def coseAlgorithmToSignatureParams(coseAlgorithm, issuerName):
"""Given a COSE algorithm ('ES256', 'ES384', 'ES512') and an issuer
name, returns a (algorithm id, pykey.ECCKey, encoded certificate)
triplet for use with coseSig.
"""
if coseAlgorithm == 'ES256':
keyName = 'secp256r1'
algId = ES256
elif coseAlgorithm == 'ES384':
keyName = 'secp384r1'
algId = ES384
elif coseAlgorithm == 'ES512':
keyName = 'secp521r1' # COSE uses the hash algorithm; this is the curve
algId = ES512
else:
raise UnknownCOSEAlgorithmError(coseAlgorithm)
key = pykey.ECCKey(keyName)
certSpecification = 'issuer:%s\n' % issuerName + \
'subject: xpcshell signed app test signer\n' + \
'subjectKey:%s\n' % keyName + \
'extension:keyUsage:digitalSignature'
certSpecificationStream = StringIO.StringIO()
print >> certSpecificationStream, certSpecification
certSpecificationStream.seek(0)
cert = pycert.Certificate(certSpecificationStream)
return (algId, key, cert.toDER())
def coseAlgorithmToSignatureParams(coseAlgorithm, issuerName):
"""Given a COSE algorithm ('ES256', 'ES384', 'ES512') and an issuer
name, returns a (algorithm id, pykey.ECCKey, encoded certificate)
triplet for use with coseSig.
"""
if coseAlgorithm == "ES256":
keyName = "secp256r1"
algId = ES256
elif coseAlgorithm == "ES384":
keyName = "secp384r1"
algId = ES384
elif coseAlgorithm == "ES512":
keyName = "secp521r1" # COSE uses the hash algorithm; this is the curve
algId = ES512
else:
raise UnknownCOSEAlgorithmError(coseAlgorithm)
key = pykey.ECCKey(keyName)
# The subject must differ to avoid errors when importing into NSS later.
ee = getCert(
"xpcshell signed app test signer " + keyName,
keyName,
issuerName,
True,
"default",
)
return (algId, key, ee.toDER())
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
"""
Create an ECDSA signature on the P-384 curve using the SHA-384 hash of data from
stdin. The key used for the signature is the secp384r1Encoded key used in pykey
and pycert.
The certificates for the content signature tests make use of this program.
You can use pysign.py like this:
cat test.txt | python pysign.py > test.txt.signature
"""
import base64
import binascii
import hashlib
import os
import six
import sys
import ecdsa
# For pykey
sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
import pykey
data = sys.stdin.buffer.read()
key = pykey.ECCKey("secp384r1")
sig = key.signRaw(b"Content-Signature:\00" + data, pykey.HASH_SHA384)
print base64.b64encode(sig).replace("+", "-").replace("/", "_")
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
"""
Create an ECDSA signature on the P-384 curve using the SHA-384 hash of data from
stdin. The key used for the signature is the secp384r1Encoded key used in pykey
and pycert.
The certificates for the content signature tests make use of this program.
You can use pysign.py like this:
cat test.txt | python pysign.py > test.txt.signature
"""
import base64
import binascii
import hashlib
import os
import six
import sys
import ecdsa
# For pykey
sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
import pykey
data = sys.stdin.buffer.read()
key = pykey.ECCKey('secp384r1')
sig = key.signRaw(b'Content-Signature:\00' + data, pykey.HASH_SHA384)
print base64.b64encode(sig).replace('+', '-').replace('/', '_')