Pixseal 0.2.2__pp38-pypy38_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl

Pixseal/__init__.py

@@ -0,0 +1,26 @@
+from .simpleImage import ImageInput, SimpleImage
+from .imageSigner import (
+    BinaryProvider,
+    addHiddenBit,
+    signImage,
+)
+from .imageValidator import (
+    binaryToString,
+    buildValidationReport,
+    deduplicate,
+    readHiddenBit,
+    validateImage,
+)
+
+__all__ = [
+    "SimpleImage",
+    "ImageInput",
+    "BinaryProvider",
+    "addHiddenBit",
+    "signImage",
+    "binaryToString",
+    "buildValidationReport",
+    "deduplicate",
+    "readHiddenBit",
+    "validateImage",
+]

Pixseal/imageSigner.py

@@ -0,0 +1,206 @@
+from pathlib import Path
+import base64
+from typing import TYPE_CHECKING
+
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import padding
+
+# profiler check
+try:
+    from line_profiler import profile
+except ImportError:
+
+    def profile(func):
+        return func
+
+
+# Dynamic typing
+from .simpleImage import (
+    ImageInput as _RuntimeImageInput,
+    SimpleImage as _RuntimeSimpleImage,
+)
+
+if TYPE_CHECKING:
+    from .simpleImage_py import ImageInput, SimpleImage
+else:
+    ImageInput = _RuntimeImageInput
+    SimpleImage = _RuntimeSimpleImage
+
+
+class BinaryProvider:
+
+    # Constructor
+    def __init__(
+        self,
+        hiddenString,
+        startString="START-VALIDATION\n",
+        endString="\nEND-VALIDATION",
+    ):
+        self.hiddenBits = self._stringToBits(hiddenString)
+        self.startBits = self._stringToBits(startString)
+        self.endBits = self._stringToBits(endString)
+
+    # Convert string to contiguous binary digits
+    def _stringToBits(self, string):
+        bits = []
+        for char in string:
+            binary = format(ord(char), "08b")
+            bits.extend(int(bit) for bit in binary)
+        return bits
+
+    def _expandPayload(self, count: int):
+        if count <= 0:
+            return []
+        payloadLen = len(self.hiddenBits)
+        if payloadLen == 0:
+            raise ValueError("Hidden payload is empty")
+        repeats, remainder = divmod(count, payloadLen)
+        return (self.hiddenBits * repeats) + self.hiddenBits[:remainder]
+
+    def buildBitArray(self, pixelCount: int):
+        startLen = len(self.startBits)
+        endLen = len(self.endBits)
+        if pixelCount < startLen + endLen:
+            raise ValueError("Image is too small to fit start/end sentinels")
+
+        bits = [0] * pixelCount
+
+        # 1. Place START-VALIDATION bits first
+        bits[:startLen] = self.startBits
+
+        # 2. Fill the remaining slots by repeating the payload bits
+        payloadSlots = pixelCount - startLen
+        payloadBits = self._expandPayload(payloadSlots)
+        bits[startLen:] = payloadBits[:payloadSlots]
+
+        # 3. Overwrite the tail with END-VALIDATION bits
+        tailStart = pixelCount - endLen
+        bits[tailStart:] = self.endBits
+
+        return bits
+
+
+@profile
+def addHiddenBit(imageInput: ImageInput, hiddenBinary: BinaryProvider):
+    img = SimpleImage.open(imageInput)
+    width, height = img.size
+    pixels = img._pixels  # direct buffer access for performance
+    total = width * height
+    payloadBits = hiddenBinary.buildBitArray(total)
+
+    # Iterate over every pixel and inject one bit
+    for idx in range(total):
+        base = idx * 3
+        # Read the pixel
+        r = pixels[base]
+        g = pixels[base + 1]
+        b = pixels[base + 2]
+
+        # Calculate the distance from 127
+        diffR = r - 127
+        if diffR < 0:
+            diffR = -diffR
+        diffG = g - 127
+        if diffG < 0:
+            diffG = -diffG
+        diffB = b - 127
+        if diffB < 0:
+            diffB = -diffB
+
+        # Pick the component farthest from 127
+        maxDiff = diffR
+        if diffG > maxDiff:
+            maxDiff = diffG
+        if diffB > maxDiff:
+            maxDiff = diffB
+
+        # Actual value of that channel
+        if maxDiff == diffR:
+            targetColorValue = r
+        elif maxDiff == diffG:
+            targetColorValue = g
+        else:
+            targetColorValue = b
+
+        # Channels >=127 are decremented, <127 incremented
+        addDirection = 1 if targetColorValue < 127 else -1
+
+        # Pull next bit from provider
+        bit = payloadBits[idx]
+
+        # Force the selected channel parity to match the bit
+        if maxDiff == diffR:
+            if r % 2 != bit:
+                r += addDirection
+        if maxDiff == diffG:
+            if g % 2 != bit:
+                g += addDirection
+        if maxDiff == diffB:
+            if b % 2 != bit:
+                b += addDirection
+
+        # Write the updated pixel
+        pixels[base] = r
+        pixels[base + 1] = g
+        pixels[base + 2] = b
+
+    # Return the modified image
+    return img
+
+
+def stringCryptor(plaintext: str, public_key) -> str:
+
+    ciphertext = public_key.encrypt(
+        plaintext.encode("utf-8"),
+        padding.OAEP(
+            mgf=padding.MGF1(algorithm=hashes.SHA256()),
+            algorithm=hashes.SHA256(),
+            label=None,
+        ),
+    )
+
+    return base64.b64encode(ciphertext).decode("ascii")
+
+
+# main
+# Image input (path or bytes) + payload string => returns image with embedded payload
+def signImage(imageInput: ImageInput, hiddenString, publicKeyPath=None):
+    """
+    Embed a payload into an image using the parity-based steganography scheme.
+
+    Args:
+        imageInput: File path, bytes, or file-like object accepted by SimpleImage.
+        hiddenString: Text payload that should be written into the image.
+        publicKeyPath: Optional path to a PEM-encoded RSA public key used to
+            encrypt the payload and sentinel markers before embedding.
+
+    Returns:
+        SimpleImage instance whose pixels include the signed payload.
+
+    Raises:
+        FileNotFoundError: If a public key path is provided but the file is missing.
+        ValueError: If the file is not a valid PEM public key.
+    """
+
+    if publicKeyPath:  # When encryption key is supplied
+        key_path = Path(publicKeyPath)
+        if not key_path.is_file():
+            raise FileNotFoundError(f"Public key file not found: {publicKeyPath}")
+
+        pem_data = key_path.read_bytes()
+        if b"BEGIN PUBLIC KEY" not in pem_data:
+            raise ValueError("Provided file does not contain a valid public key")
+
+        public_key = serialization.load_pem_public_key(pem_data)
+
+        hiddenBinary = BinaryProvider(
+            hiddenString=stringCryptor(hiddenString, public_key) + "\n",
+            startString=stringCryptor("START-VALIDATION", public_key) + "\n",
+            endString="\n" + stringCryptor("END-VALIDATION", public_key),
+        )
+
+    else:  # Plain-text payload
+        hiddenBinary = BinaryProvider(hiddenString + "\n")
+
+    signedImage = addHiddenBit(imageInput, hiddenBinary)
+    return signedImage

Pixseal/imageValidator.py

@@ -0,0 +1,221 @@
+import base64
+from typing import TYPE_CHECKING
+
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.primitives.asymmetric import padding
+
+# profiler check
+try:
+    from line_profiler import profile
+except ImportError:
+
+    def profile(func):
+        return func
+
+
+# Dynamic typing
+from .simpleImage import (
+    ImageInput as _RuntimeImageInput,
+    SimpleImage as _RuntimeSimpleImage,
+)
+
+if TYPE_CHECKING:
+    from .simpleImage_py import ImageInput, SimpleImage
+else:
+    ImageInput = _RuntimeImageInput
+    SimpleImage = _RuntimeSimpleImage
+
+
+def binaryToString(binaryCode):
+    string = []
+    for i in range(0, len(binaryCode), 8):
+        byte = binaryCode[i : i + 8]
+        decimal = int(byte, 2)
+        character = chr(decimal)
+        string.append(character)
+    return "".join(string)
+
+
+@profile
+def readHiddenBit(imageInput: ImageInput):
+    img = SimpleImage.open(imageInput)
+    width, height = img.size
+    pixels = img._pixels  # direct buffer access for performance
+    total = width * height
+    bits = []
+    append_bit = bits.append
+
+    for idx in range(total):
+        base = idx * 3
+        r = pixels[base]
+        g = pixels[base + 1]
+        b = pixels[base + 2]
+
+        diffR = r - 127
+        if diffR < 0:
+            diffR = -diffR
+        diffG = g - 127
+        if diffG < 0:
+            diffG = -diffG
+        diffB = b - 127
+        if diffB < 0:
+            diffB = -diffB
+
+        maxDiff = diffR
+        if diffG > maxDiff:
+            maxDiff = diffG
+        if diffB > maxDiff:
+            maxDiff = diffB
+
+        append_bit("1" if maxDiff % 2 == 0 else "0")
+
+    return "".join(bits)
+
+
+def deduplicate(arr):
+    deduplicated = []
+    freq = {}
+    most_common = None
+    most_count = 0
+
+    for i, value in enumerate(arr):
+        freq[value] = freq.get(value, 0) + 1
+        if freq[value] > most_count:
+            most_count = freq[value]
+            most_common = value
+
+        if i == 0 or value != arr[i - 1]:
+            deduplicated.append(value)
+
+    return deduplicated, most_common
+
+
+def tailCheck(arr: list[str]):
+    if len(arr) != 4:
+        return None  # Not required
+
+    full_cipher = arr[1]  # complete ciphertext
+    truncated_cipher = arr[2]  # incomplete ciphertext
+
+    return full_cipher.startswith(truncated_cipher)
+
+
+def buildValidationReport(decrypted, tailCheck: bool, skipPlain: bool = False):
+    # Length after deduplication/decryption
+    arrayLength = len(decrypted)
+
+    # 1. Check that the deduplicated sequence length is valid
+    lengthCheck = arrayLength in (3, 4)
+
+    # 2. Validate start/end markers
+    startCheck = decrypted[0] == "START-VALIDATION" if decrypted else False
+    endCheck = decrypted[-1] == "END-VALIDATION" if decrypted else False
+
+    # 4. Determine whether payload was successfully decrypted
+    decryptedPayload = decrypted[1] if len(decrypted) > 1 else ""
+    isDecrypted = bool(decryptedPayload) and not decryptedPayload.endswith("==")
+
+    checkList = [lengthCheck, startCheck, endCheck, isDecrypted]
+    # 5. Parse tailCheck result
+    if tailCheck is None:
+        tailCheckResult = "Not Required"
+    else:
+        tailCheckResult = tailCheck
+        checkList.append(tailCheckResult)
+
+    # Overall verdict requires every check to pass
+    verdict = all(checkList)
+
+    result = {
+        "arrayLength": arrayLength,
+        "lengthCheck": lengthCheck,
+        "startCheck": startCheck,
+        "endCheck": endCheck,
+        "isDecrypted": isDecrypted,
+        "tailCheckResult": tailCheckResult,
+        "verdict": verdict,
+    }
+
+    if skipPlain:
+        result["decryptSkipMessage"] = (
+            "Skip decrypt: payload was plain or corrupted text despite decrypt request."
+        )
+
+    return result
+
+
+def decrypt_array(deduplicated, privKeyPath):
+    # Load PEM private key
+    with open(privKeyPath, "rb") as key_file:
+        private_key = serialization.load_pem_private_key(
+            key_file.read(),
+            password=None,
+        )
+
+    decrypted = []
+    skippedPlainCount = 0
+    decryptError = False
+    for item in deduplicated:
+        if item.endswith("=="):
+            try:
+                cipher_bytes = base64.b64decode(item)
+                plain_bytes = private_key.decrypt(
+                    cipher_bytes,
+                    padding.OAEP(
+                        mgf=padding.MGF1(algorithm=hashes.SHA256()),
+                        algorithm=hashes.SHA256(),
+                        label=None,
+                    ),
+                )
+                decrypted.append(plain_bytes.decode("utf-8"))
+            except Exception as exc:
+                print(exc)
+                decryptError = True
+                decrypted.append(item)
+        else:
+            skippedPlainCount += 1
+            decrypted.append(item)
+
+    expectedPlainCount = 0
+    if len(deduplicated) == 4:
+        expectedPlainCount = 1
+
+    skippedPlain = decryptError or skippedPlainCount != expectedPlainCount
+
+    return decrypted, skippedPlain
+
+
+# main
+def validateImage(imageInput: ImageInput, privKeyPath=None):
+    """
+    Extract the embedded payload from an image and optionally decrypt it.
+
+    Args:
+        imageInput: File path, bytes, or file-like object accepted by SimpleImage.
+        privKeyPath: Optional path to a PEM-encoded RSA private key used to
+            decrypt the extracted ciphertext.
+
+    Returns:
+        Dict with the most common extracted string, decrypted sequence, and
+        a validation report describing the sentinel checks and verdict.
+    """
+    resultBinary = readHiddenBit(imageInput)
+    resultString = binaryToString(resultBinary)
+    splited = resultString.split("\n")
+    deduplicated, most_common = deduplicate(splited)
+
+    if privKeyPath:
+        decrypted, skippedPlain = decrypt_array(deduplicated, privKeyPath)
+    else:
+        decrypted = deduplicated
+        skippedPlain = False
+
+    report = buildValidationReport(
+        decrypted=decrypted, tailCheck=tailCheck(deduplicated), skipPlain=skippedPlain
+    )
+
+    return {
+        "extractedString": decrypt_array({most_common}, privKeyPath)[0][0],
+        "decrypted": decrypted,
+        "validationReport": report,
+    }

Pixseal/simpleImage.py

@@ -0,0 +1,35 @@
+"""
+Loader that prefers the Cython implementation and falls back to pure Python.
+Use environment variable PIXSEAL_SIMPLEIMAGE_BACKEND to force a backend:
+  - "cython": require compiled extension
+  - "python": force pure Python implementation
+"""
+
+from os import getenv
+
+_backend = getenv("PIXSEAL_SIMPLEIMAGE_BACKEND", "auto").lower()
+_loaded_module = "Pixseal.simpleImage_py"
+
+if _backend == "python":
+    from . import simpleImage_py as _impl  # type: ignore
+elif _backend == "cython":
+    try:
+        from . import simpleImage_ext as _impl  # type: ignore
+    except ImportError as exc:  # pragma: no cover
+        raise ImportError(
+            "Cython backend requested but Pixseal.simpleImage_ext is not available. "
+            "Build the extension or choose the python backend."
+        ) from exc
+else:
+    try:  # pragma: no cover
+        from . import simpleImage_ext as _impl  # type: ignore
+    except ImportError:  # pragma: no cover
+        from . import simpleImage_py as _impl  # type: ignore
+
+SimpleImage = _impl.SimpleImage  # type: ignore
+ImageInput = _impl.ImageInput  # type: ignore
+_loaded_module = _impl.__name__
+
+print(f"[SimpleImage] Loaded from: {_loaded_module}")
+
+__all__ = ["SimpleImage", "ImageInput"]