_source->geoPoint->lat; - $this->lon = $gchangeObject->_source->geoPoint->lon; - } + } else { - if (isset($gchangeObject->_source->avatar->_content) and - !empty($gchangeObject->_source->avatar->_content)) { + $this->userName = $gchangeObject->_source->title; + + if (isset($gchangeObject->_source->geoPoint->lat, $gchangeObject->_source->geoPoint->lon)) { + + $this->lat = $gchangeObject->_source->geoPoint->lat; + $this->lon = $gchangeObject->_source->geoPoint->lon; + } + + if (isset($gchangeObject->_source->avatar->_content) and + !empty($gchangeObject->_source->avatar->_content)) { - $this->avatarImgSrc = 'data:'. $gchangeObject->_source->avatar->_content_type .';base64,' . $gchangeObject->_source->avatar->_content; + $this->avatarImgSrc = 'data:'. $gchangeObject->_source->avatar->_content_type .';base64,' . $gchangeObject->_source->avatar->_content; + } } } diff --git a/lib/Jaklis.class.php b/lib/Jaklis.class.php new file mode 100644 index 0000000..c82b8f8 --- /dev/null +++ b/lib/Jaklis.class.php @@ -0,0 +1,119 @@ + 'data.gchange.fr' + ]; + + private $msgLimit = 30; + + private $userPubsecPath; + + + public function __construct ($userPubkey) { + + $this->userPubsecPath = __DIR__ .'/../cache/pubsec/'. $userPubkey .'.dunikey'; + } + + public function getMessages () { + + if ($mode = 'local') { + + return [ + + $this->getInboundMessages(), + $this->getOutboundMessages() + ]; + + } else { + + $fred->donneMoiSesPutainDeMessagesGchange($_SESSION['salt'], $_SESSION['pepper'], 'coucou'); + } + } + + public function getInboundMessages () { + + $cmd = $this->jaklisPath; + $cmd .= ' --key '. $this->userPubsecPath; + $cmd .= ' --node https://'. $this->nodes['gchange']; + $cmd .= ' read'; + $cmd .= ' --number ' . $this->msgLimit; + $cmd .= ' --json'; + + $output=null; + $result_code=null; + exec($cmd, $output, $result_code); + + $json = implode("\n", $output); + + // echo '

' . $cmd . '

'; + // echo '
'; var_dump($json); echo '
'; + + $result = json_decode($json); + + // echo '
'; var_dump($result); echo '
'; + + return $result; + } + + public function getOutboundMessages () { + + $cmd = $this->jaklisPath; + $cmd .= ' --key '. $this->userPubsecPath; + $cmd .= ' --node http://'. $this->nodes['gchange']; + $cmd .= ' read'; + $cmd .= ' --number ' . $this->msgLimit; + $cmd .= ' --json'; + $cmd .= ' --outbox'; + + $output=null; + $result_code=null; + exec($cmd, $output, $result_code); + + $json = implode("\n", $output); + + // echo '

' . $cmd . '

'; + // echo '
'; var_dump($json); echo '
'; + + $result = json_decode($json); + + // echo '
'; var_dump($result); echo '
'; + + return $result; + } + + private function jescape ($str) { + + return str_replace('"', '\"', $str); + } + public function sendMessage ($msg, $toPubkey, $title, $fromPubkey) { + + $cmd = $this->jaklisPath; + $cmd .= ' --key '. $this->userPubsecPath; + $cmd .= ' --node http://'. $this->nodes['gchange']; + $cmd .= ' send'; + $cmd .= ' --destinataire "' . $this->jescape($toPubkey) . '"'; + $cmd .= ' --titre "' . $this->jescape($title) . '"'; + $cmd .= ' --message "' . $this->jescape($msg) . '"'; + + // echo '
'. $cmd . '
'; + + $output=null; + $result_code=null; + exec($cmd, $output, $result_code); + + // echo '
'; var_dump($result_code); echo '
'; + // echo '
'; var_dump($output); echo '
'; + // list($jaklisResult, $id) = $output; + // echo '

'. $jaklisResult .'

'; + } +} + diff --git a/lib/Keygen.class.php b/lib/Keygen.class.php new file mode 100644 index 0000000..ff178d7 --- /dev/null +++ b/lib/Keygen.class.php @@ -0,0 +1,10 @@ +donneMoiSesPutainDeMessagesGchange($_SESSION['salt'], $_SESSION['pepper'], 'coucou'); +$jaklis = new Jaklis($_SESSION['player_pubkey']); +if (isset($_POST['message'], $_POST['to'])) { + + $jaklis->sendMessage( + $_POST['message'], + htmlspecialchars_decode($_POST['to']), + htmlspecialchars_decode($_POST['title']), + $_SESSION['player_pubkey'] + ); + + header('Location: messenger.php?penpal=' . $_POST['to']); +} + +// $msgIn = $jaklis->getInboundMessages('QP1VkfaFUMdHZmHgPMi7q5wJJHaQhZcEqs5A86NigKr'); +list($msgIn, $msgOut) = $jaklis->getMessages(); // echo '
'; var_dump($msgIn); echo '
'; // echo '
'; var_dump($msgOut); echo '
'; +// die(); $messenger->addMessages($msgIn, $msgOut); @@ -48,12 +64,15 @@ foreach ($messenger->getConversations() as $conv) { $penpal = $messenger->getUser($conv->getPenpalPubkey()); + $avatarSrc = $penpal->getAvatarImgSrc(); + $src = !empty($avatarSrc) ? $avatarSrc : $games[$_SESSION['gameId']]['default_avatar']; + echo '
+ src="'. $src .'" /> '. $penpal->getUserName() . ' @@ -114,6 +133,19 @@ if (isset($_GET['penpal'])) { } echo ' '; + + echo ' +
+ + + + + + + + +
+ '; } echo ' diff --git a/themes/spationaute/css/layout.css b/themes/spationaute/css/layout.css index 7bb9716..3dba9a2 100644 --- a/themes/spationaute/css/layout.css +++ b/themes/spationaute/css/layout.css @@ -230,8 +230,66 @@ main { #messenger-page #conversations-list { width: 33.333vw; + height: 100vh; + overflow-y: auto; } +#messenger-page ul#conversations-list { + + list-style: none; + margin: 0; + padding: 0; +} + +#messenger-page ul#conversations-list li { + + margin: 0; + padding: 0.5rem 1rem; + overflow: hidden; +} + +#messenger-page #conversations-list .conversation { + + position: relative; +} + +#messenger-page #conversations-list .conversation .conv-link, +#messenger-page #conversations-list .conversation .conv-link a { + + position: absolute; + top: 0; + left: 0; + width: 100%; + height: 100%; +} + +#messenger-page #conversations-list .conversation .avatar { + + float: left; +} + +#messenger-page #conversations-list .conversation .conv-link a span { + + display: none; +} + + +#messenger-page #conversations-list .conversation blockquote { + + margin: 0; +} + + +#messenger-page #conversations-list .conversation blockquote time { + + position: absolute; + top: 0; + right: 0; +} + + + + #messenger-page #conversation { width: 66.666vw; @@ -287,60 +345,6 @@ main { } -#messenger-page ul#conversations-list { - - list-style: none; - margin: 0; - padding: 0; -} - -#messenger-page ul#conversations-list li { - - margin: 0; - padding: 0.5rem 1rem; -} - -#messenger-page #conversations-list .conversation { - - position: relative; -} - -#messenger-page #conversations-list .conversation .conv-link, -#messenger-page #conversations-list .conversation .conv-link a { - - position: absolute; - top: 0; - left: 0; - width: 100%; - height: 100%; -} - -#messenger-page #conversations-list .conversation .avatar { - - float: left; -} - -#messenger-page #conversations-list .conversation .conv-link a span { - - display: none; -} - - -#messenger-page #conversations-list .conversation blockquote { - - margin: 0; -} - - -#messenger-page #conversations-list .conversation blockquote time { - - position: absolute; - top: 0; - right: 0; -} - - - diff --git a/vendors/jaklis b/vendors/jaklis new file mode 160000 index 0000000..efed735 --- /dev/null +++ b/vendors/jaklis @@ -0,0 +1 @@ +Subproject commit efed7354df7e5077f5721e8e92e429b60e0e6fb7 diff --git a/vendors/keygen/keygen b/vendors/keygen/keygen new file mode 100755 index 0000000..d33e573 --- /dev/null +++ b/vendors/keygen/keygen @@ -0,0 +1,896 @@ +#!/usr/bin/env python3 +# link: https://git.p2p.legal/aya/dpgpid/ +# desc: generate ed25519 keys for duniter and ipfs from gpg + +# Copyleft 2022 Yann Autissier +# all crypto science belongs to Pascal Engélibert +# coming from files available at https://git.p2p.legal/qo-op/Astroport.ONE/tools +# gpgme stuff has been provided by Ben McGinnes +# and comes from http://files.au.adversary.org/crypto/gpgme-python-howto.html +# gpg key extraction is taken from work of Simon Vareille available at +# https://gist.github.com/SimonVareille/fda49baf5f3e15b5c88e25560aeb2822 + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. + +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +import argparse +import base58 +import base64 +import configparser +from cryptography.hazmat.primitives.asymmetric import ed25519 +from cryptography.hazmat.primitives import serialization +import duniterpy.key +import gpg +from jwcrypto import jwk +import logging as log +import nacl.bindings +import nacl.encoding +import pgpy +import pynentry +from SecureBytes import clearmem +import os +import re +import struct +import sys +import time +import warnings + +__version__='0.0.5' + +class keygen: + def __init__(self): + self.parser = argparse.ArgumentParser(description=""" + Generate ed25519 keys for duniter and ipfs from gpg. + It converts a gpg key, a duniter username/password, or any ed25519 key to + a duniter wallet or an IPFS key.""") + self.parser.add_argument( + "-d", + "--debug", + action="store_true", + help="show debug informations (WARNING: including SECRET KEY)", + ) + self.parser.add_argument( + "-f", + "--format", + choices=['ewif', 'jwk', 'nacl','pb2','pem','pubsec','seed','wif'], + default=None, + dest="format", + help="output file format, default: pem (pkcs8)", + ) + self.parser.add_argument( + "-g", + "--gpg", + action="store_true", + help="use gpg key with uid matched by username", + ) + self.parser.add_argument( + "-i", + "--input", + dest="input", + help="read ed25519 key from file FILE, autodetect format: {credentials,ewif,jwk,nacl,mnemonic,pb2,pubsec,seed,wif}", + metavar='FILE', + ) + self.parser.add_argument( + "-k", + "--keys", + action="store_true", + help="show public and secret keys", + ) + self.parser.add_argument( + "-m", + "--mnemonic", + action="store_true", + help="use username as a DUBP mnemonic passphrase", + ) + self.parser.add_argument( + "-o", + "--output", + dest="output", + default=None, + help="write ed25519 key to file FILE", + metavar='FILE', + ) + self.parser.add_argument( + "-p", + "--prefix", + action="store_true", + help="prefix output text with key type", + ) + self.parser.add_argument( + "-q", + "--quiet", + action="store_true", + help="show only errors", + ) + self.parser.add_argument( + "-s", + "--secret", + action="store_true", + help="show only secret key", + ) + self.parser.add_argument( + "-t", + "--type", + choices=['b58mh','b64mh','base58','base64','duniter','ipfs','jwk'], + default="base58", + dest="type", + help="output text format, default: base58", + ) + self.parser.add_argument( + "-v", + "--verbose", + action="store_true", + help="show more informations", + ) + self.parser.add_argument( + "--version", + action="store_true", + help="show version and exit", + ) + self.parser.add_argument( + 'username', + nargs="?", + ) + self.parser.add_argument( + 'password', + nargs="?", + ) + + def _check_args(self, args): + log.debug("keygen._check_args(%s)" % args) + if self.input is None and self.username is None: + self.parser.error('keygen requires an input file or a username') + + def _cleanup(self): + log.debug("keygen._cleanup()") + if hasattr(self, 'duniterpy'): + if hasattr(self.duniterpy, 'seed') and self.duniterpy.seed: + clearmem(self.duniterpy.seed) + log.debug("cleared: keygen.duniterpy.seed") + if hasattr(self.duniterpy, 'sk') and self.duniterpy.sk: + clearmem(self.duniterpy.sk) + log.debug("cleared: keygen.duniterpy.sk") + if hasattr(self, 'ed25519_secret_base58') and self.ed25519_secret_base58: + clearmem(self.ed25519_secret_base58) + log.debug("cleared: keygen.ed25519_secret_base58") + if hasattr(self, 'ed25519_secret_base64') and self.ed25519_secret_base64: + clearmem(self.ed25519_secret_base64) + log.debug("cleared: keygen.ed25519_secret_base64") + if hasattr(self, 'ed25519_secret_bytes') and self.ed25519_secret_bytes: + clearmem(self.ed25519_secret_bytes) + log.debug("cleared: keygen.ed25519_secret_bytes") + if hasattr(self, 'ed25519_secret_pem_pkcs8') and self.ed25519_secret_pem_pkcs8: + clearmem(self.ed25519_secret_pem_pkcs8) + log.debug("cleared: keygen.ed25515_secret_pem_pkcs8") + if hasattr(self, 'ed25519_secret_protobuf') and self.ed25519_secret_protobuf: + clearmem(self.ed25519_secret_protobuf) + log.debug("cleared: keygen.ed25515_secret_protobuf") + if hasattr(self, 'ed25519_seed_bytes') and self.ed25519_seed_bytes: + clearmem(self.ed25519_seed_bytes) + log.debug("cleared: keygen.ed25519_seed_bytes") + if hasattr(self, 'ipfs_privkey') and self.ipfs_privkey: + clearmem(self.ipfs_privkey) + log.debug("cleared: keygen.ipfs_privkey") + if hasattr(self, 'jwk'): + if hasattr(self.jwk, 'd') and self.jwk.d: + clearmem(self.jwk.d) + log.debug("cleared: keygen.jwk.d") + if hasattr(self, 'password') and self.password: + clearmem(self.password) + log.debug("cleared: keygen.password") + if hasattr(self, 'pgp_secret_armor') and self.pgp_secret_armor: + clearmem(self.pgp_secret_armor) + log.debug("cleared: keygen.pgp_secret_armor") + if hasattr(self, 'pgpy'): + if hasattr(self.pgpy._key.keymaterial, 'p') and self.pgpy._key.keymaterial.p and not isinstance(self.pgpy._key.keymaterial.p, pgpy.packet.fields.ECPoint): + clearmem(self.pgpy._key.keymaterial.p) + log.debug("cleared: keygen.pgpy._key.material.p") + if hasattr(self.pgpy._key.keymaterial, 'q') and self.pgpy._key.keymaterial.q: + clearmem(self.pgpy._key.keymaterial.q) + log.debug("cleared: keygen.pgpy._key.material.q") + if hasattr(self.pgpy._key.keymaterial, 's') and self.pgpy._key.keymaterial.s: + clearmem(self.pgpy._key.keymaterial.s) + log.debug("cleared: keygen.pgpy._key.material.s") + if hasattr(self, 'username') and self.username: + clearmem(self.username) + log.debug("cleared: keygen.username") + + def _invalid_type(self): + log.debug("keygen._invalid_type()") + self.parser.error(f"type {self.type} is not valid.") + + def _load_config(self): + log.debug("keygen._load_config()") + self.config = configparser.RawConfigParser() + config_dir = os.path.join(os.environ.get('XDG_CONFIG_HOME', os.path.expanduser('~/.config')), 'dpgpid') + log.debug("config_dir=%s" % config_dir) + self.config.read( [config_dir + '/keygen.conf'] ) + + def _output(self, public_key, secret_key, public_key_prefix, secret_key_prefix): + log.debug("keygen._output()") + if self.output is None: + self._output_text(public_key, secret_key, public_key_prefix, secret_key_prefix) + else: + self._output_file() + os.chmod(self.output, 0o600) + self._cleanup() + + def _output_file(self): + log.debug("keygen._output_file()") + try: + if self.format == 'dewif': + if not hasattr(self, 'duniterpy'): + self.duniterpy_from_ed25519_seed_bytes() + if not self.password: + with pynentry.PynEntry() as p: + p.description = f"""Data in DEWIF file needs to be encrypted. + Please enter a password to encrypt seed. + """ + p.prompt = 'Passphrase:' + try: + self.password = p.get_pin() + except pynentry.PinEntryCancelled: + log.warning('Cancelled! Goodbye.') + self._cleanup() + exit(1) + self.duniterpy.save_dewif_v1_file(self.output, self.password) + elif self.format == 'ewif': + if not hasattr(self, 'duniterpy'): + self.duniterpy_from_ed25519_seed_bytes() + if not self.password: + with pynentry.PynEntry() as p: + p.description = f"""Data in EWIF file needs to be encrypted. + Please enter a password to encrypt seed. + """ + p.prompt = 'Passphrase:' + try: + self.password = p.get_pin() + except pynentry.PinEntryCancelled: + log.warning('Cancelled! Goodbye.') + self._cleanup() + exit(1) + self.duniterpy.save_ewif_file(self.output, self.password) + elif self.format == 'jwk': + if not hasattr(self, 'jwk'): + self.jwk_from_ed25519() + with open(self.output, "w") as file: + file.write(self.jwk.export()) + elif self.format == 'nacl': + if not hasattr(self, 'duniterpy'): + self.duniterpy_from_ed25519_seed_bytes() + self.duniterpy.save_private_key(self.output) + elif self.format == 'pb2': + if not hasattr(self, 'ed25519_secret_protobuf'): + self.protobuf_from_ed25519() + with open(self.output, "wb") as file: + file.write(self.ed25519_secret_protobuf) + elif self.format == 'pubsec': + if not hasattr(self, 'duniterpy'): + self.duniterpy_from_ed25519_seed_bytes() + self.duniterpy.save_pubsec_file(self.output) + elif self.format == 'seed': + if not hasattr(self, 'duniterpy'): + self.duniterpy_from_ed25519_seed_bytes() + self.duniterpy.save_seedhex_file(self.output) + elif self.format == 'wif': + if not hasattr(self, 'duniterpy'): + self.duniterpy_from_ed25519_seed_bytes() + self.duniterpy.save_wif_file(self.output) + else: + if not hasattr(self, 'ed25519_secret_pem_pkcs8'): + self.pem_pkcs8_from_ed25519() + with open(self.output, "w") as file: + file.write(self.ed25519_secret_pem_pkcs8) + except Exception as e: + log.error(f'Unable to output file {self.output}: {e}') + self._cleanup() + exit(2) + + def _output_text(self, public_key, secret_key, public_key_prefix, secret_key_prefix): + log.debug("keygen._output_text()") + if self.keys or not self.secret: + print("%s" % ''.join([self.prefix * public_key_prefix, public_key])) + if self.keys or self.secret: + print("%s" % ''.join([self.prefix * secret_key_prefix, secret_key])) + + def _run(self, argv): + args = self.parser.parse_args(argv) + vars(self).update(vars(args)) + + # display version + if args.version: + version() + sys.exit() + + # define log format + log_format='%(asctime)s %(levelname)s: %(message)s' + log_datefmt='%Y/%m/%d %H:%M:%S' + if args.debug: + log_level='DEBUG' + elif args.quiet: + log_level='ERROR' + elif args.verbose: + log_level='INFO' + else: + log_level='WARNING' + log.basicConfig(format=log_format, datefmt=log_datefmt, level=log_level) + log.debug("keygen.run(%s)" % argv) + + self._check_args(args) + self._load_config() + self.gpg = gpg.Context(armor=True, offline=True) + self.gpg.set_passphrase_cb(self.gpg_passphrase_cb) + self.ed25519(args) + method = getattr(self, f'do_{self.type}', self._invalid_type) + return method() + + def b58mh_from_protobuf(self): + log.debug("keygen.b58mh_from_protobuf()") + try: + self.ed25519_public_b58mh = base58.b58encode(self.ed25519_public_protobuf).decode('ascii') + self.ed25519_secret_b58mh = base58.b58encode(self.ed25519_secret_protobuf).decode('ascii') + except Exception as e: + log.error(f'Unable to get b58mh from protobuf: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_public_b58mh=%s" % self.ed25519_public_b58mh) + log.debug("keygen.ed25519_secret_b58mh=%s" % self.ed25519_secret_b58mh) + + def b64mh_from_protobuf(self): + log.debug("keygen.b64mh_from_protobuf()") + try: + self.ed25519_public_b64mh = base64.b64encode(self.ed25519_public_protobuf).decode('ascii') + self.ed25519_secret_b64mh = base64.b64encode(self.ed25519_secret_protobuf).decode('ascii') + except Exception as e: + log.error(f'Unable to get b64mh from protobuf: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_public_b64mh=%s" % self.ed25519_public_b64mh) + log.debug("keygen.ed25519_secret_b64mh=%s" % self.ed25519_secret_b64mh) + + def base58_from_ed25519(self): + log.debug("keygen.base58_from_ed25519()") + try: + self.ed25519_public_base58 = base58.b58encode(self.ed25519_public_bytes).decode('ascii') + self.ed25519_secret_base58 = base58.b58encode(self.ed25519_secret_bytes).decode('ascii') + except Exception as e: + log.error(f'Unable to get base58 from ed25519: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_public_base58=%s" % self.ed25519_public_base58) + log.debug("keygen.ed25519_secret_base58=%s" % self.ed25519_secret_base58) + + def base64_from_ed25519(self): + log.debug("keygen.base64_from_ed25519()") + try: + self.ed25519_public_base64 = base64.b64encode(self.ed25519_public_bytes).decode('ascii') + self.ed25519_secret_base64 = base64.b64encode(self.ed25519_secret_bytes).decode('ascii') + except Exception as e: + log.error(f'Unable to get base64 from ed25519: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_public_base64=%s" % self.ed25519_public_base64) + log.debug("keygen.ed25519_secret_base64=%s" % self.ed25519_secret_base64) + + def do_b58mh(self): + log.debug("keygen.do_b58mh()") + self.protobuf_from_ed25519() + self.b58mh_from_protobuf() + self._output(self.ed25519_public_b58mh, self.ed25519_secret_b58mh, 'pub: ', 'sec: ') + + def do_b64mh(self): + log.debug("keygen.do_b64mh()") + self.protobuf_from_ed25519() + self.b64mh_from_protobuf() + self._output(self.ed25519_public_b64mh, self.ed25519_secret_b64mh, 'pub: ', 'sec: ') + + def do_base58(self): + log.debug("keygen.do_base58()") + self.base58_from_ed25519() + self._output(self.ed25519_public_base58, self.ed25519_secret_base58, 'pub: ', 'sec: ') + + def do_base64(self): + log.debug("keygen.do_base64()") + self.base64_from_ed25519() + self._output(self.ed25519_public_base64, self.ed25519_secret_base64, 'pub: ', 'sec: ') + + def do_duniter(self): + log.debug("keygen.do_duniter()") + if not self.format: + self.format = 'pubsec' + self.base58_from_ed25519() + self._output(self.ed25519_public_base58, self.ed25519_secret_base58, 'pub: ', 'sec: ') + + def do_ipfs(self): + log.debug("keygen.do_ipfs()") + self.protobuf_from_ed25519() + self.b58mh_from_protobuf() + self.b64mh_from_protobuf() + self._output(self.ed25519_public_b58mh, self.ed25519_secret_b64mh, 'PeerID: ', 'PrivKEY: ') + + def do_jwk(self): + log.debug("keygen.do_jwk()") + self.jwk_from_ed25519() + self._output(self.jwk.export_public(), self.jwk.export_private(), 'pub: ', 'sec: ') + + def duniterpy_from_credentials(self): + log.debug("keygen.duniterpy_from_credentials()") + try: + scrypt_params = duniterpy.key.scrypt_params.ScryptParams( + int(self.config.get('scrypt', 'n')) if self.config.has_option('scrypt', 'n') else 4096, + int(self.config.get('scrypt', 'r')) if self.config.has_option('scrypt', 'r') else 16, + int(self.config.get('scrypt', 'p')) if self.config.has_option('scrypt', 'p') else 1, + int(self.config.get('scrypt', 'sl')) if self.config.has_option('scrypt', 'sl') else 32, + ) + if not self.password: + with pynentry.PynEntry() as p: + p.description = f"""Please enter the passord for username "{self.username}".""" + p.prompt = 'Passsord:' + try: + self.password = p.get_pin() + except pynentry.PinEntryCancelled: + log.warning('Cancelled! Goodbye.') + self._cleanup() + exit(1) + self.duniterpy = duniterpy.key.SigningKey.from_credentials( + self.username, + self.password, + scrypt_params + ) + except Exception as e: + log.error(f'Unable to get duniter from credentials: {e}') + self._cleanup() + exit(2) + log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed) + + def duniterpy_from_ed25519_seed_bytes(self): + log.debug("keygen.duniterpy_from_ed25519_seed_bytes()") + try: + self.duniterpy = duniterpy.key.SigningKey(self.ed25519_seed_bytes) + except Exception as e: + log.error(f'Unable to get duniterpy from ed25519 seed bytes: {e}') + self._cleanup() + exit(2) + log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed) + + def duniterpy_from_file(self): + log.debug("keygen.duniterpy_from_file()") + try: + with open(self.input, 'r') as file: + lines = file.readlines() + if len(lines) > 0: + line = lines[0].strip() + regex_ewif = re.compile('^Type: EWIF$') + regex_jwk = re.compile('^\\s*{\\s*"crv":\\s*"Ed25519",\\s*"d":\\s*"(.)+",\\s*"kty":\\s*"OKP",\\s*"x":\\s*"(.)+"\\s*}') + regex_nacl = re.compile('^\\s*{\\s*"priv":\\s*"[0-9a-fA-F]+",\\s*"verify":\\s*"[0-9a-fA-F]+",\\s*"sign":\\s*"[0-9a-fA-F]+"\\s*}') + regex_pem = re.compile('^-----BEGIN PRIVATE KEY-----$') + regex_pubsec = re.compile('^Type: PubSec$') + regex_seed = re.compile('^[0-9a-fA-F]{64}$') + regex_ssb = re.compile('\\s*{\\s*"curve":\\s*"ed25519",\\s*"public":\\s*"(.+)\\.ed25519",\\s*"private":\\s*"(.+)\\.ed25519",\\s*"id":\\s*"@(.+).ed25519"\\s*}') + regex_wif = re.compile('^Type: WIF$') + if re.search(regex_ewif, line): + log.info("input file format detected: ewif") + if not self.password: + with pynentry.PynEntry() as p: + p.description = f"""Data in EWIF file is encrypted. + Please enter a password to decrypt seed. + """ + p.prompt = 'Passphrase:' + try: + self.password = p.get_pin() + except pynentry.PinEntryCancelled: + log.warning('Cancelled! Goodbye.') + self._cleanup() + exit(1) + self.duniterpy = duniterpy.key.SigningKey.from_ewif_file(self.input, self.password) + elif re.search(regex_jwk, line): + log.info("input file format detected: jwk") + self.jwk_from_json(line) + self.ed25519_seed_bytes_from_jwk() + self.duniterpy_from_ed25519_seed_bytes() + elif re.search(regex_nacl, line): + log.info("input file format detected: nacl") + self.duniterpy = duniterpy.key.SigningKey.from_private_key(self.input) + elif re.search(regex_pem, line): + log.info("input file format detected: pem") + self.ed25519_seed_bytes_from_pem(''.join(lines).encode()) + self.duniterpy_from_ed25519_seed_bytes() + elif re.search(regex_pubsec, line): + log.info("input file format detected: pubsec") + self.duniterpy = duniterpy.key.SigningKey.from_pubsec_file(self.input) + elif re.search(regex_seed, line): + log.info("input file format detected: seed") + self.duniterpy = duniterpy.key.SigningKey.from_seedhex_file(self.input) + elif re.search(regex_ssb, line): + log.info("input file format detected: ssb") + self.duniterpy = duniterpy.key.SigningKey.from_ssb_file(self.input) + elif re.search(regex_wif, line): + log.info("input file format detected: wif") + self.duniterpy = duniterpy.key.SigningKey.from_wif_file(self.input) + elif len(line.split(' ')) == 12: + log.info("input file format detected: mnemonic") + self.username = line + self.duniterpy_from_mnemonic() + elif len(lines) > 1: + log.info("input file format detected: credentials") + self.username = line + self.password = lines[1].strip() + self.duniterpy_from_credentials() + else: + raise NotImplementedError('unknown input file format.') + else: + raise NotImplementedError('empty file.') + except UnicodeDecodeError as e: + try: + with open(self.input, 'rb') as file: + lines = file.readlines() + if len(lines) > 0: + line = lines[0].strip() + regex_dewif = re.compile(b'^\x00\x00\x00\x01\x00\x00\x00\x01') + regex_pb2 = re.compile(b'^\x08\x01\x12@') + if re.search(regex_dewif, line): + log.info("input file format detected: dewif") + if not self.password: + with pynentry.PynEntry() as p: + p.description = f"""Data in DEWIF file is encrypted. + Please enter a password to decrypt seed. + """ + p.prompt = 'Passphrase:' + try: + self.password = p.get_pin() + except pynentry.PinEntryCancelled: + log.warning('Cancelled! Goodbye.') + self._cleanup() + exit(1) + self.duniterpy = duniterpy.key.SigningKey.from_dewif_file(self.input, self.password) + if re.search(regex_pb2, line): + log.info("input file format detected: pb2") + self.ed25519_secret_protobuf = line + self.ed25519_seed_bytes_from_protobuf() + self.duniterpy_from_ed25519_seed_bytes() + else: + raise NotImplementedError('unknown input file format.') + else: + raise NotImplementedError('empty file.') + except Exception as e: + log.error(f'Unable to get duniterpy from file {self.input}: {e}') + self._cleanup() + exit(2) + except Exception as e: + log.error(f'Unable to get duniterpy from file {self.input}: {e}') + self._cleanup() + exit(2) + log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed) + + def duniterpy_from_mnemonic(self): + log.debug("keygen.duniterpy_from_mnemonic()") + try: + scrypt_params = duniterpy.key.scrypt_params.ScryptParams( + int(self.config.get('scrypt', 'n')) if self.config.has_option('scrypt', 'n') else 4096, + int(self.config.get('scrypt', 'r')) if self.config.has_option('scrypt', 'r') else 16, + int(self.config.get('scrypt', 'p')) if self.config.has_option('scrypt', 'p') else 1, + int(self.config.get('scrypt', 'sl')) if self.config.has_option('scrypt', 'sl') else 32, + ) + self.duniterpy = duniterpy.key.SigningKey.from_dubp_mnemonic( + self.username, + scrypt_params + ) + except Exception as e: + log.error(f'Unable to get duniterpy from mnemonic: {e}') + self._cleanup() + exit(2) + log.debug("keygen.duniterpy.seed: %s" % self.duniterpy.seed) + + def ed25519(self, args): + log.debug("keygen.ed25519(%s)" % args) + if args.gpg: + self.ed25519_from_gpg() + else: + if self.input: + self.duniterpy_from_file() + else: + if self.mnemonic: + self.duniterpy_from_mnemonic() + else: + self.duniterpy_from_credentials() + self.ed25519_from_duniterpy() + + def ed25519_from_duniterpy(self): + log.debug("keygen.ed25519_from_duniterpy()") + try: + self.ed25519_seed_bytes_from_duniterpy() + self.ed25519_from_seed_bytes() + except: + log.error(f'Unable to get ed25519 from duniterpy: {e}') + self._cleanup() + exit(2) + + def ed25519_from_gpg(self): + log.debug("keygen.ed25519_from_gpg()") + try: + self.pgpy_from_gpg() + self.ed25519_from_pgpy() + except Exception as e: + log.error(f'Unable to get ed25519 from pgp: {e}') + self._cleanup() + exit(2) + + def ed25519_from_pgpy(self): + log.debug("keygen.ed25519_from_pgpy()") + try: + log.debug("keygen.pgpy.fingerprint.keyid=%s" % self.pgpy.fingerprint.keyid) + log.debug("keygen.pgpy.is_protected=%s" % self.pgpy.is_protected) + if self.pgpy.is_protected: + if not self.password: + with pynentry.PynEntry() as p: + p.description = f"""The exported pgp key id "{self.pgpy.fingerprint.keyid}" of user "{self.username}" is password protected. + Please enter the passphrase again to unlock it. + """ + p.prompt = 'Passphrase:' + try: + self.password = p.get_pin() + except pynentry.PinEntryCancelled: + log.warning('Cancelled! Goodbye.') + self._cleanup() + exit(1) + try: + with warnings.catch_warnings(): + # remove CryptographyDeprecationWarning about deprecated + # SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4) + warnings.simplefilter('ignore') + with self.pgpy.unlock(self.password): + assert self.pgpy.is_unlocked + log.debug("keygen.pgpy.is_unlocked=%s" % self.pgpy.is_unlocked) + self.ed25519_seed_bytes_from_pgpy() + except Exception as e: + log.error(f"""Unable to unlock pgp secret key id "{self.pgpy.fingerprint.keyid}" of user "{self.username}": {e}""") + self._cleanup() + exit(2) + else: + self.ed25519_seed_bytes_from_pgpy() + self.ed25519_from_seed_bytes() + except Exception as e: + log.error(f'Unable to get ed25519 seed bytes from pgpy: {e}') + self._cleanup() + exit(2) + + def ed25519_from_seed_bytes(self): + log.debug("keygen.ed25519_from_seed_bytes()") + try: + self.ed25519_public_bytes, self.ed25519_secret_bytes = nacl.bindings.crypto_sign_seed_keypair(self.ed25519_seed_bytes) + self.ed25519 = ed25519.Ed25519PrivateKey.from_private_bytes(self.ed25519_seed_bytes) + except Exception as e: + log.error(f'Unable to get ed25519 from seed bytes: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_public_bytes=%s" % self.ed25519_public_bytes) + log.debug("keygen.ed25519_secret_bytes=%s" % self.ed25519_secret_bytes) + + def ed25519_seed_bytes_from_duniterpy(self): + log.debug("keygen.ed25519_seed_bytes_from_duniterpy()") + try: + self.ed25519_seed_bytes = self.duniterpy.sk[:32] + except Exception as e: + log.error(f'Unable to get ed25519 seed bytes from duniterpy: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes) + + def ed25519_seed_bytes_from_jwk(self): + log.debug("keygen.ed25519_seed_bytes_from_jwk()") + try: + self.ed25519_seed_bytes = self.jwk._okp_pri().private_bytes(encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption()) + except Exception as e: + log.error(f'Unable to get ed25519 seed bytes from jwk: {e}') + self._cleanup() + exit(2) + + def ed25519_seed_bytes_from_pem(self, pem): + log.debug("keygen.ed25519_seed_bytes_from_pem()") + try: + self.ed25519_seed_bytes = serialization.load_pem_private_key(pem, password=None).private_bytes(encoding=serialization.Encoding.Raw, format=serialization.PrivateFormat.Raw, encryption_algorithm=serialization.NoEncryption()) + except Exception as e: + log.error(f'Unable to get ed25519 seed bytes from pem: {e}') + self._cleanup() + exit(2) + + def ed25519_seed_bytes_from_pgpy(self): + log.debug("keygen.ed25519_seed_bytes_from_pgpy()") + try: + self.pgpy_key_type() + if self.pgpy_key_type == 'RSA': + log.debug("keygen.pgpy._key.keymaterial.p=%s" % self.pgpy._key.keymaterial.p) + log.debug("keygen.pgpy._key.keymaterial.q=%s" % self.pgpy._key.keymaterial.q) + # custom seed: use sha256 hash of (p + q) + self.ed25519_seed_bytes = nacl.bindings.crypto_hash_sha256(long_to_bytes(self.pgpy._key.keymaterial.p + self.pgpy._key.keymaterial.q)) + elif self.pgpy_key_type in ('ECDSA', 'EdDSA', 'ECDH'): + log.debug("keygen.pgpy._key.keymaterial.s=%s" % self.pgpy._key.keymaterial.s) + self.ed25519_seed_bytes = long_to_bytes(self.pgpy._key.keymaterial.s) + else: + raise NotImplementedError(f"getting seed from {self.pgpy_key_type} key is not implemented") + except Exception as e: + log.error(f'Unable to get ed25519 seed bytes from pgpy: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes) + + def ed25519_seed_bytes_from_protobuf(self): + log.debug("keygen.ed25519_seed_bytes_from_protobuf()") + try: + self.ed25519_seed_bytes = self.ed25519_secret_protobuf.lstrip(b'\x08\x01\x12@')[:32] + except Exception as e: + log.error(f'Unable to get ed25519 seed bytes from protobuf: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_seed_bytes=%s" % self.ed25519_seed_bytes) + + def gpg_passphrase_cb(self, uid_hint, passphrase_info, prev_was_bad): + log.debug("keygen.gpg_passphrase_cb(%s, %s, %s)" % (uid_hint, passphrase_info, prev_was_bad)) + return self.password + + def jwk_from_ed25519(self): + log.debug("keygen.jwk_from_ed25519()") + try: + self.jwk = jwk.JWK.from_pyca(self.ed25519) + except Exception as e: + log.error(f'Unable to get jwk from ed25519: {e}') + self._cleanup() + exit(2) + + def jwk_from_json(self, json): + log.debug("keygen.jwk_from_json()") + try: + self.jwk = jwk.JWK.from_json(json) + except Exception as e: + log.error(f'Unable to get jwk from json: {e}') + self._cleanup() + exit(2) + + def pem_pkcs8_from_ed25519(self): + log.debug("keygen.pem_pkcs8_from_ed25519()") + try: + self.ed25519_secret_pem_pkcs8 = self.ed25519.private_bytes(encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()).decode('ascii') + except Exception as e: + log.error(f'Unable to get pem pkcs8 from ed25519: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_secret_pem_pkcs8=%s" % self.ed25519_secret_pem_pkcs8) + + def pgpy_from_gpg(self): + log.debug("keygen.pgpy_from_gpg()") + try: + self.gpg_seckeys = list(self.gpg.keylist(pattern=self.username, secret=True)) + log.debug("keygen.gpg_seckeys=%s" % self.gpg_seckeys) + if not self.gpg_seckeys: + log.warning(f"""Unable to find any key matching username "{self.username}".""") + self._cleanup() + exit(1) + else: + self.gpg_seckey = self.gpg_seckeys[0] + log.info(f"""Found key id "{self.gpg_seckey.fpr}" matching username "{self.username}".""") + log.debug("keygen.gpg_seckey.expired=%s" % self.gpg_seckey.expired) + log.debug("keygen.gpg_seckey.fpr=%s" % self.gpg_seckey.fpr) + log.debug("keygen.gpg_seckey.revoked=%s" % self.gpg_seckey.revoked) + log.debug("keygen.gpg_seckey.uids=%s" % self.gpg_seckey.uids) + log.debug("keygen.gpg_seckey.owner_trust=%s" % self.gpg_seckey.owner_trust) + log.debug("keygen.gpg_seckey.last_update=%s" % self.gpg_seckey.last_update) + if self.password: + self.gpg.set_pinentry_mode(gpg.constants.PINENTRY_MODE_LOOPBACK) + self.pgp_public_armor = self.gpg.key_export(self.gpg_seckey.fpr) + self.pgp_secret_armor = self.gpg.key_export_secret(self.gpg_seckey.fpr) + log.debug("keygen.pgp_secret_armor=%s" % self.pgp_secret_armor) + if not self.pgp_secret_armor: + log.error(f"""Unable to export gpg secret key id "{self.gpg_seckey.fpr}" of user "{self.username}". Please check your password!""") + self._cleanup() + exit(2) + with warnings.catch_warnings(): + # remove CryptographyDeprecationWarning about deprecated + # SymmetricKeyAlgorithm IDEA, CAST5 and Blowfish (PGPy v0.5.4) + warnings.simplefilter('ignore') + self.pgpy, _ = pgpy.PGPKey.from_blob(self.pgp_secret_armor) + except Exception as e: + log.error(f'Unable to get pgpy from gpg: {e}') + self._cleanup() + exit(2) + + def pgpy_key_type(self): + log.debug("keygen.pgpy_key_type()") + if isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.RSAPriv): + self.pgpy_key_type = 'RSA' + elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.DSAPriv): + self.pgpy_key_type = 'DSA' + elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.ElGPriv): + self.pgpy_key_type = 'ElGamal' + elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.ECDSAPriv): + self.pgpy_key_type = 'ECDSA' + elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.EdDSAPriv): + self.pgpy_key_type = 'EdDSA' + elif isinstance(self.pgpy._key.keymaterial, pgpy.packet.fields.ECDHPriv): + self.pgpy_key_type = 'ECDH' + else: + self.pgpy_key_type = 'undefined' + log.debug("keygen.pgpy_key_type=%s" % self.pgpy_key_type) + + def protobuf_from_ed25519(self): + # libp2p protobuf version 2 + log.debug("keygen.protobuf_from_ed25519()") + try: + self.ed25519_public_protobuf = b'\x00$\x08\x01\x12 ' + self.ed25519_public_bytes + self.ed25519_secret_protobuf = b'\x08\x01\x12@' + self.ed25519_secret_bytes + except Exception as e: + log.error(f'Unable to get protobuf from ed25519: {e}') + self._cleanup() + exit(2) + log.debug("keygen.ed25519_public_protobuf=%s" % self.ed25519_public_protobuf) + log.debug("keygen.ed25519_secret_protobuf=%s" % self.ed25519_secret_protobuf) + +## +# long_to_bytes comes from PyCrypto, which is released into Public Domain +# https://github.com/dlitz/pycrypto/blob/master/lib/Crypto/Util/number.py +def bytes_to_long(s): + """bytes_to_long(string) : long + Convert a byte string to a long integer. + This is (essentially) the inverse of long_to_bytes(). + """ + acc = 0 + unpack = struct.unpack + length = len(s) + if length % 4: + extra = (4 - length % 4) + s = b'\000' * extra + s + length = length + extra + for i in range(0, length, 4): + acc = (acc << 32) + unpack('>I', s[i:i+4])[0] + return acc + +def long_to_bytes(n, blocksize=0): + """long_to_bytes(n:long, blocksize:int) : string + Convert a long integer to a byte string. + If optional blocksize is given and greater than zero, pad the front of the + byte string with binary zeros so that the length is a multiple of + blocksize. + """ + # after much testing, this algorithm was deemed to be the fastest + s = b'' + n = int(n) + pack = struct.pack + while n > 0: + s = pack('>I', n & 0xffffffff) + s + n = n >> 32 + # strip off leading zeros + for i in range(len(s)): + if s[i] != b'\000'[0]: + break + else: + # only happens when n == 0 + s = b'\000' + i = 0 + s = s[i:] + # add back some pad bytes. this could be done more efficiently w.r.t. the + # de-padding being done above, but sigh... + if blocksize > 0 and len(s) % blocksize: + s = (blocksize - len(s) % blocksize) * b'\000' + s + return s + +def main(argv=None): + if argv is None: + argv = sys.argv[1:] + + cli = keygen() + return cli._run(argv) + +def version(version=__version__): + print("%s v%s" % (sys.argv[0],version)) + +if __name__ == "__main__": + sys.exit(main())