synapse.lib.crypto package

Submodules

synapse.lib.crypto.coin module

synapse.lib.crypto.coin.bch_check(match: _regex.Match)[source]
synapse.lib.crypto.coin.btc_base58_check(match: _regex.Match)[source]
synapse.lib.crypto.coin.btc_bech32_check(match: _regex.Match)[source]
synapse.lib.crypto.coin.cardano_byron_check(match: _regex.Match)[source]
synapse.lib.crypto.coin.cardano_shelly_check(match: _regex.Match)[source]
synapse.lib.crypto.coin.eth_check(match: _regex.Match)[source]
synapse.lib.crypto.coin.ether_eip55(body: str)[source]
synapse.lib.crypto.coin.logger = <Logger synapse.lib.crypto.coin (WARNING)>

synapse.lib.crypto.coin contains functions for verifying whether or not a given regex match containing a valu is valid for a given type of coin.

these functions are intended to be used with synapse.lib.scrape.

synapse.lib.crypto.coin.substrate_check(match: _regex.Match)[source]
synapse.lib.crypto.coin.xrp_check(match: _regex.Match)[source]

synapse.lib.crypto.ecc module

class synapse.lib.crypto.ecc.PriKey(priv)[source]

Bases: object

A helper class for using ECC private keys.

dump()[source]

Get the private key bytes in DER/PKCS8 format.

Returns

The DER/PKCS8 encoded private key.

Return type

bytes

exchange(pubkey)[source]

Perform a ECDH key exchange with a public key.

Parameters

pubkey (PubKey) – A PubKey to perform the ECDH with.

Returns

The ECDH bytes. This is deterministic for a given pubkey and private key.

Return type

bytes

static generate()[source]

Generate a new ECC PriKey instance.

Returns

A new PriKey instance.

Return type

PriKey

iden()[source]

Return a SHA256 hash for the public key (to be used as a GUID).

Returns

The SHA256 hash of the public key bytes.

Return type

str

static load(byts)[source]

Create a PriKey instance from DER/PKCS8 encoded bytes.

Parameters

byts (bytes) – Bytes to load

Returns

A new PubKey instance.

Return type

PriKey

public()[source]

Get the PubKey which corresponds to the ECC PriKey.

Returns

A new PubKey object whose key corresponds to the private key.

Return type

PubKey

sign(byts)[source]

Compute the ECC signature for the given bytestream.

Parameters

byts (bytes) – The bytes to sign.

Returns

The RSA Signature bytes.

Return type

bytes

class synapse.lib.crypto.ecc.PubKey(publ)[source]

Bases: object

A helper class for using ECC public keys.

dump()[source]

Get the public key bytes in DER/SubjectPublicKeyInfo format.

Returns

The DER/SubjectPublicKeyInfo encoded public key.

Return type

bytes

iden()[source]

Return a SHA256 hash for the public key (to be used as a GUID).

Returns

The SHA256 hash of the public key bytes.

Return type

str

static load(byts)[source]

Create a PubKey instance from DER/PKCS8 encoded bytes.

Parameters

byts (bytes) – Bytes to load

Returns

A new PubKey instance.

Return type

PubKey

verify(byts, sign)[source]

Verify the signature for the given bytes using the ECC public key.

Parameters
  • byts (bytes) – The data bytes.

  • sign (bytes) – The signature bytes.

Returns

True if the data was verified, False otherwise.

Return type

bool

synapse.lib.crypto.ecc.doECDHE(statprv_u, statpub_v, ephmprv_u, ephmpub_v, length=64, salt=None, info=None)[source]

Perform one side of an Ecliptic Curve Diffie Hellman Ephemeral key exchange.

Parameters
  • statprv_u (PriKey) – Static Private Key for U

  • (PubKey (statpub_v) – Static Public Key for V

  • ephmprv_u (PriKey) – Ephemeral Private Key for U

  • ephmpub_v (PubKey) – Ephemeral Public Key for V

  • length (int) – Number of bytes to return

  • salt (bytes) – Salt to use when computing the key.

  • info (bytes) – Additional information to use when computing the key.

Notes

This makes no assumption about the reuse of the Ephemeral keys passed to the function. It is the caller’s responsibility to destroy the keys after they are used for doing key generation. This implementation is the dhHybrid1 scheme described in NIST 800-56A Revision 2.

Returns

The derived key.

Return type

bytes

synapse.lib.crypto.passwd module

async synapse.lib.crypto.passwd.checkShadowV2(passwd: AnyStr, shadow: Dict) bool[source]

Check a password against a shadow dictionary.

Parameters
  • passwd (str) – Password to check.

  • shadow (dict) – Data to check the password against.

Returns

True if the password is valid, false otherwise.

Return type

bool

async synapse.lib.crypto.passwd.getPbkdf2(passwd: AnyStr) Dict[source]
async synapse.lib.crypto.passwd.getShadowV2(passwd: AnyStr) Dict[source]

Get the shadow dictionary for a given password.

Parameters
  • passwd (str) – Password to hash.

  • ptyp (str) – The password hash type.

Returns

A dictionary containing shadowed password information.

Return type

dict

async synapse.lib.crypto.passwd.verifyPbkdf2(passwd: AnyStr, shadow: Dict) bool[source]

synapse.lib.crypto.tinfoil module

class synapse.lib.crypto.tinfoil.CryptSeq(rx_key, tx_key, initial_rx_seq=0, initial_tx_seq=0)[source]

Bases: object

Applies and verifies sequence numbers of encrypted messages coming and going

Parameters
  • rx_key (bytes) – TX key (used with TinFoilHat).

  • tx_key (bytes) – RX key (used with TinFoilHat).

  • initial_rx_seq (int) – Starting rx sequence number.

  • initial_tx_seq (int) – Starting tx sequence number.

decrypt(ciphertext)[source]

Decrypt a message, validating its sequence number is as we expect.

Parameters

ciphertext (bytes) – The message to decrypt and verify.

Returns

A mesg.

Return type

mesg

Raises

s_exc.CryptoErr – If the message decryption fails or the sequence number was unexpected.

encrypt(mesg)[source]

Wrap a message with a sequence number and encrypt it.

Parameters

mesg – The mesg to encrypt.

Returns

The encrypted message.

Return type

bytes

class synapse.lib.crypto.tinfoil.TinFoilHat(ekey)[source]

Bases: object

The TinFoilHat class implements a GCM-AES encryption/decryption class.

Parameters
  • ekey (bytes) – A 32 byte key used for doing encryption & decryption. It

  • manner. (is assumed the caller has generated the key in a safe) –

dec(byts)[source]

Decode an envelope dict and decrypt the given bytes.

Parameters

byts (bytes) – Bytes to decrypt.

Returns

Decrypted message.

Return type

bytes

enc(byts, asscd=None)[source]

Encrypt the given bytes and return an envelope dict in msgpack form.

Parameters
  • byts (bytes) – The message to be encrypted.

  • asscd (bytes) – Extra data that needs to be authenticated (but not encrypted).

Returns

The encrypted message. This is a msgpacked dictionary containing the IV, ciphertext, and associated data.

Return type

bytes

synapse.lib.crypto.tinfoil.newkey()[source]

Generate a new, random 32 byte key.

Returns

32 random bytes

Return type

bytes