synapse.lib.crypto package

Submodules

synapse.lib.crypto.coin module

synapse.lib.crypto.coin.bch_check(match: Match)[source]

synapse.lib.crypto.coin.btc_base58_check(match: Match)[source]

synapse.lib.crypto.coin.btc_bech32_check(match: Match)[source]

synapse.lib.crypto.coin.cardano_byron_check(match: Match)[source]

synapse.lib.crypto.coin.cardano_shelly_check(match: Match)[source]

synapse.lib.crypto.coin.eth_check(match: Match)[source]

synapse.lib.crypto.coin.ether_eip55(body: str)[source]

synapse.lib.crypto.coin.logger = <Logger synapse.lib.crypto.coin (WARNING)>

synapse.lib.crypto.coin contains functions for verifying whether or not a given regex match containing a valu is valid for a given type of coin.

these functions are intended to be used with synapse.lib.scrape.

synapse.lib.crypto.coin.substrate_check(match: Match)[source]

synapse.lib.crypto.coin.xrp_check(match: Match)[source]

synapse.lib.crypto.ecc module

class synapse.lib.crypto.ecc.PriKey(priv)[source]

Bases: object

A helper class for using ECC private keys.

dump()[source]

Get the private key bytes in DER/PKCS8 format.

Returns:: The DER/PKCS8 encoded private key.
Return type:: bytes

exchange(pubkey)[source]

Perform a ECDH key exchange with a public key.

Parameters:: pubkey (PubKey) – A PubKey to perform the ECDH with.
Returns:: The ECDH bytes. This is deterministic for a given pubkey and private key.
Return type:: bytes

static generate()[source]

Generate a new ECC PriKey instance.

Returns:: A new PriKey instance.
Return type:: PriKey

iden()[source]

Return a SHA256 hash for the public key (to be used as a GUID).

Returns:: The SHA256 hash of the public key bytes.
Return type:: str

static load(byts)[source]

Create a PriKey instance from DER/PKCS8 encoded bytes.

Parameters:: byts (bytes) – Bytes to load
Returns:: A new PubKey instance.
Return type:: PriKey

public()[source]

Get the PubKey which corresponds to the ECC PriKey.

Returns:: A new PubKey object whose key corresponds to the private key.
Return type:: PubKey

sign(byts)[source]

Compute the ECC signature for the given bytestream.

Parameters:: byts (bytes) – The bytes to sign.
Returns:: The RSA Signature bytes.
Return type:: bytes

class synapse.lib.crypto.ecc.PubKey(publ)[source]

Bases: object

A helper class for using ECC public keys.

dump()[source]

Get the public key bytes in DER/SubjectPublicKeyInfo format.

Returns:: The DER/SubjectPublicKeyInfo encoded public key.
Return type:: bytes

iden()[source]

Return a SHA256 hash for the public key (to be used as a GUID).

Returns:: The SHA256 hash of the public key bytes.
Return type:: str

static load(byts)[source]

Create a PubKey instance from DER/PKCS8 encoded bytes.

Parameters:: byts (bytes) – Bytes to load
Returns:: A new PubKey instance.
Return type:: PubKey

verify(byts, sign)[source]

Verify the signature for the given bytes using the ECC public key.

Parameters:

byts (bytes) – The data bytes.
sign (bytes) – The signature bytes.

Returns:

True if the data was verified, False otherwise.

Return type:

bool

synapse.lib.crypto.ecc.doECDHE(statprv_u, statpub_v, ephmprv_u, ephmpub_v, length=64, salt=None, info=None)[source]

Perform one side of an Ecliptic Curve Diffie Hellman Ephemeral key exchange.

Parameters:

statprv_u (PriKey) – Static Private Key for U
(PubKey (statpub_v) – Static Public Key for V
ephmprv_u (PriKey) – Ephemeral Private Key for U
ephmpub_v (PubKey) – Ephemeral Public Key for V
length (int) – Number of bytes to return
salt (bytes) – Salt to use when computing the key.
info (bytes) – Additional information to use when computing the key.

Notes

This makes no assumption about the reuse of the Ephemeral keys passed to the function. It is the caller’s responsibility to destroy the keys after they are used for doing key generation. This implementation is the dhHybrid1 scheme described in NIST 800-56A Revision 2.

Returns:: The derived key.
Return type:: bytes

synapse.lib.crypto.passwd module

async synapse.lib.crypto.passwd.checkShadowV2(passwd: AnyStr, shadow: Dict) → bool[source]

Check a password against a shadow dictionary.

Parameters:

passwd (str) – Password to check.
shadow (dict) – Data to check the password against.

Returns:

True if the password is valid, false otherwise.

Return type:

bool

async synapse.lib.crypto.passwd.generateApiKey(iden=None)[source]

async synapse.lib.crypto.passwd.getPbkdf2(passwd: AnyStr) → Dict[source]

async synapse.lib.crypto.passwd.getShadowV2(passwd: AnyStr) → Dict[source]

Get the shadow dictionary for a given password.

Parameters:

passwd (str) – Password to hash.
ptyp (str) – The password hash type.

Returns:

A dictionary containing shadowed password information.

Return type:

dict

synapse.lib.crypto.passwd.parseApiKey(valu)[source]

async synapse.lib.crypto.passwd.verifyPbkdf2(passwd: AnyStr, shadow: Dict) → bool[source]

synapse.lib.crypto.rsa module

class synapse.lib.crypto.rsa.PriKey(priv)[source]

Bases: object

A helper class for using RSA private keys.

Signing methods use RSA-PSS and MFG1 with sha256 hashing.

iden() → str[source]

Return a SHA256 hash for the public key (to be used as a GUID).

Returns:: The SHA256 hash of the public key bytes.
Return type:: str

public()[source]

Get the PubKey which corresponds to the RSA PriKey.

Returns:: A new PubKey object whose key corresponds to the private key.
Return type:: PubKey

sign(byts: bytes) → bytes[source]

Compute the RSA signature for the given bytestream.

Parameters:: byts (bytes) – The bytes to sign.
Returns:: The RSA Signature bytes.
Return type:: bytes

signitem(item) → bytes[source]

Compute the RSA signature for the given python primitive.

Parameters:: item – The item to sign. This will be flattened and msgpacked prior to signing.
Returns:: The RSA Signature bytes.
Return type:: bytes

class synapse.lib.crypto.rsa.PubKey(publ)[source]

Bases: object

A helper class for using RSA public keys.

dump()[source]

Get the public key bytes in DER/SubjectPublicKeyInfo format.

Returns:: The DER/SubjectPublicKeyInfo encoded public key.
Return type:: bytes

iden()[source]

Return a SHA256 hash for the public key (to be used as a GUID).

Returns:: The SHA256 hash of the public key bytes.
Return type:: str

static load(byts)[source]

Create a PubKey instance from DER/PKCS8 encoded bytes.

Parameters:: byts (bytes) – Bytes to load
Returns:: A new PubKey instance.
Return type:: PubKey

verify(byts, sign)[source]

Verify the signature for the given bytes using the RSA public key.

Parameters:

byts (bytes) – The data bytes.
sign (bytes) – The signature bytes.

Returns:

True if the data was verified, False otherwise.

Return type:

bool

verifyitem(item, sign)[source]

Verify the signature for the given item with the RSA public key.

Parameters:

item – The Python primitive to verify.
sign (bytes) – The signature bytes.

Returns:

True if the data was verified, False otherwise.

Return type:

bool

synapse.lib.crypto.tinfoil module

class synapse.lib.crypto.tinfoil.CryptSeq(rx_key, tx_key, initial_rx_seq=0, initial_tx_seq=0)[source]

Bases: object

Applies and verifies sequence numbers of encrypted messages coming and going

Parameters:

rx_key (bytes) – TX key (used with TinFoilHat).
tx_key (bytes) – RX key (used with TinFoilHat).
initial_rx_seq (int) – Starting rx sequence number.
initial_tx_seq (int) – Starting tx sequence number.

decrypt(ciphertext)[source]

Decrypt a message, validating its sequence number is as we expect.

Parameters:: ciphertext (bytes) – The message to decrypt and verify.
Returns:: A mesg.
Return type:: mesg
Raises:: s_exc.CryptoErr – If the message decryption fails or the sequence number was unexpected.

encrypt(mesg)[source]

Wrap a message with a sequence number and encrypt it.

Parameters:: mesg – The mesg to encrypt.
Returns:: The encrypted message.
Return type:: bytes

class synapse.lib.crypto.tinfoil.TinFoilHat(ekey)[source]

Bases: object

The TinFoilHat class implements a GCM-AES encryption/decryption class.

Parameters:

ekey (bytes) – A 32 byte key used for doing encryption & decryption. It
manner. (is assumed the caller has generated the key in a safe)

dec(byts)[source]

Decode an envelope dict and decrypt the given bytes.

Parameters:: byts (bytes) – Bytes to decrypt.
Returns:: Decrypted message.
Return type:: bytes

enc(byts, asscd=None)[source]

Encrypt the given bytes and return an envelope dict in msgpack form.

Parameters:

byts (bytes) – The message to be encrypted.
asscd (bytes) – Extra data that needs to be authenticated (but not encrypted).

Returns:

The encrypted message. This is a msgpacked dictionary containing the IV, ciphertext, and associated data.

Return type:

bytes

synapse.lib.crypto.tinfoil.newkey()[source]

Generate a new, random 32 byte key.

Returns:: 32 random bytes
Return type:: bytes