def test_verify(testerchain, signature_verifier): message = os.urandom(100) # Generate Umbral key umbral_privkey = SecretKey.random() umbral_pubkey = umbral_privkey.public_key() umbral_pubkey_bytes = pubkey_as_uncompressed_bytes(umbral_pubkey) # Sign message using SHA-256 hash signer = Signer(umbral_privkey) signature = signer.sign(message) # Get recovery id (v) before using contract v = get_signature_recovery_value(message, signature, umbral_pubkey) recoverable_signature = bytes(signature) + v # Verify signature assert signature_verifier.functions.verify(message, recoverable_signature, umbral_pubkey_bytes, ALGORITHM_SHA256).call() # Verify signature using wrong key umbral_privkey = SecretKey.random() umbral_pubkey_bytes = pubkey_as_uncompressed_bytes( umbral_privkey.public_key()) assert not signature_verifier.functions.verify( message, recoverable_signature, umbral_pubkey_bytes, ALGORITHM_SHA256).call()
def _mock_ursula_reencrypts(ursula): delegating_privkey = SecretKey.random() capsule, _ciphertext = encrypt(delegating_privkey.public_key(), b'unused') signing_privkey = SecretKey.random() signing_pubkey = signing_privkey.public_key() signer = Signer(signing_privkey) priv_key_bob = SecretKey.random() pub_key_bob = priv_key_bob.public_key() kfrags = generate_kfrags(delegating_sk=delegating_privkey, signer=signer, receiving_pk=pub_key_bob, threshold=2, num_kfrags=4, sign_delegating_key=False, sign_receiving_key=False) ursula_pubkey = ursula.stamp.as_umbral_pubkey() alice_address = canonical_address_from_umbral_key(signing_pubkey) blockhash = bytes(32) specification = b''.join((bytes(capsule), bytes(ursula_pubkey), bytes(ursula.decentralized_identity_evidence), alice_address, blockhash)) bobs_signer = Signer(priv_key_bob) task_signature = bytes(bobs_signer.sign(specification)) cfrag = reencrypt(capsule, kfrags[0]) cfrag_signature = ursula.stamp(bytes(cfrag)) bob = Bob.from_public_keys(verifying_key=pub_key_bob) return WorkOrder.PRETask(capsule, task_signature, cfrag, cfrag_signature)
def test_recover(testerchain, signature_verifier): message = os.urandom(100) # Prepare message hash hash_ctx = hashes.Hash(hashes.SHA256(), backend=backend) hash_ctx.update(message) message_hash = hash_ctx.finalize() # Generate Umbral key and extract "address" from the public key umbral_privkey = SecretKey.random() umbral_pubkey = umbral_privkey.public_key() signer_address = pubkey_as_address(umbral_pubkey) # Sign message signer = Signer(umbral_privkey) signature = signer.sign(message) # Get recovery id (v) before using contract # If we don't have recovery id while signing then we should try to recover public key with different v # Only the correct v will match the correct public key v = get_signature_recovery_value(message, signature, umbral_pubkey) recoverable_signature = bytes(signature) + v # Check recovery method in the contract assert signer_address == to_normalized_address( signature_verifier.functions.recover(message_hash, recoverable_signature).call()) # Also numbers 27 and 28 can be used for v recoverable_signature = recoverable_signature[:-1] + bytes( [recoverable_signature[-1] + 27]) assert signer_address == to_normalized_address( signature_verifier.functions.recover(message_hash, recoverable_signature).call()) # Only number 0,1,27,28 are supported for v recoverable_signature = bytes(signature) + bytes([2]) with pytest.raises((TransactionFailed, ValueError)): signature_verifier.functions.recover(message_hash, recoverable_signature).call() # Signature must include r, s and v recoverable_signature = bytes(signature) with pytest.raises((TransactionFailed, ValueError)): signature_verifier.functions.recover(message_hash, recoverable_signature).call()
def sign(self, message: bytes) -> Signature: """ Signs the given message and returns a signature. :param message: The message to sign :return: Signature """ return Signer(self._privkey).sign(message)
def ursula(mocker): identity_evidence = os.urandom(LENGTH_ECDSA_SIGNATURE_WITH_RECOVERY) ursula_privkey = SecretKey.random() ursula_stamp = SignatureStamp(verifying_key=ursula_privkey.public_key(), signer=Signer(ursula_privkey)) ursula = mocker.Mock(stamp=ursula_stamp, decentralized_identity_evidence=identity_evidence) ursula.mature = lambda: True ursula._stamp_has_valid_signature_by_worker = lambda: True return ursula
def mock_ursula(testerchain, account): ursula_privkey = SecretKey.random() ursula_stamp = SignatureStamp(verifying_key=ursula_privkey.public_key(), signer=Signer(ursula_privkey)) signed_stamp = testerchain.client.sign_message(account=account, message=bytes(ursula_stamp)) ursula = Mock(stamp=ursula_stamp, decentralized_identity_evidence=signed_stamp) return ursula
def fragments(): delegating_privkey = SecretKey.random() delegating_pubkey = delegating_privkey.public_key() signing_privkey = SecretKey.random() signer = Signer(signing_privkey) priv_key_bob = SecretKey.random() pub_key_bob = priv_key_bob.public_key() kfrags = generate_kfrags(delegating_sk=delegating_privkey, signer=signer, receiving_pk=pub_key_bob, threshold=2, num_kfrags=4, sign_delegating_key=False, sign_receiving_key=False) capsule, _ciphertext = encrypt(delegating_pubkey, b'unused') cfrag = reencrypt(capsule, kfrags[0]) return capsule, cfrag
def test_generate_alice_keyring(tmpdir): keyring = NucypherKeyring.generate( checksum_address=FEDERATED_ADDRESS, password=INSECURE_DEVELOPMENT_PASSWORD, encrypting=True, rest=False, keyring_root=tmpdir ) enc_pubkey = keyring.encrypting_public_key assert enc_pubkey is not None with pytest.raises(NucypherKeyring.KeyringLocked): _dec_keypair = keyring.derive_crypto_power(DecryptingPower).keypair keyring.unlock(password=INSECURE_DEVELOPMENT_PASSWORD) dec_keypair = keyring.derive_crypto_power(DecryptingPower).keypair assert enc_pubkey == dec_keypair.pubkey label = b'test' delegating_power = keyring.derive_crypto_power(DelegatingPower) delegating_pubkey = delegating_power.get_pubkey_from_label(label) bob_pubkey = SecretKey.random().public_key() signer = Signer(SecretKey.random()) delegating_pubkey_again, _kfrags = delegating_power.generate_kfrags( bob_pubkey, signer, label, m=2, n=3 ) assert delegating_pubkey == delegating_pubkey_again another_delegating_power = keyring.derive_crypto_power(DelegatingPower) another_delegating_pubkey = another_delegating_power.get_pubkey_from_label(label) assert delegating_pubkey == another_delegating_pubkey
def get_signature_stamp(self): if self._privkey is constants.PUBLIC_ONLY: return StrangerStamp(verifying_key=self.pubkey) else: signer = Signer(self._privkey) return SignatureStamp(verifying_key=self.pubkey, signer=signer)