def test_deserialize_private_not_bytes(self): ''' serialized key must be bytes ''' with self.assertRaises(ValueError) as ctx: ed25519.signing_keypair_from_string(u"not bytes") self.assertIn("must be bytes", str(ctx.exception))
def test_key_serialization(self): """ a serialized+deserialized keypair is the same as the original """ private_key, public_key = ed25519.create_signing_keypair() private_key_str = ed25519.string_from_signing_key(private_key) self.assertIsInstance(private_key_str, native_bytes) private_key2, public_key2 = ed25519.signing_keypair_from_string( private_key_str) # the deserialized signing keys are the same as the original self.assertEqual( ed25519.string_from_signing_key(private_key), ed25519.string_from_signing_key(private_key2), ) self.assertEqual( ed25519.string_from_verifying_key(public_key), ed25519.string_from_verifying_key(public_key2), ) # ditto, but for the verifying keys public_key_str = ed25519.string_from_verifying_key(public_key) self.assertIsInstance(public_key_str, native_bytes) public_key2 = ed25519.verifying_key_from_string(public_key_str) self.assertEqual( ed25519.string_from_verifying_key(public_key), ed25519.string_from_verifying_key(public_key2), )
def derive_pubkey(options): out = options.stdout from allmydata.crypto import ed25519 privkey_vs = options.privkey private_key, public_key = ed25519.signing_keypair_from_string(privkey_vs) print("private:", ed25519.string_from_signing_key(private_key), file=out) print("public:", ed25519.string_from_verifying_key(public_key), file=out) return 0
def init_node_key(self): # we only create the key once. On all subsequent runs, we re-use the # existing key def _make_key(): private_key, _ = ed25519.create_signing_keypair() return ed25519.string_from_signing_key(private_key) + b"\n" private_key_str = self.config.get_or_create_private_config("node.privkey", _make_key) private_key, public_key = ed25519.signing_keypair_from_string(private_key_str) public_key_str = ed25519.string_from_verifying_key(public_key) self.config.write_config_file("node.pubkey", public_key_str + b"\n", "wb") self._node_private_key = private_key self._node_public_key = public_key
def match(self, other): """ Match a private key which is the same as the private key in the node at ``self.basedir``. :param other: A signing key (aka "private key") from ``allmydata.crypto.ed25519``. This is the key to check against the node's key. :return Mismatch: If the keys don't match. """ config = read_config(self.basedir, u"tub.port") privkey_bytes = config.get_private_config("node.privkey") private_key = ed25519.signing_keypair_from_string(privkey_bytes)[0] signature = ed25519.sign_data(private_key, b"") other_public_key = ed25519.verifying_key_from_signing_key(other) try: ed25519.verify_signature(other_public_key, signature, b"") except error.BadSignature: return Mismatch("The signature did not verify.")
def test_decode_ed15519_keypair(self): ''' Created using the old code: from allmydata.util.keyutil import make_keypair, parse_privkey, parse_pubkey test_data = b'test' priv_str, pub_str = make_keypair() priv, _ = parse_privkey(priv_str) pub = parse_pubkey(pub_str) sig = priv.sign(test_data) pub.verify(sig, test_data) This simply checks that keys and signatures generated using the old code are still valid using the new code. ''' priv_str = b'priv-v0-lqcj746bqa4npkb6zpyc6esd74x3bl6mbcjgqend7cvtgmcpawhq' pub_str = b'pub-v0-yzpqin3of3ep363lwzxwpvgai3ps43dao46k2jds5kw5ohhpcwhq' test_data = b'test' sig = ( b'\xde\x0e\xd6\xe2\xf5\x03]8\xfe\xa71\xad\xb4g\x03\x11\x81\x8b\x08\xffz\xf4K\xa0' b'\x86 ier!\xe8\xe5#*\x9d\x8c\x0bI\x02\xd90\x0e7\xbeW\xbf\xa3\xfe\xc1\x1c\xf5+\xe9)' b'\xa3\xde\xc9\xc6s\xc9\x90\xf7x\x08') private_key, derived_public_key = ed25519.signing_keypair_from_string( priv_str) public_key = ed25519.verifying_key_from_string(pub_str) self.assertEqual( ed25519.string_from_verifying_key(public_key), ed25519.string_from_verifying_key(derived_public_key), ) new_sig = ed25519.sign_data(private_key, test_data) self.assertEqual(new_sig, sig) ed25519.verify_signature(public_key, new_sig, test_data) ed25519.verify_signature(derived_public_key, new_sig, test_data) ed25519.verify_signature(public_key, sig, test_data) ed25519.verify_signature(derived_public_key, sig, test_data)