def test_validate_ecdsa_signature(self): cert = ClaimDict.generate_certificate(nist384p_private_key, curve=NIST384p) signed = ClaimDict.load_dict(example_010).sign(nist384p_private_key, claim_address_2, claim_id_1, curve=NIST384p) self.assertDictEqual(signed.claim_dict, claim_010_signed_nist384p) signed_copy = ClaimDict.load_protobuf(signed.protobuf) self.assertEqual(signed_copy.validate_signature(claim_address_2, cert), True)
def test_validate_what_cant_be_serialized_back_even_by_loading_back_from_dictionary( self): cert = ClaimDict.generate_certificate(secp256k1_private_key, curve=SECP256k1) self.assertDictEqual(cert.claim_dict, secp256k1_cert) original = ClaimDict.load_dict(example_010).serialized altered = original + b'\x00\x01\x02\x30\x50\x80\x99' # pretend this extra trash is from some unknown protobuf # manually sign signer = get_signer(SECP256k1).load_pem(secp256k1_private_key) signature = signer.sign( b'example', decode_address(claim_address_2), altered, binascii.unhexlify(claim_id_1), ) detached_sig = Signature( NAMED_SECP256K1(signature, binascii.unhexlify(claim_id_1), altered)) signed = detached_sig.serialized self.assertEqual(signed[85:], altered) signed_copy = ClaimDict.deserialize(signed) signed_copy = ClaimDict.load_dict(signed_copy.claim_dict) self.assertEqual( signed_copy.validate_signature(claim_address_2, cert, name='example'), True) self.assertEqual(signed, signed_copy.serialized)
def test_fail_to_validate_fake_ecdsa_signature(self): signed = ClaimDict.load_dict(example_010).sign(secp256k1_private_key, claim_address_1, claim_id_1, curve=SECP256k1) signed_copy = ClaimDict.load_protobuf(signed.protobuf) fake_key = get_signer(SECP256k1).generate().private_key.to_pem() fake_cert = ClaimDict.generate_certificate(fake_key, curve=SECP256k1) self.assertRaises(ecdsa.keys.BadSignatureError, signed_copy.validate_signature, claim_address_2, fake_cert)
def test_fail_to_validate_with_no_claim_address(self): cert = ClaimDict.generate_certificate(secp256k1_private_key, curve=SECP256k1) self.assertDictEqual(cert.claim_dict, secp256k1_cert) signed = ClaimDict.load_dict(example_010).sign(secp256k1_private_key, claim_address_2, claim_id_1, curve=SECP256k1) self.assertDictEqual(signed.claim_dict, claim_010_signed_secp256k1) signed_copy = ClaimDict.load_protobuf(signed.protobuf) self.assertRaises(Exception, signed_copy.validate_signature, None, cert)
def test_validate_ecdsa_signature(self): cert = ClaimDict.generate_certificate(secp256k1_private_key, curve=SECP256k1) self.assertDictEqual(cert.claim_dict, secp256k1_cert) signed = ClaimDict.load_dict(example_010).sign(secp256k1_private_key, claim_address_2, claim_id_1, curve=SECP256k1) self.assertDictEqual(signed.claim_dict, claim_010_signed_secp256k1) signed_copy = ClaimDict.load_protobuf(signed.protobuf) self.assertEqual(signed_copy.validate_signature(claim_address_2, cert), True)
def test_fail_to_validate_ecdsa_sig_for_altered_claim(self): cert = ClaimDict.generate_certificate(secp256k1_private_key, curve=SECP256k1) altered = ClaimDict.load_dict(example_010).sign(secp256k1_private_key, claim_address_1, claim_id_1, curve=SECP256k1) sd_hash = altered['stream']['source']['source'] altered['stream']['source']['source'] = sd_hash[::-1] altered_copy = ClaimDict.load_dict(altered.claim_dict) self.assertRaises(ecdsa.keys.BadSignatureError, altered_copy.validate_signature, claim_address_1, cert)
def test_fail_to_sign_with_no_claim_address(self): cert = ClaimDict.generate_certificate(secp256k1_private_key, curve=SECP256k1) self.assertDictEqual(cert.claim_dict, secp256k1_cert) self.assertRaises(Exception, ClaimDict.load_dict(example_010).sign, secp256k1_private_key, None, claim_id_1, curve=SECP256k1)
def test_fail_to_validate_fake_ecdsa_signature(self): signed = ClaimDict.load_dict(example_010).sign(secp256k1_private_key, claim_address_1, claim_id_1, curve=SECP256k1, name='example', force_detached=True) signed_copy = ClaimDict.deserialize(signed.serialized) fake_key = get_signer(SECP256k1).generate().private_key.to_pem() fake_cert = ClaimDict.generate_certificate(fake_key, curve=SECP256k1) self.assertRaises(ecdsa.keys.BadSignatureError, signed_copy.validate_signature, claim_address_2, fake_cert, 'example')
def test_validate_detached_named_ecdsa_signature(self): cert = ClaimDict.generate_certificate(secp256k1_private_key, curve=SECP256k1) self.assertDictEqual(cert.claim_dict, secp256k1_cert) signed = ClaimDict.load_dict(example_010).sign(secp256k1_private_key, claim_address_2, claim_id_1, curve=SECP256k1, name='example', force_detached=True) signed_copy = ClaimDict.deserialize(signed.serialized) self.assertEqual( signed_copy.validate_signature(claim_address_2, cert, name='example'), True)
def test_validate_detached_named_ecdsa_signature_from_dict(self): cert = ClaimDict.generate_certificate(secp256k1_private_key, curve=SECP256k1) self.assertDictEqual(cert.claim_dict, secp256k1_cert) signed = ClaimDict.load_dict(example_010).sign(secp256k1_private_key, claim_address_2, claim_id_1, curve=SECP256k1, name='example', force_detached=True) self.assertEqual( signed.claim_dict['publisherSignature']['detached_signature'], binascii.hexlify(signed.serialized).decode()) signed_copy = ClaimDict.load_dict(signed.claim_dict) self.assertEqual( signed_copy.validate_signature(claim_address_2, cert, name='example'), True)
def test_fail_to_validate_ecdsa_sig_for_altered_claim(self): cert = ClaimDict.generate_certificate(secp256k1_private_key, curve=SECP256k1) altered = ClaimDict.load_dict(example_010).sign(secp256k1_private_key, claim_address_1, claim_id_1, curve=SECP256k1, name='example', force_detached=True) original_serialization = altered.serialized sd_hash = altered['stream']['source']['source'] altered['stream']['source']['source'] = sd_hash[::-1] altered_serialization = altered.protobuf.SerializeToString() # keep signature, but replace serialization with the altered claim (check signature.py for slice sizes) altered_copy = ClaimDict.deserialize(original_serialization[:85] + altered_serialization) self.assertRaises(ecdsa.keys.BadSignatureError, altered_copy.validate_signature, claim_address_1, cert, 'example')
def generate_certificate(): secp256k1_private_key = get_signer( SECP256k1).generate().private_key.to_pem() return ClaimDict.generate_certificate( secp256k1_private_key, curve=SECP256k1), secp256k1_private_key
def test_make_ecdsa_cert(self): cert = ClaimDict.generate_certificate(secp256k1_private_key, curve=SECP256k1) self.assertEqual(cert.is_certificate, True) self.assertDictEqual(cert.claim_dict, secp256k1_cert)
def test_make_ecdsa_cert(self): cert = ClaimDict.generate_certificate(nist384p_private_key, curve=NIST384p) self.assertEqual(cert.is_certificate, True) self.assertDictEqual(cert.claim_dict, nist384p_cert)