def test_privkey_creation(self):
s = b("all the entropy in the entire world, compressed into one line")
def not_much_entropy(numbytes):
return s[:numbytes]
priv1 = SigningKey.generate()
self.assertEqual(priv1.baselen, NIST192p.baselen)
priv1 = SigningKey.generate(curve=NIST224p)
self.assertEqual(priv1.baselen, NIST224p.baselen)
priv1 = SigningKey.generate(entropy=not_much_entropy)
self.assertEqual(priv1.baselen, NIST192p.baselen)
priv2 = SigningKey.generate(entropy=not_much_entropy)
self.assertEqual(priv2.baselen, NIST192p.baselen)
self.assertTruePrivkeysEqual(priv1, priv2)
priv1 = SigningKey.from_secret_exponent(secexp=3)
self.assertEqual(priv1.baselen, NIST192p.baselen)
priv2 = SigningKey.from_secret_exponent(secexp=3)
self.assertTruePrivkeysEqual(priv1, priv2)
priv1 = SigningKey.from_secret_exponent(secexp=4, curve=NIST224p)
self.assertEqual(priv1.baselen, NIST224p.baselen)
def test_privkey_creation(self):
s = "all the entropy in the entire world, compressed into one line"
def not_much_entropy(numbytes):
return s[:numbytes]
priv1 = SigningKey.generate()
self.failUnlessEqual(priv1.baselen, NIST192p.baselen)
priv1 = SigningKey.generate(curve=NIST224p)
self.failUnlessEqual(priv1.baselen, NIST224p.baselen)
priv1 = SigningKey.generate(entropy=not_much_entropy)
self.failUnlessEqual(priv1.baselen, NIST192p.baselen)
priv2 = SigningKey.generate(entropy=not_much_entropy)
self.failUnlessEqual(priv2.baselen, NIST192p.baselen)
self.failUnlessPrivkeysEqual(priv1, priv2)
priv1 = SigningKey.from_secret_exponent(secexp=3)
self.failUnlessEqual(priv1.baselen, NIST192p.baselen)
priv2 = SigningKey.from_secret_exponent(secexp=3)
self.failUnlessPrivkeysEqual(priv1, priv2)
priv1 = SigningKey.from_secret_exponent(secexp=4, curve=NIST224p)
self.failUnlessEqual(priv1.baselen, NIST224p.baselen)
def test_serialize(self):
seed = "secret"
curve = NIST192p
secexp1 = util.randrange_from_seed__trytryagain(seed, curve.order)
secexp2 = util.randrange_from_seed__trytryagain(seed, curve.order)
self.failUnlessEqual(secexp1, secexp2)
priv1 = SigningKey.from_secret_exponent(secexp1, curve)
priv2 = SigningKey.from_secret_exponent(secexp2, curve)
self.failUnlessEqual(hexlify(priv1.to_string()), hexlify(priv2.to_string()))
self.failUnlessEqual(priv1.to_pem(), priv2.to_pem())
pub1 = priv1.get_verifying_key()
pub2 = priv2.get_verifying_key()
data = "data"
sig1 = priv1.sign(data)
sig2 = priv2.sign(data)
self.failUnless(pub1.verify(sig1, data))
self.failUnless(pub2.verify(sig1, data))
self.failUnless(pub1.verify(sig2, data))
self.failUnless(pub2.verify(sig2, data))
self.failUnlessEqual(hexlify(pub1.to_string()), hexlify(pub2.to_string()))
def test_serialize(self):
seed = b("secret")
curve = NIST192p
secexp1 = util.randrange_from_seed__trytryagain(seed, curve.order)
secexp2 = util.randrange_from_seed__trytryagain(seed, curve.order)
self.assertEqual(secexp1, secexp2)
priv1 = SigningKey.from_secret_exponent(secexp1, curve)
priv2 = SigningKey.from_secret_exponent(secexp2, curve)
self.assertEqual(hexlify(priv1.to_string()),
hexlify(priv2.to_string()))
self.assertEqual(priv1.to_pem(), priv2.to_pem())
pub1 = priv1.get_verifying_key()
pub2 = priv2.get_verifying_key()
data = b("data")
sig1 = priv1.sign(data)
sig2 = priv2.sign(data)
self.assertTrue(pub1.verify(sig1, data))
self.assertTrue(pub2.verify(sig1, data))
self.assertTrue(pub1.verify(sig2, data))
self.assertTrue(pub2.verify(sig2, data))
self.assertEqual(hexlify(pub1.to_string()), hexlify(pub2.to_string()))
def test_deterministic_signatures(curve,
privateKey,
msg,
expectedK,
expectedR=None,
expectedS=None,
expectedDER=None,
hashfunc=sha256,
ensure_low_s_according_to_bip62=True):
msg = msg.encode('utf-8')
privateKey = int(privateKey, 16)
signing_key = SigningKey.from_secret_exponent(privateKey, curve)
(k, der) = signing_key.sign_deterministic(
msg,
hashfunc=hashfunc,
sigencode=sigencode_der,
ensure_low_s_according_to_bip62=ensure_low_s_according_to_bip62)
kHex = format(k, 'x')
assert kHex == expectedK, "Deterministic K mismatch, expected {}, but got {}".format(
expectedK, kHex)
r, s = sigdecode_der(der, curve.order)
rHex = format(r, 'x')
sHex = format(s, 'x')
derHex = binascii.hexlify(der).decode("utf-8")
# print("k: {}, expected: {}".format(kHex, expectedK))
# print("r: {}".format(rHex, expectedR))
# print("s: {}".format(sHex, expectedS))
# print("der: {}".format(derHex, expectedDER))
if expectedDER != None:
assert derHex == expectedDER, "Signature mismatch, expected {}, but got {}".format(
expectedDER, derHex)
if expectedR != None:
assert rHex == expectedR, "Signature R mismatch, expected {}, but got {}".format(
expectedR, rHex)
if expectedS != None:
assert sHex == expectedS, "Signature S mismatch, expected {}, but got {}".format(
expectedS, SHex)
def test_deterministic(self):
data = b("blahblah")
secexp = int("9d0219792467d7d37b4d43298a7d0c05", 16)
priv = SigningKey.from_secret_exponent(secexp, SECP256k1, sha256)
pub = priv.get_verifying_key()
k = rfc6979.generate_k(SECP256k1.generator.order(), secexp, sha256,
sha256(data).digest())
sig1 = priv.sign(data, k=k)
self.assertTrue(pub.verify(sig1, data))
sig2 = priv.sign(data, k=k)
self.assertTrue(pub.verify(sig2, data))
sig3 = priv.sign_deterministic(data, sha256)
self.assertTrue(pub.verify(sig3, data))
self.assertEqual(sig1, sig2)
self.assertEqual(sig1, sig3)
