def getKeys(secret):
"""
Generate keyring containing secp256k1 keys-pair and wallet import format
(WIF).
Args:
secret (str, bytes or int): anything that could issue a private key on
secp256k1 curve.
Returns:
dict: public, private and WIF keys.
"""
if isinstance(secret, int):
privateKey = "%064x" % secret
seed = unhexlify(privateKey)
elif isinstance(secret, str):
privateKey = secret if HEX.match(secret) else \
secp256k1.hash_sha256(secret).decode()
seed = unhexlify(privateKey)
elif isinstance(secret, bytes):
privateKey = secret.decode() if BHEX.match(secret) else \
secp256k1.hash_sha256(secret).decode()
seed = unhexlify(privateKey)
publicKey = secp256k1.PublicKey.from_seed(seed)
return {
"publicKey": publicKey.encode().decode(),
"privateKey": privateKey,
"wif": getWIF(seed)
}
def test_hash_sha256(self):
secp256k1._schnorr.hash_sha256.restype = ctypes.c_char_p
assert secp256k1.hash_sha256(
b"secret"
) == secp256k1._schnorr.hash_sha256(
b"secret"
)
def checkRemoteAuth(**args):
try:
headers = args.get("headers", {})
task.MessageLogger.JOB.put("received secured headers: %r" % headers)
# check if publick key defined in header is an authorized one
# auth is a list of public keys. Because loadJson returns a void
# dict if no file found, the if condition acts same as if it was a list
publicKey = headers.get("public-key", "?")
if publicKey not in lystener.loadJson("auth"):
return {"status": 401, "msg": "not authorized"}
# Note that client has to define its own salt value and get a
# 1-min-valid random seed from lystener server.
# See /salt endpoint
sig = secp256k1.HexSig.from_der(headers["signature"])
puk = secp256k1.PublicKey.decode(publicKey)
msg = secp256k1.hash_sha256(headers["salt"] + getSeed())
if not secp256k1._ecdsa.verify(msg, puk.x, puk.y, sig.r, sig.s):
return {"status": 403, "msg": "bad signature"}
return {"status": 200, "msg": "access granted"}
except Exception as error:
return {
"status":
500,
"msg":
"checkPutDelete response: %s\n%s" %
("%r" % error, traceback.format_exc())
}
def getIdFromBytes(data):
"""
Generate data id.
Args:
data (bytes): data as bytes sequence.
Returns:
hex: id.
"""
return secp256k1.hash_sha256(data).decode()
def verifySignatureFromBytes(data, publicKey, signature):
"""
Verify signature.
Args:
data (bytes): data.
publicKey (str): public key as hex string.
signature (str): signature as hex string.
Returns:
bool: True if signature matches the public key.
"""
puk = secp256k1.PublicKey.decode(publicKey)
msg = secp256k1.hash_sha256(data)
if len(signature) == 128:
hS = secp256k1.HexSig.from_raw(
signature if isinstance(signature, bytes) else signature.encode())
return bool(
secp256k1._schnorr.bcrypto410_verify(msg, puk.x, puk.y, hS.r,
hS.s))
else:
hS = secp256k1.HexSig.from_der(
signature if isinstance(signature, bytes) else signature.encode())
return bool(secp256k1._ecdsa.verify(msg, puk.x, puk.y, hS.r, hS.s))