def CheckBlock(filename, curve):
if os.path.isfile(filename):
f = open(filename, "r")
block = f.readlines()
if len(block)%9 != 0:
print("Incorrect file format")
f.close()
return -10000
block_count = len(block)//9
for i in range(0, block_count):
# coordinates of the public key point
x1 = int(block[i*9+2][22:-1])
y1 = int(block[i*9+3][22:-1])
r = int(block[i*9+7][15:-1])
s = int(block[i*9+8][15:-1])
tx = "".join(block[i*9: i*9+7])
# For the signature verfication
payer = ECDSA()
payer_pk = ECPublicKey(Point(x1, y1, curve))
signature = encode_sig(r, s)
try:
assert(payer.verify(tx.encode('UTF-8'), signature, payer_pk))
ver = 0
f.close()
return ver
except:
ver = -i-1
f.close()
return ver
return 0
else:
print("File does not exist")
return -10000
def _do_sign(self, msg, pv_key, k):
if (pv_key.curve == None):
raise ECPyException('private key haz no curve')
curve = pv_key.curve
n = curve.order
G = curve.generator
k = k % n
msg = int.from_bytes(msg, 'big')
Q = G * k
kinv = pow(k, n - 2, n)
r = Q.x % n
if r == 0:
return None
s = (kinv * (msg + pv_key.d * r)) % n
if s == 0:
return None
sig = encode_sig(r, s, self.fmt)
# r = r.to_bytes((r.bit_length()+7)//8, 'big')
# s = s.to_bytes((s.bit_length()+7)//8, 'big')
# if (r[0] & 0x80) == 0x80 :
# r = b'\0'+r
# if (s[0] & 0x80) == 0x80 :
# s = b'\0'+s
# sig = (b'\x30'+int((len(r)+len(s)+4)).to_bytes(1,'big') +
# b'\x02'+int(len(r)).to_bytes(1,'big') + r +
# b'\x02'+int(len(s)).to_bytes(1,'big') + s )
return sig
def _do_sign(self,msg,pv_key):
curve = pv_key.curve
B = curve.generator
n = curve.order
size = curve._coord_size()
a, A, prefix = EDDSA._get_materials(pv_key, self._hasher, self._hash_len)
eA = curve.encode_point(A)
#compute R
hasher = self._hasher()
if curve.name =='Ed448':
hasher.update(b'SigEd448\x00\x00')
hasher.update(prefix)
hasher.update(msg)
r = hasher.digest(self._hash_len)
elif curve.name =='Ed25519':
hasher.update(prefix)
hasher.update(msg)
r = hasher.digest()
else :
assert False, '%s not supported'%curve.name
r = int.from_bytes(r,'little')
r = r % n
R = r*B
eR = curve.encode_point(R)
#compute S
hasher = self._hasher()
if curve.name =='Ed448':
hasher.update(b'SigEd448\x00\x00')
hasher.update(eR)
hasher.update(eA)
hasher.update(msg)
H_eR_eA_m = hasher.digest(self._hash_len)
elif curve.name =='Ed25519':
hasher.update(eR)
hasher.update(eA)
hasher.update(msg)
H_eR_eA_m = hasher.digest()
else:
assert False, '%s not supported'%curve.name
i = int.from_bytes(H_eR_eA_m, 'little')
S = (r + i*a)%n
#S = S.to_bytes(size,'little')
#return eR+S
eR = int.from_bytes(eR,'little')
sig = encode_sig(eR,S,self.fmt,size)
return sig
def _do_sign(self, msg, pv_key, k):
if (pv_key.curve == None):
raise ECPyException('private key haz no curve')
curve = pv_key.curve
n = curve.order
G = curve.generator
size = curve.size >> 3
Q = G * k
hasher = self._hasher()
if self.option == "ISO":
xQ = (Q.x).to_bytes(size, 'big')
yQ = (Q.y).to_bytes(size, 'big')
hasher.update(xQ + yQ + msg)
r = hasher.digest()
r = int.from_bytes(r, 'big')
s = (k + r * pv_key.d) % n
if r == 0 or s == 0:
return None
elif self.option == "ISOx":
xQ = (Q.x).to_bytes(size, 'big')
hasher.update(xQ + msg)
r = hasher.digest()
r = int.from_bytes(r, 'big')
s = (k + r * pv_key.d) % n
if r == 0 or s == 0:
return None
elif self.option == "BSI":
xQ = Q.x.to_bytes(size, 'big')
hasher.update(msg + xQ)
r = hasher.digest()
r = int.from_bytes(r, 'big')
s = (k - r * pv_key.d) % n
if r == 0 or s == 0:
return None
elif self.option == "LIBSECP":
if Q.y & 1:
k = n - k
Q = G * k
r = (Q.x % n).to_bytes(size, 'big')
hasher.update(r + msg)
h = hasher.digest()
h = int.from_bytes(h, 'big')
r = Q.x % n
s = (k - h * pv_key.d) % n
return encode_sig(r, s, self.fmt)
def _do_sign(self, msg, pv_key, k, canonical=False):
if (pv_key.curve == None):
raise ECPyException('private key haz no curve')
curve = pv_key.curve
n = curve.order
G = curve.generator
k = k % n
# if "msg (hash) bit length" is greater that the "domain bit length",
# we only consider the left most "domain bit length" of message.
msg_len = len(msg) * 8
msg = int.from_bytes(msg, 'big')
if msg_len > curve.size:
msg = msg >> (msg_len - curve.size)
if n.bit_length() < msg.bit_length():
# msg is the 'n.bit_length()' leftmost bits of the received msg,
# leading zeroes included (if any).
mbyteslen = (msg.bit_length() + 7) // 8
msg = int(format(msg, f'0{8*mbyteslen}b')[:n.bit_length()], 2)
Q = G * k
if Q.is_infinity:
return None
kinv = pow(k, n - 2, n)
r = Q.x % n
if r == 0:
return None
s = (kinv * (msg + pv_key.d * r)) % n
if s == 0:
return None
if canonical and (s > (n // 2)):
s = n - s
sig = encode_sig(r, s, self.fmt)
# r = r.to_bytes((r.bit_length()+7)//8, 'big')
# s = s.to_bytes((s.bit_length()+7)//8, 'big')
# if (r[0] & 0x80) == 0x80 :
# r = b'\0'+r
# if (s[0] & 0x80) == 0x80 :
# s = b'\0'+s
# sig = (b'\x30'+int((len(r)+len(s)+4)).to_bytes(1,'big') +
# b'\x02'+int(len(r)).to_bytes(1,'big') + r +
# b'\x02'+int(len(s)).to_bytes(1,'big') + s )
return sig
def _do_sign(self, msg, pv_key):
curve = pv_key.curve
B = curve.generator
n = curve.order
size = curve.size >> 3
k = pv_key.d.to_bytes(size, 'big')
hasher = self._hasher()
hasher.update(k)
h = hasher.digest()
#retrieve encoded pub key
a = bytearray(h[size - 1::-1])
a[0] &= ~0x40
a[0] |= 0x40
a[31] &= 0xF8
a = bytes(a)
a = int.from_bytes(a, 'big')
A = a * B
eA = curve.encode_point(A)
#OK
#compute R
hasher = self._hasher()
hasher.update(h[size:] + msg)
r = hasher.digest()
r = int.from_bytes(r, 'little')
r = r % n
R = r * B
eR = curve.encode_point(R)
#compute S
hasher = self._hasher()
hasher.update(eR + eA + msg)
H_eR_eA_m = hasher.digest()
i = int.from_bytes(H_eR_eA_m, 'little')
S = (r + i * a) % n
#S = S.to_bytes(size,'little')
#return eR+S
eR = int.from_bytes(eR, 'little')
sig = encode_sig(eR, S, self.fmt, size)
return sig
def _do_sign(self, msg, pv_key, k, canonical=False):
if (pv_key.curve == None):
raise ECPyException('private key haz no curve')
curve = pv_key.curve
n = curve.order
G = curve.generator
k = k % n
msg = int.from_bytes(msg, 'big')
Q = G * k
kinv = pow(k, n - 2, n)
r = Q.x % n
if r == 0:
return None
s = (kinv * (msg + pv_key.d * r)) % n
if s == 0:
return None
if canonical and (s > (n // 2)):
s = n - s
return encode_sig(r, s, self.fmt)
def _do_sign(self, msg, pv_key, k):
if (pv_key.curve == None):
raise ECPyException('private key haz no curve')
curve = pv_key.curve
n = curve.order
G = curve.generator
size = (curve.size+7)//8
Q = G*k
hasher = self._hasher()
if self.option == "ISO":
xQ = (Q.x).to_bytes(size,'big')
yQ = (Q.y).to_bytes(size,'big')
hasher.update(xQ+yQ+msg)
r = hasher.digest()
r = int.from_bytes(r,'big')
if r % n == 0:
return None
s = (k+r*pv_key.d)%n
if s==0:
return None
elif self.option == "ISOx":
xQ = (Q.x).to_bytes(size,'big')
hasher.update(xQ+msg)
r = hasher.digest()
r = int.from_bytes(r,'big')
if r % n == 0:
return None
s = (k+r*pv_key.d)%n
if s==0:
return None
elif self.option == "BSI":
xQ = Q.x.to_bytes(size,'big')
hasher.update(msg+xQ)
r = hasher.digest()
r = int.from_bytes(r,'big')
if r%n == 0:
return None
s = (k-r*pv_key.d)%n
if s==0:
return None
elif self.option == "LIBSECP":
if Q.y & 1:
k = n-k
Q = G*k
r = (Q.x%n).to_bytes(size,'big')
hasher.update(r+msg)
h = hasher.digest()
h = int.from_bytes(h,'big')
if h > n:
return None
r = Q.x % n
s = (k - h*pv_key.d)%n
elif self.option == "Z":
if Q.y & 1:
xQ = b'\x03'+Q.x.to_bytes(size,'big')
else :
xQ = b'\x02'+Q.x.to_bytes(size,'big')
pu_key = pv_key.get_public_key()
if pu_key.W.y & 1:
xPub = b'\x03'+pu_key.W.x.to_bytes(size,'big')
else :
xPub = b'\x02'+pu_key.W.x.to_bytes(size,'big')
hasher.update(xQ+xPub+msg)
r = hasher.digest()
r = int.from_bytes(r,'big') % n
if r % n == 0:
return None
s = (k - r*pv_key.d) %n
if s==0:
return None
return encode_sig(r, s, self.fmt)
f.write("Public key - x: " + str(QA.x)+"\n")
f.write("Public key - y: " + str(QA.y)+"\n")
f.write("Signature - r: " + str(r)+"\n")
f.write("Signature - s: " + str(s)+"\n")
f.close()
f = open("deneme.txt", "r")
x1 = int(f.readline()[16:-1])
y1 = int(f.readline()[16:-1])
r1 = int(f.readline()[15:-1])
s1 = int(f.readline()[15:-1])
f.close()
verifier = ECDSA()
pk1 = ECPublicKey(Point(x1, y1, curve))
sig1 = encode_sig(r1, s1)
message = b'Anything goes here'
try:
assert(verifier.verify(message,sig1, pk1))
print("Signature verifies")
except:
print("Signature does not verify")
message = b'Anything goes heree'
try:
assert(verifier.verify(message,sig1, pk1))
print("Signature verifies")
except:
print("Signature does not verify")
def _do_sign(self, msg, pv_key, k):
if (pv_key.curve == None):
raise ECPyException('private key has no curve')
curve = pv_key.curve
n = curve.order
G = curve.generator
size = curve.size >> 3
Q = G * k
hasher = self._hasher()
if self.option == "ISO":
xQ = (Q.x).to_bytes(size, 'big')
yQ = (Q.y).to_bytes(size, 'big')
hasher.update(xQ + yQ + msg)
r = hasher.digest()
r = int.from_bytes(r, 'big')
s = (k + r * pv_key.d) % n
if r == 0 or s == 0:
return None
elif self.option == "ISOx":
xQ = (Q.x).to_bytes(size, 'big')
hasher.update(xQ + msg)
r = hasher.digest()
r = int.from_bytes(r, 'big')
s = (k + r * pv_key.d) % n
if r == 0 or s == 0:
return None
elif self.option == "BSI":
xQ = Q.x.to_bytes(size, 'big')
hasher.update(msg + xQ)
r = hasher.digest()
r = int.from_bytes(r, 'big')
s = (k - r * pv_key.d) % n
if r == 0 or s == 0:
return None
elif self.option == "LIBSECP":
if Q.y & 1:
k = n - k
Q = G * k
r = (Q.x % n).to_bytes(size, 'big')
hasher.update(r + msg)
h = hasher.digest()
h = int.from_bytes(h, 'big')
r = Q.x % n
s = (k - h * pv_key.d) % n
elif self.option == "Z":
if Q.y & 1:
xQ = b'\x03' + Q.x.to_bytes(size, 'big')
else:
xQ = b'\x02' + Q.x.to_bytes(size, 'big')
pu_key = pv_key.get_public_key()
if pu_key.W.y & 1:
xPub = b'\x03' + pu_key.W.x.to_bytes(size, 'big')
else:
xPub = b'\x02' + pu_key.W.x.to_bytes(size, 'big')
hasher.update(xQ + xPub + msg)
r = hasher.digest()
r = int.from_bytes(r, 'big') % n
s = (k - r * pv_key.d) % n
if r == 0 or s == 0:
return None
# https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki
elif self.option == "SECP256K1":
# R = Q...
# Let k = k' if jacobi(y(R)) = 1, otherwise let k = n - k'
k = k if _jacobi(Q.y, pv_key.curve.field) == 1 else n - k
# Let P = d'G
P = G * pv_key.d
# Let e = int(hash(bytes(R) || bytes(P) || m)) mod n
e = int.from_bytes(
self._hasher(Q.x.to_bytes(size, "big") + P.serialize() +
msg).digest(), "big") % n
# The signature is bytes(R) || bytes((k + ed) mod n)
r = Q.x % n
s = (k + e * pv_key.d) % n
return encode_sig(r, s, self.fmt,
0 if self.fmt not in ["RAW", "EDDSA"] else size)
