def sign(self, data):
        ecdsa_sig = None
        try:
            # Hash and apply ECDSA
            hashBuf = bytesToC(Digest.SHA256(data))
            ecdsa_sig = o.ECDSA_do_sign(hashBuf, 32, self.ec_key)
            
            # Encode the signature into 64 bytes
            rBuf = bytesToC(bytearray(32))
            sBuf = bytesToC(bytearray(32))
            
            rLen = o.BN_bn2bin(ecdsa_sig.contents.r, rBuf)
            sLen = o.BN_bn2bin(ecdsa_sig.contents.s, sBuf)
            
            rBytes = bytearray(32-rLen) + cToBytes(rBuf)[:rLen]
            sBytes = bytearray(32-sLen) + cToBytes(sBuf)[:sLen]
            sigBytes = rBytes + sBytes   
            assert(len(sigBytes) == 64)
        finally:
            if ecdsa_sig:
                o.ECDSA_SIG_free(ecdsa_sig)

        # Double-check the signature before returning
        assert(OpenSSL_ECPublicKey(self.rawPublicKey).verify(data, sigBytes))
        return sigBytes
Beispiel #2
0
    def sign(self, data):
        ecdsa_sig = None
        try:
            # Hash and apply ECDSA
            hashBuf = bytesToC(Digest.SHA256(data))
            ecdsa_sig = o.ECDSA_do_sign(hashBuf, 32, self.ec_key)

            # Encode the signature into 64 bytes
            rBuf = bytesToC(bytearray(32))
            sBuf = bytesToC(bytearray(32))

            rLen = o.BN_bn2bin(ecdsa_sig.contents.r, rBuf)
            sLen = o.BN_bn2bin(ecdsa_sig.contents.s, sBuf)

            rBytes = bytearray(32 - rLen) + cToBytes(rBuf)[:rLen]
            sBytes = bytearray(32 - sLen) + cToBytes(sBuf)[:sLen]
            sigBytes = rBytes + sBytes
            assert (len(sigBytes) == 64)
        finally:
            if ecdsa_sig:
                o.ECDSA_SIG_free(ecdsa_sig)

        # Double-check the signature before returning
        assert (OpenSSL_ECPublicKey(self.rawPublicKey).verify(data, sigBytes))
        return sigBytes
    def generateECKeyPair():
        ec_key, ec_group = None, None

        try:
            # Generate the new key
            ec_key = o.EC_KEY_new_by_curve_name(o.OBJ_txt2nid(b"prime256v1"))
            o.EC_KEY_generate_key(ec_key)

            # Extract the key's public and private values as strings
            # into pubBuf and privBuf
            pubBuf = bytesToC(bytearray(1+64)) # [0x04] ...
            privBuf = bytesToC(bytearray(32))

            ec_point = o.EC_KEY_get0_public_key(ec_key)
            ec_group = o.EC_GROUP_new_by_curve_name(o.OBJ_txt2nid(b"prime256v1"))            
            o.EC_POINT_point2oct(ec_group, ec_point, o.POINT_CONVERSION_UNCOMPRESSED, pubBuf, 65, None)

            bignum = o.EC_KEY_get0_private_key(ec_key)
            privLen = o.BN_bn2bin(bignum, privBuf)

            # Convert the public and private keys into fixed-length 64 and 32 byte arrays
            # Leading zeros are added to priv key, leading byte (0x04) stripped from pub key
            rawPublicKey =  cToBytes(pubBuf)[1:65]
            rawPrivateKey = bytearray(32-privLen) + (cToBytes(privBuf)[:privLen])

            # Test signing and verification with the new key
            # sign() does a verify() internally
            pub = OpenSSL_ECPublicKey(rawPublicKey)
            priv = OpenSSL_ECPrivateKey(rawPrivateKey, rawPublicKey)
            priv.sign(b"test")

            return (pub, priv)
        finally:
            if ec_key:
                o.EC_KEY_free(ec_key)
            if ec_group:
                o.EC_GROUP_free(ec_group)