def test_ed25519_kat(secret_key, public_key, message, signed, signature):
sk = binascii.unhexlify(secret_key)
m = binascii.unhexlify(message)
pk = ed25519.publickey(sk)
sig = ed25519.signature(m, sk, pk)
# Assert that the signature and public key are what we expected
assert binascii.hexlify(pk) == public_key
assert binascii.hexlify(sig) == signature
# Validate the signature using the checkvalid routine
ed25519.checkvalid(sig, m, pk)
# Assert that we cannot forge a message
# TODO: Yes this means that we "pass" a test if we can't generate a forged
# message. This matches the original test suite.
with pytest.raises(Exception):
if len(m) == 0:
forgedm = b"x"
else:
forgedm = b"".join(
[chr(ord(m[i]) + (i == len(m) - 1)) for i in range(len(m))]
)
ed25519.checkvalid(sig, forgedm, pk)
def test_ed25519_kat(secret_key, public_key, message, signed, signature):
sk = binascii.unhexlify(secret_key)
m = binascii.unhexlify(message)
pk = ed25519.publickey(sk)
sig = ed25519.signature(m, sk, pk)
# Assert that the signature and public key are what we expected
assert binascii.hexlify(pk) == public_key
assert binascii.hexlify(sig) == signature
# Validate the signature using the checkvalid routine
ed25519.checkvalid(sig, m, pk)
# Assert that we cannot forge a message
try:
if len(m) == 0:
forgedm = b"x"
else:
forgedm = ed25519.intlist2bytes([
ed25519.indexbytes(m, i) + (i == len(m) - 1)
for i in range(len(m))
])
except ValueError:
# TODO: Yes this means that we "pass" a test if we can't generate a
# forged message. This matches the original test suite, it's
# unclear if it was intentional there or not.
pass
else:
with pytest.raises(ed25519.SignatureMismatch):
ed25519.checkvalid(sig, forgedm, pk)
def sign_manifest(manifest, validation_sk, master_sk, master_pk):
"""sign a validator manifest
Parameters
----------
manifest : string
manifest to sign
validation_sk : string
validator's validation secret key (binary, _not_ BASE58 encoded)
This is one of the keys that will sign the manifest.
master_sk : string
validator's master secret key (binary, _not_ BASE58 encoded)
This is one of the keys that will sign the manifest.
master_pk : string
validator's master public key (binary, _not_ BASE58 encoded)
Returns
----------
string
manifest signed by both the validation and master keys
"""
man_hash = hashlib.sha512('MAN\0' + manifest).digest()[:32]
validation_sig = validation_sk.sign_digest_deterministic(
man_hash,
hashfunc=hashlib.sha256,
sigencode=ecdsa.util.sigencode_der_canonize)
master_sig = ed25519.signature('MAN\0' + manifest, master_sk, master_pk)
return manifest + SField.sfSignature + prepend_length_byte(validation_sig) + \
SField.sfMasterSignature + prepend_length_byte(master_sig)
def sign_manifest(manifest, validation_sk, master_sk, master_pk):
"""sign a validator manifest
Parameters
----------
manifest : string
manifest to sign
validation_sk : string
validator's validation secret key (binary, _not_ BASE58 encoded)
This is one of the keys that will sign the manifest.
master_sk : string
validator's master secret key (binary, _not_ BASE58 encoded)
This is one of the keys that will sign the manifest.
master_pk : string
validator's master public key (binary, _not_ BASE58 encoded)
Returns
----------
string
manifest signed by both the validation and master keys
"""
man_hash = hashlib.sha512('MAN\0' + manifest).digest()[:32]
validation_sig = validation_sk.sign_digest_deterministic(
man_hash, hashfunc=hashlib.sha256, sigencode=ecdsa.util.sigencode_der_canonize)
master_sig = ed25519.signature('MAN\0' + manifest, master_sk, master_pk)
return manifest + SField.sfSignature + prepend_length_byte(validation_sig) + \
SField.sfMasterSignature + prepend_length_byte(master_sig)
now = time.time()
timestamp = "%08x" % (signtime + int(now))
# Parse system's TZ and DST for the last part of the command
tz_dst = int(time.timezone / -3600) & 0x1f
if time.localtime(now).tm_isdst and time.daylight:
tz_dst += (1 << 5)
timeupdcmd = "T00" + timestamp + "%02x" % tz_dst
# Sign only the "update time" command
m = timeupdcmd
#print "m=", m
# Key taken from reference code at https://ed25519.cr.yp.to/software.html
sk = binascii.unhexlify(
"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60")
pk = binascii.unhexlify(
"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a")
rawsig = ed25519.signature(m, sk, pk)
s = base64.urlsafe_b64encode(rawsig)
cmd = "S" + keyid + s + timeupdcmd
#print cmd
#print binascii.hexlify(rawsig);
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.setblocking(1)
sock.sendto(cmd, (MCAST_ADDR, MCAST_PORT))
def ed25519_signature(private_public_key, content):
signature = ed25519.signature(content, *private_public_key)
return "ed25519-%s" % format_digest(signature)
def Signature(m, sk): #note this seems to return nicely sized version of the signature #contrast with, i.e. tweetnacl.. sk2 = ed25519.encodeint(MiniNero.hexToInt(sk)) pk = ed25519.publickey(sk2) return binascii.hexlify(ed25519.signature(m, sk2, pk))
def getSignature(m,sk,pk): R,S = ed.signature(m,sk,pk) return(R,S)
def sign_manifest(manifest, private_key, public_key):
sig = ed25519.signature("MAN\0" + manifest, private_key, public_key)
return manifest + SField.sfSignature + prepend_length_byte(sig)
def Sign(private_key, data): return ed25519.signature(data, private_key[:32], private_key[32:])
if not args.check:
print "Firmware check hash required for signing, use --check"
exit(1)
priv_key = ""
try:
with open(args.signfile, "r") as f:
priv_key = f.read()
except:
print "Cannot read key file '%s'" % args.signfile
exit(1)
pub_key = ed25519.publickey(priv_key)
fw_signature = ed25519.signature(fw_hash, priv_key, pub_key)
fw_verification += build_section(section_magic.ed25519, fw_signature)
# Append pubkey fingerprint.
pub_key_fp = hashlib.sha512(pub_key).digest()
pub_key_fp = pub_key_fp[:4]
fw_verification += build_section(section_magic.fp, pub_key_fp)
# This variable contains full firmware image with all required parts
# Verified and verification sections are always present. Verification
# section can be empty.
fw_image = build_section(section_magic.verified, fw_verified) + build_section(
section_magic.verification, fw_verification)
# Print resulting firmware image structure
print_sections(fw_image, int(args.fw_base, 16))
def Sign(private_key, data):
return ed25519.signature(data, private_key[:32], private_key[32:])
fichier.close()
info_pk = generateurKeystore.exportPub(args.user_id)
info_sk = generateurKeystore.exportSec(args.user_id)
if info_pk < 0 or info_pk < 0:
print "Erreur id introuvable"
else:
userPK = info_pk[2]
userSK = info_sk[2]
userPK = str(userPK).rstrip().decode('hex')
userSK = str(userSK).rstrip().decode('hex')
sig = ed25519.signature(msg, userSK, userPK)
fichier = open(args.out_info, "w")
fichier.write(sig.encode("hex"))
fichier.close()
print "La signature a été génerée"
#ecctool -check -in message.txt -sig message.sig -id alice
elif args.check :
action = 0
if action != -1 and args.in_info :
action = 1
else:
print("[ERREUR] -in manquant")
def ed25519_signature(private_public_key, content): signature = ed25519.signature(content, *private_public_key) return "ed25519-%s" % format_digest(signature)
def sign(self, msg, key):
pk = ed25519.publickey(key)
return ed25519.signature(msg, key, pk)
# Affiche de clés
if args.typeKey and args.id:
if args.typeKey == 'pub' or args.typeKey == 'sec':
key = gk.getkey(args.id, args.typeKey)
if key:
print key
else:
print "Pas d'entrée trouvée pour " + args.id
else:
print args.typeKey + " est une mauvaise option pour l'argument -export"
# Génére la signature
if args.message and args.id and args.gensign:
sk = gk.getkey(args.id, 'sec')
pk = gk.genPkBrut(args.id)
sign = ed.signature(args.message, sk, pk)
if sign:
print sign.encode('hex')
# Vérifie si la signature est valide
if args.sign and args.message and args.id:
sk = gk.getkey(args.id, 'sec')
pk = gk.genPkBrut(args.id)
sign = str(args.sign).rstrip().decode('hex')
try:
ed.checkvalid(sign, args.message, pk)
print "La signature est valide"
except:
print "La signature n'a pu être validée"
# warning: currently 37 seconds/line on a fast machine
# fields on each input line: sk, pk, m, sm
# each field hex
# each field colon-terminated
# sk includes pk at end
# sm includes m at end
while 1:
line = sys.stdin.readline()
if not line: break
x = line.split(':')
sk = binascii.unhexlify(x[0][0:64])
pk = ed25519.publickey(sk)
m = binascii.unhexlify(x[2])
s = ed25519.signature(m,sk,pk)
ed25519_checkvalid.checkvalid(s,m,pk)
forgedsuccess = 0
try:
if len(m) == 0:
forgedm = "x"
else:
forgedmlen = len(m)
forgedm = ''.join([chr(ord(m[i])+(i==forgedmlen-1)) for i in range(forgedmlen)])
ed25519_checkvalid.checkvalid(s,forgedm,pk)
forgedsuccess = 1
except:
pass
assert not forgedsuccess
assert x[0] == binascii.hexlify(sk + pk)
assert x[1] == binascii.hexlify(pk)
output_fn = sys.argv[1]
privkey_fn = sys.argv[2]
vmlinuz_fn = sys.argv[3]
cmdline_fn = sys.argv[4]
initrd_fns = sys.argv[5:]
def read_file(fn):
with open(fn, 'rb') as f:
return f.read()
vmlinuz_data = read_file(vmlinuz_fn)
cmdline_data = read_file(cmdline_fn)
initrd_datas = [read_file(fn) for fn in initrd_fns]
buf = bytearray(
struct.pack("=3Q", len(vmlinuz_data), sum(map(len, initrd_datas)),
len(cmdline_data)))
buf += vmlinuz_data
for initrd_data in initrd_datas:
buf += initrd_data
buf += cmdline_data
privkey = read_file(privkey_fn)
buf += ed25519.signature(buf, privkey, ed25519.publickey(privkey))
with open(output_fn, 'wb') as f:
f.write(buf)
import nacl.signing
import random
# Test vectors from ed25519_test.vectors, approx 1/sec on a fast machine
# fields on each input line: sk, pk, m, sm
# each field is hex and colon-terminated
# sk includes pk at end; sm includes m at end
with open("ed25519_test.vectors", 'r') as file_handle:
for num, line in enumerate(file_handle):
print("Line number {}".format(num))
x = line.split(':')
secret_key = bytes.fromhex(x[0][0:64])
public_key = ed25519.get_public_key(secret_key)
message = bytes.fromhex(x[2])
signature = ed25519.signature(message, secret_key, public_key)
ed25519.check_valid(signature, message, public_key)
forged_success = 0
if len(message) == 0: forged_message = b"x"
else: forged_message = message[:-1] + bytes([message[-1] ^ 0x01])
try:
ed25519.check_valid(signature, forged_message, public_key)
forged_success = 1
except ed25519.BadSignatureError:
pass
assert not forged_success
assert x[0] == secret_key.hex() + public_key.hex()
assert x[1] == public_key.hex()
assert x[3] == signature.hex() + message.hex()
print("Testing against libsodium")
def Signature(m, sk): sk2 = ed25519.encodeint(MiniNero.hexToInt(sk)) pk = ed25519.publickey(sk2) return binascii.hexlify(ed25519.signature(m, sk2, pk))
return hashlib.sha512(m).digest()
import ed25519
import os
sk = "".join(
chr(c) for c in [
4, 213, 116, 80, 117, 4, 70, 166, 244, 214, 234, 159, 197, 101, 182,
177, 106, 180, 68, 125, 51, 32, 159, 77, 27, 151, 233, 91, 109, 184,
147, 235
])
pk = "".join(
chr(c) for c in [
79, 236, 107, 197, 85, 239, 235, 109, 123, 181, 230, 115, 206, 112,
218, 80, 174, 167, 119, 187, 113, 153, 17, 115, 77, 100, 154, 84, 181,
194, 254, 99
])
hash = H(file('../tap/TunSafe-TAP-9.21.2.exe', 'rb').read())
print hash.encode('hex'), repr(hash)
#sk = os.urandom(32)
#pk = ed25519.publickey(sk)
#print 'sk', [ord(c) for c in sk]
#print 'pk', [ord(c) for c in pk]
#m = 'test'
s = ed25519.signature(hash, sk, pk)
file('../tap/TunSafe-TAP-9.21.2.exe.sig', 'wb').write(s.encode('hex'))
def Signature(m, sk): #note this seems to return nicely sized version of the signature #contrast with, i.e. tweetnacl.. sk2 = ed25519.encodeint(MiniNero.hexToInt(sk)) pk = ed25519.publickey(sk2) return binascii.hexlify(ed25519.signature(m, sk2, pk))
def H(m):
return hashlib.sha512(m).digest()
import ed25519
import os
# Load signing keys from location outside of repo
keys = json.loads(
file('../../../misc/config/installer_signing_key.json', 'r').read())
def tobin(xs):
return "".join(chr(x) for x in xs)
def gen_key():
sk = os.urandom(32)
pk = ed25519.publickey(sk)
print 'sk', [ord(c) for c in sk]
print 'pk', [ord(c) for c in pk]
hash = H(file('../tap/TunSafe-TAP-auto.exe', 'rb').read())
print hash.encode('hex'), repr(hash)
#m = 'test'
s = ed25519.signature(hash, tobin(keys['PRIVATE_KEY']),
tobin(keys['PUBLIC_KEY']))
file('../tap/TunSafe-TAP-auto.exe.sig', 'wb').write(s.encode('hex'))
Run profiling of ed25519 functions
case - must be one of:
pub -- generating a public key
sig -- generating a signature
val -- validating a signature
loop - how many times to repeat test
"""
seed = os.urandom(32)
data = b"The quick brown fox jumps over the lazy dog"
private_key = seed
public_key = ed25519.publickey(seed)
signature = ed25519.signature(data, private_key, public_key)
gen_public_key = 'ed25519.publickey(seed)'
gen_signature = 'ed25519.signature(data, private_key, public_key)'
do_validation = 'ed25519.checkvalid(signature, data, public_key)'
case = {
'pub': gen_public_key,
'sig': gen_signature,
'val': do_validation,
}
length = 300
choice = ''
if len(sys.argv) >= 2:
def Signature(m, sk):
sk2 = ed25519.encodeint(MiniNero.hexToInt(sk))
pk = ed25519.publickey(sk2)
return binascii.hexlify(ed25519.signature(m, sk2, pk))
def sign_manifest(manifest, private_key, public_key):
sig = ed25519.signature('MAN\0' + manifest, private_key, public_key)
return manifest + SField.sfSignature + prepend_length_byte(sig)
import ed25519
sk = 32 * chr(0)
pk = ed25519.publickey(sk)
print "publickey for 0 is", pk.encode('hex')
for i in [0, 1, 10]:
print "encodeint %d = %s" % (i, ed25519.encodeint(i).encode('hex'))
for p in [
(0, 0), (1, 1), (10, 0), (1, 10),
(9639205628789703341510410801487549615560488670885798085067615194958049462616,
18930617471878267742194159801949745215346600387277955685031939302387136031291
)
]:
print "encodepoint %s = %s" % (repr(p),
ed25519.encodepoint(p).encode('hex'))
msg = "This is a secret message"
sig = ed25519.signature(msg, sk, pk)
print 'signature("%s") = %s' % (msg, sig.encode('hex'))
try:
ed25519.checkvalid(sig, msg, pk)
print 'check signature result: true'
except:
print 'check signature result: false'
