def test_multisig_verify_helper_verification(self):
engine = test_engine()
message = vm.ByteStringStackItem(b'hello')
kp1 = cryptography.KeyPair(private_key=b'\x01' * 32)
kp2 = cryptography.KeyPair(private_key=b'\x02' * 32)
sig1 = cryptography.sign(message.to_array(), kp1.private_key)
sig2 = cryptography.sign(message.to_array(), kp2.private_key)
# quick pre-check the verify_signature function actually passes
self.assertTrue(
cryptography.verify_signature(message.to_array(), sig1,
kp1.public_key.encode_point(False),
cryptography.ECCCurve.SECP256R1))
self.assertTrue(
cryptography.verify_signature(message.to_array(), sig2,
kp2.public_key.encode_point(False),
cryptography.ECCCurve.SECP256R1))
# first do a check on regular data (meaning; check sig1 with pub_key1, sig2 with pub_key2)
public_keys = [
kp1.public_key.encode_point(False),
kp2.public_key.encode_point(False)
]
signatures = [sig1, sig2]
self.assertTrue(
_check_multisig(engine, message, public_keys, signatures,
cryptography.ECCCurve.SECP256R1))
# same as previous, but supplying the keys out of order
public_keys = [
kp2.public_key.encode_point(False),
kp1.public_key.encode_point(False)
]
signatures = [sig1, sig2]
self.assertFalse(
_check_multisig(engine, message, public_keys, signatures,
cryptography.ECCCurve.SECP256R1))
# now validate it will try all available public keys for a given signature (for 1-of-2, 3-of-5 like contracts)
public_keys = [
kp2.public_key.encode_point(False),
kp1.public_key.encode_point(False)
]
signatures = [sig1]
self.assertTrue(
_check_multisig(engine, message, public_keys, signatures,
cryptography.ECCCurve.SECP256R1))
# test handling an exception caused by an invalid public key
public_keys = [b'']
signatures = [sig1]
self.assertFalse(
_check_multisig(engine, message, public_keys, signatures,
cryptography.ECCCurve.SECP256R1))
def check_multisig_with_ECDSA_Secp256r1(engine: contracts.ApplicationEngine,
public_keys: List[bytes],
signatures: List[bytes]) -> bool:
len_pub_keys = len(public_keys)
len_sigs = len(signatures)
if len_sigs == 0:
raise ValueError("No signatures supplied")
if len_pub_keys == 0:
raise ValueError("No public keys supplied")
if len_sigs > len_pub_keys:
raise ValueError(f"Verification requires {len_sigs} public keys, got only {len_pub_keys}")
message = engine.script_container.get_hash_data(settings.network.magic)
engine.add_gas(len_pub_keys * CHECKSIG_PRICE * engine.exec_fee_factor)
i = 0
j = 0
try:
while i < len_sigs and j < len_pub_keys:
if cryptography.verify_signature(message, signatures[i], public_keys[j], cryptography.ECCCurve.SECP256R1):
i += 1
j += 1
if len_sigs - i > len_pub_keys - j:
return False
except cryptography.ECCException as e:
return False
return True
def verify_with_ECDSA_Secp256r1(engine: contracts.ApplicationEngine,
public_key: bytes,
signature: bytes) -> bool:
return cryptography.verify_signature(engine.script_container.get_hash_data(settings.network.magic),
signature,
public_key,
cryptography.ECCCurve.SECP256R1)
def _check_multisig(engine: contracts.ApplicationEngine,
stack_item: vm.StackItem, public_keys: List[bytes],
signatures: List[bytes],
curve: cryptography.ECCCurve) -> bool:
len_pub_keys = len(public_keys)
len_sigs = len(signatures)
if len_sigs == 0:
raise ValueError("No signatures supplied")
if len_pub_keys == 0:
raise ValueError("No public keys supplied")
if len_sigs > len_pub_keys:
raise ValueError(
f"Verification requires {len_sigs} public keys, got only {len_pub_keys}"
)
message = stackitem_to_hash_data(engine, stack_item)
engine.add_gas(len_pub_keys * 1000000)
i = 0
j = 0
try:
while i < len_sigs and j < len_pub_keys:
if cryptography.verify_signature(message, signatures[i],
public_keys[j], curve):
i += 1
j += 1
if len_sigs - i > len_pub_keys - j:
return False
except cryptography.ECCException as e:
return False
return True
def is_valid(self, contract_hash: types.UInt160) -> bool:
"""
Validate if the group has agreed on allowing the specific contract_hash.
Args:
contract_hash:
"""
return cryptography.verify_signature(
contract_hash.to_array(), self.signature,
self.public_key.encode_point(False),
cryptography.ECCCurve.SECP256R1)
def test_verify_secp256k1(self):
"""
byte[] message = System.Text.Encoding.Default.GetBytes("hello");
byte[] signature = "5331be791532d157df5b5620620d938bcb622ad02c81cfc184c460efdad18e695480d77440c511e9ad02ea30d773cb54e88f8cbb069644aefa283957085f38b5".HexToBytes();
byte[] pubKey = "03ea01cb94bdaf0cd1c01b159d474f9604f4af35a3e2196f6bdfdb33b2aa4961fa".HexToBytes();
Crypto.VerifySignature(message, signature, pubKey, Neo.Cryptography.ECC.ECCurve.Secp256k1).Should().BeTrue();
"""
message = b'hello'
signature = binascii.unhexlify(
b'5331be791532d157df5b5620620d938bcb622ad02c81cfc184c460efdad18e695480d77440c511e9ad02ea30d773cb54e88f8cbb069644aefa283957085f38b5'
)
public_key = binascii.unhexlify(
b'03ea01cb94bdaf0cd1c01b159d474f9604f4af35a3e2196f6bdfdb33b2aa4961fa'
)
self.assertTrue(
cryptography.verify_signature(message, signature, public_key,
cryptography.ECCCurve.SECP256K1))
sb = vm.ScriptBuilder()
sb.emit_push(signature)
sb.emit_push(public_key)
sb.emit_push(message)
sb.emit_syscall(
syscall_name_to_int("Neo.Crypto.VerifyWithECDsaSecp256k1"))
engine = test_engine()
script = vm.Script(sb.to_array())
engine.load_script(script)
engine.execute()
self.assertEqual(vm.VMState.HALT, engine.state)
self.assertEqual(1, len(engine.result_stack))
self.assertEqual(vm.BooleanStackItem(True), engine.result_stack.pop())
# again with bad signature
bad_signature = b'\xFF' + signature[1:]
sb = vm.ScriptBuilder()
sb.emit_push(bad_signature)
sb.emit_push(public_key)
sb.emit_push(message)
sb.emit_syscall(
syscall_name_to_int("Neo.Crypto.VerifyWithECDsaSecp256k1"))
engine = test_engine()
script = vm.Script(sb.to_array())
engine.load_script(script)
engine.execute()
self.assertEqual(vm.VMState.HALT, engine.state)
self.assertEqual(1, len(engine.result_stack))
self.assertEqual(vm.BooleanStackItem(False), engine.result_stack.pop())
def verify_with_ecdsa(self, message: bytes, public_key: bytes,
signature: bytes, curve: NamedCurve) -> bool:
return cryptography.verify_signature(message, signature, public_key,
self.curves.get(curve))
def verify_with_ECDSA_Secp256k1(engine: contracts.ApplicationEngine,
stack_item: vm.StackItem, public_key: bytes,
signature: bytes) -> bool:
value = stackitem_to_hash_data(engine, stack_item)
return cryptography.verify_signature(value, signature, public_key,
cryptography.ECCCurve.SECP256K1)