def keypair(request, session, curve): if request.param == Mode.GENERATE: asymkey = AsymmetricKey.generate( session, 0, "Generate EC", 0xFFFF, CAPABILITY.SIGN_ECDSA | CAPABILITY.DERIVE_ECDH, ALGORITHM.for_curve(curve()), ) public_key = asymkey.get_public_key() else: key = ec.generate_private_key(curve(), backend=default_backend()) asymkey = AsymmetricKey.put( session, 0, "SECP ECDSA Sign Sign", 0xFFFF, CAPABILITY.SIGN_ECDSA | CAPABILITY.DERIVE_ECDH, key, ) public_key = key.public_key() assert public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) == asymkey.get_public_key().public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) yield asymkey, public_key asymkey.delete()
def eddsa_keypair(request, session): if request.param == Mode.GENERATE: key = None asymkey = AsymmetricKey.generate( session, 0, "Generate EC", 0xFFFF, CAPABILITY.SIGN_EDDSA, ALGORITHM.EC_ED25519, ) public_key = asymkey.get_public_key() else: key = ed25519.Ed25519PrivateKey.generate() asymkey = AsymmetricKey.put(session, 0, "Test Ed25519", 0xFFFF, CAPABILITY.SIGN_EDDSA, key) public_key = key.public_key() assert public_key.public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw) == asymkey.get_public_key( ).public_bytes(serialization.Encoding.Raw, serialization.PublicFormat.Raw) yield asymkey, public_key, key asymkey.delete()
def test_rsa_pkcs1_decrypt_errors(self): rawmessages = [ # no actual padding bytes: b"\x00\x02\x00" + b"\xc3" * 236 + b"\x00", # first byte != 0x00: b"\x01\x02" + b"\xc3" * 237 + b"\x00", # second byte != 0x02: b"\x00\x01" + b"\xc3" * 237 + b"\x00", # only 7 bytes of padding: b"\x00\x02" + b"\xc3" * 7 + b"\x00" + b"\x3c" * 246, ] rsakey = rsa.generate_private_key(public_exponent=0x10001, key_size=2048, backend=default_backend()) key = AsymmetricKey.put(self.session, 0, "pkcs1 test", 0xFFFF, CAPABILITY.DECRYPT_PKCS, rsakey) numbers = key.get_public_key().public_numbers() for m in rawmessages: error = ERROR.OK m = m.ljust(256, b"\xc3") m_int = int_from_bytes(m, "big") enc = pow(m_int, numbers.e, numbers.n) try: key.decrypt_pkcs1v1_5(int_to_bytes(enc).rjust(256, b"\x00")) except YubiHsmDeviceError as e: error = e.code self.assertEqual(error, ERROR.INVALID_DATA) key.delete()
def pubkey_rsa(self, keysize): key = rsa.generate_private_key(public_exponent=0x10001, key_size=keysize, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, "Pubkey RSA", 0xFFFF, CAPABILITY.SIGN_PKCS, key) pub = asymkey.get_public_key() self.assertEqual( pub.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ), key.public_key().public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ), ) data = os.urandom(64) resp = asymkey.sign_pkcs1v1_5(data) pub.verify(resp, data, padding.PKCS1v15(), hashes.SHA256()) asymkey.delete()
def oaep_rsa_decrypt(self, keylength, hashtype, mgf1hash=None): if mgf1hash is None: mgf1hash = hashtype key = rsa.generate_private_key(public_exponent=0x10001, key_size=keylength, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, "OAEP RSA Decrypt", 0xFFFF, CAPABILITY.DECRYPT_OAEP, key) data = os.urandom(64) ciphertext = key.public_key().encrypt( data, padding.OAEP(mgf=padding.MGF1(algorithm=mgf1hash), algorithm=hashtype, label=None), ) dec = asymkey.decrypt_oaep(ciphertext, hash=hashtype, mgf_hash=mgf1hash) self.assertEqual(data, dec) asymkey.delete()
def rsa_pss_sign(self, keysize, hashtype, mgf1hash=None): if mgf1hash is None: mgf1hash = hashtype key = rsa.generate_private_key(public_exponent=0x10001, key_size=keysize, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, "RSA PSS Sign", 0xFFFF, CAPABILITY.SIGN_PSS, key) # No salt data = os.urandom(64) resp = asymkey.sign_pss(data, 0, hash=hashtype, mgf_hash=mgf1hash) key.public_key().verify(resp, data, padding.PSS(padding.MGF1(mgf1hash), 0), hashtype) # Max - len salt saltlen = keysize // 8 - hashtype.digest_size - 2 data = os.urandom(64) resp = asymkey.sign_pss(data, saltlen, hash=hashtype, mgf_hash=mgf1hash) key.public_key().verify( resp, data, padding.PSS(padding.MGF1(mgf1hash), padding.PSS.MAX_LENGTH), hashtype, ) asymkey.delete()
def test_eddsa_vectors(session, vector): key = ed25519.Ed25519PrivateKey.from_private_bytes(vector["key"]) k = AsymmetricKey.put(session, 0, "Test Ed25519", 0xFFFF, CAPABILITY.SIGN_EDDSA, key) assert (k.get_public_key().public_bytes( serialization.Encoding.Raw, serialization.PublicFormat.Raw) == vector["pubkey"]) assert k.sign_eddsa(vector["msg"]) == vector["sig"] k.delete()
def test_vectors(self): for v in self.vectors: key = load_ed25519_private_key(v["key"]) k = AsymmetricKey.put(self.session, 0, "Test Ed25519", 0xFFFF, CAPABILITY.SIGN_EDDSA, key) self.assertEqual(serialize_ed25519_public_key(k.get_public_key()), v["pubkey"]) self.assertEqual(k.sign_eddsa(v["msg"]), v["sig"]) k.delete()
def test_oaep_double0(self): data = a2b_hex( "77294f3a4f5cfc921d9255a6895f8d2397e7d312e1b10b41c88b025748f0b6d4c41c4bdc6309388648a3b7a07112a11f831d9d6e1af1408fae875be2868bc4d0" # noqa: E501 ) # this ciphertext is special as it decrypts to a valid plaintext # starting with 0000 ciphertext = a2b_hex( "add1fd0bc2e9439a76c53fa4655e4bef77394dee407903604d665ba0e506334ddffc689e3bec658fc15c80c70ffddb8a8ce578d441926106316067a8c5e8b5f2655d035eff1525cf697720baf510af722d14539ccaf605785a9f4cfd284e4b496c54684a0c72fae522be186aedcedf47da63408065345180e30d7cb003cd64b5ce508ea029999ad695f1f2464fb659db5c2779631f1c27d650bc8b7ae23048b8dc1d51ad9623a4af0f7363f74eed0e16d947322d1a3a76ef8dbdf9c0258f393c0f2d7ebaccfcc116f759f0e9077387de74b1cb82851e1ded0128e48bbde389bd407cf8339752b9c070bf22ad64eaa12ee996f474a6412f7642aa0fa66873b5d2" # noqa: E501 ) h = hashes.SHA1() rsapem = b""" -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA7mKlVPrZdxLkYrfGESb3KI4UbWKaKOfX49LqZ2pUypF13VRi yqfpBbjAJztEy8BvOgbIEJgDtRVyUHCO+pfs6uVakYEcbLZzP92iZaFTwa9//B+P Hq+vtNejdO5Zsqd1s11bCPy6vpPXeMPbbT5s9gR7ENGdNwUkusVRtQweJAd5icVU edewI/4npIZG7To0iKUS4OvuqKWi/ms9fpi5l5BeJkok+5P7nQlmE5H5P+MuHUaC KHPdzbfaqIYof11XhsUYzgvEZnhz/YPwDiMiLXpZD0kT7azZWjz38rmWCz0tdh7a Cs/Lu1n17KrtT62kXYeO1Ni5Osy43xEHcqp5WQIDAQABAoIBAHrv+J+4tknIPmwC pmzWEYSisTowLZyG5Dmj3irzFUNafNRl3oTwzyWaP857rGD/ntzn/mlAXDkZFFkT k0j87Lu/CFQdp5ERDqKTJFsRNeafIXvesqp6pDy5MJzvBucxoWuc64PZAl2iVO78 4r6WAQ9nBCiKUW+8gVKozBh4ZVriWRYhe1JD06OVrOxws2Aql8/3BooO14f0DeSe 6tgn49d3c6/lrFe/vB+46kDg4FNxeTozGgIcI6siVAFEaJkBU629SEGLJW1O1Zcx tL41xK27S/BW47sSE91D7TT/0DYH7c1KNNx4IRx8B+AHo/lkyCawVUVmeYPrjC90 oGe27gECgYEA/Pkk9p0+t9ir6gUibkh1XoAVzryPnMCeCXenpTvFKjfOXdr5Sy2w ZSYGJXcUm82G0XRB+WWyTtFvPUYCt7gJ3ncqrVSAa2LhgWowk0CpyOtm6isrRWrh 3wXj4mRzZuIe0XNnS/4gb/1+8I826r4CwOWrxUASP8bYTLB9nkglK/kCgYEA8TzR np/2lyJVbuqAMOymel0ZUEh+yWEOif5nQGely6QVmUmAuCH+pP8pmCCreAuu/mQ9 U1obXMmr5D0rH7jA4z8DAeGXSvPVN7MJlpS1HoPGzDnKuuDad8/rJUXyKOACYXw5 xeXtQnf+5AHC0G8IFmru1G4C6UsyRkG/gpVPUGECgYEA7OxeXQZKTh8Ea2mhpI4C Np5ZTkU1b4bKvG0vOsZu0ypvAWHrJyjEUwc4rHAJgh4MTTDH9U70n3Lw7v8Z3nzj 6VHMS4efunNiZjVRByiBm2Y0/c2uehYvMxQuKMMRfeL7IAkoTnjUYm6VK7HFqjaJ F6ZCqLtoHAkcXT7Sd6J0BekCgYEAy1Lshprils2MXljtxM6hHj87p6wCmK7iNzKi SelSF0psHe+Sux+D5gNeRmc6vopyat2HxqoKp/EenNdlcm4gvSgN29cM0lKjYjfX nAAoi9ibhOQs18fOuu8WjSrgCM2NlCbE9uRtTfmfbwOA9HawxVxJgehbMdB8RjUC OgioeeECgYBpGDz7CkblZQl8YXcOqFh9Y40ePG467gIaEesbiOIUVsN/J9Vkdy/U qMS+DogAW9kGj5MA/L1EQxpsZDRZSH15AM1FXeX5cjItOWkg5LzfTwqA29xaIC97 4ddiJOH50Tqy7YRs40IxF+995AgMq4PvP1K+SlV4hQ6W17JsT2UsBg== -----END RSA PRIVATE KEY----- """ key = serialization.load_pem_private_key(rsapem, password=None, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, "OAEP RSA Decrypt", 0xFFFF, CAPABILITY.ALL, key) plain = key.decrypt( ciphertext, padding.OAEP(mgf=padding.MGF1(algorithm=h), algorithm=h, label=None), ) self.assertEqual(plain, data) dec = asymkey.decrypt_oaep(ciphertext, hash=h, mgf_hash=h) self.assertEqual(dec, data) asymkey.delete()
def test_vectors(self): for v in self.vectors: key = load_ed25519_private_key(v['key']) k = AsymmetricKey.put(self.session, 0, 'Test Ed25519', 0xffff, CAPABILITY.SIGN_EDDSA, key) self.assertEqual(serialize_ed25519_public_key(k.get_public_key()), v['pubkey']) self.assertEqual(k.sign_eddsa(v['msg']), v['sig']) k.delete()
def test_asymmetric_key(hsm, session): obj = AsymmetricKey.put( session, 0, "Test delete asym", 0xFFFF, CAPABILITY.SIGN_ECDSA, ec.generate_private_key(ec.SECP384R1(), backend=default_backend()), ) _test_delete(hsm, session, obj, CAPABILITY.DELETE_ASYMMETRIC_KEY)
def test_export_wrap(self): w_id = random.randint(1, 0xfffe) wrapkey = WrapKey.put( self.session, w_id, 'Test Export Wrap 0x%04x' % w_id, 1, CAPABILITY.EXPORT_WRAPPED | CAPABILITY.IMPORT_WRAPPED, ALGORITHM.AES192_CCM_WRAP, CAPABILITY.SIGN_ECDSA | CAPABILITY.EXPORTABLE_UNDER_WRAP, os.urandom(24)) eckey = ec.generate_private_key(ec.SECP384R1(), backend=default_backend()) a_id = random.randint(1, 0xfffe) asymkey = AsymmetricKey.put( self.session, a_id, 'Test Export Wrap 0x%04x' % a_id, 0xffff, CAPABILITY.SIGN_ECDSA | CAPABILITY.EXPORTABLE_UNDER_WRAP, eckey) data = os.urandom(64) resp = asymkey.sign_ecdsa(data, hash=hashes.SHA384()) eckey.public_key().verify(resp, data, ec.ECDSA(hashes.SHA384())) wrapped = wrapkey.export_wrapped(asymkey) # NOTE: the code below works to decrypt a wrapped object, but relies on # understanding the internal object representation which we don't feel # like doing here. # nonce = wrapped[:13] # data = wrapped[13:-8] # nonce = '\x01' + nonce + '\x00\x01' # decryptor = Cipher(algorithms.AES(wrapkey.key), # mode=modes.CTR(nonce), # backend=default_backend()).decryptor() # dec = decryptor.update(data) # numbers = eckey.private_numbers() # serialized = int_from_bytes(numbers.private_value, 'big') # self.assertEqual(serialized, dec[-len(serialized):]) asymkey.delete() asymkey = wrapkey.import_wrapped(wrapped) data = os.urandom(64) resp = asymkey.sign_ecdsa(data, hash=hashes.SHA384()) eckey.public_key().verify(resp, data, ec.ECDSA(hashes.SHA384())) asymkey.delete() asymkey = wrapkey.import_wrapped(wrapped) self.assertIsInstance(asymkey, AsymmetricKey)
def test_rsa_oaep_vectors(session, vector): asymkey = AsymmetricKey.put( session, 0, "OAEP Vectors", 0xFFFF, CAPABILITY.DECRYPT_OAEP, OAEP_VECTOR_KEY ) dec = asymkey.decrypt_oaep( vector["enc"], hash=hashes.SHA1(), mgf_hash=hashes.SHA1() ) assert vector["msg"] == dec asymkey.delete()
def bp_r1_ecdsa_sign(self, curve, hashtype): key = ec.generate_private_key(curve, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, "BP R1 ECDSA Sign", 0xFFFF, CAPABILITY.SIGN_ECDSA, key) data = os.urandom(64) resp = asymkey.sign_ecdsa(data, hash=hashtype) key.public_key().verify(resp, data, ec.ECDSA(hashtype)) asymkey.delete()
def secp_ecdsa_sign(self, curve, hashtype, length=0): key = ec.generate_private_key(curve, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, 'SECP ECDSA Sign Sign', 0xffff, CAPABILITY.SIGN_ECDSA, key) data = os.urandom(64) resp = asymkey.sign_ecdsa(data, hash=hashtype, length=length) key.public_key().verify(resp, data, ec.ECDSA(hashtype)) asymkey.delete()
def test_import_sign(self): s_key, v_key = ed25519.create_keypair() key = AsymmetricKey.put(self.session, 0, 'Test Ed25519', 0xffff, CAPABILITY.SIGN_EDDSA, load_ed25519_private_key(s_key.to_seed())) data = os.urandom(129) sig = key.sign_eddsa(data) v_key.verify(sig, data) self.assertEqual(sig, s_key.sign(data)) pub = key.get_public_key() self.assertEqual(v_key.to_bytes(), serialize_ed25519_public_key(pub)) key.delete()
def secp_derive_ecdh(self, curve): devkey = ec.generate_private_key(curve, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, 'SECP ECDSA Decrypt', 0xffff, CAPABILITY.DERIVE_ECDH, devkey) ekey = ec.generate_private_key(curve, backend=default_backend()) secret = ekey.exchange(ec.ECDH(), devkey.public_key()) resp = asymkey.derive_ecdh(ekey.public_key()) self.assertEqual(secret, resp) asymkey.delete()
def rsa_pkcs1v1_5_sign(self, keysize, hashtype): key = rsa.generate_private_key(public_exponent=0x10001, key_size=keysize, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, "RSA PKCS#1v1.5 Sign", 0xFFFF, CAPABILITY.SIGN_PKCS, key) data = os.urandom(64) resp = asymkey.sign_pkcs1v1_5(data, hash=hashtype) key.public_key().verify(resp, data, padding.PKCS1v15(), hashtype) asymkey.delete()
def rsa_pkcs1v1_5_decrypt(self, keysize): key = rsa.generate_private_key(public_exponent=0x10001, key_size=keysize, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, 'RSA PKCS#1v1.5 Decrypt', 0xffff, CAPABILITY.DECRYPT_PKCS, key) message = os.urandom(64) data = key.public_key().encrypt(message, padding.PKCS1v15()) resp = asymkey.decrypt_pkcs1v1_5(data) self.assertEqual(message, resp) asymkey.delete()
def pubkey_p256(self, curve): key = ec.generate_private_key(curve, backend=default_backend()) asymkey = AsymmetricKey.put(self.session, 0, 'P256 Pubkey', 0xffff, 0, key) pub = asymkey.get_public_key() self.assertEqual( pub.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo), key.public_key().public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo)) asymkey.delete()
def test_import_sign(self): s_key = ed25519.Ed25519PrivateKey.generate() v_key = s_key.public_key() key = AsymmetricKey.put(self.session, 0, "Test Ed25519", 0xFFFF, CAPABILITY.SIGN_EDDSA, s_key) data = os.urandom(129) sig = key.sign_eddsa(data) v_key.verify(sig, data) self.assertEqual(sig, s_key.sign(data)) pub = key.get_public_key() self.assertEqual( v_key.public_bytes(serialization.Encoding.Raw, serialization.PublicFormat.Raw), serialize_ed25519_public_key(pub), ) key.delete()
def oaep_vectors(self, Venc, Vmsg): pubnum = rsa.RSAPublicNumbers(n=self.n, e=self.e) key = rsa.RSAPrivateNumbers(p=self.p, q=self.q, d=self.d, dmp1=self.dp1, dmq1=self.dq1, iqmp=self.qinv, public_numbers=pubnum).private_key( default_backend()) asymkey = AsymmetricKey.put(self.session, 0, 'OAEP Vectors', 0xffff, CAPABILITY.DECRYPT_OAEP, key) dec = asymkey.decrypt_oaep(Venc, hash=hashes.SHA1(), mgf_hash=hashes.SHA1()) self.assertEqual(Vmsg, dec) asymkey.delete()
def create_pair(session, algorithm): if algorithm == ALGORITHM.RSA_2048: private_key = rsa.generate_private_key(0x10001, 2048, default_backend()) elif algorithm == ALGORITHM.RSA_3072: private_key = rsa.generate_private_key(0x10001, 3072, default_backend()) elif algorithm == ALGORITHM.RSA_4096: private_key = rsa.generate_private_key(0x10001, 4096, default_backend()) else: ec_curve = ALGORITHM.to_curve(algorithm) private_key = ec.generate_private_key(ec_curve, default_backend()) builder = x509.CertificateBuilder() name = x509.Name([ x509.NameAttribute(NameOID.COMMON_NAME, "Test Attestation Certificate") ]) builder = builder.subject_name(name) builder = builder.issuer_name(name) one_day = datetime.timedelta(1, 0, 0) builder = builder.not_valid_before(datetime.datetime.today() - one_day) builder = builder.not_valid_after(datetime.datetime.today() + one_day) builder = builder.serial_number(int(uuid.uuid4())) builder = builder.public_key(private_key.public_key()) certificate = builder.sign(private_key, hashes.SHA256(), default_backend()) attkey = AsymmetricKey.put( session, 0, "Test Create Pair", 0xFFFF, CAPABILITY.SIGN_ATTESTATION_CERTIFICATE, private_key, ) certobj = attkey.put_certificate("Test Create Pair", 0xFFFF, CAPABILITY.NONE, certificate) assert certificate.public_bytes(Encoding.DER) == certobj.get() return attkey, certobj, certificate
def test_rsa_oaep_decrypt(session, keysize, hashtype, mgf1hash): key = rsa.generate_private_key( public_exponent=0x10001, key_size=keysize, backend=default_backend() ) asymkey = AsymmetricKey.put( session, 0, "OAEP RSA Decrypt", 0xFFFF, CAPABILITY.DECRYPT_OAEP, key ) data = os.urandom(64) ciphertext = key.public_key().encrypt( data, padding.OAEP( mgf=padding.MGF1(algorithm=mgf1hash()), algorithm=hashtype(), label=None ), ) dec = asymkey.decrypt_oaep(ciphertext, hash=hashtype(), mgf_hash=mgf1hash()) assert data == dec asymkey.delete()
def test_rsa_pkcs1v1_5_decrypt(session, keysize): key = rsa.generate_private_key( public_exponent=0x10001, key_size=keysize, backend=default_backend() ) asymkey = AsymmetricKey.put( session, 0, "RSA PKCS#1v1.5 Decrypt", 0xFFFF, CAPABILITY.DECRYPT_PKCS, key, ) message = os.urandom(64) data = key.public_key().encrypt(message, padding.PKCS1v15()) resp = asymkey.decrypt_pkcs1v1_5(data) assert message == resp asymkey.delete()
def authenticate(session): try: #asymkey = AsymmetricKey.generate(session, 0, 'Generate BP R1 Sign', 0xffff, CAPABILITY.SIGN_ECDSA, ALGORITHM.EC_BP256) #RSA keysize = 2048 #2048 https://thekernel.com/wp-content/uploads/2018/11/YubiHSM2-EN.pdf key = rsa.generate_private_key(public_exponent=0x10001, key_size=keysize, backend=default_backend()) asymkey = AsymmetricKey.put(session, 0, 'RSA pkcs1v15', 0xffff, CAPABILITY.SIGN_PKCS, key) # PKCS1v15 does not offer 512 bit with the propose algorithm. A ticket has been addressed to Yubio developers team #pub = asymkey.get_public_key() randomHSM = session.get_pseudo_random(64) #data = os.urandom(16) hashtype = hashes.SHA512() #dataSigned = asymkey.sign_ecdsa(randomHSM, hashtype) #Sign using ecdsa resp = asymkey.sign_ecdsa(data, hashtype, length=0) #dataSigned = asymkey.sign_pkcs1v1_5(randomHSM, hashtype) #Sign using pkcs1v1_5 #pub.verify(resp, data, padding.PKCS1v15(), hashtype) #verify using pkcs1v1_5 return asymkey, randomHSM except Exception as e: logging.error("Exception occured: ", exc_info=True)
def test_biased_k(self): # n is the order of the p256r1 curve. n = 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551 key = ec.generate_private_key(ec.SECP256R1(), backend=default_backend()) d = key.private_numbers().private_value asymkey = AsymmetricKey.put(self.session, 0, 'Test ECDSA K', 0xffff, CAPABILITY.SIGN_ECDSA, key) data = b'Hello World!' digest = hashes.Hash(hashes.SHA256(), backend=default_backend()) digest.update(data) h = int_from_bytes(digest.finalize(), 'big') # The assumption here is that for 1024 runs we should get a distribution # where each single bit is set between 400 and 1024 - 400 times. count = 1024 mincount = 400 bits = [0] * 256 for i in range(0, count): resp = asymkey.sign_ecdsa(data, hash=hashes.SHA256()) # Extract random number k from signature: # k = s^(-1) * (h + d*r) mod n (r, s) = crypto_utils.decode_dss_signature(resp) # Fermat's little theorem: a^(p-1) ≡ 1 (mod p), when p is prime. # s * s^(p-2) ≡ 1 (mod p) s_inv = pow(s, n - 2, n) k = s_inv * (h + d * r) % n for j in range(0, 256): if (k >> j) & 1: bits[j] += 1 for bit in bits: self.assertGreater(bit, mincount) self.assertLess(bit, count - mincount) asymkey.delete()
def test_asymmetric_key(self): obj = AsymmetricKey.put( self.session, 0, 'Test delete asym', 0xffff, CAPABILITY.SIGN_ECDSA, ec.generate_private_key(ec.SECP384R1(), backend=default_backend())) self._test_delete(obj, CAPABILITY.DELETE_ASYMMETRIC_KEY)