def test_lengths(self):
default = NIST192p
priv = SigningKey.generate()
pub = priv.get_verifying_key()
self.failUnlessEqual(len(pub.to_string()), default.verifying_key_length)
sig = priv.sign("data")
self.failUnlessEqual(len(sig), default.signature_length)
if BENCH:
print
for curve in (NIST192p, NIST224p, NIST256p, NIST384p, NIST521p):
start = time.time()
priv = SigningKey.generate(curve=curve)
pub1 = priv.get_verifying_key()
keygen_time = time.time() - start
pub2 = VerifyingKey.from_string(pub1.to_string(), curve)
self.failUnlessEqual(pub1.to_string(), pub2.to_string())
self.failUnlessEqual(len(pub1.to_string()),
curve.verifying_key_length)
start = time.time()
sig = priv.sign("data")
sign_time = time.time() - start
self.failUnlessEqual(len(sig), curve.signature_length)
if BENCH:
start = time.time()
pub1.verify(sig, "data")
verify_time = time.time() - start
print "%s: siglen=%d, keygen=%0.3fs, sign=%0.3f, verify=%0.3f" \
% (curve.name, curve.signature_length,
keygen_time, sign_time, verify_time)
def test_lengths(self):
default = NIST192p
priv = SigningKey.generate()
pub = priv.get_verifying_key()
self.assertEqual(len(pub.to_string()), default.verifying_key_length)
sig = priv.sign(b("data"))
self.assertEqual(len(sig), default.signature_length)
if BENCH:
print_()
for curve in (NIST192p, NIST224p, NIST256p, NIST384p, NIST521p):
start = time.time()
priv = SigningKey.generate(curve=curve)
pub1 = priv.get_verifying_key()
keygen_time = time.time() - start
pub2 = VerifyingKey.from_string(pub1.to_string(), curve)
self.assertEqual(pub1.to_string(), pub2.to_string())
self.assertEqual(len(pub1.to_string()), curve.verifying_key_length)
start = time.time()
sig = priv.sign(b("data"))
sign_time = time.time() - start
self.assertEqual(len(sig), curve.signature_length)
if BENCH:
start = time.time()
pub1.verify(sig, b("data"))
verify_time = time.time() - start
print_("%s: siglen=%d, keygen=%0.3fs, sign=%0.3f, verify=%0.3f" \
% (curve.name, curve.signature_length,
keygen_time, sign_time, verify_time))
def do_test_to_openssl(self, curve, curvename):
# Python: create sk, vk, sign.
# OpenSSL: read vk(4), checksig(6), read sk(2), sign, check
mdarg = self.get_openssl_messagedigest_arg()
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
sk = SigningKey.generate(curve=curve)
vk = sk.get_verifying_key()
data = "data"
open("t/pubkey.der", "wb").write(vk.to_der()) # 4
open("t/pubkey.pem", "wb").write(vk.to_pem()) # 4
sig_der = sk.sign(data, hashfunc=sha1, sigencode=sigencode_der)
open("t/data.sig", "wb").write(sig_der) # 6
open("t/data.txt", "wb").write(data)
open("t/baddata.txt", "wb").write(data + "corrupt")
self.failUnlessRaises(
SubprocessError,
run_openssl,
"dgst %s -verify t/pubkey.der -keyform DER -signature t/data.sig t/baddata.txt" % mdarg,
)
run_openssl("dgst %s -verify t/pubkey.der -keyform DER -signature t/data.sig t/data.txt" % mdarg)
open("t/privkey.pem", "wb").write(sk.to_pem()) # 2
run_openssl("dgst %s -sign t/privkey.pem -out t/data.sig2 t/data.txt" % mdarg)
run_openssl("dgst %s -verify t/pubkey.pem -signature t/data.sig2 t/data.txt" % mdarg)
def do_test_to_openssl(self, curve, curvename):
# Python: create sk, vk, sign.
# OpenSSL: read vk(4), checksig(6), read sk(2), sign, check
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
sk = SigningKey.generate(curve=curve)
vk = sk.get_verifying_key()
data = "data"
open("t/pubkey.der", "wb").write(vk.to_der()) # 4
open("t/pubkey.pem", "wb").write(vk.to_pem()) # 4
sig_der = sk.sign(data, hashfunc=sha1, sigencode=sigencode_der)
open("t/data.sig", "wb").write(sig_der) # 6
open("t/data.txt", "wb").write(data)
open("t/baddata.txt", "wb").write(data + "corrupt")
self.failUnlessRaises(
SubprocessError, run,
"openssl dgst -ecdsa-with-SHA1 -verify t/pubkey.der -keyform DER -signature t/data.sig t/baddata.txt"
)
run("openssl dgst -ecdsa-with-SHA1 -verify t/pubkey.der -keyform DER -signature t/data.sig t/data.txt"
)
open("t/privkey.pem", "wb").write(sk.to_pem()) # 2
run("openssl dgst -ecdsa-with-SHA1 -sign t/privkey.pem -out t/data.sig2 t/data.txt"
)
run("openssl dgst -ecdsa-with-SHA1 -verify t/pubkey.pem -signature t/data.sig2 t/data.txt"
)
def do_test_from_openssl(self, curve, curvename):
# OpenSSL: create sk, vk, sign.
# Python: read vk(3), checksig(5), read sk(1), sign, check
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
run("openssl ecparam -name %s -genkey -out t/privkey.pem" % curvename)
run("openssl ec -in t/privkey.pem -pubout -out t/pubkey.pem")
data = "data"
open("t/data.txt", "wb").write(data)
run("openssl dgst -ecdsa-with-SHA1 -sign t/privkey.pem -out t/data.sig t/data.txt"
)
run("openssl dgst -ecdsa-with-SHA1 -verify t/pubkey.pem -signature t/data.sig t/data.txt"
)
pubkey_pem = open("t/pubkey.pem").read()
vk = VerifyingKey.from_pem(pubkey_pem) # 3
sig_der = open("t/data.sig", "rb").read()
self.failUnless(
vk.verify(
sig_der,
data, # 5
hashfunc=sha1,
sigdecode=sigdecode_der))
sk = SigningKey.from_pem(open("t/privkey.pem").read()) # 1
sig = sk.sign(data)
self.failUnless(vk.verify(sig, data))
def test_nonrandom(self):
s = "all the entropy in the entire world, compressed into one line"
def not_much_entropy(numbytes):
return s[:numbytes]
# we control the entropy source, these two keys should be identical:
priv1 = SigningKey.generate(entropy=not_much_entropy)
priv2 = SigningKey.generate(entropy=not_much_entropy)
self.failUnlessEqual(hexlify(priv1.get_verifying_key().to_string()),
hexlify(priv2.get_verifying_key().to_string()))
# likewise, signatures should be identical. Obviously you'd never
# want to do this with keys you care about, because the secrecy of
# the private key depends upon using different random numbers for
# each signature
sig1 = priv1.sign("data", entropy=not_much_entropy)
sig2 = priv2.sign("data", entropy=not_much_entropy)
self.failUnlessEqual(hexlify(sig1), hexlify(sig2))
def test_hashfunc(self):
sk = SigningKey.generate(curve=NIST256p, hashfunc=sha256)
data = "security level is 128 bits"
sig = sk.sign(data)
vk = VerifyingKey.from_string(sk.get_verifying_key().to_string(),
curve=NIST256p, hashfunc=sha256)
self.failUnless(vk.verify(sig, data))
sk2 = SigningKey.generate(curve=NIST256p)
sig2 = sk2.sign(data, hashfunc=sha256)
vk2 = VerifyingKey.from_string(sk2.get_verifying_key().to_string(),
curve=NIST256p, hashfunc=sha256)
self.failUnless(vk2.verify(sig2, data))
vk3 = VerifyingKey.from_string(sk.get_verifying_key().to_string(),
curve=NIST256p)
self.failUnless(vk3.verify(sig, data, hashfunc=sha256))
def test_privkey_creation(self):
s = b("all the entropy in the entire world, compressed into one line")
def not_much_entropy(numbytes):
return s[:numbytes]
priv1 = SigningKey.generate()
self.assertEqual(priv1.baselen, NIST192p.baselen)
priv1 = SigningKey.generate(curve=NIST224p)
self.assertEqual(priv1.baselen, NIST224p.baselen)
priv1 = SigningKey.generate(entropy=not_much_entropy)
self.assertEqual(priv1.baselen, NIST192p.baselen)
priv2 = SigningKey.generate(entropy=not_much_entropy)
self.assertEqual(priv2.baselen, NIST192p.baselen)
self.assertTruePrivkeysEqual(priv1, priv2)
priv1 = SigningKey.from_secret_exponent(secexp=3)
self.assertEqual(priv1.baselen, NIST192p.baselen)
priv2 = SigningKey.from_secret_exponent(secexp=3)
self.assertTruePrivkeysEqual(priv1, priv2)
priv1 = SigningKey.from_secret_exponent(secexp=4, curve=NIST224p)
self.assertEqual(priv1.baselen, NIST224p.baselen)
def test_privkey_strings(self):
priv1 = SigningKey.generate()
s1 = priv1.to_string()
self.assertEqual(type(s1), binary_type)
self.assertEqual(len(s1), NIST192p.baselen)
priv2 = SigningKey.from_string(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
s1 = priv1.to_pem()
self.assertEqual(type(s1), binary_type)
self.assertTrue(s1.startswith(b("-----BEGIN EC PRIVATE KEY-----")))
self.assertTrue(s1.strip().endswith(b("-----END EC PRIVATE KEY-----")))
priv2 = SigningKey.from_pem(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
s1 = priv1.to_der()
self.assertEqual(type(s1), binary_type)
priv2 = SigningKey.from_der(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
priv1 = SigningKey.generate(curve=NIST256p)
s1 = priv1.to_pem()
self.assertEqual(type(s1), binary_type)
self.assertTrue(s1.startswith(b("-----BEGIN EC PRIVATE KEY-----")))
self.assertTrue(s1.strip().endswith(b("-----END EC PRIVATE KEY-----")))
priv2 = SigningKey.from_pem(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
s1 = priv1.to_der()
self.assertEqual(type(s1), binary_type)
priv2 = SigningKey.from_der(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
def test_privkey_strings(self):
priv1 = SigningKey.generate()
s1 = priv1.to_string()
self.failUnlessEqual(type(s1), str)
self.failUnlessEqual(len(s1), NIST192p.baselen)
priv2 = SigningKey.from_string(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
s1 = priv1.to_pem()
self.failUnlessEqual(type(s1), str)
self.failUnless(s1.startswith("-----BEGIN EC PRIVATE KEY-----"))
self.failUnless(s1.strip().endswith("-----END EC PRIVATE KEY-----"))
priv2 = SigningKey.from_pem(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
s1 = priv1.to_der()
self.failUnlessEqual(type(s1), str)
priv2 = SigningKey.from_der(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
priv1 = SigningKey.generate(curve=NIST256p)
s1 = priv1.to_pem()
self.failUnlessEqual(type(s1), str)
self.failUnless(s1.startswith("-----BEGIN EC PRIVATE KEY-----"))
self.failUnless(s1.strip().endswith("-----END EC PRIVATE KEY-----"))
priv2 = SigningKey.from_pem(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
s1 = priv1.to_der()
self.failUnlessEqual(type(s1), str)
priv2 = SigningKey.from_der(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
def test_privkey_creation(self):
s = "all the entropy in the entire world, compressed into one line"
def not_much_entropy(numbytes):
return s[:numbytes]
priv1 = SigningKey.generate()
self.failUnlessEqual(priv1.baselen, NIST192p.baselen)
priv1 = SigningKey.generate(curve=NIST224p)
self.failUnlessEqual(priv1.baselen, NIST224p.baselen)
priv1 = SigningKey.generate(entropy=not_much_entropy)
self.failUnlessEqual(priv1.baselen, NIST192p.baselen)
priv2 = SigningKey.generate(entropy=not_much_entropy)
self.failUnlessEqual(priv2.baselen, NIST192p.baselen)
self.failUnlessPrivkeysEqual(priv1, priv2)
priv1 = SigningKey.from_secret_exponent(secexp=3)
self.failUnlessEqual(priv1.baselen, NIST192p.baselen)
priv2 = SigningKey.from_secret_exponent(secexp=3)
self.failUnlessPrivkeysEqual(priv1, priv2)
priv1 = SigningKey.from_secret_exponent(secexp=4, curve=NIST224p)
self.failUnlessEqual(priv1.baselen, NIST224p.baselen)
def test_nonrandom(self):
s = b("all the entropy in the entire world, compressed into one line")
def not_much_entropy(numbytes):
return s[:numbytes]
# we control the entropy source, these two keys should be identical:
priv1 = SigningKey.generate(entropy=not_much_entropy)
priv2 = SigningKey.generate(entropy=not_much_entropy)
self.assertEqual(hexlify(priv1.get_verifying_key().to_string()),
hexlify(priv2.get_verifying_key().to_string()))
# likewise, signatures should be identical. Obviously you'd never
# want to do this with keys you care about, because the secrecy of
# the private key depends upon using different random numbers for
# each signature
sig1 = priv1.sign(b("data"), entropy=not_much_entropy)
sig2 = priv2.sign(b("data"), entropy=not_much_entropy)
self.assertEqual(hexlify(sig1), hexlify(sig2))
def test_pubkey_strings(self):
priv1 = SigningKey.generate()
pub1 = priv1.get_verifying_key()
s1 = pub1.to_string()
self.assertEqual(type(s1), binary_type)
self.assertEqual(len(s1), NIST192p.verifying_key_length)
pub2 = VerifyingKey.from_string(s1)
self.assertTruePubkeysEqual(pub1, pub2)
priv1 = SigningKey.generate(curve=NIST256p)
pub1 = priv1.get_verifying_key()
s1 = pub1.to_string()
self.assertEqual(type(s1), binary_type)
self.assertEqual(len(s1), NIST256p.verifying_key_length)
pub2 = VerifyingKey.from_string(s1, curve=NIST256p)
self.assertTruePubkeysEqual(pub1, pub2)
pub1_der = pub1.to_der()
self.assertEqual(type(pub1_der), binary_type)
pub2 = VerifyingKey.from_der(pub1_der)
self.assertTruePubkeysEqual(pub1, pub2)
self.assertRaises(der.UnexpectedDER, VerifyingKey.from_der,
pub1_der + b("junk"))
badpub = VerifyingKey.from_der(pub1_der)
class FakeGenerator:
def order(self):
return 123456789
badcurve = Curve("unknown", None, FakeGenerator(), (1, 2, 3, 4, 5, 6),
None)
badpub.curve = badcurve
badder = badpub.to_der()
self.assertRaises(UnknownCurveError, VerifyingKey.from_der, badder)
pem = pub1.to_pem()
self.assertEqual(type(pem), binary_type)
self.assertTrue(pem.startswith(b("-----BEGIN PUBLIC KEY-----")), pem)
self.assertTrue(pem.strip().endswith(b("-----END PUBLIC KEY-----")),
pem)
pub2 = VerifyingKey.from_pem(pem)
self.assertTruePubkeysEqual(pub1, pub2)
def test_hashfunc(self):
sk = SigningKey.generate(curve=NIST256p, hashfunc=sha256)
data = b("security level is 128 bits")
sig = sk.sign(data)
vk = VerifyingKey.from_string(sk.get_verifying_key().to_string(),
curve=NIST256p,
hashfunc=sha256)
self.assertTrue(vk.verify(sig, data))
sk2 = SigningKey.generate(curve=NIST256p)
sig2 = sk2.sign(data, hashfunc=sha256)
vk2 = VerifyingKey.from_string(sk2.get_verifying_key().to_string(),
curve=NIST256p,
hashfunc=sha256)
self.assertTrue(vk2.verify(sig2, data))
vk3 = VerifyingKey.from_string(sk.get_verifying_key().to_string(),
curve=NIST256p)
self.assertTrue(vk3.verify(sig, data, hashfunc=sha256))
def test_serialize(self):
seed = "secret"
curve = NIST192p
secexp1 = util.randrange_from_seed__trytryagain(seed, curve.order)
secexp2 = util.randrange_from_seed__trytryagain(seed, curve.order)
self.failUnlessEqual(secexp1, secexp2)
priv1 = SigningKey.from_secret_exponent(secexp1, curve)
priv2 = SigningKey.from_secret_exponent(secexp2, curve)
self.failUnlessEqual(hexlify(priv1.to_string()), hexlify(priv2.to_string()))
self.failUnlessEqual(priv1.to_pem(), priv2.to_pem())
pub1 = priv1.get_verifying_key()
pub2 = priv2.get_verifying_key()
data = "data"
sig1 = priv1.sign(data)
sig2 = priv2.sign(data)
self.failUnless(pub1.verify(sig1, data))
self.failUnless(pub2.verify(sig1, data))
self.failUnless(pub1.verify(sig2, data))
self.failUnless(pub2.verify(sig2, data))
self.failUnlessEqual(hexlify(pub1.to_string()), hexlify(pub2.to_string()))
def test_basic(self):
priv = SigningKey.generate()
pub = priv.get_verifying_key()
data = "blahblah"
sig = priv.sign(data)
self.failUnless(pub.verify(sig, data))
self.failUnlessRaises(BadSignatureError, pub.verify, sig, data + "bad")
pub2 = VerifyingKey.from_string(pub.to_string())
self.failUnless(pub2.verify(sig, data))
def test_basic(self):
priv = SigningKey.generate()
pub = priv.get_verifying_key()
data = "blahblah"
sig = priv.sign(data)
self.failUnless(pub.verify(sig, data))
self.failUnlessRaises(BadSignatureError, pub.verify, sig, data+"bad")
pub2 = VerifyingKey.from_string(pub.to_string())
self.failUnless(pub2.verify(sig, data))
def test_serialize(self):
seed = b("secret")
curve = NIST192p
secexp1 = util.randrange_from_seed__trytryagain(seed, curve.order)
secexp2 = util.randrange_from_seed__trytryagain(seed, curve.order)
self.assertEqual(secexp1, secexp2)
priv1 = SigningKey.from_secret_exponent(secexp1, curve)
priv2 = SigningKey.from_secret_exponent(secexp2, curve)
self.assertEqual(hexlify(priv1.to_string()),
hexlify(priv2.to_string()))
self.assertEqual(priv1.to_pem(), priv2.to_pem())
pub1 = priv1.get_verifying_key()
pub2 = priv2.get_verifying_key()
data = b("data")
sig1 = priv1.sign(data)
sig2 = priv2.sign(data)
self.assertTrue(pub1.verify(sig1, data))
self.assertTrue(pub2.verify(sig1, data))
self.assertTrue(pub1.verify(sig2, data))
self.assertTrue(pub2.verify(sig2, data))
self.assertEqual(hexlify(pub1.to_string()), hexlify(pub2.to_string()))
def test_basic(self):
priv = SigningKey.generate()
pub = priv.get_verifying_key()
data = b("blahblah")
sig = priv.sign(data)
self.assertTrue(pub.verify(sig, data))
self.assertRaises(BadSignatureError, pub.verify, sig, data + b("bad"))
pub2 = VerifyingKey.from_string(pub.to_string())
self.assertTrue(pub2.verify(sig, data))
def test_pubkey_strings(self):
priv1 = SigningKey.generate()
pub1 = priv1.get_verifying_key()
s1 = pub1.to_string()
self.failUnlessEqual(type(s1), str)
self.failUnlessEqual(len(s1), NIST192p.verifying_key_length)
pub2 = VerifyingKey.from_string(s1)
self.failUnlessPubkeysEqual(pub1, pub2)
priv1 = SigningKey.generate(curve=NIST256p)
pub1 = priv1.get_verifying_key()
s1 = pub1.to_string()
self.failUnlessEqual(type(s1), str)
self.failUnlessEqual(len(s1), NIST256p.verifying_key_length)
pub2 = VerifyingKey.from_string(s1, curve=NIST256p)
self.failUnlessPubkeysEqual(pub1, pub2)
pub1_der = pub1.to_der()
self.failUnlessEqual(type(pub1_der), str)
pub2 = VerifyingKey.from_der(pub1_der)
self.failUnlessPubkeysEqual(pub1, pub2)
self.failUnlessRaises(der.UnexpectedDER, VerifyingKey.from_der, pub1_der + "junk")
badpub = VerifyingKey.from_der(pub1_der)
class FakeGenerator:
def order(self):
return 123456789
badcurve = Curve("unknown", None, FakeGenerator(), (1, 2, 3, 4, 5, 6))
badpub.curve = badcurve
badder = badpub.to_der()
self.failUnlessRaises(UnknownCurveError, VerifyingKey.from_der, badder)
pem = pub1.to_pem()
self.failUnlessEqual(type(pem), str)
self.failUnless(pem.startswith("-----BEGIN PUBLIC KEY-----"), pem)
self.failUnless(pem.strip().endswith("-----END PUBLIC KEY-----"), pem)
pub2 = VerifyingKey.from_pem(pem)
self.failUnlessPubkeysEqual(pub1, pub2)
def test_deterministic_signatures(curve,
privateKey,
msg,
expectedK,
expectedR=None,
expectedS=None,
expectedDER=None,
hashfunc=sha256,
ensure_low_s_according_to_bip62=True):
msg = msg.encode('utf-8')
privateKey = int(privateKey, 16)
signing_key = SigningKey.from_secret_exponent(privateKey, curve)
(k, der) = signing_key.sign_deterministic(
msg,
hashfunc=hashfunc,
sigencode=sigencode_der,
ensure_low_s_according_to_bip62=ensure_low_s_according_to_bip62)
kHex = format(k, 'x')
assert kHex == expectedK, "Deterministic K mismatch, expected {}, but got {}".format(
expectedK, kHex)
r, s = sigdecode_der(der, curve.order)
rHex = format(r, 'x')
sHex = format(s, 'x')
derHex = binascii.hexlify(der).decode("utf-8")
# print("k: {}, expected: {}".format(kHex, expectedK))
# print("r: {}".format(rHex, expectedR))
# print("s: {}".format(sHex, expectedS))
# print("der: {}".format(derHex, expectedDER))
if expectedDER != None:
assert derHex == expectedDER, "Signature mismatch, expected {}, but got {}".format(
expectedDER, derHex)
if expectedR != None:
assert rHex == expectedR, "Signature R mismatch, expected {}, but got {}".format(
expectedR, rHex)
if expectedS != None:
assert sHex == expectedS, "Signature S mismatch, expected {}, but got {}".format(
expectedS, SHex)
def do_test_from_openssl(self, curve, curvename):
# OpenSSL: create sk, vk, sign.
# Python: read vk(3), checksig(5), read sk(1), sign, check
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
run("openssl ecparam -name %s -genkey -out t/privkey.pem" % curvename)
run("openssl ec -in t/privkey.pem -pubout -out t/pubkey.pem")
data = "data"
open("t/data.txt","wb").write(data)
run("openssl dgst -ecdsa-with-SHA1 -sign t/privkey.pem -out t/data.sig t/data.txt")
run("openssl dgst -ecdsa-with-SHA1 -verify t/pubkey.pem -signature t/data.sig t/data.txt")
pubkey_pem = open("t/pubkey.pem").read()
vk = VerifyingKey.from_pem(pubkey_pem) # 3
sig_der = open("t/data.sig","rb").read()
self.failUnless(vk.verify(sig_der, data, # 5
hashfunc=sha1, sigdecode=sigdecode_der))
sk = SigningKey.from_pem(open("t/privkey.pem").read()) # 1
sig = sk.sign(data)
self.failUnless(vk.verify(sig, data))
def test_deterministic(self):
data = b("blahblah")
secexp = int("9d0219792467d7d37b4d43298a7d0c05", 16)
priv = SigningKey.from_secret_exponent(secexp, SECP256k1, sha256)
pub = priv.get_verifying_key()
k = rfc6979.generate_k(SECP256k1.generator.order(), secexp, sha256,
sha256(data).digest())
sig1 = priv.sign(data, k=k)
self.assertTrue(pub.verify(sig1, data))
sig2 = priv.sign(data, k=k)
self.assertTrue(pub.verify(sig2, data))
sig3 = priv.sign_deterministic(data, sha256)
self.assertTrue(pub.verify(sig3, data))
self.assertEqual(sig1, sig2)
self.assertEqual(sig1, sig3)
def do_test_to_openssl(self, curve):
curvename = curve.openssl_name
assert curvename
# Python: create sk, vk, sign.
# OpenSSL: read vk(4), checksig(6), read sk(2), sign, check
mdarg = self.get_openssl_messagedigest_arg()
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
sk = SigningKey.generate(curve=curve)
vk = sk.get_verifying_key()
data = b("data")
with open("t/pubkey.der", "wb") as e:
e.write(vk.to_der()) # 4
with open("t/pubkey.pem", "wb") as e:
e.write(vk.to_pem()) # 4
sig_der = sk.sign(data, hashfunc=sha1, sigencode=sigencode_der)
with open("t/data.sig", "wb") as e:
e.write(sig_der) # 6
with open("t/data.txt", "wb") as e:
e.write(data)
with open("t/baddata.txt", "wb") as e:
e.write(data + b("corrupt"))
self.assertRaises(
SubprocessError, run_openssl,
"dgst %s -verify t/pubkey.der -keyform DER -signature t/data.sig t/baddata.txt"
% mdarg)
run_openssl(
"dgst %s -verify t/pubkey.der -keyform DER -signature t/data.sig t/data.txt"
% mdarg)
with open("t/privkey.pem", "wb") as e:
e.write(sk.to_pem()) # 2
run_openssl("dgst %s -sign t/privkey.pem -out t/data.sig2 t/data.txt" %
mdarg)
run_openssl(
"dgst %s -verify t/pubkey.pem -signature t/data.sig2 t/data.txt" %
mdarg)
def test_signature_strings(self):
priv1 = SigningKey.generate()
pub1 = priv1.get_verifying_key()
data = "data"
sig = priv1.sign(data)
self.failUnlessEqual(type(sig), str)
self.failUnlessEqual(len(sig), NIST192p.signature_length)
self.failUnless(pub1.verify(sig, data))
sig = priv1.sign(data, sigencode=sigencode_strings)
self.failUnlessEqual(type(sig), tuple)
self.failUnlessEqual(len(sig), 2)
self.failUnlessEqual(type(sig[0]), str)
self.failUnlessEqual(type(sig[1]), str)
self.failUnlessEqual(len(sig[0]), NIST192p.baselen)
self.failUnlessEqual(len(sig[1]), NIST192p.baselen)
self.failUnless(pub1.verify(sig, data, sigdecode=sigdecode_strings))
sig_der = priv1.sign(data, sigencode=sigencode_der)
self.failUnlessEqual(type(sig_der), str)
self.failUnless(pub1.verify(sig_der, data, sigdecode=sigdecode_der))
def test_signature_strings(self):
priv1 = SigningKey.generate()
pub1 = priv1.get_verifying_key()
data = b("data")
sig = priv1.sign(data)
self.assertEqual(type(sig), binary_type)
self.assertEqual(len(sig), NIST192p.signature_length)
self.assertTrue(pub1.verify(sig, data))
sig = priv1.sign(data, sigencode=sigencode_strings)
self.assertEqual(type(sig), tuple)
self.assertEqual(len(sig), 2)
self.assertEqual(type(sig[0]), binary_type)
self.assertEqual(type(sig[1]), binary_type)
self.assertEqual(len(sig[0]), NIST192p.baselen)
self.assertEqual(len(sig[1]), NIST192p.baselen)
self.assertTrue(pub1.verify(sig, data, sigdecode=sigdecode_strings))
sig_der = priv1.sign(data, sigencode=sigencode_der)
self.assertEqual(type(sig_der), binary_type)
self.assertTrue(pub1.verify(sig_der, data, sigdecode=sigdecode_der))
def test_signature_strings(self):
priv1 = SigningKey.generate()
pub1 = priv1.get_verifying_key()
data = "data"
sig = priv1.sign(data)
self.failUnlessEqual(type(sig), str)
self.failUnlessEqual(len(sig), NIST192p.signature_length)
self.failUnless(pub1.verify(sig, data))
sig = priv1.sign(data, sigencode=sigencode_strings)
self.failUnlessEqual(type(sig), tuple)
self.failUnlessEqual(len(sig), 2)
self.failUnlessEqual(type(sig[0]), str)
self.failUnlessEqual(type(sig[1]), str)
self.failUnlessEqual(len(sig[0]), NIST192p.baselen)
self.failUnlessEqual(len(sig[1]), NIST192p.baselen)
self.failUnless(pub1.verify(sig, data, sigdecode=sigdecode_strings))
sig_der = priv1.sign(data, sigencode=sigencode_der)
self.failUnlessEqual(type(sig_der), str)
self.failUnless(pub1.verify(sig_der, data, sigdecode=sigdecode_der))
def do_test_from_openssl(self, curve):
curvename = curve.openssl_name
assert curvename
# OpenSSL: create sk, vk, sign.
# Python: read vk(3), checksig(5), read sk(1), sign, check
mdarg = self.get_openssl_messagedigest_arg()
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
run_openssl("ecparam -name %s -genkey -out t/privkey.pem" % curvename)
run_openssl("ec -in t/privkey.pem -pubout -out t/pubkey.pem")
data = b("data")
with open("t/data.txt", "wb") as e:
e.write(data)
run_openssl("dgst %s -sign t/privkey.pem -out t/data.sig t/data.txt" %
mdarg)
run_openssl(
"dgst %s -verify t/pubkey.pem -signature t/data.sig t/data.txt" %
mdarg)
with open("t/pubkey.pem", "rb") as e:
pubkey_pem = e.read()
vk = VerifyingKey.from_pem(pubkey_pem) # 3
with open("t/data.sig", "rb") as e:
sig_der = e.read()
self.assertTrue(
vk.verify(
sig_der,
data, # 5
hashfunc=sha1,
sigdecode=sigdecode_der))
with open("t/privkey.pem") as e:
fp = e.read()
sk = SigningKey.from_pem(fp) # 1
sig = sk.sign(data)
self.assertTrue(vk.verify(sig, data))