Esempio n. 1
0
 def verify(self):
     x, y = DEREncoder.decode_signature(base64.b64decode(self.sender))
     public_key = Point(x, y, Transaction._curve)
     r, s = DEREncoder.decode_signature(base64.b64decode(self.signature))
     return ecdsa.verify((r, s),
                         self.data,
                         public_key,
                         curve=Transaction._curve)
Esempio n. 2
0
def convert_der_sig(signature, as_hex=True):
    """
    Extract content from DER encoded string: Convert DER encoded signature to signature string.

    :param signature: DER signature
    :type signature: bytes
    :param as_hex: Output as hexstring
    :type as_hex: bool

    :return bytes, str: Signature
    """

    if not signature:
        return ""
    if USE_FASTECDSA:
        r, s = DEREncoder.decode_signature(bytes(signature))
    else:
        sg, junk = ecdsa.der.remove_sequence(signature)
        if junk != b'':
            raise EncodingError("Junk found in encoding sequence %s" % junk)
        r, sg = ecdsa.der.remove_integer(sg)
        s, sg = ecdsa.der.remove_integer(sg)
    sig = '%064x%064x' % (r, s)
    if as_hex:
        return sig
    else:
        return binascii.unhexlify(sig)
Esempio n. 3
0
    def verifyVote(self, privateKey):
        if (self.signature == "" or len(self.signature) == 0):
            return False

        r, s = ecdsa.sign(self.voteHash,
                          privateKey,
                          curve=curve.secp256k1,
                          hashfunc=hl.sha256)
        decoded_r, decoded_s = DEREncoder.decode_signature(self.signature)

        # Se os parâmetros são diferentes, a assinatura é inválida
        if (r != decoded_r or s != decoded_s):
            return False

        # Verifica a assinatura
        valid = ecdsa.verify((r, s),
                             self.voteHash,
                             self.voter,
                             curve=curve.secp256k1,
                             hashfunc=hl.sha256)

        if (not valid):
            return False

        return True
Esempio n. 4
0
    def test_encode_decode_all_curves(self):
        for curve in CURVES:
            d = randint(1, curve.q)
            Q = d * curve.G
            r, s = sign("sign me", d, curve=curve)

            encoded = DEREncoder.encode_signature(r, s)
            decoded_r, decoded_s = DEREncoder.decode_signature(encoded)

            self.assertEqual(decoded_r, r)
            self.assertEqual(decoded_s, s)
Esempio n. 5
0
def verify(
    verifying_key: VerifyingKey,
    message_digest_bytes: bytes,
    signature_bytes: bytes,
) -> bool:
    r, s = DEREncoder.decode_signature(signature_bytes)
    return ecdsa.verify(
        (r, s),
        message_digest_bytes,
        verifying_key,
        curve=curve.secp256k1,
        hashfunc=IdentityHash,
    )
Esempio n. 6
0
    def _test_runner(self, tests, curve, hashfunc):
        for test_group in tests:
            keybytes = unhexlify(test_group["key"]["uncompressed"])
            public_key = SEC1Encoder.decode_public_key(keybytes, curve)

            for test in test_group["tests"]:
                try:
                    message = unhexlify(test["msg"])
                    sigbytes = unhexlify(test["sig"])
                    signature = DEREncoder.decode_signature(sigbytes)
                    expected = test["result"] == "valid"

                    result = verify(signature, message, public_key, curve, hashfunc)
                    self.assertEqual(result, expected, test)
                except:
                    self.assertFalse(test["result"] == "valid", test)
Esempio n. 7
0
def verify_correctness():
    clientDataJSON_hash = os.urandom(32)
    primary_authnr = Authenticator()
    backup_authnr = Authenticator()

    # Create a credential with the primary authenticator
    basic_make_credential(primary_authnr, clientDataJSON_hash)
    allowList = [{
        'type': 'public-key',
        'id': i
    } for i in primary_authnr._credentials.keys()]

    # Transfer recovery seed from backup authenticator to primary
    primary_authnr.import_recovery_seed(backup_authnr.export_recovery_seed([0
                                                                            ]))

    # Generate a recovery credential with the primary authenticator
    recovery_creds = ctap2.AuthenticatorData(
        cbor.decode(
            generate_backups_get_assertion(
                primary_authnr, clientDataJSON_hash,
                allowList))[2]).extensions['recovery']['creds']
    recovery_pubkey = cose_key_to_point(
        ctap2.AttestedCredentialData(recovery_creds[0]).public_key)
    recovery_allowCredentials = [{
        'id': ctap2.AttestedCredentialData(cred).credential_id,
        'type': 'public-key'
    } for cred in recovery_creds]

    # Perform recovery registration with backup authenticator
    attObj_bytes = recovery_make_credential(backup_authnr, clientDataJSON_hash,
                                            recovery_allowCredentials)
    att_obj = ctap2.AttestationObject(attObj_bytes)

    # Verify that backup authenticator returns the correct recovery credential ID
    recovery_cred_id = att_obj.auth_data.extensions['recovery']['credId']
    assert recovery_cred_id == ctap2.AttestedCredentialData(
        recovery_creds[0]).credential_id

    # Verify that backup authenticator returns a valid recovery signature
    auth_data_without_extensions = att_obj.auth_data[:37 +
                                                     len(att_obj.auth_data.
                                                         credential_data)]
    recovery_sig = att_obj.auth_data.extensions['recovery']['sig']
    assert ecdsa.verify(DEREncoder.decode_signature(recovery_sig),
                        auth_data_without_extensions + clientDataJSON_hash,
                        recovery_pubkey)
Esempio n. 8
0
    def __validate_fastecdsa_signature(self, verification_string, signature,
                                       charset):
        """Return True if signature is valid, using FastEDSA algorithms."""
        ecdsa_public_key = PEMEncoder.decode_public_key(
            self.inflated_public_key)
        # signature_length = len(signature)
        r, s = DEREncoder.decode_signature(signature)
        # r_bytes, s_bytes = signature[:signature_length // 2], signature[signature_length // 2:signature_length]
        # r, s = int.from_bytes(r_bytes, 'big', signed=False), int.from_bytes(s_bytes, 'big', signed=False)
        signing_algorithm = self.signing_algorithm.upper()
        if ('SHA-' in signing_algorithm):
            signing_algorithm = signing_algorithm.replace('SHA-', 'SHA')
        if ('P-' in signing_algorithm):
            signing_algorithm = signing_algorithm.replace('P-', 'P')
        if signing_algorithm == self.SIGNING_ALGORITHM_ECDSA_P256:
            curve_algorithm = curve.P256
        elif signing_algorithm == self.SIGNING_ALGORITHM_ECDSA_P384:
            curve_algorithm = curve.P384
        elif signing_algorithm == self.SIGNING_ALGORITHM_ECDSA_P521:
            curve_algorithm = curve.P2521
        elif signing_algorithm == self.SIGNING_ALGORITHM_ECDSA_CURVE25519:
            curve_algorithm = curve.W25519
        else:
            raise UnsupportedAlgorithmException(self.signing_algorithm)
        hashing_algorithm = self.hashing_algorithm.upper().replace('-', '')
        if hashing_algorithm == self.HASHING_ALGORITHM_SHA256:
            hash_function = hashlib.sha256
        elif hashing_algorithm == self.HASHING_ALGORITHM_SHA512:
            hash_function = hashlib.sha512
        else:
            raise UnsupportedAlgorithmException(self.hashing_algorithm)

        is_valid = False
        try:
            ecdsa.verify((r, s),
                         signature,
                         ecdsa_public_key,
                         curve=curve_algorithm,
                         hashfunc=hash_function)
            is_valid = True
        except ecdsa.EcdsaError:
            is_valid = False
        return is_valid
Esempio n. 9
0
    def makecredential_process_recovery_extension(
            self,
            authData,
            clientDataHash,
            extension_output,
    ):
        action = extension_output['action']

        if action == 'state':
            pass
        elif action == 'recover':
            authData_without_extensions = authData
            pubkey_cose = self._recovery_credentials[
                extension_output['credId']
            ].public_key
            pubkey = cose_key_to_point(pubkey_cose)
            assert ecdsa.verify(
                DEREncoder.decode_signature(extension_output['sig']),
                authData_without_extensions + clientDataHash,
                pubkey,
                hashfunc=hashlib.sha256
            )
        else:
            raise UnknownAction()
Esempio n. 10
0
    def test_decode_signature(self):
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"")  # length too short
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x31\x06\x02\x01\x01\x02\x01\x02")  # invalid SEQUENCE marker
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x07\x02\x01\x01\x02\x01\x02"
                                        )  # invalid length (too short)
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x05\x02\x01\x01\x02\x01\x02"
                                        )  # invalid length (too long)
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x03\x01\x02\x01\x02")  # invalid length of r
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x01\x01\x02\x03\x02")  # invalid length of s
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x06\x03\x01\x01\x02\x01\x02"
                                        )  # invalid INTEGER marker for r
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x00\x02\x01\x02")  # length of r is 0
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x01\x81\x02\x01\x02")  # value of r is negative
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x07\x02\x02\x00\x01\x02\x01\x02"
                                        )  # value of r starts with a zero byte
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x06\x02\x01\x01\x03\x01\x02"
                                        )  # invalid INTEGER marker for s
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x01\x01\x02\x00")  # value of s is 0
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(
                b"\x30\x06\x02\x01\x01\x02\x01\x81")  # value of s is negative
        with self.assertRaises(InvalidDerSignature):
            DEREncoder.decode_signature(b"\x30\x07\x02\x01\x01\x02\x02\x00\x02"
                                        )  # value of s starts with a zero byte

        self.assertEqual(
            DEREncoder.decode_signature(b"\x30\x06\x02\x01\x01\x02\x01\x02"),
            (1, 2))
        self.assertEqual(
            DEREncoder.decode_signature(
                b"0\x08\x02\x02\x00\x80\x02\x02\x00\x80"),
            (128, 128))  # verify zero bytes
        self.assertEqual(
            DEREncoder.decode_signature(
                b"0\x08\x02\x02\x03\xE8\x02\x02\x03\xE8"),
            (1000, 1000))  # verify byte order
Esempio n. 11
0
 def verify(signature, message_bytes: str, public_key: Point):
     r, s = DEREncoder.decode_signature(bytes.fromhex(signature))
     return ecdsa.verify((r, s),
                         message_bytes,
                         public_key,
                         curve=public_key.curve)