sidan-gin 0.1.7__py3-none-any.whl

sidan_gin/__init__.py

@@ -0,0 +1,5 @@
+# flake8: noqa
+
+from .encryption import *
+from .types import *
+from .wallet import *

sidan_gin/encryption/__init__.py

@@ -0,0 +1,3 @@
+# flake8: noqa
+
+from .cipher import *

sidan_gin/encryption/cipher.py

@@ -0,0 +1,147 @@
+import base64
+import json
+import os
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
+from cryptography.hazmat.primitives.hashes import SHA256
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+
+
+def encrypt_with_cipher(
+    data: str, key: str, initialization_vector_size: int = 12
+) -> str:
+    """
+    Encrypt data using AES-GCM with a derived key from PBKDF2 and SHA-256.
+
+    :param data: The plaintext data to encrypt.
+    :param key: The input key used for encryption.
+    :param initialization_vector_size: The size of the IV (default is 12 bytes for AES-GCM).
+    :return: A JSON string containing the IV and ciphertext (both base64-encoded).
+    :raises ValueError: If encryption fails or input data is invalid.
+    """
+    # Derive a cryptographic key from the input key using PBKDF2 and SHA-256
+    salt = bytes(
+        initialization_vector_size
+    )  # Using a fixed salt (empty for simplicity)
+    kdf = PBKDF2HMAC(
+        algorithm=SHA256(),
+        length=32,  # AES-256 requires a 256-bit key (32 bytes)
+        salt=salt,
+        iterations=100_000,
+        backend=default_backend(),
+    )
+    derived_key = kdf.derive(key.encode())
+
+    # Generate a random IV
+    iv = os.urandom(initialization_vector_size)  # Generate a random IV
+    try:
+        # Initialize AES-GCM cipher
+        cipher = Cipher(
+            algorithms.AES(derived_key),
+            modes.GCM(iv),
+            backend=default_backend(),
+        )
+        encryptor = cipher.encryptor()
+
+        # Encrypt the data
+        ciphertext = encryptor.update(data.encode()) + encryptor.finalize()
+
+        # Get the authentication tag
+        tag = encryptor.tag
+
+        # Append the tag to the ciphertext to match Web Crypto API behavior
+        ciphertext_with_tag = ciphertext + tag
+    except Exception as e:
+        raise ValueError("Encryption failed") from e
+
+    # Encode the IV and ciphertext (with tag) in base64
+    iv_base64 = base64.b64encode(iv).decode("utf-8")
+    ciphertext_base64 = base64.b64encode(ciphertext_with_tag).decode("utf-8")
+
+    # Create a JSON-like string containing the IV and ciphertext
+    result = {
+        "iv": iv_base64,
+        "ciphertext": ciphertext_base64,
+    }
+
+    return json.dumps(result)
+
+
+def decrypt_with_cipher(encrypted_data_json: str, key: str) -> str:
+    """
+    Decrypt data encrypted with AES-GCM using a derived key from PBKDF2 and SHA-256.
+    Supports both new format (with salt) and legacy format (without salt) for backward compatibility.
+    """
+    # Parse the encrypted data from JSON
+    try:
+        encrypted_data = json.loads(encrypted_data_json)
+        iv_base64 = encrypted_data["iv"]
+        ciphertext_base64 = encrypted_data["ciphertext"]
+        salt_base64 = encrypted_data.get("salt")  # Optional for backward compatibility
+    except (KeyError, json.JSONDecodeError) as e:
+        raise ValueError("Invalid encrypted data JSON") from e
+
+    # Decode IV from base64
+    try:
+        iv = base64.b64decode(iv_base64)
+    except base64.binascii.Error as e:
+        raise ValueError("Failed to decode IV") from e
+
+    # Decode ciphertext from base64
+    try:
+        ciphertext_with_tag = base64.b64decode(ciphertext_base64)
+    except base64.binascii.Error as e:
+        raise ValueError("Failed to decode ciphertext") from e
+
+    # Handle salt - support both new format (with salt) and legacy format (without salt)
+    if salt_base64 is not None and salt_base64 != "":
+        # New format: use the provided salt
+        try:
+            salt = base64.b64decode(salt_base64)
+        except base64.binascii.Error as e:
+            raise ValueError("Failed to decode salt") from e
+    else:
+        # Legacy format: use zero-filled salt of IV length for backward compatibility
+        salt = bytes(len(iv))
+
+    # Derive cryptographic key from password using PBKDF2
+    # Matches frontend: 100,000 iterations, SHA-256, 256-bit key
+    kdf = PBKDF2HMAC(
+        algorithm=SHA256(),
+        length=32,  # AES-256 requires a 256-bit key (32 bytes)
+        salt=salt,
+        iterations=100_000,
+        backend=default_backend(),
+    )
+    derived_key = kdf.derive(key.encode())
+
+    # In GCM mode, the tag is appended to the ciphertext
+    # Standard GCM tag length is 16 bytes (128 bits)
+    tag_length = 16
+    ciphertext = ciphertext_with_tag[:-tag_length]
+    tag = ciphertext_with_tag[-tag_length:]
+
+    # Initialize AES-GCM cipher for decryption
+    try:
+        cipher = Cipher(
+            algorithms.AES(derived_key),
+            modes.GCM(iv, tag),  # Pass the extracted tag to GCM mode
+            backend=default_backend(),
+        )
+        decryptor = cipher.decryptor()
+
+        # Decrypt the data
+        decrypted_data = decryptor.update(ciphertext) + decryptor.finalize()
+    except Exception as e:
+        raise ValueError(
+            "Failed to decrypt (incorrect password or corrupted data)"
+        ) from e
+
+    # Convert the decrypted data back to a string
+    try:
+        decrypted_str = decrypted_data.decode("utf-8")
+    except UnicodeDecodeError as e:
+        raise ValueError("Failed to convert decrypted data to UTF-8") from e
+
+    return decrypted_str

sidan_gin/python_signing_module/.git

@@ -0,0 +1 @@
+gitdir: ../../../.git/modules/src/sidan_gin/python_signing_module

sidan_gin/python_signing_module/.gitignore

@@ -0,0 +1,10 @@
+/.idea
+/cmake-build-*
+build
+/target
+Cargo.lock
+lib.rs.h
+libsigner.a
+*.so
+CardanoSigner.py
+__pycache__/

sidan_gin/python_signing_module/.vscode/settings.json

@@ -0,0 +1,32 @@
+{
+    "files.associations": {
+        "iosfwd": "cpp",
+        "vector": "cpp",
+        "stdexcept": "cpp",
+        "string": "cpp",
+        "__verbose_abort": "cpp",
+        "array": "cpp",
+        "cstddef": "cpp",
+        "cstdint": "cpp",
+        "cstdio": "cpp",
+        "cstdlib": "cpp",
+        "cstring": "cpp",
+        "cwchar": "cpp",
+        "execution": "cpp",
+        "memory": "cpp",
+        "initializer_list": "cpp",
+        "limits": "cpp",
+        "new": "cpp",
+        "string_view": "cpp",
+        "typeinfo": "cpp",
+        "variant": "cpp",
+        "cctype": "cpp",
+        "cmath": "cpp",
+        "ctime": "cpp",
+        "cwctype": "cpp",
+        "optional": "cpp",
+        "ratio": "cpp",
+        "algorithm": "cpp",
+        "*.rs": "rust"
+    }
+}

sidan_gin/python_signing_module/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "signer"
+version = "0.1.0"
+edition = "2021"
+
+[lib]
+crate-type = ["staticlib"]
+
+[dependencies]
+cxx = "1.0"
+whisky = "1.0.3"
+
+[build-dependencies]
+cxx-build = "1.0"

sidan_gin/python_signing_module/README.md

@@ -0,0 +1,2 @@
+# python-signing-module
+Python signing module, implementation in Rust, ported over to C++, then to Python.

sidan_gin/python_signing_module/__init__.py

@@ -0,0 +1 @@
+from .src import CardanoSigner

sidan_gin/python_signing_module/build.rs

@@ -0,0 +1,9 @@
+#[allow(unused_must_use)]
+fn main() {
+    cxx_build::bridge("src/lib.rs")
+        .warnings(false)
+        .extra_warnings(false)
+        .std("c++11")
+        .compile("signer-demo");
+    println!("cargo:rerun-if-changed=src/lib.rs");
+}

sidan_gin/python_signing_module/build.sh

@@ -0,0 +1,7 @@
+cargo build
+cp -f target/debug/libsigner.a src/libsigner.a
+cp -f $(realpath target/cxxbridge/signer/src/lib.rs.h) src/lib.rs.h
+swig -c++ -python src/signer.i
+cd src
+python setup.py build_ext --inplace
+cd ..

sidan_gin/python_signing_module/src/lib.rs

@@ -0,0 +1,86 @@
+use whisky::{Account, MnemonicWallet, RootKeyWallet, Wallet};
+
+#[cxx::bridge]
+mod ffi {
+    // Rust types and signatures exposed to C++.
+    extern "Rust" {
+        type Signer;
+        fn new_mnemonic_signer(mnemonic_phrase: &str, derivation_path: &str) -> Box<Signer>;
+        fn new_bech32_signer(root_private_key: &str, derivation_path: &str) -> Box<Signer>;
+        fn new_cli_signer(ed25519_key: &str) -> Box<Signer>;
+        fn sign_transaction(&mut self, tx_hex: &str) -> String;
+        fn get_public_key(&self) -> String;
+    }
+}
+
+fn new_mnemonic_signer(mnemonic_phrase: &str, derivation_path: &str) -> Box<Signer> {
+    let mut derivation_path_vec: Vec<&str> = derivation_path.split('/').collect();
+    // remove first element if it is "m"
+    if derivation_path_vec[0] == "m" {
+        derivation_path_vec.remove(0);
+    }
+    let derivation_path_vec_u32: Vec<u32> = derivation_path_vec
+        .iter()
+        .filter_map(|&s| {
+            if s.ends_with("'") {
+                let mut chars = s.chars();
+                chars.next_back(); // Remove the last character (')
+                                   // Parse the string to u32 and add 0x80000000 for hardening
+                Some(chars.as_str().parse::<u32>().unwrap() + 0x80000000)
+            } else {
+                s.parse::<u32>().ok()
+            }
+        })
+        .collect();
+    let wallet = Wallet::new(whisky::WalletType::MnemonicWallet(MnemonicWallet {
+        mnemonic_phrase: mnemonic_phrase.to_string(),
+        derivation_indices: whisky::derivation_indices::DerivationIndices(derivation_path_vec_u32),
+    }));
+    let account = wallet.get_account().unwrap();
+    Box::new(Signer { account })
+}
+
+fn new_bech32_signer(root_private_key: &str, derivation_path: &str) -> Box<Signer> {
+    let derivation_path_vec: Vec<&str> = derivation_path.split('/').collect();
+    let derivation_path_vec_u32: Vec<u32> = derivation_path_vec
+        .iter()
+        .filter_map(|&s| {
+            if s.ends_with("'") {
+                let mut chars = s.chars();
+                chars.next_back(); // Remove the last character (')
+                                   // Parse the string to u32 and add 0x80000000 for hardening
+                Some(chars.as_str().parse::<u32>().unwrap() + 0x80000000)
+            } else {
+                s.parse::<u32>().ok()
+            }
+        })
+        .collect();
+    let wallet = Wallet::new(whisky::WalletType::RootKeyWallet(RootKeyWallet {
+        root_key: root_private_key.to_string(),
+        derivation_indices: whisky::derivation_indices::DerivationIndices(derivation_path_vec_u32),
+    }));
+    let account = wallet.get_account().unwrap();
+    Box::new(Signer { account })
+}
+
+fn new_cli_signer(ed25519_key: &str) -> Box<Signer> {
+    let wallet = Wallet::new_cli(ed25519_key);
+    let account = wallet.get_account().unwrap();
+    Box::new(Signer { account })
+}
+
+struct Signer {
+    account: Account,
+}
+
+impl Signer {
+    pub fn sign_transaction(&self, tx_hex: &str) -> String {
+        self.account.sign_transaction(tx_hex).unwrap_or_else(|_| {
+            panic!("Failed to sign transaction with the provided account");
+        })
+    }
+
+    pub fn get_public_key(&self) -> String {
+        self.account.public_key.to_hex()
+    }
+}

sidan_gin/python_signing_module/src/setup.py

@@ -0,0 +1,16 @@
+from setuptools import setup, Extension
+
+signer_module = Extension(
+   '_CardanoSigner',
+   sources=['signer_wrap.cxx', 'signer.cpp'], # signer_wrap.cxx is going to be generated by swig
+   extra_objects=["libsigner.a"] # this is the static library that we are going to link with
+)
+
+setup (
+	name        = 'CardanoSigner',
+	version     = '0.0',
+	author      = "YOUR_NAME",
+	description = "CardanoSigner swig",
+	ext_modules = [signer_module],
+	py_modules  = ["CardanoSigner"], # name of module that we're going import
+)

sidan_gin/python_signing_module/src/signer.cpp

@@ -0,0 +1,73 @@
+#include "lib.rs.h"
+
+#include <string>
+#include <vector>
+
+// class MnemonicSigner
+// {
+// public:
+//     MnemonicSigner(std::string mnemonic, std::uint32_t account_index, std::uint32_t key_index)
+//     {
+//         this->mnemonic_secret = mnemonic;
+//         this->account_index = account_index;
+//         this->key_index = key_index;
+//     };
+//     ~MnemonicSigner() = default;
+
+//     std::string sign_tx(std::string tx_hex)
+//     {
+//         auto signer = new_mnemonic_signer(mnemonic_secret, account_index, key_index);
+//         std::string signed_tx = signer->sign_transaction(tx_hex).c_str();
+//         return signed_tx;
+//     };
+
+// private:
+//     std::string mnemonic_secret;
+//     std::uint32_t account_index;
+//     std::uint32_t key_index;
+// };
+
+// class Bech32Signer
+// {
+// public:
+//     Bech32Signer(std::string bech32, std::uint32_t account_index, std::uint32_t key_index)
+//     {
+//         this->bech32_secret = bech32;
+//         this->account_index = account_index;
+//         this->key_index = key_index;
+//     };
+//     ~Bech32Signer() = default;
+
+//     std::string sign_tx(std::string tx_hex)
+//     {
+//         auto signer = new_bech32_signer(bech32_secret, account_index, key_index);
+//         std::string signed_tx = signer->sign_transaction(tx_hex).c_str();
+//         return signed_tx;
+//     };
+
+// private:
+//     std::string bech32_secret;
+//     std::uint32_t account_index;
+//     std::uint32_t key_index;
+// };
+
+std::string sign_mnemonic(std::string mnemonic, std::string derivation_path, std::string tx_hex)
+{
+    auto signer = new_mnemonic_signer(mnemonic, derivation_path);
+    std::string signed_tx = signer->sign_transaction(tx_hex).c_str();
+    return signed_tx;
+}
+
+std::string sign_bech32(std::string bech32, std::string derivation_path, std::string tx_hex)
+{
+    auto signer = new_bech32_signer(bech32, derivation_path);
+    std::string signed_tx = signer->sign_transaction(tx_hex).c_str();
+    return signed_tx;
+}
+
+std::string sign_cli(std::string ed25519_key, std::string tx_hex)
+{
+    auto signer = new_cli_signer(ed25519_key);
+    std::string signed_tx = signer->sign_transaction(tx_hex).c_str();
+    return signed_tx;
+}

sidan_gin/python_signing_module/src/signer.h

@@ -0,0 +1,37 @@
+#include "lib.rs.h"
+
+#include <string>
+
+// class MnemonicSigner
+// {
+// public:
+//     MnemonicSigner(std::string mnemonic, std::uint32_t account_index, std::uint32_t key_index);
+//     ~MnemonicSigner() = default;
+
+//     std::string sign_tx(std::string tx_hex);
+
+// private:
+//     std::string mnemonic_secret;
+//     std::uint32_t account_index;
+//     std::uint32_t key_index;
+// };
+
+// class Bech32Signer
+// {
+// public:
+//     Bech32Signer(std::string bech32, std::uint32_t account_index, std::uint32_t key_index);
+//     ~Bech32Signer() = default;
+
+//     std::string sign_tx(std::string tx_hex);
+
+// private:
+//     std::string bech32_secret;
+//     std::uint32_t account_index;
+//     std::uint32_t key_index;
+// };
+
+std::string sign_mnemonic(std::string mnemonic, std::string derivation_path, std::string tx_hex);
+
+std::string sign_bech32(std::string bech32, std::string derivation_path, std::string tx_hex);
+
+std::string sign_cli(std::string ed25519_key, std::string tx_hex);

sidan_gin/python_signing_module/src/signer.i

@@ -0,0 +1,16 @@
+%module CardanoSigner
+
+%include "std_string.i"
+
+%{
+#define SWIG_FILE_WITH_INIT
+#include "lib.rs.h"
+#include "signer.h"
+#include <string>
+%}
+
+std::string sign_mnemonic(std::string mnemonic, std::string derivation_path, std::string tx_hex);
+
+std::string sign_bech32(std::string bech32, std::string derivation_path, std::string tx_hex);
+
+std::string sign_cli(std::string ed25519_key, std::string tx_hex);