def main(argv):
"""
Main procedure to generate C array with keys
"""
parser = argparse.ArgumentParser(description="Generates SQLite database with"
" keys and serial number.")
parser.add_argument('config_file', help="project specific configuration file"
)
args = parser.parse_args()
config = ConfigParser.ConfigParser()
config.read(args.config_file)
con = sqlite3.connect(config.get('database', 'filename'))
while 1:
serialno = uuid.uuid4().bytes
oem_factory_token = '%s%s' %(serialno, '\xFF')
customer_factory_token = '%s%s' %(serialno, '\x00\xFF')
private_key = generate_private_key(config.get('tools', 'private_key_cmd'))
public_key = generate_public_key(config.get('tools', 'public_key_cmd'), private_key)
sk = SigningKey.from_der(private_key)
pk = VerifyingKey.from_der(public_key)
embedded_private_key = generate_private_key(config.get('tools', 'private_key_cmd'))
embedded_public_key = generate_public_key(config.get('tools', 'public_key_cmd'), embedded_private_key)
embedded_sk = SigningKey.from_der(embedded_private_key)
embedded_pk = VerifyingKey.from_der(embedded_public_key)
embedded_private_key_sig = embedded_sk.sign(oem_factory_token, hashfunc=sha256)
assert embedded_pk.verify(embedded_private_key_sig, oem_factory_token, hashfunc=sha256)
oem_factory_token_sig = sk.sign(oem_factory_token, hashfunc=sha256)
assert pk.verify(oem_factory_token_sig, oem_factory_token, hashfunc=sha256)
customer_factory_token_sig = sk.sign(customer_factory_token, hashfunc=sha256)
assert pk.verify(customer_factory_token_sig, customer_factory_token, hashfunc=sha256)
debug_token_sig = sk.sign(serialno, hashfunc=sha256)
assert pk.verify(debug_token_sig, serialno, hashfunc=sha256)
public_key_compressed = ecc_compress(pk.to_string())
with con:
cur = con.cursor()
cur.execute(config.get('database', 'create'))
cur.execute(config.get('database', 'insert'),
(sqlite3.Binary(private_key),
sqlite3.Binary(public_key),
sqlite3.Binary(public_key_compressed),
sqlite3.Binary(embedded_private_key),
sqlite3.Binary(embedded_public_key),
sqlite3.Binary(embedded_sk.to_string()),
sqlite3.Binary(serialno),
sqlite3.Binary(oem_factory_token_sig),
sqlite3.Binary(customer_factory_token_sig),
sqlite3.Binary(debug_token_sig)))
def ecdsa_backup(clientObj, serverObj):
print("test_ecdsa_backup...")
rsa_prv_der, rsa_pub_der = gen_rsa_test_key()
clientObj.initBackup(rsa_pub_der)
serverObj.initBackup(rsa_pub_der)
exec_client_server(clientObj, serverObj)
backup = clientObj.getBackupResult()
pub_ecdsa_key = clientObj.getPublic()
mpc_crypto.verifyEcdsaBackupKey(rsa_pub_der, pub_ecdsa_key, backup)
prv_ecdsa_key = mpc_crypto.restoreEcdsaKey(rsa_prv_der, pub_ecdsa_key,
backup)
SigningKey.from_der(prv_ecdsa_key, SECP256k1)
print('prvKey', prv_ecdsa_key.hex()[66:130])
def create_transaction(receiver_address, amount, private_key, unspent_tx_outs,
tx_pool):
print('txPool: ', json.dumps(tx_pool))
decoded = SigningKey.from_der(private_key.decode("hex"))
my_address = decoded.get_verifying_key().to_der().encode('hex')
my_unspent_tx_outs_a = find_unspent_tx_outs(my_address, unspent_tx_outs)
my_unspent_tx_outs = filter_tx_pool_txs(my_unspent_tx_outs_a, tx_pool)
included_unspent_tx_outs, left_over_amount = find_tx_outs_for_amount(
amount, my_unspent_tx_outs)
unsigned_tx_ins = [
new_tx_in(utx_o['tx_out_id'], utx_o['tx_out_index'], None)
for utx_o in included_unspent_tx_outs
]
tx_ins = unsigned_tx_ins
tx_outs = create_tx_outs(receiver_address, my_address, amount,
left_over_amount)
tx = new_transaction(None, tx_ins, tx_outs)
tx_id = get_transaction_id(tx)
tx['id'] = tx_id
for index, tx_in in enumerate(tx['tx_ins']):
tx_in['signature'] = sign_tx_in(tx, index, private_key,
unspent_tx_outs)
return tx
def main(argv):
"""
Main procedure to sign a binary
"""
parser = argparse.ArgumentParser(
description='tool to sign binaries using ECDSA')
parser.add_argument('-s',
'--privkey_file',
help='Private key',
required=True)
parser.add_argument('-i',
'--input_file',
help='File to sign',
required=True)
parser.add_argument('-o',
'--output_file',
help='Signed output',
required=True)
parser.add_argument('-f',
'--ota_package',
help='OTA package',
required=True,
default=0)
args = parser.parse_args()
privkey_file = args.privkey_file
input_file = args.input_file
output_file = args.output_file
ota_package = int(args.ota_package)
privkey = SigningKey.from_der(open(privkey_file).read())
fd = open(input_file, "rb")
if ota_package == 0:
fd.seek(0x80)
message = bytearray(fd.read())
fd.close()
# align on 4 bytes
if len(message) % 4 != 0:
message += bytearray.fromhex("ff" * (4 - (len(message) % 4)))
signature = bytearray(privkey.sign(message, hashfunc=sha256))
assert len(signature) == 64
sigheader = SigHeader("$SIG", 0x01, 0x00, 0x00, len(message))
sigheader.signature[0:64] = signature[0:64]
sigheader.reserved1[0:52] = [0] * 52
arr = bytearray(sigheader)
assert len(arr) == 128
arr[0x80:0x80 + len(message)] = message
sigfile = open(output_file, "wb")
sigfile.write(arr)
sigfile.close()
def _decode_key(self, data):
s, padding = der.remove_sequence(data)
if padding:
if padding not in self.ALLOWED_PADDINGS:
raise ValueError("weird padding: %s" % u(binascii.hexlify(data)))
data = data[:-len(padding)]
key = SigningKey.from_der(data)
self.signing_key = key
self.verifying_key = key.get_verifying_key()
self.size = 256
def _decode_key(self, data):
s, padding = der.remove_sequence(data)
if padding:
if padding not in self.ALLOWED_PADDINGS:
raise ValueError("weird padding: %s" % u(binascii.hexlify(data)))
data = data[:-len(padding)]
key = SigningKey.from_der(data)
self.signing_key = key
self.verifying_key = key.get_verifying_key()
self.size = 256
def der_to_privkey(der):
""" Get private key from given DER encoded private key format.
Args:
der (bytes): Private key in binary encoded DER format.
Return:
str: Hex encoded 32Byte secret exponent
"""
sk = SigningKey.from_der(der)
assert (sk.curve.openssl_name == 'secp256k1')
return b2h(sk.to_string())
def from_pem(cls, data, password=None):
encoded = load_der(data, b'EC PRIVATE KEY', password=password)
keyinfo, padding = der_decoder.decode(encoded, asn1Spec=ECPrivateKey())
signkey = SigningKey.from_der(der_encoder.encode(keyinfo))
keydata = dict(
private_key=signkey,
named_curve=cls.named_curves[
str(keyinfo.getComponentByName('named_curve'))
],
)
del keyinfo
del padding
security.gc()
return cls(**keydata)
def inner():
timestamp = int(time.time() * 1000000000)
auth_payload = 'AUTH' + str(timestamp)
signing_key = SigningKey.from_der(bytes.fromhex(self._api_secret))
msg = auth_pb2.Logon()
msg.MsgType = constants.MsgType_LogonMsgType
msg.SendingTime = timestamp
msg.RawData = auth_payload
msg.Username = self._api_key
msg.Password = signing_key.sign(auth_payload.encode('utf-8'),
hashfunc=sha256).hex()
if accounts is not None:
msg.Account.extend(accounts)
return serialization.to_fix_json(msg)
def sign_bytes(message, store, name):
''''sign a message (using SHA-1)
Args:
message (:obj:`bytes`): data to sign
store (:obj:`obj`): storage handler
name (:obj:`string`):certificate owner name string hash
Return:
signature (:obj:`string`): string representation of signature
'''
wallet, own_key = load_keys(store, name)
sk = SigningKey.from_der(b64decode(own_key['private']))
sig = sk.sign(message)
signature = b64encode(sig).decode('ascii')
return signature
def main(argv):
"""
Main procedure to sign a binary
"""
parser = argparse.ArgumentParser(description='tool to sign binaries using ECDSA')
parser.add_argument('-s','--privkey_file', help='Private key', required=True)
parser.add_argument('-i','--input_file', help='File to sign', required=True)
parser.add_argument('-o','--output_file', help='Signed output', required=True)
parser.add_argument('-f','--ota_package', help='OTA package', required=True, default=0)
args = parser.parse_args()
privkey_file = args.privkey_file
input_file = args.input_file
output_file = args.output_file
ota_package = int(args.ota_package)
privkey = SigningKey.from_der(open(privkey_file).read())
fd = open(input_file, "rb")
if ota_package == 0:
fd.seek(0x80)
message = bytearray(fd.read())
fd.close()
# align on 4 bytes
if len(message) % 4 != 0:
message += bytearray.fromhex("ff" * (4 - (len(message) % 4)))
signature = bytearray(privkey.sign(message, hashfunc=sha256))
assert len(signature) == 64
sigheader = SigHeader("$SIG", 0x01, 0x00, 0x00, len(message))
sigheader.signature[0:64] = signature[0:64]
sigheader.reserved1[0:52] = [0] * 52
arr = bytearray(sigheader)
assert len(arr) == 128
arr[0x80:0x80+len(message)] = message
sigfile = open(output_file, "wb")
sigfile.write(arr)
sigfile.close()
def sign(self, signing_key_path):
"""
Sign a package using a DER or PEM encoded private key
"""
if not HAVE_CRYPTO:
raise Exception("ecdsa library not installed")
raw_key_data = ""
with open(signing_key_path, "rb") as f:
raw_key_data = f.read()
sk = None
try:
sk = SigningKey.from_der(raw_key_data)
except:
pass
try:
sk = SigningKey.from_pem(raw_key_data)
except:
pass
if sk is None:
raise Exception("Could not load private key")
digest = self.pkg.read_digest()
hash_kind = self.pkg.read_hash_kind()
sha_func = None
if hash_kind == bpak.BPAK_HASH_SHA256:
sha_func = hashlib.sha256
elif hash_kind == bpak.BPAK_HASH_SHA384:
sha_func = hashlib.sha384
elif hash_kind == bpak.BPAK_HASH_SHA512:
sha_func = hashlib.sha512
else:
raise Exception("Unknown hash kind %i" % (hash_kind))
sig = sk.sign_digest_deterministic(digest,
sha_func,
sigencode=sigencode_der)
self.pkg.set_signature(sig)
return True
def index(request):
if 'signature' not in request.POST:
return HttpResponse("Hey, manque une signature en POST")
else:
payload = request.POST["signature"]
with open(
os.path.join(
os.path.join(
os.path.dirname(
os.path.dirname(os.path.abspath(__file__))),
'staticfiles'), "./cert.der"), "rb") as myfile:
der = myfile.read()
signing_key = SigningKey.from_der(der)
signature = signing_key.sign(payload.encode("utf-8"),
hashfunc=hashlib.sha256,
sigencode=sigencode_der)
encoded_signature = base64.b64encode(signature)
encoded_signature = str(encoded_signature, "utf-8")
return HttpResponse(encoded_signature)
def _get_headers(self):
timestamp = int(time.time() * 1000000000)
auth_payload = 'AUTH' + str(timestamp)
signing_key = SigningKey.from_der(bytes.fromhex(self._api_secret))
headers = super()._get_headers()
headers.update({
'X-Auth-Api-Key':
self._api_key,
'X-Auth-Api-Payload':
auth_payload,
'X-Auth-Api-Signature':
signing_key.sign(auth_payload.encode('utf-8'),
hashfunc=sha256).hex(),
'X-Auth-Api-Nonce':
str(timestamp),
})
return headers
def sign_tx_in(transaction, tx_in_index, private_key, unspent_tx_outs):
tx_in = transaction['tx_ins'][tx_in_index]
tx_to_sign = transaction['id']
referenced_unspent_tx_out = find_unspent_tx_out(tx_in['tx_out_id'],
tx_in['tx_out_index'],
unspent_tx_outs)
if not referenced_unspent_tx_out:
raise Exception('could not find referenced txOut')
referenced_address = referenced_unspent_tx_out['address']
signing_key = SigningKey.from_der(private_key.decode('hex'))
if signing_key.get_verifying_key().to_der().encode(
'hex') != referenced_address:
raise Exception(
'trying to sign an input with private' +
' key that does not match the address that is referenced in txIn')
signature = signing_key.sign(tx_to_sign.encode()).encode('hex')
return signature
def start(pri_key=None):
global myPrivateKey, myPublicKey
if (pri_key == None):
pri_key = get_key()
myPrivateKey = pri_key
myPublicKey = SigningKey.from_der(
myPrivateKey).get_verifying_key().to_der()
info("Public Key: " + hex(int.from_bytes(myPublicKey, 'little')))
#myPublicKey=int.from_bytes(myPublicKey,'little')
if full_node:
for port in ports:
th = threading.Thread(target=server, args=(port, ))
th.start()
threading.Thread(target=blocktimecheck).start()
try:
load()
except:
warn("Starting for the first time?")
time.sleep(0.1)
# Let's re-download the blocks from time to time.
threading.Thread(target=checker_thread).start()
def main(argv):
"""
Main procedure to sign a binary
"""
parser = argparse.ArgumentParser(description='convert der to raw')
parser.add_argument('-s','--secretkey_file', help='Secret key', required=True)
parser.add_argument('-p','--publickey_file', help='Public key', required=True)
args = parser.parse_args()
secretkey_file = args.secretkey_file
publickey_file = args.publickey_file
privkey = SigningKey.from_der(open(secretkey_file).read())
pubkey = VerifyingKey.from_der(open(publickey_file).read())
open(secretkey_file[0:-4] + ".bin", "wb").write(privkey.to_string())
open(publickey_file[0:-4] + ".bin", "wb").write(pubkey.to_string())
def main(argv):
"""
Main procedure to sign a binary
"""
parser = argparse.ArgumentParser(description='convert der to raw')
parser.add_argument('-s',
'--secretkey_file',
help='Secret key',
required=True)
parser.add_argument('-p',
'--publickey_file',
help='Public key',
required=True)
args = parser.parse_args()
secretkey_file = args.secretkey_file
publickey_file = args.publickey_file
privkey = SigningKey.from_der(open(secretkey_file).read())
pubkey = VerifyingKey.from_der(open(publickey_file).read())
open(secretkey_file[0:-4] + ".bin", "wb").write(privkey.to_string())
open(publickey_file[0:-4] + ".bin", "wb").write(pubkey.to_string())
site,
client_id=None,
client_secret=None):
super().__init__(audience, identity, as_url, as_public_key, site,
client_id, client_secret)
self.site.add_resource(('temperature', ),
TemperatureResource("read_temperature", self))
if __name__ == "__main__":
from ecdsa import VerifyingKey, SigningKey
rs_identity = SigningKey.from_der(
bytes.fromhex(
"307702010104200ffc411715d3cc4917bd27ac4f310552b085b1ca0bb0a8"
"bbb9d8931d651544c1a00a06082a8648ce3d030107a144034200046cc415"
"12d92fb03cb3b35bed5b494643a8a8a55503e87a90282c78d6c58a7e3c88"
"a21c0287e7e8d76b0052b1f1a2dcebfea57714c1210d42f17b335adcb76d"
"7a"))
as_public_key = VerifyingKey.from_der(
bytes.fromhex(
"3059301306072a8648ce3d020106082a8648ce3d030107034200047069be"
"d49cab8ffa5b1c820271aef0bc0c8f5cd149e05c5b9e37686da06d02bd5f"
"7bc35ea8265be7c5e276ad7e7d0eb05e4a0551102a66bba88b02b5eb4c33"
"55"))
loop = asyncio.get_event_loop()
root = resource.Site()
server = TemperatureServer(audience="tempSensor0",
identity=rs_identity,
from ecdsa import SigningKey, VerifyingKey
HEADER = '\033[95m'
BLUE = '\033[94m'
GREEN = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
ENDC = '\033[0m'
BOLD = '\033[1m'
UNDERLINE = '\033[4m'
AS_IDENTITY = SigningKey.from_der(
bytes.fromhex(
'30770201010420fb37dbd38e48cfc41475e50dd52d7328102bd31cf881e4'
'e163c58e5f150aa1f2a00a06082a8648ce3d030107a144034200047069be'
'd49cab8ffa5b1c820271aef0bc0c8f5cd149e05c5b9e37686da06d02bd5f'
'7bc35ea8265be7c5e276ad7e7d0eb05e4a0551102a66bba88b02b5eb4c33'
'55'))
AS_PUBLIC_KEY: VerifyingKey = VerifyingKey.from_der(
bytes.fromhex(
"3059301306072a8648ce3d020106082a8648ce3d030107034200047069be"
"d49cab8ffa5b1c820271aef0bc0c8f5cd149e05c5b9e37686da06d02bd5f"
"7bc35ea8265be7c5e276ad7e7d0eb05e4a0551102a66bba88b02b5eb4c33"
"55"))
RS_IDENTITY: SigningKey = SigningKey.from_der(
bytes.fromhex(
"307702010104200ffc411715d3cc4917bd27ac4f310552b085b1ca0bb0a8"
"bbb9d8931d651544c1a00a06082a8648ce3d030107a144034200046cc415"
"12d92fb03cb3b35bed5b494643a8a8a55503e87a90282c78d6c58a7e3c88"
def process_request(netki_client, uri, method, data=''):
"""
API request processor handling supported API methods and error messages returned from API. Refer to the Netki
Apiary documentation for additional information. http://docs.netki.apiary.io/
:param netki_client: Netki client reference
:param uri: api_url from Netki class init
:param method: Request method
:param data: PUT / POST data
:return: AttrDict for valid, non-error responses. Empty dict for 204 responses. Exception for error responses.
"""
if method not in ['GET', 'POST', 'PUT', 'DELETE']:
raise Exception('Unsupported HTTP method: %s' % method)
headers = {}
if data:
headers['Content-Type'] = 'application/json'
data = json.dumps(data)
if netki_client._auth_type == 'api_key':
headers.update({
'Authorization': netki_client.api_key,
'X-Partner-ID': netki_client.partner_id
})
elif netki_client._auth_type == 'distributed':
key = SigningKey.from_der(netki_client.user_key.decode('hex'))
encoded_user_pub_key = key.get_verifying_key().to_der().encode('hex')
encoded_data_sig = key.sign(netki_client.api_url + uri + data,
hashfunc=hashlib.sha256,
sigencode=sigencode_der).encode('hex')
headers.update({
'X-Partner-Key': netki_client.key_signing_key,
'X-Partner-KeySig': netki_client.signed_user_key,
'X-Identity': encoded_user_pub_key,
'X-Signature': encoded_data_sig
})
elif netki_client._auth_type == 'certificate':
key = SigningKey.from_der(netki_client.user_key.decode('hex'))
encoded_user_pub_key = key.get_verifying_key().to_der().encode('hex')
encoded_data_sig = key.sign(netki_client.api_url + uri + data,
hashfunc=hashlib.sha256,
sigencode=sigencode_der).encode('hex')
headers.update({
'X-Identity': encoded_user_pub_key,
'X-Signature': encoded_data_sig,
'X-Partner-ID': netki_client.partner_id
})
else:
raise Exception('Invalid Access Type Defined')
response = requests.request(method=method,
url=netki_client.api_url + uri,
headers=headers,
data=data if data else None)
if method == 'DELETE' and response.status_code == 204:
return {}
rdata = AttrDict(response.json())
if response.status_code >= 300 or not rdata.success:
error_message = rdata.message
if 'failures' in rdata:
error_message += ' [FAILURES: '
failures = []
for failure in rdata.failures:
failures.append(failure.message)
error_message = error_message + ', '.join(failures) + ']'
raise Exception(error_message)
return rdata
def get_signing_key():
sk_der = open(KEY_FILE_PATH,"rb").read()
sk = SigningKey.from_der(sk_der)
return sk
def process_request(netki_client, uri, method, data=''):
"""
API request processor handling supported API methods and error messages returned from API. Refer to the Netki
Apiary documentation for additional information. http://docs.netki.apiary.io/
:param netki_client: Netki client reference
:param uri: api_url from Netki class init
:param method: Request method
:param data: PUT / POST data
:return: AttrDict for valid, non-error responses. Empty dict for 204 responses. Exception for error responses.
"""
if method not in ['GET', 'POST', 'PUT', 'DELETE']:
raise Exception('Unsupported HTTP method: %s' % method)
headers = {}
if data:
headers['Content-Type'] = 'application/json'
data = json.dumps(data)
if netki_client._auth_type == 'api_key':
headers.update({
'Authorization': netki_client.api_key,
'X-Partner-ID': netki_client.partner_id
})
elif netki_client._auth_type == 'distributed':
key = SigningKey.from_der(netki_client.user_key.decode('hex'))
encoded_user_pub_key = key.get_verifying_key().to_der().encode('hex')
encoded_data_sig = key.sign(
netki_client.api_url + uri + data,
hashfunc=hashlib.sha256, sigencode=sigencode_der
).encode('hex')
headers.update({
'X-Partner-Key': netki_client.key_signing_key,
'X-Partner-KeySig': netki_client.signed_user_key,
'X-Identity': encoded_user_pub_key,
'X-Signature': encoded_data_sig
})
elif netki_client._auth_type == 'certificate':
key = SigningKey.from_der(netki_client.user_key.decode('hex'))
encoded_user_pub_key = key.get_verifying_key().to_der().encode('hex')
encoded_data_sig = key.sign(netki_client.api_url + uri + data, hashfunc=hashlib.sha256, sigencode=sigencode_der).encode('hex')
headers.update({
'X-Identity': encoded_user_pub_key,
'X-Signature': encoded_data_sig,
'X-Partner-ID': netki_client.partner_id
})
else:
raise Exception('Invalid Access Type Defined')
response = requests.request(method=method, url=netki_client.api_url + uri, headers=headers, data=data if data else None)
if method == 'DELETE' and response.status_code == 204:
return {}
rdata = AttrDict(response.json())
if response.status_code >= 300 or not rdata.success:
error_message = rdata.message
if 'failures' in rdata:
error_message += ' [FAILURES: '
failures = []
for failure in rdata.failures:
failures.append(failure.message)
error_message = error_message + ', '.join(failures) + ']'
raise Exception(error_message)
return rdata
import asyncio
from aiohttp import web
from ace.authz import AuthorizationServer, Grant
from ecdsa import VerifyingKey, SigningKey
# Provision private key of authorization server
as_identity = SigningKey.from_der(
bytes.fromhex(
"30770201010420fb37dbd38e48cfc41475e50dd52d7328102bd31cf881e4"
"e163c58e5f150aa1f2a00a06082a8648ce3d030107a144034200047069be"
"d49cab8ffa5b1c820271aef0bc0c8f5cd149e05c5b9e37686da06d02bd5f"
"7bc35ea8265be7c5e276ad7e7d0eb05e4a0551102a66bba88b02b5eb4c33"
"55"
)
)
loop = asyncio.get_event_loop()
app = web.Application(loop=loop)
server = AuthorizationServer(as_identity, app.router)
# Pre-register resource servers
server.register_resource_server(
audience="tempSensor0",
scopes=['read_temperature', 'post_led'],
public_key=VerifyingKey.from_der(
bytes.fromhex(
"3059301306072a8648ce3d020106082a8648ce3d030107034200046cc415"
"12d92fb03cb3b35bed5b494643a8a8a55503e87a90282c78d6c58a7e3c88"
"a21c0287e7e8d76b0052b1f1a2dcebfea57714c1210d42f17b335adcb76d"
def main(argv):
"""
Main procedure to generate C array with keys
"""
parser = argparse.ArgumentParser(
description="Generates SQLite database with"
" keys and serial number.")
parser.add_argument('config_file',
help="project specific configuration file")
args = parser.parse_args()
config = ConfigParser.ConfigParser()
config.read(args.config_file)
con = sqlite3.connect(config.get('database', 'filename'))
while 1:
serialno = uuid.uuid4().bytes
oem_factory_token = '%s%s' % (serialno, '\xFF')
customer_factory_token = '%s%s' % (serialno, '\x00\xFF')
private_key = generate_private_key(
config.get('tools', 'private_key_cmd'))
public_key = generate_public_key(config.get('tools', 'public_key_cmd'),
private_key)
sk = SigningKey.from_der(private_key)
pk = VerifyingKey.from_der(public_key)
embedded_private_key = generate_private_key(
config.get('tools', 'private_key_cmd'))
embedded_public_key = generate_public_key(
config.get('tools', 'public_key_cmd'), embedded_private_key)
embedded_sk = SigningKey.from_der(embedded_private_key)
embedded_pk = VerifyingKey.from_der(embedded_public_key)
embedded_private_key_sig = embedded_sk.sign(oem_factory_token,
hashfunc=sha256)
assert embedded_pk.verify(embedded_private_key_sig,
oem_factory_token,
hashfunc=sha256)
oem_factory_token_sig = sk.sign(oem_factory_token, hashfunc=sha256)
assert pk.verify(oem_factory_token_sig,
oem_factory_token,
hashfunc=sha256)
customer_factory_token_sig = sk.sign(customer_factory_token,
hashfunc=sha256)
assert pk.verify(customer_factory_token_sig,
customer_factory_token,
hashfunc=sha256)
debug_token_sig = sk.sign(serialno, hashfunc=sha256)
assert pk.verify(debug_token_sig, serialno, hashfunc=sha256)
public_key_compressed = ecc_compress(pk.to_string())
with con:
cur = con.cursor()
cur.execute(config.get('database', 'create'))
cur.execute(
config.get('database', 'insert'),
(sqlite3.Binary(private_key), sqlite3.Binary(public_key),
sqlite3.Binary(public_key_compressed),
sqlite3.Binary(embedded_private_key),
sqlite3.Binary(embedded_public_key),
sqlite3.Binary(
embedded_sk.to_string()), sqlite3.Binary(serialno),
sqlite3.Binary(oem_factory_token_sig),
sqlite3.Binary(customer_factory_token_sig),
sqlite3.Binary(debug_token_sig)))
def keyRead():
with open(keypath + 'private.der', 'rb') as f:
sk = SigningKey.from_der(f.read())
with open(keypath + 'public.der', 'rb') as f:
vk = VerifyingKey.from_der(f.read())
return [sk,vk]
def get_public_from_wallet():
private_key = get_private_from_wallet()
decoded = SigningKey.from_der(private_key.decode("hex"))
return decoded.get_verifying_key().to_der().encode('hex')
def sign(prvKey, message):
sk = SigningKey.from_der(prvKey)
hashed = _policy_[sk.curve.name][1](message).digest()
signature = sk.sign(hashed)
return signature
# Miner initialisation
try:
opts, args = getopt.getopt(sys.argv[1:], "hmk:")
except getopt.GetoptError:
print(sys.argv[0], "[-m] [-k <private key>]")
sys.exit(2)
private_key = None
for opt, arg in opts:
if opt == '-h':
print(sys.argv[0], "[-m] [-k <private key>]")
sys.exit()
elif opt == '-k':
private_key = SigningKey.from_der(binascii.unhexlify(arg))
elif opt == '-m':
is_miner = True
if private_key is None:
private_key = SigningKey.generate()
print("Private key:")
print(binascii.hexlify(private_key.to_der()).decode())
user = User(private_key)
print("Starting...")
# Asyncio
loop = asyncio.get_event_loop()
