def test_private_key(self):
seed = unhexlify(
"4adf5d37ac6785e83e99a924f92676d366a78690af59c92b6bdf14f9cdbcf26fdad478109607583d633b60078d61d51d81b7509c5433b0d4c9"
)
Px = 0x72a01eea003a35f9ac44231dc4aae2a382f351d80bf32508175b0855edcf389aa2bbf308dd961ce361a6e7c2091bc78957f6ebcf3002a617
Py = 0x9e0d08d84586e9aeefecacb41d049b831f1a3ee0c3eada63e34557b30702b50ab59fb372feff7c30b8cbb7dd51afbe88444ec56238722ec1
key = EccKey(curve="Ed448", seed=seed)
self.assertEqual(key.seed, seed)
self.assertEqual(
key.d,
0xb07cf179604f83433186e5178760c759c15125ee54ff6f8dcde46e872b709ac82ed0bd0a4e036d774034dcb18a9fb11894657a1485895f80
)
self.assertTrue(key.has_private())
self.assertEqual(key.pointQ.x, Px)
self.assertEqual(key.pointQ.y, Py)
point = EccPoint(Px, Py, "ed448")
key = EccKey(curve="Ed448", seed=seed, point=point)
self.assertEqual(
key.d,
0xb07cf179604f83433186e5178760c759c15125ee54ff6f8dcde46e872b709ac82ed0bd0a4e036d774034dcb18a9fb11894657a1485895f80
)
self.assertTrue(key.has_private())
self.assertEqual(key.pointQ, point)
# Other names
key = EccKey(curve="ed448", seed=seed)
# Must not accept d parameter
self.assertRaises(ValueError, EccKey, curve="ed448", d=1)
def test_private_key(self):
key = EccKey(curve="P-256", d=1)
self.assertEqual(key.d, 1)
self.failUnless(key.has_private())
self.assertEqual(key.pointQ.x, _curves['p256'].Gx)
self.assertEqual(key.pointQ.y, _curves['p256'].Gy)
point = EccPoint(_curves['p256'].Gx, _curves['p256'].Gy)
key = EccKey(curve="P-256", d=1, point=point)
self.assertEqual(key.d, 1)
self.failUnless(key.has_private())
self.assertEqual(key.pointQ, point)
# Other names
key = EccKey(curve="secp256r1", d=1)
key = EccKey(curve="prime256v1", d=1)
def _sign_ed25519(self, msg_or_hash, ph):
if self._context or ph:
flag = int(ph)
# dom2(flag, self._context)
dom2 = b'SigEd25519 no Ed25519 collisions' + bchr(flag) + \
bchr(len(self._context)) + self._context
else:
dom2 = b''
PHM = msg_or_hash.digest() if ph else msg_or_hash
# See RFC 8032, section 5.1.6
# Step 2
r_hash = SHA512.new(dom2 + self._key._prefix + PHM).digest()
r = Integer.from_bytes(r_hash, 'little') % self._order
# Step 3
R_pk = EccKey(point=r * self._key._curve.G)._export_eddsa()
# Step 4
k_hash = SHA512.new(dom2 + R_pk + self._A + PHM).digest()
k = Integer.from_bytes(k_hash, 'little') % self._order
# Step 5
s = (r + k * self._key.d) % self._order
return R_pk + s.to_bytes(32, 'little')
def test_public_key(self):
p521 = _curves['p521']
point = EccPoint(p521.Gx, p521.Gy, 'p521')
key = EccKey(curve="P-384", point=point)
self.failIf(key.has_private())
self.assertEqual(key.pointQ, point)
def test_public_key(self):
point = EccPoint(_curves['ed448'].Gx,
_curves['ed448'].Gy,
curve='ed448')
key = EccKey(curve="ed448", point=point)
self.assertFalse(key.has_private())
self.assertEqual(key.pointQ, point)
def test_public_key(self):
p384 = _curves['p384']
point = EccPoint(p384.Gx, p384.Gy, 'p384')
key = EccKey(curve="P-384", point=point)
self.assertFalse(key.has_private())
self.assertEqual(key.pointQ, point)
def test_private_key(self):
key = EccKey(curve="P-224", d=1)
self.assertEqual(key.d, 1)
self.assertTrue(key.has_private())
self.assertEqual(key.pointQ.x, _curves['p224'].Gx)
self.assertEqual(key.pointQ.y, _curves['p224'].Gy)
point = EccPoint(_curves['p224'].Gx, _curves['p224'].Gy, curve='P-224')
key = EccKey(curve="P-224", d=1, point=point)
self.assertEqual(key.d, 1)
self.assertTrue(key.has_private())
self.assertEqual(key.pointQ, point)
# Other names
key = EccKey(curve="secp224r1", d=1)
key = EccKey(curve="prime224v1", d=1)
def test_private_key(self):
p521 = _curves['p521']
key = EccKey(curve="P-521", d=1)
self.assertEqual(key.d, 1)
self.failUnless(key.has_private())
self.assertEqual(key.pointQ.x, p521.Gx)
self.assertEqual(key.pointQ.y, p521.Gy)
point = EccPoint(p521.Gx, p521.Gy, "p521")
key = EccKey(curve="P-521", d=1, point=point)
self.assertEqual(key.d, 1)
self.failUnless(key.has_private())
self.assertEqual(key.pointQ, point)
# Other names
key = EccKey(curve="p521", d=1)
key = EccKey(curve="secp521r1", d=1)
key = EccKey(curve="prime521v1", d=1)
def test_private_key(self):
p384 = _curves['p384']
key = EccKey(curve="P-384", d=1)
self.assertEqual(key.d, 1)
self.failUnless(key.has_private())
self.assertEqual(key.pointQ.x, p384.Gx)
self.assertEqual(key.pointQ.y, p384.Gy)
point = EccPoint(p384.Gx, p384.Gy, "p384")
key = EccKey(curve="P-384", d=1, point=point)
self.assertEqual(key.d, 1)
self.failUnless(key.has_private())
self.assertEqual(key.pointQ, point)
# Other names
key = EccKey(curve="p384", d=1)
key = EccKey(curve="secp384r1", d=1)
key = EccKey(curve="prime384v1", d=1)
def test_private_key(self):
key = EccKey(curve="P-256", d=1)
self.assertEqual(key.d, 1)
self.assertTrue(key.has_private())
self.assertEqual(key.pointQ.x, _curves['p256'].Gx)
self.assertEqual(key.pointQ.y, _curves['p256'].Gy)
point = EccPoint(_curves['p256'].Gx, _curves['p256'].Gy)
key = EccKey(curve="P-256", d=1, point=point)
self.assertEqual(key.d, 1)
self.assertTrue(key.has_private())
self.assertEqual(key.pointQ, point)
# Other names
key = EccKey(curve="secp256r1", d=1)
key = EccKey(curve="prime256v1", d=1)
# Must not accept d parameter
self.assertRaises(ValueError, EccKey, curve="p256", seed=b'H' * 32)
def init_jwt(self):
jwt_key = EccKey(curve='p256', d=int(self.config.private_key, 16))
self.config.jwt_secret_key = jwt_key.export_key(format='PEM')
self.config.jwt_public_key = self.config.jwt_public_key or jwt_key.public_key(
).export_key(format='PEM')
self.config.jwt_options = {
'verify_signature': True,
'verify_exp': True,
'verify_nbf': False,
'verify_iat': True,
'verify_aud': False
}
def test_private_key(self):
seed = unhexlify("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60")
Px = 38815646466658113194383306759739515082307681141926459231621296960732224964046
Py = 11903303657706407974989296177215005343713679411332034699907763981919547054807
key = EccKey(curve="Ed25519", seed=seed)
self.assertEqual(key.seed, seed)
self.assertEqual(key.d, 36144925721603087658594284515452164870581325872720374094707712194495455132720)
self.assertTrue(key.has_private())
self.assertEqual(key.pointQ.x, Px)
self.assertEqual(key.pointQ.y, Py)
point = EccPoint(Px, Py, "ed25519")
key = EccKey(curve="Ed25519", seed=seed, point=point)
self.assertEqual(key.d, 36144925721603087658594284515452164870581325872720374094707712194495455132720)
self.assertTrue(key.has_private())
self.assertEqual(key.pointQ, point)
# Other names
key = EccKey(curve="ed25519", seed=seed)
# Must not accept d parameter
self.assertRaises(ValueError, EccKey, curve="ed25519", d=1)
def _sign_ed448(self, msg_or_hash, ph):
flag = int(ph)
# dom4(flag, self._context)
dom4 = b'SigEd448' + bchr(flag) + \
bchr(len(self._context)) + self._context
PHM = msg_or_hash.read(64) if ph else msg_or_hash
# See RFC 8032, section 5.2.6
# Step 2
r_hash = SHAKE256.new(dom4 + self._key._prefix + PHM).read(114)
r = Integer.from_bytes(r_hash, 'little') % self._order
# Step 3
R_pk = EccKey(point=r * self._key._curve.G)._export_eddsa()
# Step 4
k_hash = SHAKE256.new(dom4 + R_pk + self._A + PHM).read(114)
k = Integer.from_bytes(k_hash, 'little') % self._order
# Step 5
s = (r + k * self._key.d) % self._order
return R_pk + s.to_bytes(57, 'little')
def test_invalid_d(self):
self.assertRaises(ValueError, lambda: EccKey(curve="P-256", d=0))
self.assertRaises(ValueError,
lambda: EccKey(curve="P-256", d=_curve.order))
def test_invalid_curve(self):
self.assertRaises(ValueError, lambda: EccKey(curve="P-257", d=1))
def test_public_key_derived(self):
priv_key = EccKey(curve="P-256", d=3)
pub_key = priv_key.public_key()
self.failIf(pub_key.has_private())
self.assertEqual(priv_key.pointQ, pub_key.pointQ)
def test_public_key(self):
point = EccPoint(_curve.Gx, _curve.Gy)
key = EccKey(curve="P-256", point=point)
self.failIf(key.has_private())
self.assertEqual(key.pointQ, point)
def test_invalid_seed(self):
self.assertRaises(ValueError,
lambda: EccKey(curve="ed448", seed=b'H' * 56))
def test_public_key_derived(self):
priv_key = EccKey(curve="ed448", seed=b'H' * 57)
pub_key = priv_key.public_key()
self.assertFalse(pub_key.has_private())
self.assertEqual(priv_key.pointQ, pub_key.pointQ)
