lunalib 1.5.1__py3-none-any.whl

lunalib/transactions/security.py

@@ -0,0 +1,234 @@
+import time
+import hashlib
+from typing import Dict, Tuple
+
+class TransactionSecurity:
+    """Enhanced transaction security system with SM2 support"""
+    
+    def __init__(self):
+        self.min_transaction_amount = 0.000001
+        self.max_transaction_amount = 100000000
+        self.required_fee = 0.00001
+        self.rate_limits = {}
+        self.blacklisted_addresses = set()
+        
+        # Try to import SM2 KeyManager
+        try:
+            from ..core.crypto import KeyManager as SM2KeyManager
+            self.key_manager = SM2KeyManager()
+            self.sm2_available = True
+            print("[SECURITY] SM2 KeyManager loaded successfully")
+        except ImportError as e:
+            self.key_manager = None
+            self.sm2_available = False
+            print(f"[SECURITY] SM2 KeyManager not available: {e}")
+    
+    def validate_transaction_security(self, transaction: Dict) -> Tuple[bool, str]:
+        """Comprehensive transaction security validation with SM2"""
+        tx_type = transaction.get("type", "").lower()
+        
+        if tx_type == "gtx_genesis":
+            return self._validate_genesis_transaction(transaction)
+        elif tx_type == "reward":
+            return self._validate_reward_transaction(transaction)
+        elif tx_type == "transfer":
+            return self._validate_transfer_transaction(transaction)
+        else:
+            return False, f"Unknown transaction type: {tx_type}"
+    
+    def _validate_genesis_transaction(self, transaction: Dict) -> Tuple[bool, str]:
+        """Validate GTX Genesis transaction"""
+        required_fields = ["bill_serial", "denomination", "mining_difficulty", "hash", "nonce"]
+        for field in required_fields:
+            if field not in transaction:
+                return False, f"Missing GTX field: {field}"
+        
+        # Validate denomination
+        denomination = transaction.get("denomination")
+        valid_denominations = [1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000]
+        if denomination not in valid_denominations:
+            return False, f"Invalid denomination: {denomination}"
+        
+        # Validate mining proof
+        if not self._validate_mining_proof(transaction):
+            return False, "Invalid mining proof"
+        
+        return True, "Valid GTX Genesis transaction"
+    
+    def _validate_reward_transaction(self, transaction: Dict) -> Tuple[bool, str]:
+        """Validate reward transaction"""
+        required_fields = ["from", "to", "amount", "block_height", "hash"]
+        for field in required_fields:
+            if field not in transaction:
+                return False, f"Missing reward field: {field}"
+        
+        # Only network can create rewards
+        if transaction.get("from") != "network":
+            return False, "Unauthorized reward creation"
+        
+        return True, "Valid reward transaction"
+    
+    def _validate_transfer_transaction(self, transaction: Dict) -> Tuple[bool, str]:
+        """Validate transfer transaction with SM2 signature"""
+        required_fields = ["from", "to", "amount", "signature", "public_key", "nonce"]
+        for field in required_fields:
+            if field not in transaction:
+                return False, f"Missing field: {field}"
+        
+        # Amount validation
+        amount = transaction.get("amount", 0)
+        if amount < self.min_transaction_amount:
+            return False, f"Amount below minimum: {self.min_transaction_amount}"
+        if amount > self.max_transaction_amount:
+            return False, f"Amount above maximum: {self.max_transaction_amount}"
+        
+        # Fee validation
+        fee = transaction.get("fee", 0)
+        if fee < self.required_fee:
+            return False, f"Insufficient fee: {fee} (required: {self.required_fee})"
+        
+        # SM2 Signature validation
+        if not self._validate_signature_sm2(transaction):
+            return False, "Invalid SM2 signature"
+        
+        # Anti-spam checks
+        from_address = transaction.get("from", "")
+        if not self._check_rate_limit(from_address):
+            return False, "Rate limit exceeded"
+        
+        if self._is_blacklisted(from_address):
+            return False, "Address is blacklisted"
+        
+        return True, "Valid transfer transaction"
+    
+    def _validate_signature_sm2(self, transaction: Dict) -> bool:
+        """Validate transaction signature using SM2"""
+        try:
+            signature = transaction.get("signature", "")
+            public_key = transaction.get("public_key", "")
+            tx_type = transaction.get("type", "").lower()
+            
+            # Skip system transactions
+            if tx_type in ["gtx_genesis", "reward"]:
+                return True
+            
+            # For unsigned test transactions
+            if signature in ["system", "unsigned", "test"]:
+                print(f"[SECURITY] Skipping signature check for system/unsigned transaction")
+                return True
+            
+            # Check SM2 signature length (should be 128 hex chars = 64 bytes)
+            if len(signature) != 128:
+                print(f"[SECURITY] Invalid SM2 signature length: {len(signature)} (expected 128)")
+                return False
+            
+            # Check if all characters are valid hex
+            if not all(c in "0123456789abcdefABCDEF" for c in signature):
+                print(f"[SECURITY] Signature contains non-hex characters")
+                return False
+            
+            # Check public key format (should start with '04' for uncompressed)
+            if not public_key.startswith('04'):
+                print(f"[SECURITY] Invalid public key format: {public_key[:20]}...")
+                return False
+            
+            # Use KeyManager for verification if available
+            if self.sm2_available and self.key_manager:
+                # Create signing data string
+                signing_data = self._get_signing_data(transaction)
+                
+                # Verify signature
+                is_valid = self.key_manager.verify_signature(signing_data, signature, public_key)
+                print(f"[SECURITY] SM2 signature verification: {is_valid}")
+                return is_valid
+            
+            # Fallback: Basic format check if SM2 not available
+            print(f"[SECURITY] SM2 not available, using basic signature validation")
+            return len(signature) == 128 and signature.startswith(('04', '03', '02'))
+            
+        except Exception as e:
+            print(f"[SECURITY] Signature validation error: {e}")
+            return False
+    
+    def _get_signing_data(self, transaction: Dict) -> str:
+        """Create data string for signing"""
+        # Create copy without signature and hash
+        tx_copy = {k: v for k, v in transaction.items() 
+                  if k not in ['signature', 'hash']}
+        
+        # Sort keys and convert to string
+        import json
+        return json.dumps(tx_copy, sort_keys=True)
+    
+    def _validate_mining_proof(self, transaction: Dict) -> bool:
+        """Validate mining proof-of-work"""
+        try:
+            difficulty = transaction.get("mining_difficulty", 0)
+            bill_hash = transaction.get("hash", "")
+            
+            # Verify difficulty requirement
+            target = "0" * difficulty
+            return bill_hash.startswith(target)
+        except:
+            return False
+    
+    def _validate_signature(self, transaction: Dict) -> bool:
+        """Legacy signature validation (for backward compatibility)"""
+        print(f"[SECURITY] Using legacy signature validation")
+        return self._validate_signature_sm2(transaction)
+    
+    def _check_rate_limit(self, address: str) -> bool:
+        """Check transaction rate limiting"""
+        now = time.time()
+        
+        if address not in self.rate_limits:
+            self.rate_limits[address] = []
+        
+        # Remove old entries (older than 1 minute)
+        self.rate_limits[address] = [t for t in self.rate_limits[address] if now - t < 60]
+        
+        # Check if over limit (10 transactions per minute)
+        if len(self.rate_limits[address]) >= 10:
+            return False
+        
+        self.rate_limits[address].append(now)
+        return True
+    
+    def _is_blacklisted(self, address: str) -> bool:
+        """Check if address is blacklisted"""
+        return address.lower() in self.blacklisted_addresses
+    
+    def blacklist_address(self, address: str):
+        """Add address to blacklist"""
+        self.blacklisted_addresses.add(address.lower())
+    
+    def calculate_security_score(self, transaction: Dict) -> int:
+        """Calculate security score for transaction with SM2 bonus"""
+        score = 0
+        
+        # Signature strength (SM2 gives higher score)
+        signature = transaction.get("signature", "")
+        if len(signature) == 128:  # SM2 signature
+            score += 60  # Higher score for SM2
+        elif len(signature) == 64:  # Legacy ECDSA
+            score += 40
+        
+        # Public key presence
+        public_key = transaction.get("public_key", "")
+        if public_key and public_key.startswith('04'):
+            score += 30  # SM2 uncompressed format
+        
+        # Timestamp freshness
+        timestamp = transaction.get("timestamp", 0)
+        if time.time() - timestamp < 600:  # 10 minutes
+            score += 20
+        
+        # Nonce uniqueness
+        if transaction.get("nonce"):
+            score += 10
+        
+        # Additional security features
+        if transaction.get("security_hash"):
+            score += 10
+        
+        return min(score, 100)

lunalib/transactions/transactions.py

@@ -0,0 +1,399 @@
+# lunalib/transactions/transactions.py
+import time
+import hashlib
+import json
+from typing import Dict, Optional, Tuple, List
+from ..core.mempool import MempoolManager
+
+# Import REAL SM2 KeyManager from crypto module
+try:
+    from ..core.crypto import KeyManager as SM2KeyManager
+    SM2_AVAILABLE = True
+    print("DEBUG: Using SM2 KeyManager from crypto module")
+except ImportError as e:
+    SM2_AVAILABLE = False
+    print(f"WARNING: SM2 KeyManager not available: {e}")
+
+class TransactionSecurity:
+    """Transaction security validation and risk assessment"""
+    
+    def validate_transaction(self, transaction: Dict) -> Tuple[bool, str]:
+        """Validate transaction structure"""
+        required_fields = ['type', 'from', 'to', 'amount', 'timestamp', 'hash']
+        for field in required_fields:
+            if field not in transaction:
+                return False, f'Missing required field: {field}'
+        
+        # Validate amount
+        if transaction['amount'] <= 0 and transaction['type'] != 'reward':
+            return False, 'Amount must be positive'
+            
+        return True, 'Valid'
+    
+    def assess_risk(self, transaction: Dict) -> Tuple[str, str]:
+        """Assess transaction risk level"""
+        amount = transaction.get('amount', 0)
+        tx_type = transaction.get('type', 'transfer')
+        
+        if tx_type in ['gtx_genesis', 'reward']:
+            return 'very_low', 'System transaction'
+        
+        if amount > 1000000:
+            return 'high', 'Very large transaction'
+        elif amount > 100000:
+            return 'medium', 'Large transaction'
+        else:
+            return 'low', 'Normal transaction'
+
+class FeeCalculator:
+    """Simple fee calculation"""
+    
+    def __init__(self):
+        self.fee_config = {
+            'transfer': 0.001,
+            'reward': 0.0,
+            'gtx_genesis': 0.0
+        }
+    
+    def get_fee(self, transaction_type: str) -> float:
+        """Get fee for transaction type"""
+        return self.fee_config.get(transaction_type, 0.001)
+
+class TransactionManager:
+    """Handles transaction creation, signing, validation, and broadcasting"""
+    
+    def __init__(self, network_endpoints: List[str] = None):
+        self.security = TransactionSecurity()
+        self.fee_calculator = FeeCalculator()
+        self.mempool_manager = MempoolManager(network_endpoints)
+        
+        # Initialize SM2 KeyManager if available
+        if SM2_AVAILABLE:
+            self.key_manager = SM2KeyManager()
+        else:
+            print("ERROR: SM2 KeyManager not available - cannot sign transactions")
+            self.key_manager = None
+    
+    def create_transaction(self, from_address: str, to_address: str, amount: float, 
+                        private_key: Optional[str] = None, memo: str = "",
+                        transaction_type: str = "transfer") -> Dict:
+        """Create and sign a transaction"""
+        
+        # Calculate fee
+        fee = self.fee_calculator.get_fee(transaction_type)
+        
+        transaction = {
+            "type": transaction_type,
+            "from": from_address,
+            "to": to_address,
+            "amount": float(amount),
+            "fee": fee,
+            "timestamp": int(time.time()),
+            "memo": memo,
+            "version": "2.0"  # Version 2.0 = SM2 signatures
+        }
+        
+        # Sign transaction with SM2 if private key provided
+        if private_key and self.key_manager:
+            try:
+                # Sign the transaction data
+                tx_string = self._get_signing_data(transaction)
+                
+                print(f"[TRANSACTIONS CREATE DEBUG] Signing data: {tx_string}")
+                print(f"[TRANSACTIONS CREATE DEBUG] Private key available: {bool(private_key)}")
+                print(f"[TRANSACTIONS CREATE DEBUG] Private key length: {len(private_key)}")
+                
+                signature = self.key_manager.sign_data(tx_string, private_key)
+                
+                # Get public key from private key
+                public_key = self.key_manager.derive_public_key(private_key)
+                
+                print(f"[TRANSACTIONS CREATE DEBUG] Generated signature: {signature}")
+                print(f"[TRANSACTIONS CREATE DEBUG] Generated public key: {public_key}")
+                print(f"[TRANSACTIONS CREATE DEBUG] Signature length: {len(signature)}")
+                print(f"[TRANSACTIONS CREATE DEBUG] Public key length: {len(public_key)}")
+                
+                transaction["signature"] = signature
+                transaction["public_key"] = public_key
+                
+                # Immediately test verification
+                test_verify = self.key_manager.verify_signature(tx_string, signature, public_key)
+                print(f"[TRANSACTIONS CREATE DEBUG] Immediate self-verification: {test_verify}")
+                
+                if not test_verify:
+                    print(f"[TRANSACTIONS CREATE ERROR] Signature doesn't verify immediately!")
+                    print(f"[TRANSACTIONS CREATE ERROR] This suggests an SM2 implementation issue")
+                    
+            except Exception as e:
+                print(f"[TRANSACTIONS CREATE ERROR] Signing failed: {e}")
+                import traceback
+                traceback.print_exc()
+                transaction["signature"] = "unsigned"
+                transaction["public_key"] = "unsigned"
+        else:
+            # For unsigned transactions (rewards, gtx_genesis)
+            transaction["signature"] = "unsigned"
+            transaction["public_key"] = "unsigned"
+        
+        # Calculate transaction hash (must be last)
+        transaction["hash"] = self._calculate_transaction_hash(transaction)
+        
+        return transaction
+    
+    def send_transaction(self, transaction: Dict) -> Tuple[bool, str]:
+        """Send transaction to mempool for broadcasting"""
+        try:
+            # Validate transaction first
+            is_valid, message = self.validate_transaction(transaction)
+            if not is_valid:
+                return False, f"Validation failed: {message}"
+            
+            # Verify signature for non-system transactions
+            if transaction["type"] == "transfer":
+                if not self.verify_transaction_signature(transaction):
+                    return False, "Invalid transaction signature"
+            
+            # Add to mempool
+            success = self.mempool_manager.add_transaction(transaction)
+            if success:
+                return True, f"Transaction added to mempool: {transaction.get('hash', '')[:16]}..."
+            else:
+                return False, "Failed to add transaction to mempool"
+                
+        except Exception as e:
+            return False, f"Error sending transaction: {str(e)}"
+    
+    # TRANSFER TRANSACTION
+    def create_transfer(self, from_address: str, to_address: str, amount: float,
+                       private_key: str, memo: str = "") -> Dict:
+        """Create a transfer transaction"""
+        return self.create_transaction(
+            from_address=from_address,
+            to_address=to_address,
+            amount=amount,
+            private_key=private_key,
+            memo=memo,
+            transaction_type="transfer"
+        )
+    
+    # SYSTEM TRANSACTIONS (unsigned)
+    def create_gtx_transaction(self, bill_info: Dict) -> Dict:
+        """Create GTX Genesis transaction from mined bill"""
+        transaction = {
+            "type": "gtx_genesis",
+            "from": "mining",
+            "to": bill_info.get("owner_address", "unknown"),
+            "amount": float(bill_info.get("denomination", 0)),
+            "fee": 0.0,
+            "timestamp": int(time.time()),
+            "bill_serial": bill_info.get("serial", ""),
+            "mining_difficulty": bill_info.get("difficulty", 0),
+            "signature": "system",
+            "public_key": "system",
+            "version": "2.0"
+        }
+        transaction["hash"] = self._calculate_transaction_hash(transaction)
+        return transaction
+    
+    def create_reward_transaction(self, to_address: str, amount: float, 
+                                block_height: int) -> Dict:
+        """Create reward transaction"""
+        transaction = {
+            "type": "reward",
+            "from": "network",
+            "to": to_address,
+            "amount": float(amount),
+            "fee": 0.0,
+            "block_height": block_height,
+            "timestamp": int(time.time()),
+            "signature": "system",
+            "public_key": "system",
+            "version": "2.0"
+        }
+        transaction["hash"] = self._generate_reward_hash(to_address, amount, block_height)
+        return transaction
+    
+    # VALIDATION METHODS
+    def validate_transaction(self, transaction: Dict) -> Tuple[bool, str]:
+        """Validate transaction using security module"""
+        return self.security.validate_transaction(transaction)
+    
+    def verify_transaction_signature(self, transaction: Dict) -> bool:
+        """Verify transaction signature with SM2"""
+        try:
+            signature = transaction.get("signature", "")
+            tx_type = transaction.get("type", "").lower()
+            
+            # System transactions are always valid
+            if signature in ["system", "unsigned", "test"]:
+                print(f"[TRANSACTIONS] Skipping signature check for {signature} transaction")
+                return True
+            
+            if not self.key_manager:
+                print("[TRANSACTIONS] No key manager available for verification")
+                return False
+            
+            # Check SM2 signature format
+            if len(signature) != 128:
+                print(f"[TRANSACTIONS] Invalid SM2 signature length: {len(signature)} (expected 128)")
+                return False
+            
+            # Get signing data (without public_key!)
+            sign_data = self._get_signing_data(transaction)
+            public_key = transaction.get("public_key", "")
+            
+            print(f"[TRANSACTIONS VERIFY] Signing data length: {len(sign_data)}")
+            print(f"[TRANSACTIONS VERIFY] Signing data (first 100 chars): {sign_data[:100]}")
+            
+            # Try to verify with KeyManager
+            print(f"[TRANSACTIONS] Attempting verification...")
+            is_valid = self.key_manager.verify_signature(sign_data, signature, public_key)
+            
+            print(f"[TRANSACTIONS] SM2 signature verification result: {is_valid}")
+            
+            return is_valid
+            
+        except Exception as e:
+            print(f"[TRANSACTIONS] Verification error: {e}")
+            import traceback
+            traceback.print_exc()
+            return False
+    def _debug_signature_issue(self, transaction: Dict, sign_data: str, signature: str, public_key: str):
+        """Debug why signature verification is failing"""
+        print("\n" + "="*60)
+        print("DEBUGGING SIGNATURE ISSUE")
+        print("="*60)
+        
+        # 1. Check if we can sign and verify a simple test
+        print("\n1. Testing SM2 with simple message...")
+        test_message = "Simple test message"
+        test_private = self.key_manager.generate_private_key()
+        test_public = self.key_manager.derive_public_key(test_private)
+        test_sig = self.key_manager.sign_data(test_message, test_private)
+        test_valid = self.key_manager.verify_signature(test_message, test_sig, test_public)
+        print(f"   Simple test verification: {test_valid}")
+        
+        # 2. Try to recreate what was signed during transaction creation
+        print("\n2. Reconstructing original transaction data...")
+        # Create the exact transaction data that should have been signed
+        reconstructed = {
+            "amount": float(transaction["amount"]),
+            "fee": float(transaction["fee"]),
+            "from": transaction["from"],
+            "memo": transaction.get("memo", ""),
+            "timestamp": int(transaction["timestamp"]),
+            "to": transaction["to"],
+            "type": transaction["type"],
+            "version": transaction.get("version", "2.0")
+        }
+        
+        import json
+        reconstructed_json = json.dumps(reconstructed, sort_keys=True)
+        print(f"   Reconstructed JSON: {reconstructed_json}")
+        print(f"   Current signing data: {sign_data}")
+        print(f"   Are they equal? {reconstructed_json == sign_data}")
+        print(f"   Length difference: {len(reconstructed_json)} vs {len(sign_data)}")
+        
+        # 3. Check for whitespace differences
+        print("\n3. Checking for whitespace differences...")
+        print(f"   Reconstructed has spaces: {' ' in reconstructed_json}")
+        print(f"   Sign data has spaces: {' ' in sign_data}")
+        
+        # 4. Check float formatting
+        print("\n4. Checking float formatting...")
+        print(f"   Amount in tx: {transaction['amount']} (type: {type(transaction['amount'])})")
+        print(f"   Amount in reconstructed: {reconstructed['amount']} (type: {type(reconstructed['amount'])})")
+        
+        # 5. Try different JSON serialization options
+        print("\n5. Trying different JSON formats...")
+        formats = [
+            ("Compact", lambda x: json.dumps(x, sort_keys=True, separators=(',', ':'))),
+            ("Default", lambda x: json.dumps(x, sort_keys=True)),
+            ("Indented", lambda x: json.dumps(x, sort_keys=True, indent=2)),
+        ]
+        
+        for name, formatter in formats:
+            formatted = formatter(reconstructed)
+            is_valid_test = self.key_manager.verify_signature(formatted, signature, public_key)
+            print(f"   {name} format: {is_valid_test} (length: {len(formatted)})")
+        
+        print("="*60 + "\n")
+    def assess_transaction_risk(self, transaction: Dict) -> Tuple[str, str]:
+        """Assess transaction risk level"""
+        return self.security.assess_risk(transaction)
+    
+    # MEMPOOL MANAGEMENT
+    def get_pending_transactions(self, address: str = None) -> List[Dict]:
+        """Get pending transactions from mempool"""
+        return self.mempool_manager.get_pending_transactions(address)
+    
+    def is_transaction_pending(self, tx_hash: str) -> bool:
+        """Check if transaction is pending in mempool"""
+        return self.mempool_manager.is_transaction_pending(tx_hash)
+    
+    def _get_signing_data(self, transaction: Dict) -> str:
+        """Create data string for signing - MUST match signing process exactly"""
+        # IMPORTANT: During signing, the transaction does NOT have 'public_key' yet!
+        # It's added AFTER signing. So we must exclude it during verification too.
+        
+        # Fields that should NOT be included in signing data:
+        exclude_fields = ['signature', 'hash', 'public_key']
+        
+        # Create copy without excluded fields
+        tx_copy = {k: v for k, v in transaction.items() 
+                if k not in exclude_fields}
+        
+        # Use the EXACT same format as during creation
+        import json
+        
+        # Ensure consistent data types
+        for key in ['amount', 'fee']:
+            if key in tx_copy:
+                tx_copy[key] = float(tx_copy[key])
+        
+        if 'timestamp' in tx_copy:
+            tx_copy['timestamp'] = int(tx_copy['timestamp'])
+        
+        # Use COMPACT JSON (no extra spaces) - this is critical!
+        return json.dumps(tx_copy, sort_keys=True, separators=(',', ':'))   
+    def _calculate_transaction_hash(self, transaction: Dict) -> str:
+        """Calculate transaction hash"""
+        # Remove existing hash if present
+        tx_copy = transaction.copy()
+        tx_copy.pop("hash", None)
+        
+        # Convert to JSON and hash
+        data_string = json.dumps(tx_copy, sort_keys=True)
+        return hashlib.sha256(data_string.encode()).hexdigest()
+    
+    def _generate_reward_hash(self, to_address: str, amount: float, 
+                            block_height: int) -> str:
+        """Generate unique hash for reward transaction"""
+        data = f"reward_{to_address}_{amount}_{block_height}_{time.time_ns()}"
+        return hashlib.sha256(data.encode()).hexdigest()
+    
+    def stop(self):
+        """Stop the transaction manager"""
+        self.mempool_manager.stop()
+
+# Create a global instance for convenience
+_transaction_manager = None
+
+def get_transaction_manager() -> TransactionManager:
+    """Get or create global transaction manager instance"""
+    global _transaction_manager
+    if _transaction_manager is None:
+        _transaction_manager = TransactionManager()
+    return _transaction_manager
+
+# Convenience functions
+def create_transfer(from_address: str, to_address: str, amount: float,
+                   private_key: str, memo: str = "") -> Dict:
+    """Create transfer transaction (convenience function)"""
+    mgr = get_transaction_manager()
+    return mgr.create_transfer(from_address, to_address, amount, private_key, memo)
+
+def send_transaction(transaction: Dict) -> Tuple[bool, str]:
+    """Send transaction (convenience function)"""
+    mgr = get_transaction_manager()
+    return mgr.send_transaction(transaction)