def test_privkey_strings(self):
priv1 = SigningKey.generate()
s1 = priv1.to_string()
self.assertEqual(type(s1), binary_type)
self.assertEqual(len(s1), NIST192p.baselen)
priv2 = SigningKey.from_string(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
s1 = priv1.to_pem()
self.assertEqual(type(s1), binary_type)
self.assertTrue(s1.startswith(b("-----BEGIN EC PRIVATE KEY-----")))
self.assertTrue(s1.strip().endswith(b("-----END EC PRIVATE KEY-----")))
priv2 = SigningKey.from_pem(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
s1 = priv1.to_der()
self.assertEqual(type(s1), binary_type)
priv2 = SigningKey.from_der(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
priv1 = SigningKey.generate(curve=NIST256p)
s1 = priv1.to_pem()
self.assertEqual(type(s1), binary_type)
self.assertTrue(s1.startswith(b("-----BEGIN EC PRIVATE KEY-----")))
self.assertTrue(s1.strip().endswith(b("-----END EC PRIVATE KEY-----")))
priv2 = SigningKey.from_pem(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
s1 = priv1.to_der()
self.assertEqual(type(s1), binary_type)
priv2 = SigningKey.from_der(s1)
self.assertTruePrivkeysEqual(priv1, priv2)
def test_privkey_strings(self):
priv1 = SigningKey.generate()
s1 = priv1.to_string()
self.failUnlessEqual(type(s1), str)
self.failUnlessEqual(len(s1), NIST192p.baselen)
priv2 = SigningKey.from_string(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
s1 = priv1.to_pem()
self.failUnlessEqual(type(s1), str)
self.failUnless(s1.startswith("-----BEGIN EC PRIVATE KEY-----"))
self.failUnless(s1.strip().endswith("-----END EC PRIVATE KEY-----"))
priv2 = SigningKey.from_pem(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
s1 = priv1.to_der()
self.failUnlessEqual(type(s1), str)
priv2 = SigningKey.from_der(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
priv1 = SigningKey.generate(curve=NIST256p)
s1 = priv1.to_pem()
self.failUnlessEqual(type(s1), str)
self.failUnless(s1.startswith("-----BEGIN EC PRIVATE KEY-----"))
self.failUnless(s1.strip().endswith("-----END EC PRIVATE KEY-----"))
priv2 = SigningKey.from_pem(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
s1 = priv1.to_der()
self.failUnlessEqual(type(s1), str)
priv2 = SigningKey.from_der(s1)
self.failUnlessPrivkeysEqual(priv1, priv2)
def do_test_from_openssl(self, curve, curvename):
# OpenSSL: create sk, vk, sign.
# Python: read vk(3), checksig(5), read sk(1), sign, check
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
run("openssl ecparam -name %s -genkey -out t/privkey.pem" % curvename)
run("openssl ec -in t/privkey.pem -pubout -out t/pubkey.pem")
data = "data"
open("t/data.txt", "wb").write(data)
run("openssl dgst -ecdsa-with-SHA1 -sign t/privkey.pem -out t/data.sig t/data.txt"
)
run("openssl dgst -ecdsa-with-SHA1 -verify t/pubkey.pem -signature t/data.sig t/data.txt"
)
pubkey_pem = open("t/pubkey.pem").read()
vk = VerifyingKey.from_pem(pubkey_pem) # 3
sig_der = open("t/data.sig", "rb").read()
self.failUnless(
vk.verify(
sig_der,
data, # 5
hashfunc=sha1,
sigdecode=sigdecode_der))
sk = SigningKey.from_pem(open("t/privkey.pem").read()) # 1
sig = sk.sign(data)
self.failUnless(vk.verify(sig, data))
def do_test_from_openssl(self, curve, curvename):
# OpenSSL: create sk, vk, sign.
# Python: read vk(3), checksig(5), read sk(1), sign, check
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
run("openssl ecparam -name %s -genkey -out t/privkey.pem" % curvename)
run("openssl ec -in t/privkey.pem -pubout -out t/pubkey.pem")
data = "data"
open("t/data.txt","wb").write(data)
run("openssl dgst -ecdsa-with-SHA1 -sign t/privkey.pem -out t/data.sig t/data.txt")
run("openssl dgst -ecdsa-with-SHA1 -verify t/pubkey.pem -signature t/data.sig t/data.txt")
pubkey_pem = open("t/pubkey.pem").read()
vk = VerifyingKey.from_pem(pubkey_pem) # 3
sig_der = open("t/data.sig","rb").read()
self.failUnless(vk.verify(sig_der, data, # 5
hashfunc=sha1, sigdecode=sigdecode_der))
sk = SigningKey.from_pem(open("t/privkey.pem").read()) # 1
sig = sk.sign(data)
self.failUnless(vk.verify(sig, data))
def do_test_from_openssl(self, curve):
curvename = curve.openssl_name
assert curvename
# OpenSSL: create sk, vk, sign.
# Python: read vk(3), checksig(5), read sk(1), sign, check
mdarg = self.get_openssl_messagedigest_arg()
if os.path.isdir("t"):
shutil.rmtree("t")
os.mkdir("t")
run_openssl("ecparam -name %s -genkey -out t/privkey.pem" % curvename)
run_openssl("ec -in t/privkey.pem -pubout -out t/pubkey.pem")
data = b("data")
with open("t/data.txt", "wb") as e:
e.write(data)
run_openssl("dgst %s -sign t/privkey.pem -out t/data.sig t/data.txt" %
mdarg)
run_openssl(
"dgst %s -verify t/pubkey.pem -signature t/data.sig t/data.txt" %
mdarg)
with open("t/pubkey.pem", "rb") as e:
pubkey_pem = e.read()
vk = VerifyingKey.from_pem(pubkey_pem) # 3
with open("t/data.sig", "rb") as e:
sig_der = e.read()
self.assertTrue(
vk.verify(
sig_der,
data, # 5
hashfunc=sha1,
sigdecode=sigdecode_der))
with open("t/privkey.pem") as e:
fp = e.read()
sk = SigningKey.from_pem(fp) # 1
sig = sk.sign(data)
self.assertTrue(vk.verify(sig, data))