def gen_keypair() -> Tuple[ecdsa.Private_key, ecdsa.Public_key]:
"""
generate a new ecdsa keypair
"""
g = ecdsa.generator_secp256k1
d = SystemRandom().randrange(1, g.order())
pub = ecdsa.Public_key(g, g * d)
priv = ecdsa.Private_key(pub, d)
return priv, pub
def make_private_key(secret, p_number):
"""Make a private ECDSA key from an integer secret.
"""
try:
generator = NBITS_TO_GENERATOR[p_number]
except KeyError:
raise ValueError('Only P-224 or P-256 supported, got P-%d' % p_number)
return ecdsa.Private_key(generator, secret)
def dump_all_keys():
private_key = 0
pairs = []
for _ in xrange(args.num_reqs):
private_key += 1
if args.curve == 224:
private_key_obj = ecdsa.Private_key(ecdsa.generator_224,
private_key)
else:
private_key_obj = ecdsa.Private_key(ecdsa.generator_256,
private_key)
product = private_key_obj.generator * private_key_obj.secret_multiplier
public_key_obj = ecdsa.Public_key(private_key_obj.generator,
product)
pair = dump_tuple_private_public_key(private_key,
public_key_obj.point.x(),
public_key_obj.point.y())
pairs.append(pair)
all = '%s' % (',\n'.join('%s' % p for p in pairs))
args.output.write(all)
def ecdsa_sign(private_key: bytes, data: bytes):
data_hash = sha256_hash(data, 1)
g = ecdsa.generator_256
n = g.order()
randrange = random.SystemRandom().randrange
secret = int.from_bytes(private_key, byteorder="big", signed=False)
digest = int.from_bytes(data_hash, byteorder="big", signed=False)
pub_key = ecdsa.Public_key(g, g * secret)
pri_key = ecdsa.Private_key(pub_key, secret)
signature = pri_key.sign(digest, randrange(1, n))
r = signature.r.to_bytes(32, byteorder="big", signed=False)
s = signature.s.to_bytes(32, byteorder="big", signed=False)
b = r + s
return b
p << 'a\nb\n' >> "test="
test = int(p.recvline(), 16)
print("test", hex(test))
print("s1", hex(s1))
print("s2", hex(s2))
assert r1 == r2
h1 = hash_message("message1")
h2 = hash_message("message2")
for v in (s1 - s2, s1 + s2, -s1 - s2, -s1 + s2):
k = inverse_mod(v, ecdsa.generator_secp256k1.order()) * (
h1 - h2) % ecdsa.generator_secp256k1.order()
d = inverse_mod(r1, ecdsa.generator_secp256k1.order()) * (
k * s1 - h1) % ecdsa.generator_secp256k1.order()
g = ecdsa.generator_secp256k1
pub = ecdsa.Public_key(g, g * d)
priv = ecdsa.Private_key(pub, d)
if pub.verifies(h1, ecdsa.Signature(r1, s1)):
break
sig = priv.sign(test, 1)
p >> 'r? ' << hex(sig.r) << '\n'
p >> 's? ' << hex(sig.s) << '\n'
flag = p.recvline().decode('utf8')
print("got flag", str(flag))