def ec_public_key_info(public_key_point, curve):
"""
Constructs the PublicKeyInfo for an ECPointBitString
:param private_key:
An asn1crypto.keys.ECPointBitString object
:param curve:
A unicode string of the curve name - one of secp256r1, secp384r1 or secp521r1
:raises:
ValueError - when any of the parameters contain an invalid value
:return:
An asn1crypto.keys.PublicKeyInfo object
"""
if curve not in set(['secp256r1', 'secp384r1', 'secp521r1']):
raise ValueError(
pretty_message(
'''
curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s
''', repr(curve)))
return keys.PublicKeyInfo({
'algorithm':
keys.PublicKeyAlgorithm({
'algorithm':
'ec',
'parameters':
keys.ECDomainParameters(name='named', value=curve)
}),
'public_key':
public_key_point,
})
def subject_public_key(self, _value):
if not isinstance(_value, ecc.EccKey):
raise TypeError(
_pretty_message(
'''
subject_public_key must be an instance of
optigatrust.pk.EccKey,
not %s
''', _type_name(_value)))
pubkey_alg = keys.PublicKeyAlgorithm({
'algorithm':
_value.algorithm,
'parameters':
keys.ECDomainParameters('named', _value.curve)
})
pubkey_asn1 = core.BitString.load(_value.pkey)
pubkey_info = keys.PublicKeyInfo({
'algorithm':
pubkey_alg,
'public_key':
pubkey_asn1.cast(keys.ECPointBitString)
})
self._subject_public_key = pubkey_info
def ec_generate_pair(curve):
"""
Generates a EC public/private key pair
:param curve:
A unicode string. Valid values include "secp256r1", "secp384r1" and
"secp521r1".
:raises:
ValueError - when any of the parameters contain an invalid value
TypeError - when any of the parameters are of the wrong type
:return:
A 2-element tuple of (asn1crypto.keys.PublicKeyInfo,
asn1crypto.keys.PrivateKeyInfo)
"""
if curve not in set(['secp256r1', 'secp384r1', 'secp521r1']):
raise ValueError(
pretty_message(
'''
curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s
''', repr(curve)))
curve_num_bytes = CURVE_BYTES[curve]
curve_base_point = {
'secp256r1': SECP256R1_BASE_POINT,
'secp384r1': SECP384R1_BASE_POINT,
'secp521r1': SECP521R1_BASE_POINT,
}[curve]
while True:
private_key_bytes = rand_bytes(curve_num_bytes)
private_key_int = int_from_bytes(private_key_bytes, signed=False)
if private_key_int > 0 and private_key_int < curve_base_point.order:
break
private_key_info = keys.PrivateKeyInfo({
'version':
0,
'private_key_algorithm':
keys.PrivateKeyAlgorithm({
'algorithm':
'ec',
'parameters':
keys.ECDomainParameters(name='named', value=curve)
}),
'private_key':
keys.ECPrivateKey({
'version': 'ecPrivkeyVer1',
'private_key': private_key_int
}),
})
ec_point = ec_compute_public_key_point(private_key_info)
private_key_info['private_key'].parsed['public_key'] = ec_point.copy()
return (ec_public_key_info(ec_point, curve), private_key_info)
def test_ec_private_key_width_dotted(self):
k = keys.ECPrivateKey({
'version': 1,
'private_key': 1,
'parameters': keys.ECDomainParameters(('named', '1.3.132.0.10')),
})
self.assertEqual('ecPrivkeyVer1', k['version'].native)
self.assertEqual(1, k['private_key'].native)
self.assertEqual('secp256k1', k['parameters'].native)
self.assertEqual(
b'\x04\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01',
k['private_key'].dump()
)
def test_ecdsa_p256_signverify():
LOGGER.info(
'Sign data with newly generated NIST P-256 key and verify result')
setup_keys()
ha = 'sha256'
s = ecdsa.sign(pytest.p256, pytest.tbs_str)
print('[{}]'.format(', '.join(hex(x) for x in list(s.signature))))
# Preparing an algoroithm
pubkey_alg = keys.PublicKeyAlgorithm({
'algorithm':
keys.PublicKeyAlgorithmId(pytest.p256.algorithm),
'parameters':
keys.ECDomainParameters(name='named', value=pytest.p256.curve)
})
# Preparing a PublicKeyInfo
pubkey_asn1 = core.BitString.load(pytest.p256.pkey)
pubkey_info = keys.PublicKeyInfo({
'algorithm':
pubkey_alg,
'public_key':
pubkey_asn1.cast(keys.ECPointBitString)
})
# Load a public key into the oscrypto engine to using it in the verify function
public = load_public_key(pubkey_info)
ecdsa_verify(public, s.signature, pytest.tbs_str, ha)
# Assert wrong text
with pytest.raises(SignatureError):
ecdsa_verify(public, s.signature, pytest.tbs_str_fail, ha)
# Assert wrong key
with pytest.raises(SignatureError):
# Preparing a PublicKeyInfo
pubkey_asn1 = core.BitString.load(pytest.p256_fail.pkey)
pubkey_info = keys.PublicKeyInfo({
'algorithm':
pubkey_alg,
'public_key':
pubkey_asn1.cast(keys.ECPointBitString)
})
# Load a public key into the oscrypto engine to using it in the verify function
public = load_public_key(pubkey_info)
ecdsa_verify(public, s.signature, pytest.tbs_str, ha)
def test_named_curve_register(self):
keys.NamedCurve.register('customcurve', '1.2.3.4.5.6.7.8', 16)
k = keys.NamedCurve('customcurve')
self.assertEqual('customcurve', k.native)
self.assertEqual('1.2.3.4.5.6.7.8', k.dotted)
k = keys.ECPrivateKey({
'version': 1,
'private_key': 1,
'parameters': keys.ECDomainParameters(('named', 'customcurve')),
})
self.assertEqual('ecPrivkeyVer1', k['version'].native)
self.assertEqual(1, k['private_key'].native)
self.assertEqual('customcurve', k['parameters'].native)
self.assertEqual(
b'\x04\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01',
k['private_key'].dump()
)