def sign_ccl_transaction(payload, contract, enclave_signing_key):
hash_input = make_ccl_transaction_hash_input(
payload, contract.contract_code_hash,
contract.pdo_contract_creator_pem_key)
context = create_context('secp256k1')
private_key = Secp256k1PrivateKey.from_hex(enclave_signing_key)
return context.sign(hash_input, private_key)
def verify_secp256k1_signature(message,
signature_str,
public_key_str,
message_digest=False):
if len(public_key_str) > 130:
public_key_str = public_key_from_pem(public_key_str)
public_key = Secp256k1PublicKey.from_hex(public_key_str)
if len(signature_str) != 128:
sig = signature_from_der_hex(signature_str)
else:
sig = signature_str
if message_digest:
sig_bytes = bytes.fromhex(sig)
sig_compact = public_key.secp256k1_public_key.ecdsa_deserialize_compact(
sig_bytes)
return public_key.secp256k1_public_key.ecdsa_verify(message,
sig_compact,
raw=True)
else:
context = create_context('secp256k1')
if isinstance(message, bytes):
return context.verify(sig, message, public_key)
else:
return context.verify(sig, message.encode(), public_key)
def verify_secp256k1_signature_ex(message_str, signature_str, public_key_str):
context = create_context('secp256k1')
if len(public_key_str) > 130:
public_key_str = public_key_from_pem(public_key_str)
public_key = Secp256k1PublicKey.from_hex(public_key_str)
try:
# try raw signature as HEX string if its size is right
if len(signature_str) == 128:
if context.verify(signature_str, message_str.encode(), public_key):
return True
except:
pass
try:
# try DER signature as HEX string if its size is right
if len(signature_str) == 140 or len(signature_str) == 142 or len(
signature_str) == 144:
sig = signature_from_der_hex(signature_str, False)
if context.verify(sig, message_str.encode(), public_key):
return True
except:
pass
# try DER signature as base64 string, it can be long due to a padding at the end
sig = signature_from_der_hex(signature_str)
return context.verify(sig, message_str.encode(), public_key)
def get_default_enclave_signing_public_key_as_hex(self):
context = create_context('secp256k1')
private_key = Secp256k1PrivateKey.from_hex(
self.get_default_enclave_signing_private_key_as_hex())
public_key = context.get_public_key(private_key)
return public_key.as_hex()
def secp256k1_sign(message, private_key_str):
context = create_context('secp256k1')
private_key = Secp256k1PrivateKey.from_hex(private_key_str)
try:
if isinstance(message, bytes):
return context.sign(message, private_key)
else:
return context.sign(message.encode(), private_key)
except:
return None
def get_public_key_as_hex(private_key_as_hex):
private_key = Secp256k1PrivateKey.from_hex(private_key_as_hex)
signer = CryptoFactory(create_context('secp256k1')).new_signer(private_key)
return signer.get_public_key().as_hex()
