def generate_key_ecdsa(ecdsa_curve): curve = ec.get_curve_for_oid(get_curve_by_hex_oid(ecdsa_curve)) assert not(curve is None) PrivateKey = ec.generate_private_key(curve(), default_backend()) PublicKey = PrivateKey.public_key() return PublicKey, PrivateKey
def ecdh(ecdsa_curve, PrivateKey, PublicKey): curve = ec.get_curve_for_oid(get_curve_by_hex_oid(ecdsa_curve)) assert not(curve is None) pub = ec.EllipticCurvePublicKey.from_encoded_point(curve(), PublicKey) prv = ec.derive_private_key(int(hexlify(PrivateKey), 16), curve(), default_backend()) shared_secret = prv.exchange(ec.ECDH(), pub) return shared_secret
def verify_signature_ecdsa(pk_info, digest, sig, ecdsa_curve): curve = ec.get_curve_for_oid(get_curve_by_hex_oid(ecdsa_curve)) assert not(curve is None) pub = ec.EllipticCurvePublicKey.from_encoded_point(curve(), pk_info) sig = fill_sign(sig) try: pub.verify(sig, digest, ec.ECDSA(utils.Prehashed(hashes.SHA256()))) return True except InvalidSignature: return False
def ECDSACheckPublicKey(curve_oid, public_key): assert len(public_key) > 2 assert public_key[0] == 0x04 curve = ec.get_curve_for_oid(ecdsa_keys.get_curve_by_hex_oid(curve_oid)) assert not (curve is None) assert ecdsa_keys.curve_keysize_bytes(curve) * 2 + 1 == len(public_key) length = (len(public_key) - 1) // 2 x = public_key[1:length + 1] y = public_key[length + 1:] assert len(x) == len(y) pub = ec.EllipticCurvePublicKey.from_encoded_point(curve(), public_key) return not (pub is None)
def test_get_curve_for_oid(): assert ec.get_curve_for_oid(ec.EllipticCurveOID.SECP256R1) == ec.SECP256R1 with pytest.raises(LookupError): ec.get_curve_for_oid(x509.ObjectIdentifier("1.1.1.1"))
def lookup_ec_by_oid(service: IOService = Provide[Container.service]): dotted_string = service.input( "Give the Elliptic Curve's dotted string") return ec.get_curve_for_oid(ObjectIdentifier(dotted_string))