Example #1
0
 def verify(self):
     x, y = DEREncoder.decode_signature(base64.b64decode(self.sender))
     public_key = Point(x, y, Transaction._curve)
     r, s = DEREncoder.decode_signature(base64.b64decode(self.signature))
     return ecdsa.verify((r, s),
                         self.data,
                         public_key,
                         curve=Transaction._curve)
Example #2
0
    def test_encode_decode_all_curves(self):
        for curve in CURVES:
            d = randint(1, curve.q)
            Q = d * curve.G
            r, s = sign("sign me", d, curve=curve)

            encoded = DEREncoder.encode_signature(r, s)
            decoded_r, decoded_s = DEREncoder.decode_signature(encoded)

            self.assertEqual(decoded_r, r)
            self.assertEqual(decoded_s, s)
    def handle_ecdh(self, body):
        self.ecdh_blob = body
        key, signature = body[:0x90], body[0x90:]
        x = key[0x8:0x8+0x20]
        y = key[0x4c:0x4c+0x20]

        x, y = [int(hexlify(i[::-1]), 0x10) for i in [x, y]]

        if not P256.is_point_on_curve( (x, y) ):
            raise Exception('Point is not on the curve')

        self.ecdh_q = Point(x, y, P256)
        self.trace('ECDH params:')
        self.trace('x=0x%x' % x)
        self.trace('y=0x%x' % y)

        l, signature = signature[:4], signature[4:]
        l, = unpack('<L', l)
        signature, zeroes = signature[:l], signature[l:]

        if zeroes != b'\0'*len(zeroes):
            raise Exception('Zeroes expected')

        # The following pub key is hardcoded for each fw revision in the synaWudfBioUsb.dll.
        # Corresponding private key should only be known to a genuine Synaptic device.
        fwpub=Point(
            0xf727653b4e16ce0665a6894d7f3a30d7d0a0be310d1292a743671fdf69f6a8d3, 
            0xa85538f8b6bec50d6eef8bd5f4d07a886243c58b2393948df761a84721a6ca94, P256)

        signature=DEREncoder().decode_signature(signature)

        if not verify(signature, key, fwpub):
            raise Exception('Untrusted device')
Example #4
0
    def export_recovery_seed(self, allow_algs):
        for alg in allow_algs:
            if alg == 0:
                if self._recovery_seed_pri_key is None:
                    self._initialize_recovery_seed()

                S = fastecdsa.keys.get_public_key(self._recovery_seed_pri_key, P256)
                S_enc = encode_pub(S)

                signed_data = struct.pack('>B16s65s', alg, self._aaguid, S_enc)
                sig = DEREncoder.encode_signature(
                    *ecdsa.sign(
                        signed_data,
                        self._attestation_key,
                        hashfunc=hashlib.sha256
                    )
                )
                payload = {
                    1: alg,
                    2: [],
                    3: self._aaguid,
                    4: sig,
                    -1: S_enc,
                }
                return cbor.encode(payload)

        raise UnknownKeyAgreementScheme(allow_algs)
Example #5
0
def convert_der_sig(signature, as_hex=True):
    """
    Extract content from DER encoded string: Convert DER encoded signature to signature string.

    :param signature: DER signature
    :type signature: bytes
    :param as_hex: Output as hexstring
    :type as_hex: bool

    :return bytes, str: Signature
    """

    if not signature:
        return ""
    if USE_FASTECDSA:
        r, s = DEREncoder.decode_signature(bytes(signature))
    else:
        sg, junk = ecdsa.der.remove_sequence(signature)
        if junk != b'':
            raise EncodingError("Junk found in encoding sequence %s" % junk)
        r, sg = ecdsa.der.remove_integer(sg)
        s, sg = ecdsa.der.remove_integer(sg)
    sig = '%064x%064x' % (r, s)
    if as_hex:
        return sig
    else:
        return binascii.unhexlify(sig)
Example #6
0
    def verifyVote(self, privateKey):
        if (self.signature == "" or len(self.signature) == 0):
            return False

        r, s = ecdsa.sign(self.voteHash,
                          privateKey,
                          curve=curve.secp256k1,
                          hashfunc=hl.sha256)
        decoded_r, decoded_s = DEREncoder.decode_signature(self.signature)

        # Se os parâmetros são diferentes, a assinatura é inválida
        if (r != decoded_r or s != decoded_s):
            return False

        # Verifica a assinatura
        valid = ecdsa.verify((r, s),
                             self.voteHash,
                             self.voter,
                             curve=curve.secp256k1,
                             hashfunc=hl.sha256)

        if (not valid):
            return False

        return True
Example #7
0
def sign(signing_key: SigningKey, message_digest_bytes: bytes) -> bytes:
    r, s = ecdsa.sign(
        message_digest_bytes.hex(),
        signing_key,
        curve=curve.secp256k1,
        prehashed=True,
    )
    return DEREncoder.encode_signature(r, s)
Example #8
0
    def signVote(self, privateKey):
        # Assina a cédula
        r, s = ecdsa.sign(self.voteHash,
                          privateKey,
                          curve=curve.secp256k1,
                          hashfunc=hl.sha256)

        # Transforma a assinatura para DER
        self.signature = DEREncoder.encode_signature(r, s)
Example #9
0
def make_cert(client_public):
    msg = (pack('<LL', 0x17, 0x20) +
           unhexlify('%064x' % client_public.x)[::-1] + (b'\0' * 0x24) +
           unhexlify('%064x' % client_public.y)[::-1] + (b'\0' * 0x4c))
    s = sign(msg, hs_key())
    s = DEREncoder().encode_signature(s[0], s[1])
    s = pack('<L', len(s)) + s
    msg = msg + s
    msg += b'\0' * (444 - len(msg))  # FIXME not sure this math is right
    return msg
Example #10
0
    def authenticator_make_credential(self, args_cbor):
        args = cbor.decode(args_cbor)
        clientDataJSON_hash = args[0x01]
        rp_id = args[0x02]['id']
        extension_inputs = args[0x06]
        rp_id_hash = sha256(rp_id.encode('utf-8'))
        flags = 0b11000001  # ED, AT, UP
        sign_count = 0

        credential_id = secrets.token_bytes(32)
        (credential_private_key, credential_public_key) = fastecdsa.keys.gen_keypair(P256)

        self._credentials[credential_id] = credential_private_key

        attested_cred_data = pack_attested_credential_data(
            self._aaguid,
            credential_id,
            credential_public_key,
        )

        authData_without_extensions = struct.pack(
            f'>32sBL{len(attested_cred_data)}s',
            rp_id_hash,
            flags,
            sign_count,
            attested_cred_data,
        )

        extensions = {}

        if "recovery" in extension_inputs:
            extensions["recovery"] = self.process_recovery_extension(
                rp_id,
                authData_without_extensions,
                clientDataJSON_hash,
                extension_inputs["recovery"],
            )

        authData = authData_without_extensions + cbor.encode(extensions)
        attStmt = {
            0x01: 'packed',
            0x02: authData,
            0x03: {
                'alg': -7,
                'sig': DEREncoder.encode_signature(
                    *ecdsa.sign(
                        authData + clientDataJSON_hash,
                        credential_private_key,
                        hashfunc=hashlib.sha256
                    )
                ),
            },
        }
        return cbor.encode(attStmt)
Example #11
0
    def build_authorization_header(self):
        """Build authorization headers."""
        if len(self.required_authorization_headers) > 0:
            self.authorization_parameters['headers'] = '{}'.format(' '.join([
                header.lower()
                for header in self.required_authorization_headers
            ]))
        self.build_signing_string()
        signing_bytestring = self.signing_string.encode(self.encoding)
        if self.signing_algorithm == 'RSA':
            signer = RSA.import_key(self.private_key_string)
            if self.hashing_algorithm == 'SHA256':
                hash_obj = SHA256.new(signing_bytestring)
            elif self.hashing_algorithm == 'SHA512':
                hash_obj = SHA512.new(signing_bytestring)
            else:
                raise Exception("Invalid key type")
            signature = pkcs1_15.new(signer).sign(hash_obj)
        else:
            private_key, public_key = PEMEncoder.decode_private_key(
                self.private_key_string)
            if self.hashing_algorithm == 'SHA256':
                hash_function = hashlib.sha256
            elif self.hashing_algorithm == 'SHA512':
                hash_function = hashlib.sha512
            else:
                raise Exception("Invalid key type")

            if self.signing_algorithm.lower() == 'p256':
                r, s = ecdsa.sign(signing_bytestring,
                                  private_key,
                                  curve=curve.P256,
                                  hashfunc=hash_function)
            else:
                raise Exception("Invalid key type")
            signature = DEREncoder.encode_signature(r, s)
        base64_signature = base64.b64encode(signature).decode(self.encoding)
        self.authorization_parameters['signature'] = '{}'.format(
            base64_signature)
        authorization_rows = []
        for key, value in self.authorization_parameters.items():
            if isinstance(value, str):
                authorization_rows.append('{}="{}"'.format(key, value))
            elif isinstance(value, int) or isinstance(value, float):
                authorization_rows.append('{}={}'.format(key, value))
            elif isinstance(value, bool):
                if value is True:
                    authorization_rows.append('{}=true')
                else:
                    authorization_rows.append('{}=false')
        authorization_header = 'Signature {}'.format(
            ','.join(authorization_rows))
        self.headers['Authorization'] = authorization_header
Example #12
0
def verify(
    verifying_key: VerifyingKey,
    message_digest_bytes: bytes,
    signature_bytes: bytes,
) -> bool:
    r, s = DEREncoder.decode_signature(signature_bytes)
    return ecdsa.verify(
        (r, s),
        message_digest_bytes,
        verifying_key,
        curve=curve.secp256k1,
        hashfunc=IdentityHash,
    )
Example #13
0
def sign(signing_key: SigningKey, message_digest_bytes: bytes) -> bytes:
    r, s = ecdsa.sign(
        message_digest_bytes,
        signing_key,
        curve=curve.secp256k1,
        prehashed=True,
    )
    # Both (r, s) and (r, -s mod q = q - s) are valid, canonical signatures.
    # (r, s) is fully canonical only when s <= q - s.
    s_inverse = curve.secp256k1.q - s
    if s > s_inverse:
        s = s_inverse
    return DEREncoder.encode_signature(r, s)
Example #14
0
def der_encode_sig(r, s):
    """
    Create DER encoded signature string with signature r and s value

    :param r: r value of signature
    :type r: int
    :param s: s value of signature
    :type s: int

    :return bytes:
    """
    if USE_FASTECDSA:
        return DEREncoder.encode_signature(r, s)
    else:
        ecdsa.der.sigencode_der(r, s)
Example #15
0
    def _test_runner(self, tests, curve, hashfunc):
        for test_group in tests:
            keybytes = unhexlify(test_group["key"]["uncompressed"])
            public_key = SEC1Encoder.decode_public_key(keybytes, curve)

            for test in test_group["tests"]:
                try:
                    message = unhexlify(test["msg"])
                    sigbytes = unhexlify(test["sig"])
                    signature = DEREncoder.decode_signature(sigbytes)
                    expected = test["result"] == "valid"

                    result = verify(signature, message, public_key, curve, hashfunc)
                    self.assertEqual(result, expected, test)
                except:
                    self.assertFalse(test["result"] == "valid", test)
Example #16
0
def sign(message: bytes, private_key: PrivateKey) -> Signature:
    digest = hashes.sha512half(message)
    signing_key = int.from_bytes(private_key, byteorder='big')
    r, s = ecdsa.sign(
        digest.hex(),
        signing_key,
        curve=curve.secp256k1,
        prehashed=True,
    )
    # Both (r, s) and (r, -s mod G = G - s) are valid, canonical signatures.
    # (r, s) is fully canonical only when s <= G - s.
    s_inverse = GROUP_ORDER - s
    if s > s_inverse:
        s = s_inverse
    signature = DEREncoder.encode_signature(r, s)
    return t.cast(Signature, signature)
Example #17
0
def verify_correctness():
    clientDataJSON_hash = os.urandom(32)
    primary_authnr = Authenticator()
    backup_authnr = Authenticator()

    # Create a credential with the primary authenticator
    basic_make_credential(primary_authnr, clientDataJSON_hash)
    allowList = [{
        'type': 'public-key',
        'id': i
    } for i in primary_authnr._credentials.keys()]

    # Transfer recovery seed from backup authenticator to primary
    primary_authnr.import_recovery_seed(backup_authnr.export_recovery_seed([0
                                                                            ]))

    # Generate a recovery credential with the primary authenticator
    recovery_creds = ctap2.AuthenticatorData(
        cbor.decode(
            generate_backups_get_assertion(
                primary_authnr, clientDataJSON_hash,
                allowList))[2]).extensions['recovery']['creds']
    recovery_pubkey = cose_key_to_point(
        ctap2.AttestedCredentialData(recovery_creds[0]).public_key)
    recovery_allowCredentials = [{
        'id': ctap2.AttestedCredentialData(cred).credential_id,
        'type': 'public-key'
    } for cred in recovery_creds]

    # Perform recovery registration with backup authenticator
    attObj_bytes = recovery_make_credential(backup_authnr, clientDataJSON_hash,
                                            recovery_allowCredentials)
    att_obj = ctap2.AttestationObject(attObj_bytes)

    # Verify that backup authenticator returns the correct recovery credential ID
    recovery_cred_id = att_obj.auth_data.extensions['recovery']['credId']
    assert recovery_cred_id == ctap2.AttestedCredentialData(
        recovery_creds[0]).credential_id

    # Verify that backup authenticator returns a valid recovery signature
    auth_data_without_extensions = att_obj.auth_data[:37 +
                                                     len(att_obj.auth_data.
                                                         credential_data)]
    recovery_sig = att_obj.auth_data.extensions['recovery']['sig']
    assert ecdsa.verify(DEREncoder.decode_signature(recovery_sig),
                        auth_data_without_extensions + clientDataJSON_hash,
                        recovery_pubkey)
Example #18
0
    def authenticator_get_assertion(self, args_cbor):
        args = cbor.decode(args_cbor)
        rp_id = args[0x01]
        clientDataJSON_hash = args[0x02]
        extension_inputs = args[0x04]
        rp_id_hash = sha256(rp_id.encode('utf-8'))
        flags = 0b10000001  # ED, UP
        sign_count = 0

        extensions = {}

        authData_without_extensions = struct.pack(
            f'>32sBL',
            rp_id_hash,
            flags,
            sign_count,
        )

        if "recovery" in extension_inputs:
            extensions["recovery"] = self.process_recovery_extension(
                rp_id,
                authData_without_extensions,
                clientDataJSON_hash,
                extension_inputs["recovery"]
            )

        authData = authData_without_extensions + cbor.encode(extensions)

        sig = None
        for cred_descriptor in args[0x03]:
            if cred_descriptor['id'] in self._credentials:
                sig = DEREncoder.encode_signature(
                    *ecdsa.sign(
                        authData + clientDataJSON_hash,
                        self._credentials[cred_descriptor['id']],
                        hashfunc=hashlib.sha256
                    )
                )
                break
        if sig is None:
            raise NoCredentialAvailable()

        return cbor.encode({
            0x01: cred_descriptor,
            0x02: authData,
            0x03: sig,
        })
Example #19
0
def der_encode_sig(r, s):
    """
    Create DER encoded signature string with signature r and s value.

    :param r: r value of signature
    :type r: int
    :param s: s value of signature
    :type s: int

    :return bytes:
    """
    if USE_FASTECDSA:
        return DEREncoder.encode_signature(r, s)
    else:
        rb = ecdsa.der.encode_integer(r)
        sb = ecdsa.der.encode_integer(s)
        return ecdsa.der.encode_sequence(rb, sb)
Example #20
0
    def __validate_fastecdsa_signature(self, verification_string, signature,
                                       charset):
        """Return True if signature is valid, using FastEDSA algorithms."""
        ecdsa_public_key = PEMEncoder.decode_public_key(
            self.inflated_public_key)
        # signature_length = len(signature)
        r, s = DEREncoder.decode_signature(signature)
        # r_bytes, s_bytes = signature[:signature_length // 2], signature[signature_length // 2:signature_length]
        # r, s = int.from_bytes(r_bytes, 'big', signed=False), int.from_bytes(s_bytes, 'big', signed=False)
        signing_algorithm = self.signing_algorithm.upper()
        if ('SHA-' in signing_algorithm):
            signing_algorithm = signing_algorithm.replace('SHA-', 'SHA')
        if ('P-' in signing_algorithm):
            signing_algorithm = signing_algorithm.replace('P-', 'P')
        if signing_algorithm == self.SIGNING_ALGORITHM_ECDSA_P256:
            curve_algorithm = curve.P256
        elif signing_algorithm == self.SIGNING_ALGORITHM_ECDSA_P384:
            curve_algorithm = curve.P384
        elif signing_algorithm == self.SIGNING_ALGORITHM_ECDSA_P521:
            curve_algorithm = curve.P2521
        elif signing_algorithm == self.SIGNING_ALGORITHM_ECDSA_CURVE25519:
            curve_algorithm = curve.W25519
        else:
            raise UnsupportedAlgorithmException(self.signing_algorithm)
        hashing_algorithm = self.hashing_algorithm.upper().replace('-', '')
        if hashing_algorithm == self.HASHING_ALGORITHM_SHA256:
            hash_function = hashlib.sha256
        elif hashing_algorithm == self.HASHING_ALGORITHM_SHA512:
            hash_function = hashlib.sha512
        else:
            raise UnsupportedAlgorithmException(self.hashing_algorithm)

        is_valid = False
        try:
            ecdsa.verify((r, s),
                         signature,
                         ecdsa_public_key,
                         curve=curve_algorithm,
                         hashfunc=hash_function)
            is_valid = True
        except ecdsa.EcdsaError:
            is_valid = False
        return is_valid
Example #21
0
    def _generate_recovery_signature(
            self,
            rp_id,
            authData_without_extensions,
            clientDataHash,
            allow_credentials,
    ):
        if self._recovery_seed_pri_key is None:
            return InvalidState()

        for cred in allow_credentials:
            cred_id = cred['id']
            alg = cred_id[0]

            if alg == 0:
                try:
                    cred_pri = self._derive_private_key(
                        self._recovery_seed_pri_key,
                        cred_id, rp_id)
                    sig = DEREncoder.encode_signature(
                        *ecdsa.sign(
                            authData_without_extensions + clientDataHash,
                            cred_pri,
                            hashfunc=hashlib.sha256
                        )
                    )
                except RpIdMismatch:
                    continue
            else:
                continue

            extension_output = {
                'action': 'recover',
                'credId': cred_id,
                'sig': sig,
                'state': self._state,
            }
            return extension_output

        raise NoCredentialAvailable()
Example #22
0
    def makecredential_process_recovery_extension(
            self,
            authData,
            clientDataHash,
            extension_output,
    ):
        action = extension_output['action']

        if action == 'state':
            pass
        elif action == 'recover':
            authData_without_extensions = authData
            pubkey_cose = self._recovery_credentials[
                extension_output['credId']
            ].public_key
            pubkey = cose_key_to_point(pubkey_cose)
            assert ecdsa.verify(
                DEREncoder.decode_signature(extension_output['sig']),
                authData_without_extensions + clientDataHash,
                pubkey,
                hashfunc=hashlib.sha256
            )
        else:
            raise UnknownAction()
Example #23
0
    def test_encode_signature(self):
        self.assertEqual(
            DEREncoder.encode_signature(r=1, s=2),
            b"\x30"  # SEQUENCE
            b"\x06"  # Length of Sequence
            b"\x02"  # INTEGER
            b"\x01"  # Length of r
            b"\x01"  # r
            b"\x02"  # INTEGER
            b"\x01"  # Length of s
            b"\x02",  # s
        )

        # Check that we add a zero byte when the number's highest bit is set
        self.assertEqual(DEREncoder.encode_signature(r=128, s=128),
                         b"0\x08\x02\x02\x00\x80\x02\x02\x00\x80")

        # Check a value on a standard curve like secp256k1 works
        # see https://github.com/btccom/secp256k1-go/blob/master/secp256k1/sign_vectors.yaml
        secp256k1_vectors = [
            (
                0x31a84594060e103f5a63eb742bd46cf5f5900d8406e2726dedfc61c7cf43ebad,
                unhexlify(
                    "9e5755ec2f328cc8635a55415d0e9a09c2b6f2c9b0343c945fbbfe08247a4cbe"
                ),
                unhexlify(
                    "30440220132382ca59240c2e14ee7ff61d90fc63276325f4cbe8169fc53ade4a407c2fc802204d86fbe3bde69"
                    "75dd5a91fdc95ad6544dcdf0dab206f02224ce7e2b151bd82ab"),
            ),
            (
                0x7177f0d04c79fa0b8c91fe90c1cf1d44772d1fba6e5eb9b281a22cd3aafb51fe,
                unhexlify(
                    "2d46a712699bae19a634563d74d04cc2da497b841456da270dccb75ac2f7c4e7"
                ),
                unhexlify(
                    "3045022100d80cf7abc9ab601373780cee3733d2cb5ff69ba1452ec2d2a058adf9645c13be0220011d1213b7d"
                    "152f72fd8759b45276ba32d9c909602e5ec89550baf3aaa8ed950"),
            ),
            (
                0x989e500d6b1397f2c5dcdf43c58ac2f14df753eb6089654e07ff946b3f84f3d5,
                unhexlify(
                    "c94f4ec84be928017cbbb447d2ab5b5d4d69e5e5fd03da7eae4378a1b1c9c402"
                ),
                unhexlify(
                    "3045022100d0f5b740cbe3ee5b098d3c5afdefa61bb0797cb4e7b596afbd38174e1c653bb602200329e9f1a09"
                    "632de477664814791ac31544e04715db68f4b02657ba35863e711"),
            ),
            (
                0x39dfc615f2b718397f6903b0c46c47c5687e97d3d2a5e1f2b200f459f7b1219b,
                unhexlify(
                    "dfeb2092955572ce0695aa038f58df5499949e18f58785553c3e83343cd5eb93"
                ),
                unhexlify(
                    "30440220692c01edf8aeab271df3ed4e8d57a170f014f8f9d65031aac28b5e1840acfb5602205075f9d1fdbf5"
                    "079ee052e5f3572d518b3594ef49582899ec44d065f71a55192"),
            ),
        ]

        for private_key, digest, expected in secp256k1_vectors:
            r, s = sign(digest, private_key, curve=secp256k1, prehashed=True)
            encoded = DEREncoder.encode_signature(r, s)
            self.assertEqual(encoded, expected)
Example #24
0
    def test_decode_signature(self):
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"")  # length too short
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x31\x06\x02\x01\x01\x02\x01\x02")  # invalid SEQUENCE marker
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x07\x02\x01\x01\x02\x01\x02"
                                        )  # invalid length (too short)
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x05\x02\x01\x01\x02\x01\x02"
                                        )  # invalid length (too long)
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x03\x01\x02\x01\x02")  # invalid length of r
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x01\x01\x02\x03\x02")  # invalid length of s
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x06\x03\x01\x01\x02\x01\x02"
                                        )  # invalid INTEGER marker for r
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x00\x02\x01\x02")  # length of r is 0
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x01\x81\x02\x01\x02")  # value of r is negative
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x07\x02\x02\x00\x01\x02\x01\x02"
                                        )  # value of r starts with a zero byte
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x06\x02\x01\x01\x03\x01\x02"
                                        )  # invalid INTEGER marker for s
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x01\x01\x02\x00")  # value of s is 0
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x01\x01\x02\x01\x81")  # value of s is negative
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x07\x02\x01\x01\x02\x02\x00\x02"
                                        )  # value of s starts with a zero byte

        self.assertEqual(
            DEREncoder.decode_signature(b"\x30\x06\x02\x01\x01\x02\x01\x02"),
            (1, 2))
        self.assertEqual(
            DEREncoder.decode_signature(
                b"0\x08\x02\x02\x00\x80\x02\x02\x00\x80"),
            (128, 128))  # verify zero bytes
        self.assertEqual(
            DEREncoder.decode_signature(
                b"0\x08\x02\x02\x03\xE8\x02\x02\x03\xE8"),
            (1000, 1000))  # verify byte order
        nulls, p = p[:0x24], p[0x24:]
        if nulls != b'\0' * len(nulls):
            raise Exception('Nulls expected')

        y, p = p[:0x20], p[0x20:]
        y = int(hexlify(y[::-1]).decode(), 16)
        print('block 5, y=%x' % y)

        if not P256.is_point_on_curve((x, y)):
            raise Exception('pub key point is not on curve')

        nulls, p = p[:0x4c], p[0x4c:]
        if nulls != b'\0' * len(nulls):
            raise Exception('Nulls expected')

        ssz, p = p[:4], p[4:]
        ssz, = unpack('<L', ssz)
        signature, nulls = p[:ssz], p[ssz:]

        if nulls != b'\0' * len(nulls):
            raise Exception('Nulls expected')

        signature = DEREncoder().decode_signature(signature)
        msg = (pack('<LL', 0x17, 0x20) + unhexlify('%064x' % x)[::-1] +
               (b'\0' * 0x24) + unhexlify('%064x' % y)[::-1] + (b'\0' * 0x4c))

        pub = get_public_key(hs_key(), P256)

        if not verify(signature, msg, pub):
            raise Exception('Signature validation failed')
Example #26
0
 def address(self):
     return base64.b64encode(DEREncoder.encode_signature(
         self.public_key.x, self.public_key.y))
 def make_cert_verify(self):
     buf=self.handshake_hash.copy().digest()
     s=sign(hexlify(buf).decode(), self.priv_key, prehashed=True)
     b=DEREncoder().encode_signature(s[0], s[1])
     return self.with_neg_hdr(0x0f, b)
Example #28
0
 def sign(self, message_bytes):
     r, s = ecdsa.sign(message_bytes,
                       self.private_key,
                       curve=self.public_key.curve)
     return DEREncoder.encode_signature(r, s).hex()
Example #29
0
 def verify(signature, message_bytes: str, public_key: Point):
     r, s = DEREncoder.decode_signature(bytes.fromhex(signature))
     return ecdsa.verify((r, s),
                         message_bytes,
                         public_key,
                         curve=public_key.curve)
Example #30
0
 def _sign_transaction(self, transaction):
     r, s = ecdsa.sign(transaction.data, self.private_key, curve=Wallet._curve)
     signature = base64.b64encode(DEREncoder.encode_signature(r, s))
     transaction.add_signature(signature)