def ec_public_key_info(public_key_point, curve): """ Constructs the PublicKeyInfo for an ECPointBitString :param private_key: An asn1crypto.keys.ECPointBitString object :param curve: A unicode string of the curve name - one of secp256r1, secp384r1 or secp521r1 :raises: ValueError - when any of the parameters contain an invalid value :return: An asn1crypto.keys.PublicKeyInfo object """ if curve not in set(['secp256r1', 'secp384r1', 'secp521r1']): raise ValueError( pretty_message( ''' curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s ''', repr(curve))) return keys.PublicKeyInfo({ 'algorithm': keys.PublicKeyAlgorithm({ 'algorithm': 'ec', 'parameters': keys.ECDomainParameters(name='named', value=curve) }), 'public_key': public_key_point, })
def subject_public_key(self, _value): if not isinstance(_value, ecc.EccKey): raise TypeError( _pretty_message( ''' subject_public_key must be an instance of optigatrust.pk.EccKey, not %s ''', _type_name(_value))) pubkey_alg = keys.PublicKeyAlgorithm({ 'algorithm': _value.algorithm, 'parameters': keys.ECDomainParameters('named', _value.curve) }) pubkey_asn1 = core.BitString.load(_value.pkey) pubkey_info = keys.PublicKeyInfo({ 'algorithm': pubkey_alg, 'public_key': pubkey_asn1.cast(keys.ECPointBitString) }) self._subject_public_key = pubkey_info
def ec_generate_pair(curve): """ Generates a EC public/private key pair :param curve: A unicode string. Valid values include "secp256r1", "secp384r1" and "secp521r1". :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type :return: A 2-element tuple of (asn1crypto.keys.PublicKeyInfo, asn1crypto.keys.PrivateKeyInfo) """ if curve not in set(['secp256r1', 'secp384r1', 'secp521r1']): raise ValueError( pretty_message( ''' curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s ''', repr(curve))) curve_num_bytes = CURVE_BYTES[curve] curve_base_point = { 'secp256r1': SECP256R1_BASE_POINT, 'secp384r1': SECP384R1_BASE_POINT, 'secp521r1': SECP521R1_BASE_POINT, }[curve] while True: private_key_bytes = rand_bytes(curve_num_bytes) private_key_int = int_from_bytes(private_key_bytes, signed=False) if private_key_int > 0 and private_key_int < curve_base_point.order: break private_key_info = keys.PrivateKeyInfo({ 'version': 0, 'private_key_algorithm': keys.PrivateKeyAlgorithm({ 'algorithm': 'ec', 'parameters': keys.ECDomainParameters(name='named', value=curve) }), 'private_key': keys.ECPrivateKey({ 'version': 'ecPrivkeyVer1', 'private_key': private_key_int }), }) ec_point = ec_compute_public_key_point(private_key_info) private_key_info['private_key'].parsed['public_key'] = ec_point.copy() return (ec_public_key_info(ec_point, curve), private_key_info)
def test_ec_private_key_width_dotted(self): k = keys.ECPrivateKey({ 'version': 1, 'private_key': 1, 'parameters': keys.ECDomainParameters(('named', '1.3.132.0.10')), }) self.assertEqual('ecPrivkeyVer1', k['version'].native) self.assertEqual(1, k['private_key'].native) self.assertEqual('secp256k1', k['parameters'].native) self.assertEqual( b'\x04\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', k['private_key'].dump() )
def test_ecdsa_p256_signverify(): LOGGER.info( 'Sign data with newly generated NIST P-256 key and verify result') setup_keys() ha = 'sha256' s = ecdsa.sign(pytest.p256, pytest.tbs_str) print('[{}]'.format(', '.join(hex(x) for x in list(s.signature)))) # Preparing an algoroithm pubkey_alg = keys.PublicKeyAlgorithm({ 'algorithm': keys.PublicKeyAlgorithmId(pytest.p256.algorithm), 'parameters': keys.ECDomainParameters(name='named', value=pytest.p256.curve) }) # Preparing a PublicKeyInfo pubkey_asn1 = core.BitString.load(pytest.p256.pkey) pubkey_info = keys.PublicKeyInfo({ 'algorithm': pubkey_alg, 'public_key': pubkey_asn1.cast(keys.ECPointBitString) }) # Load a public key into the oscrypto engine to using it in the verify function public = load_public_key(pubkey_info) ecdsa_verify(public, s.signature, pytest.tbs_str, ha) # Assert wrong text with pytest.raises(SignatureError): ecdsa_verify(public, s.signature, pytest.tbs_str_fail, ha) # Assert wrong key with pytest.raises(SignatureError): # Preparing a PublicKeyInfo pubkey_asn1 = core.BitString.load(pytest.p256_fail.pkey) pubkey_info = keys.PublicKeyInfo({ 'algorithm': pubkey_alg, 'public_key': pubkey_asn1.cast(keys.ECPointBitString) }) # Load a public key into the oscrypto engine to using it in the verify function public = load_public_key(pubkey_info) ecdsa_verify(public, s.signature, pytest.tbs_str, ha)
def test_named_curve_register(self): keys.NamedCurve.register('customcurve', '1.2.3.4.5.6.7.8', 16) k = keys.NamedCurve('customcurve') self.assertEqual('customcurve', k.native) self.assertEqual('1.2.3.4.5.6.7.8', k.dotted) k = keys.ECPrivateKey({ 'version': 1, 'private_key': 1, 'parameters': keys.ECDomainParameters(('named', 'customcurve')), }) self.assertEqual('ecPrivkeyVer1', k['version'].native) self.assertEqual(1, k['private_key'].native) self.assertEqual('customcurve', k['parameters'].native) self.assertEqual( b'\x04\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', k['private_key'].dump() )