def verify_from(self,
actor_whom_sender_claims_to_be: "Character",
signature: bytes,
message: bytes,
decrypt=False,
signature_is_on_cleartext=False) -> tuple:
"""
Inverse of encrypt_for.
:param actor_that_sender_claims_to_be: A Character instance representing the actor whom the sender claims to be. We check the public key owned by this Character instance to verify.
:param messages: The messages to be verified.
:param decrypt: Whether or not to decrypt the messages.
:param signature_is_on_cleartext: True if we expect the signature to be on the cleartext. Otherwise, we presume that the ciphertext is what is signed.
:return: (Whether or not the signature is valid, the decrypted plaintext or NO_DECRYPTION_PERFORMED)
"""
cleartext = NO_DECRYPTION_PERFORMED
if signature_is_on_cleartext:
if decrypt:
cleartext = self._crypto_power.decrypt(message)
msg_digest = API.keccak_digest(cleartext)
else:
raise ValueError(
"Can't look for a signature on the cleartext if we're not decrypting."
)
else:
msg_digest = API.keccak_digest(message)
actor = self._lookup_actor(actor_whom_sender_claims_to_be)
signature_pub_key = actor.seal
sig = API.ecdsa_load_sig(signature)
return API.ecdsa_verify(*sig, msg_digest, signature_pub_key), cleartext
def verify(self, message: bytes, pubkey: UmbralPublicKey) -> bool:
"""
Verifies that a message's signature was valid.
:param message: The message to verify
:param pubkey: UmbralPublicKey of the signer
:return: True if valid, False if invalid
"""
return API.ecdsa_verify(message, self._der_encoded_bytes(), pubkey)
def verify(self, msghash: bytes, signature: bytes) -> bool:
"""
Verifies that a signature came from this keypair.
:param msghash: Hashed message used in the signature
:param signature: Signature of the hashed message
:return: Boolean if the signature is valid
"""
v, r, s = API.ecdsa_load_sig(signature)
return API.ecdsa_verify(v, r, s, msghash, self.pubkey)
def test_ecdsa_verify(self):
msghash = api.secure_random(32)
privkey = api.ecdsa_gen_priv()
pubkey = api.ecdsa_priv2pub(privkey, to_bytes=False)
vrs = api.ecdsa_sign(msghash, privkey)
self.assertEqual(tuple, type(vrs))
self.assertEqual(3, len(vrs))
is_verified = api.ecdsa_verify(*vrs, msghash, pubkey)
self.assertEqual(bool, type(is_verified))
self.assertTrue(is_verified)
def verify(self, message: bytes, pubkey: PublicKey) -> bool:
"""
Verifies that a message's signature was valid.
:param message: The message to verify
:param pubkey: Pubkey of the signer
:return: True if valid, False if invalid
"""
if not len(pubkey) == PublicKey._EXPECTED_LENGTH:
raise TypeError(
"Need a PublicKey of {} bytes to verify - got {}.".format(
PublicKey._EXPECTED_LENGTH, len(pubkey)))
msg_digest = API.keccak_digest(message)
return API.ecdsa_verify(self._v, self._r, self._s, msg_digest,
pubkey.without_metabytes())
def test_actor_with_signing_power_can_sign():
"""
However, simply giving that character a PowerUp bestows the power to sign.
Instead of having a Character verify the signature, we'll use the lower level API.
"""
message = b"Llamas."
signer = Character(crypto_power_ups=[SigningPower])
seal_of_the_signer = signer.seal
# We can use the signer's seal to sign a message...
signature = seal_of_the_signer(message)
# ...or to get the signer's public key for verification purposes.
sig = api.ecdsa_load_sig(signature)
verification = api.ecdsa_verify(*sig, api.keccak_digest(message), seal_of_the_signer)
assert verification is True
def test_actor_with_signing_power_can_sign():
"""
However, simply giving that character a PowerUp bestows the power to sign.
Instead of having a Character verify the signature, we'll use the lower level API.
"""
message = b"Llamas."
signer = Character(crypto_power_ups=[SigningPower], is_me=True)
stamp_of_the_signer = signer.stamp
# We can use the signer's stamp to sign a message (since the signer is_me)...
signature = stamp_of_the_signer(message)
# ...or to get the signer's public key for verification purposes.
# (note: we use the private _der_encoded_bytes here to test directly against the API, instead of Character)
verification = api.ecdsa_verify(message, signature._der_encoded_bytes(),
stamp_of_the_signer.as_umbral_pubkey())
assert verification is True
