예제 #1
0
 def test_identity(self):
     """ 1 * G """
     answer = b"0479be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8"
     one = 1
     bone = one.to_bytes(32, "big")
     g = secp256k1.ec_pubkey_create(bone)
     der = secp256k1.ec_pubkey_serialize(g, secp256k1.EC_UNCOMPRESSED)
     g_hex = hexlify(der)
     self.assertEqual(answer, g_hex)
예제 #2
0
def secp256k1_example():
    """Usage example for secp256k1 usermodule"""

    # randomize context from time to time
    # - it helps against sidechannel attacks
    # secp256k1.context_randomize(os.urandom(32))

    # some random secret key
    secret = hashlib.sha256(b"secret key").digest()

    print("Secret key:", hexlify(secret).decode())

    # Makes sense to check if secret key is valid.
    # It will be ok in most cases, only if secret > N it will be invalid
    if not secp256k1.ec_seckey_verify(secret):
        raise ValueError("Secret key is invalid")

    # computing corresponding pubkey
    pubkey = secp256k1.ec_pubkey_create(secret)

    # serialize the pubkey in compressed format
    sec = secp256k1.ec_pubkey_serialize(pubkey, secp256k1.EC_COMPRESSED)
    print("Public key:", hexlify(sec).decode())

    # this is how you parse the pubkey
    pubkey = secp256k1.ec_pubkey_parse(sec)

    # Signature generation:

    # hash of the string "hello"
    msg = hashlib.sha256(b"hello").digest()
    # signing
    sig = secp256k1.ecdsa_sign(msg, secret)

    # serialization
    der = secp256k1.ecdsa_signature_serialize_der(sig)

    print("Signature:", hexlify(der).decode())

    # verification
    if secp256k1.ecdsa_verify(sig, msg, pubkey):
        print("Signature is valid")
    else:
        printf("Invalid signature")
예제 #3
0
 def get_public_key(self) -> PublicKey:
     pub = secp256k1.ec_pubkey_create(self._secret)
     return PublicKey(pub, self.compressed)
예제 #4
0
 def get_public_key(self):
     return PublicKey(secp256k1.ec_pubkey_create(self._secret),
                      self.compressed)
예제 #5
0
 def open(self, mode=None):
     """Opens a secure channel.
     Mode can be "es" - ephemeral-static
              or "ee" - ephemeral-ephemenral
     """
     # save mode for later - i.e. reestablish secure channel
     if mode is None:
         mode = self.mode
     else:
         self.mode = mode
     # check if we know pubkey already
     if self.card_pubkey is None:
         self.get_card_pubkey()
     # generate ephimerial key
     secret = get_random_bytes(32)
     host_prv = secret
     host_pub = secp256k1.ec_pubkey_create(secret)
     # ee mode - ask card to create ephimerial key and send it to us
     if mode == "ee":
         data = secp256k1.ec_pubkey_serialize(host_pub,
                                              secp256k1.EC_UNCOMPRESSED)
         # get ephimerial pubkey from the card
         res = self.applet.request(self.OPEN_EE + encode(data))
         s = BytesIO(res)
         data = s.read(65)
         pub = secp256k1.ec_pubkey_parse(data)
         secp256k1.ec_pubkey_tweak_mul(pub, secret)
         shared_secret = hashlib.sha256(
             secp256k1.ec_pubkey_serialize(pub)[1:33]).digest()
         shared_fingerprint = self.derive_keys(shared_secret)
         recv_hmac = s.read(MAC_SIZE)
         h = hmac.new(self.card_mac_key, digestmod="sha256")
         h.update(data)
         expected_hmac = h.digest()[:MAC_SIZE]
         if expected_hmac != recv_hmac:
             raise SecureChannelError("Wrong HMAC.")
         data += recv_hmac
         raw_sig = s.read()
         sig = secp256k1.ecdsa_signature_parse_der(raw_sig)
         # in case card doesn't follow low s rule (but it should)
         sig = secp256k1.ecdsa_signature_normalize(sig)
         if not secp256k1.ecdsa_verify(sig,
                                       hashlib.sha256(data).digest(),
                                       self.card_pubkey):
             raise SecureChannelError("Signature is invalid.")
     # se mode - use our ephimerial key with card's static key
     else:
         data = secp256k1.ec_pubkey_serialize(host_pub,
                                              secp256k1.EC_UNCOMPRESSED)
         # ugly copy
         pub = secp256k1.ec_pubkey_parse(
             secp256k1.ec_pubkey_serialize(self.card_pubkey))
         secp256k1.ec_pubkey_tweak_mul(pub, secret)
         shared_secret = secp256k1.ec_pubkey_serialize(pub)[1:33]
         res = self.applet.request(self.OPEN_SE + encode(data))
         s = BytesIO(res)
         nonce_card = s.read(32)
         recv_hmac = s.read(MAC_SIZE)
         secret_with_nonces = hashlib.sha256(shared_secret +
                                             nonce_card).digest()
         shared_fingerprint = self.derive_keys(secret_with_nonces)
         data = nonce_card
         h = hmac.new(self.card_mac_key, digestmod="sha256")
         h.update(data)
         expected_hmac = h.digest()[:MAC_SIZE]
         if expected_hmac != recv_hmac:
             raise SecureChannelError("Wrong HMAC.")
         data += recv_hmac
         sig = secp256k1.ecdsa_signature_parse_der(s.read())
         # in case card doesn't follow low s rule (but it should)
         sig = secp256k1.ecdsa_signature_normalize(sig)
         if not secp256k1.ecdsa_verify(sig,
                                       hashlib.sha256(data).digest(),
                                       self.card_pubkey):
             raise SecureChannelError("Signature is invalid")
     # reset iv
     self.iv = 0
     self.is_open = True