Move RIPEMD160 hash to highlevelcrypto and export to_ripe() (closes: Bitmessage#1796)

Lee Miller · Lee Miller · commit acb8c951d21f · 2022-07-15T23:31:21.000+03:00
diff --git a/src/class_addressGenerator.py b/src/class_addressGenerator.py
@@ -1,10 +1,12 @@
 """
 A thread for creating addresses
 """
-import hashlib
+
 import time
 from binascii import hexlify
 
+from six.moves import configparser, queue
+
 import defaults
 import highlevelcrypto
 import queues
@@ -13,9 +15,7 @@
 import tr
 from addresses import decodeAddress, encodeAddress, encodeVarint
 from bmconfigparser import config
-from fallback import RIPEMD160Hash
 from network import StoppableThread
-from six.moves import configparser, queue
 
 
 class AddressGeneratorException(Exception):
@@ -132,9 +132,8 @@ def run(self):
                     numberOfAddressesWeHadToMakeBeforeWeFoundOneWithTheCorrectRipePrefix += 1
                     potentialPrivEncryptionKey, potentialPubEncryptionKey = \
                         highlevelcrypto.random_keys()
-                    sha = hashlib.new('sha512')
-                    sha.update(pubSigningKey + potentialPubEncryptionKey)
-                    ripe = RIPEMD160Hash(sha.digest()).digest()
+                    ripe = highlevelcrypto.to_ripe(
+                        pubSigningKey, potentialPubEncryptionKey)
                     if (
                         ripe[:numberOfNullBytesDemandedOnFrontOfRipeHash]
                         == b'\x00' * numberOfNullBytesDemandedOnFrontOfRipeHash
@@ -241,10 +240,8 @@ def run(self):
 
                         signingKeyNonce += 2
                         encryptionKeyNonce += 2
-                        sha = hashlib.new('sha512')
-                        sha.update(
-                            potentialPubSigningKey + potentialPubEncryptionKey)
-                        ripe = RIPEMD160Hash(sha.digest()).digest()
+                        ripe = highlevelcrypto.to_ripe(
+                            potentialPubSigningKey, potentialPubEncryptionKey)
                         if (
                             ripe[:numberOfNullBytesDemandedOnFrontOfRipeHash]
                             == b'\x00' * numberOfNullBytesDemandedOnFrontOfRipeHash
diff --git a/src/class_objectProcessor.py b/src/class_objectProcessor.py
@@ -27,7 +27,6 @@
     encodeAddress, encodeVarint, varintDecodeError
 )
 from bmconfigparser import config
-from fallback import RIPEMD160Hash
 from helper_sql import sql_ready, SqlBulkExecute, sqlExecute, sqlQuery
 from network import bmproto, knownnodes
 from network.node import Peer
@@ -295,31 +294,28 @@ def processpubkey(self, data):
                     '(within processpubkey) payloadLength less than 146.'
                     ' Sanity check failed.')
             readPosition += 4
-            publicSigningKey = data[readPosition:readPosition + 64]
+            pubSigningKey = '\x04' + data[readPosition:readPosition + 64]
             # Is it possible for a public key to be invalid such that trying to
             # encrypt or sign with it will cause an error? If it is, it would
             # be easiest to test them here.
             readPosition += 64
-            publicEncryptionKey = data[readPosition:readPosition + 64]
-            if len(publicEncryptionKey) < 64:
+            pubEncryptionKey = '\x04' + data[readPosition:readPosition + 64]
+            if len(pubEncryptionKey) < 65:
                 return logger.debug(
                     'publicEncryptionKey length less than 64. Sanity check'
                     ' failed.')
             readPosition += 64
             # The data we'll store in the pubkeys table.
             dataToStore = data[20:readPosition]
-            sha = hashlib.new('sha512')
-            sha.update(
-                '\x04' + publicSigningKey + '\x04' + publicEncryptionKey)
-            ripe = RIPEMD160Hash(sha.digest()).digest()
+            ripe = highlevelcrypto.to_ripe(pubSigningKey, pubEncryptionKey)
 
             if logger.isEnabledFor(logging.DEBUG):
                 logger.debug(
                     'within recpubkey, addressVersion: %s, streamNumber: %s'
                     '\nripe %s\npublicSigningKey in hex: %s'
                     '\npublicEncryptionKey in hex: %s',
                     addressVersion, streamNumber, hexlify(ripe),
-                    hexlify(publicSigningKey), hexlify(publicEncryptionKey)
+                    hexlify(pubSigningKey), hexlify(pubEncryptionKey)
                 )
 
             address = encodeAddress(addressVersion, streamNumber, ripe)
@@ -349,9 +345,9 @@ def processpubkey(self, data):
                     ' Sanity check failed.')
                 return
             readPosition += 4
-            publicSigningKey = '\x04' + data[readPosition:readPosition + 64]
+            pubSigningKey = '\x04' + data[readPosition:readPosition + 64]
             readPosition += 64
-            publicEncryptionKey = '\x04' + data[readPosition:readPosition + 64]
+            pubEncryptionKey = '\x04' + data[readPosition:readPosition + 64]
             readPosition += 64
             specifiedNonceTrialsPerByteLength = decodeVarint(
                 data[readPosition:readPosition + 10])[1]
@@ -368,23 +364,21 @@ def processpubkey(self, data):
             signature = data[readPosition:readPosition + signatureLength]
             if highlevelcrypto.verify(
                     data[8:endOfSignedDataPosition],
-                    signature, hexlify(publicSigningKey)):
+                    signature, hexlify(pubSigningKey)):
                 logger.debug('ECDSA verify passed (within processpubkey)')
             else:
                 logger.warning('ECDSA verify failed (within processpubkey)')
                 return
 
-            sha = hashlib.new('sha512')
-            sha.update(publicSigningKey + publicEncryptionKey)
-            ripe = RIPEMD160Hash(sha.digest()).digest()
+            ripe = highlevelcrypto.to_ripe(pubSigningKey, pubEncryptionKey)
 
             if logger.isEnabledFor(logging.DEBUG):
                 logger.debug(
                     'within recpubkey, addressVersion: %s, streamNumber: %s'
                     '\nripe %s\npublicSigningKey in hex: %s'
                     '\npublicEncryptionKey in hex: %s',
                     addressVersion, streamNumber, hexlify(ripe),
-                    hexlify(publicSigningKey), hexlify(publicEncryptionKey)
+                    hexlify(pubSigningKey), hexlify(pubEncryptionKey)
                 )
 
             address = encodeAddress(addressVersion, streamNumber, ripe)
@@ -583,9 +577,7 @@ def processmsg(self, data):
         sigHash = highlevelcrypto.double_sha512(signature)[32:]
 
         # calculate the fromRipe.
-        sha = hashlib.new('sha512')
-        sha.update(pubSigningKey + pubEncryptionKey)
-        ripe = RIPEMD160Hash(sha.digest()).digest()
+        ripe = highlevelcrypto.to_ripe(pubSigningKey, pubEncryptionKey)
         fromAddress = encodeAddress(
             sendersAddressVersionNumber, sendersStreamNumber, ripe)
 
@@ -873,9 +865,8 @@ def processbroadcast(self, data):
                 requiredPayloadLengthExtraBytes)
         endOfPubkeyPosition = readPosition
 
-        sha = hashlib.new('sha512')
-        sha.update(sendersPubSigningKey + sendersPubEncryptionKey)
-        calculatedRipe = RIPEMD160Hash(sha.digest()).digest()
+        calculatedRipe = highlevelcrypto.to_ripe(
+            sendersPubSigningKey, sendersPubEncryptionKey)
 
         if broadcastVersion == 4:
             if toRipe != calculatedRipe:
diff --git a/src/highlevelcrypto.py b/src/highlevelcrypto.py
@@ -14,16 +14,27 @@
 from pyelliptic import ECC, OpenSSL
 from pyelliptic import arithmetic as a
 
+from fallback import RIPEMD160Hash
 
 __all__ = [
     'decodeWalletImportFormat', 'deterministic_keys',
     'double_sha512', 'calculateInventoryHash', 'encodeWalletImportFormat',
     'encrypt', 'makeCryptor', 'pointMult', 'privToPub', 'randomBytes',
-    'random_keys', 'sign', 'verify']
+    'random_keys', 'sign', 'to_ripe', 'verify']
 
 
 # Hashes
 
+def _bm160(data):
+    """RIPEME160(SHA512(data)) -> bytes"""
+    return RIPEMD160Hash(hashlib.sha512(data).digest()).digest()
+
+
+def to_ripe(signing_key, encryption_key):
+    """Convert two public keys to a ripe hash"""
+    return _bm160(signing_key + encryption_key)
+
+
 def double_sha512(data):
     """Binary double SHA512 digest"""
     return hashlib.sha512(hashlib.sha512(data).digest()).digest()
diff --git a/src/protocol.py b/src/protocol.py
@@ -20,7 +20,6 @@
     encodeVarint, decodeVarint, decodeAddress, varintDecodeError)
 from bmconfigparser import config
 from debug import logger
-from fallback import RIPEMD160Hash
 from helper_sql import sqlExecute
 from version import softwareVersion
 
@@ -458,9 +457,9 @@ def decryptAndCheckPubkeyPayload(data, address):
         readPosition = 0
         # bitfieldBehaviors = decryptedData[readPosition:readPosition + 4]
         readPosition += 4
-        publicSigningKey = '\x04' + decryptedData[readPosition:readPosition + 64]
+        pubSigningKey = '\x04' + decryptedData[readPosition:readPosition + 64]
         readPosition += 64
-        publicEncryptionKey = '\x04' + decryptedData[readPosition:readPosition + 64]
+        pubEncryptionKey = '\x04' + decryptedData[readPosition:readPosition + 64]
         readPosition += 64
         specifiedNonceTrialsPerByteLength = decodeVarint(
             decryptedData[readPosition:readPosition + 10])[1]
@@ -476,17 +475,15 @@ def decryptAndCheckPubkeyPayload(data, address):
         signature = decryptedData[readPosition:readPosition + signatureLength]
 
         if not highlevelcrypto.verify(
-                signedData, signature, hexlify(publicSigningKey)):
+                signedData, signature, hexlify(pubSigningKey)):
             logger.info(
                 'ECDSA verify failed (within decryptAndCheckPubkeyPayload)')
             return 'failed'
 
         logger.info(
             'ECDSA verify passed (within decryptAndCheckPubkeyPayload)')
 
-        sha = hashlib.new('sha512')
-        sha.update(publicSigningKey + publicEncryptionKey)
-        embeddedRipe = RIPEMD160Hash(sha.digest()).digest()
+        embeddedRipe = highlevelcrypto.to_ripe(pubSigningKey, pubEncryptionKey)
 
         if embeddedRipe != ripe:
             # Although this pubkey object had the tag were were looking for
@@ -504,7 +501,7 @@ def decryptAndCheckPubkeyPayload(data, address):
             'addressVersion: %s, streamNumber: %s\nripe %s\n'
             'publicSigningKey in hex: %s\npublicEncryptionKey in hex: %s',
             addressVersion, streamNumber, hexlify(ripe),
-            hexlify(publicSigningKey), hexlify(publicEncryptionKey)
+            hexlify(pubSigningKey), hexlify(pubEncryptionKey)
         )
 
         t = (address, addressVersion, storedData, int(time.time()), 'yes')
diff --git a/src/tests/samples.py b/src/tests/samples.py
@@ -8,6 +8,7 @@
     '0592a10584ffabf96539f3d780d776828c67da1ab5b169e9e8aed838aaecc9ed36d49ff14'
     '23c55f019e050c66c6324f53588be88894fef4dcffdb74b98e2b200')
 
+sample_bm160 = unhexlify('79a324faeebcbf9849f310545ed531556882487e')
 
 magic = 0xE9BEB4D9
 
diff --git a/src/tests/test_crypto.py b/src/tests/test_crypto.py
@@ -17,10 +17,10 @@
     RIPEMD160 = None
 
 from .samples import (
-    sample_deterministic_ripe, sample_double_sha512, sample_hash_data,
-    sample_msg, sample_pubsigningkey, sample_pubencryptionkey,
-    sample_privsigningkey, sample_privencryptionkey, sample_ripe,
-    sample_seed, sample_sig, sample_sig_sha1
+    sample_bm160, sample_deterministic_ripe, sample_double_sha512,
+    sample_hash_data, sample_msg, sample_pubsigningkey,
+    sample_pubencryptionkey, sample_privsigningkey, sample_privencryptionkey,
+    sample_ripe, sample_seed, sample_sig, sample_sig_sha1
 )
 
 
@@ -73,6 +73,19 @@ def test_double_sha512(self):
             highlevelcrypto.double_sha512(sample_hash_data),
             sample_double_sha512)
 
+    def test_bm160(self):
+        """Formally check highlevelcrypto._bm160()"""
+        # pylint: disable=protected-access
+        self.assertEqual(
+            highlevelcrypto._bm160(sample_hash_data), sample_bm160)
+
+    def test_to_ripe(self):
+        """Formally check highlevelcrypto.to_ripe()"""
+        self.assertEqual(
+            hexlify(highlevelcrypto.to_ripe(
+                sample_pubsigningkey, sample_pubencryptionkey)),
+            sample_ripe)
+
     def test_randomBytes(self):
         """Dummy checks for random bytes"""
         for n in (8, 32, 64):
@@ -94,8 +107,7 @@ def test_deterministic_keys(self):
         enkey = highlevelcrypto.deterministic_keys(sample_seed, b'+')[1]
         self.assertEqual(
             sample_deterministic_ripe,
-            hexlify(TestHashlib._hashdigest(
-                hashlib.sha512(sigkey + enkey).digest())))
+            hexlify(highlevelcrypto.to_ripe(sigkey, enkey)))
 
     def test_signatures(self):
         """Verify sample signatures and newly generated ones"""
