Beispiel #1
0
 def test_deserialize_private_not_bytes(self):
     '''
     serialized key must be bytes
     '''
     with self.assertRaises(ValueError) as ctx:
         ed25519.signing_keypair_from_string(u"not bytes")
     self.assertIn("must be bytes", str(ctx.exception))
Beispiel #2
0
    def test_key_serialization(self):
        """
        a serialized+deserialized keypair is the same as the original
        """
        private_key, public_key = ed25519.create_signing_keypair()
        private_key_str = ed25519.string_from_signing_key(private_key)

        self.assertIsInstance(private_key_str, native_bytes)

        private_key2, public_key2 = ed25519.signing_keypair_from_string(
            private_key_str)

        # the deserialized signing keys are the same as the original
        self.assertEqual(
            ed25519.string_from_signing_key(private_key),
            ed25519.string_from_signing_key(private_key2),
        )
        self.assertEqual(
            ed25519.string_from_verifying_key(public_key),
            ed25519.string_from_verifying_key(public_key2),
        )

        # ditto, but for the verifying keys
        public_key_str = ed25519.string_from_verifying_key(public_key)
        self.assertIsInstance(public_key_str, native_bytes)

        public_key2 = ed25519.verifying_key_from_string(public_key_str)
        self.assertEqual(
            ed25519.string_from_verifying_key(public_key),
            ed25519.string_from_verifying_key(public_key2),
        )
Beispiel #3
0
def derive_pubkey(options):
    out = options.stdout
    from allmydata.crypto import ed25519
    privkey_vs = options.privkey
    private_key, public_key = ed25519.signing_keypair_from_string(privkey_vs)
    print("private:", ed25519.string_from_signing_key(private_key), file=out)
    print("public:", ed25519.string_from_verifying_key(public_key), file=out)
    return 0
Beispiel #4
0
    def init_node_key(self):
        # we only create the key once. On all subsequent runs, we re-use the
        # existing key
        def _make_key():
            private_key, _ = ed25519.create_signing_keypair()
            return ed25519.string_from_signing_key(private_key) + b"\n"

        private_key_str = self.config.get_or_create_private_config("node.privkey", _make_key)
        private_key, public_key = ed25519.signing_keypair_from_string(private_key_str)
        public_key_str = ed25519.string_from_verifying_key(public_key)
        self.config.write_config_file("node.pubkey", public_key_str + b"\n", "wb")
        self._node_private_key = private_key
        self._node_public_key = public_key
Beispiel #5
0
    def match(self, other):
        """
        Match a private key which is the same as the private key in the node at
        ``self.basedir``.

        :param other: A signing key (aka "private key") from
            ``allmydata.crypto.ed25519``.  This is the key to check against
            the node's key.

        :return Mismatch: If the keys don't match.
        """
        config = read_config(self.basedir, u"tub.port")
        privkey_bytes = config.get_private_config("node.privkey")
        private_key = ed25519.signing_keypair_from_string(privkey_bytes)[0]
        signature = ed25519.sign_data(private_key, b"")
        other_public_key = ed25519.verifying_key_from_signing_key(other)
        try:
            ed25519.verify_signature(other_public_key, signature, b"")
        except error.BadSignature:
            return Mismatch("The signature did not verify.")
Beispiel #6
0
    def test_decode_ed15519_keypair(self):
        '''
        Created using the old code:

            from allmydata.util.keyutil import make_keypair, parse_privkey, parse_pubkey
            test_data = b'test'
            priv_str, pub_str = make_keypair()
            priv, _ = parse_privkey(priv_str)
            pub = parse_pubkey(pub_str)
            sig = priv.sign(test_data)
            pub.verify(sig, test_data)

        This simply checks that keys and signatures generated using the old code are still valid
        using the new code.
        '''
        priv_str = b'priv-v0-lqcj746bqa4npkb6zpyc6esd74x3bl6mbcjgqend7cvtgmcpawhq'
        pub_str = b'pub-v0-yzpqin3of3ep363lwzxwpvgai3ps43dao46k2jds5kw5ohhpcwhq'
        test_data = b'test'
        sig = (
            b'\xde\x0e\xd6\xe2\xf5\x03]8\xfe\xa71\xad\xb4g\x03\x11\x81\x8b\x08\xffz\xf4K\xa0'
            b'\x86 ier!\xe8\xe5#*\x9d\x8c\x0bI\x02\xd90\x0e7\xbeW\xbf\xa3\xfe\xc1\x1c\xf5+\xe9)'
            b'\xa3\xde\xc9\xc6s\xc9\x90\xf7x\x08')

        private_key, derived_public_key = ed25519.signing_keypair_from_string(
            priv_str)
        public_key = ed25519.verifying_key_from_string(pub_str)

        self.assertEqual(
            ed25519.string_from_verifying_key(public_key),
            ed25519.string_from_verifying_key(derived_public_key),
        )

        new_sig = ed25519.sign_data(private_key, test_data)
        self.assertEqual(new_sig, sig)

        ed25519.verify_signature(public_key, new_sig, test_data)
        ed25519.verify_signature(derived_public_key, new_sig, test_data)
        ed25519.verify_signature(public_key, sig, test_data)
        ed25519.verify_signature(derived_public_key, sig, test_data)