def from_secret_exponent(cls,
secret_exponent: bytes,
curve=b'ed',
activation_code=None):
"""
Creates a key object from a secret exponent.
:param secret_exponent: secret exponent or seed
:param curve: b'sp' for Secp251k1, b'p2' for P256/Secp256r1, b'ed' for Ed25519 (default)
:param activation_code: secret for initializing account balance
"""
# Ed25519
if curve == b'ed':
# Dealing with secret exponent or seed?
if len(secret_exponent) == 64:
public_point = pysodium.crypto_sign_sk_to_pk(
sk=secret_exponent)
else:
public_point, secret_exponent = pysodium.crypto_sign_seed_keypair(
seed=secret_exponent)
# Secp256k1
elif curve == b'sp':
sk = secp256k1.PrivateKey(secret_exponent)
public_point = sk.pubkey.serialize()
# P256
elif curve == b'p2':
pk = get_public_key(bytes_to_int(secret_exponent), curve=P256)
public_point = SEC1Encoder.encode_public_key(pk)
else:
assert False
return cls(public_point,
secret_exponent,
curve=curve,
activation_code=activation_code)
def from_secret_key(cls, secret_key: bytes, curve=b'ed'):
"""
Creates a key object from a secret exponent.
:param secret_key: secret exponent or seed
:param curve: an elliptic curve used, default is ed25519
"""
# Ed25519
if curve == b'ed':
# Dealing with secret key or seed?
if len(secret_key) == 64:
public_key = pysodium.crypto_sign_sk_to_pk(sk=secret_key)
else:
public_key, secret_key = pysodium.crypto_sign_seed_keypair(seed=secret_key)
# Secp256k1
elif curve == b'sp':
sk = secp256k1.PrivateKey(secret_key)
public_key = sk.pubkey.serialize()
# P256
elif curve == b'p2':
pk = get_public_key(bytes_to_int(secret_key), curve=P256)
public_key = SEC1Encoder.encode_public_key(pk)
else:
assert False
return cls(public_key, secret_key, curve=curve)
def sign(self, message, generic=False):
"""
Sign a raw sequence of bytes
:param message: sequence of bytes, raw format or hexadecimal notation
:param generic: do not specify elliptic curve if set to True
:return: signature in base58 encoding
"""
message = scrub_input(message)
if not self.is_secret:
raise ValueError("Cannot sign without a secret key.")
# Ed25519
if self.curve == b"ed":
digest = pysodium.crypto_generichash(message)
signature = pysodium.crypto_sign_detached(digest, self._secret_key)
# Secp256k1
elif self.curve == b"sp":
pk = secp256k1.PrivateKey(self._secret_key)
signature = pk.ecdsa_serialize_compact(
pk.ecdsa_sign(message, digest=blake2b_32))
# P256
elif self.curve == b"p2":
r, s = sign(msg=message, d=bytes_to_int(self._secret_key), hashfunc=blake2b_32)
signature = int_to_bytes(r) + int_to_bytes(s)
else:
assert False
if generic:
prefix = b'sig'
else:
prefix = self.curve + b'sig'
return base58_encode(signature, prefix).decode()
def verify(self, signature: Union[str, bytes],
message: Union[str, bytes]) -> None:
"""Verify signature, raise exception if it is not valid.
:param message: sequance of bytes, raw format or hexadecimal notation
:param signature: a signature in base58 encoding
:raises: ValueError if signature is not valid
"""
encoded_signature = scrub_input(signature)
encoded_message = scrub_input(message)
if not self.public_point:
raise ValueError("Cannot verify without a public key")
if encoded_signature[:3] != b'sig': # not generic
if self.curve != encoded_signature[:2]: # "sp", "p2" "ed"
raise ValueError("Signature and public key curves mismatch.")
decoded_signature = base58_decode(encoded_signature)
# Ed25519
if self.curve == b"ed":
digest = pysodium.crypto_generichash(encoded_message)
try:
pysodium.crypto_sign_verify_detached(decoded_signature, digest,
self.public_point)
except ValueError as exc:
raise ValueError('Signature is invalid.') from exc
# Secp256k1
elif self.curve == b"sp":
pk = secp256k1.PublicKey(self.public_point, raw=True)
sig = pk.ecdsa_deserialize_compact(decoded_signature)
if not pk.ecdsa_verify(encoded_message, sig, digest=blake2b_32):
raise ValueError('Signature is invalid.')
# P256
elif self.curve == b"p2":
pk = fastecdsa.encoding.sec1.SEC1Encoder.decode_public_key(
self.public_point, curve=fastecdsa.curve.P256)
r, s = bytes_to_int(decoded_signature[:32]), bytes_to_int(
decoded_signature[32:])
if not fastecdsa.ecdsa.verify(
sig=(r, s), msg=encoded_message, Q=pk,
hashfunc=blake2b_32):
raise ValueError('Signature is invalid.')
else:
raise Exception(
f'Unknown elliptic curve {self.curve}') # type: ignore
def verify(self, signature, message):
"""
Verify signature, raise exception if it is not valid
:param message: sequance of bytes, raw format or hexadecimal notation
:param signature: a signature in base58 encoding
"""
signature = scrub_input(signature)
message = scrub_input(message)
if not self.public_point:
raise ValueError("Cannot verify without a public key")
if signature[:3] != b'sig': # not generic
if self.curve != signature[:2]: # "sp", "p2" "ed"
raise ValueError("Signature and public key curves mismatch.")
signature = base58_decode(signature)
# Ed25519
if self.curve == b"ed":
digest = pysodium.crypto_generichash(message)
try:
pysodium.crypto_sign_verify_detached(signature, digest,
self.public_point)
except ValueError:
raise ValueError('Signature is invalid.')
# Secp256k1
elif self.curve == b"sp":
pk = secp256k1.PublicKey(self.public_point, raw=True)
sig = pk.ecdsa_deserialize_compact(signature)
if not pk.ecdsa_verify(message, sig, digest=blake2b_32):
raise ValueError('Signature is invalid.')
# P256
elif self.curve == b"p2":
pk = SEC1Encoder.decode_public_key(self.public_point, curve=P256)
r, s = bytes_to_int(signature[:32]), bytes_to_int(signature[32:])
if not verify(sig=(r, s), msg=message, Q=pk, hashfunc=blake2b_32):
raise ValueError('Signature is invalid.')
else:
assert False
def sign(self, message: Union[str, bytes], generic: bool = False):
"""Sign a raw sequence of bytes.
:param message: sequence of bytes, raw format or hexadecimal notation
:param generic: do not specify elliptic curve if set to True
:returns: signature in base58 encoding
"""
encoded_message = scrub_input(message)
if not self.secret_exponent:
raise ValueError("Cannot sign without a secret key.")
# Ed25519
if self.curve == b"ed":
digest = pysodium.crypto_generichash(encoded_message)
signature = pysodium.crypto_sign_detached(digest,
self.secret_exponent)
# Secp256k1
elif self.curve == b"sp":
pk = secp256k1.PrivateKey(self.secret_exponent)
signature = pk.ecdsa_serialize_compact(
pk.ecdsa_sign(encoded_message, digest=blake2b_32))
# P256
elif self.curve == b"p2":
r, s = fastecdsa.ecdsa.sign(msg=encoded_message,
d=bytes_to_int(self.secret_exponent),
hashfunc=blake2b_32)
signature = r.to_bytes(32, 'big') + s.to_bytes(32, 'big')
else:
assert False
if generic:
prefix = b'sig'
else:
prefix = self.curve + b'sig'
return base58_encode(signature, prefix).decode()
