def test_ed25519_kat(secret_key, public_key, message, signed, signature): sk = binascii.unhexlify(secret_key) m = binascii.unhexlify(message) pk = ed25519.publickey(sk) sig = ed25519.signature(m, sk, pk) # Assert that the signature and public key are what we expected assert binascii.hexlify(pk) == public_key assert binascii.hexlify(sig) == signature # Validate the signature using the checkvalid routine ed25519.checkvalid(sig, m, pk) # Assert that we cannot forge a message # TODO: Yes this means that we "pass" a test if we can't generate a forged # message. This matches the original test suite. with pytest.raises(Exception): if len(m) == 0: forgedm = b"x" else: forgedm = b"".join( [chr(ord(m[i]) + (i == len(m) - 1)) for i in range(len(m))] ) ed25519.checkvalid(sig, forgedm, pk)
def test_ed25519_kat(secret_key, public_key, message, signed, signature): sk = binascii.unhexlify(secret_key) m = binascii.unhexlify(message) pk = ed25519.publickey(sk) sig = ed25519.signature(m, sk, pk) # Assert that the signature and public key are what we expected assert binascii.hexlify(pk) == public_key assert binascii.hexlify(sig) == signature # Validate the signature using the checkvalid routine ed25519.checkvalid(sig, m, pk) # Assert that we cannot forge a message try: if len(m) == 0: forgedm = b"x" else: forgedm = ed25519.intlist2bytes([ ed25519.indexbytes(m, i) + (i == len(m) - 1) for i in range(len(m)) ]) except ValueError: # TODO: Yes this means that we "pass" a test if we can't generate a # forged message. This matches the original test suite, it's # unclear if it was intentional there or not. pass else: with pytest.raises(ed25519.SignatureMismatch): ed25519.checkvalid(sig, forgedm, pk)
def sign_manifest(manifest, validation_sk, master_sk, master_pk): """sign a validator manifest Parameters ---------- manifest : string manifest to sign validation_sk : string validator's validation secret key (binary, _not_ BASE58 encoded) This is one of the keys that will sign the manifest. master_sk : string validator's master secret key (binary, _not_ BASE58 encoded) This is one of the keys that will sign the manifest. master_pk : string validator's master public key (binary, _not_ BASE58 encoded) Returns ---------- string manifest signed by both the validation and master keys """ man_hash = hashlib.sha512('MAN\0' + manifest).digest()[:32] validation_sig = validation_sk.sign_digest_deterministic( man_hash, hashfunc=hashlib.sha256, sigencode=ecdsa.util.sigencode_der_canonize) master_sig = ed25519.signature('MAN\0' + manifest, master_sk, master_pk) return manifest + SField.sfSignature + prepend_length_byte(validation_sig) + \ SField.sfMasterSignature + prepend_length_byte(master_sig)
now = time.time() timestamp = "%08x" % (signtime + int(now)) # Parse system's TZ and DST for the last part of the command tz_dst = int(time.timezone / -3600) & 0x1f if time.localtime(now).tm_isdst and time.daylight: tz_dst += (1 << 5) timeupdcmd = "T00" + timestamp + "%02x" % tz_dst # Sign only the "update time" command m = timeupdcmd #print "m=", m # Key taken from reference code at https://ed25519.cr.yp.to/software.html sk = binascii.unhexlify( "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60") pk = binascii.unhexlify( "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a") rawsig = ed25519.signature(m, sk, pk) s = base64.urlsafe_b64encode(rawsig) cmd = "S" + keyid + s + timeupdcmd #print cmd #print binascii.hexlify(rawsig); sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.setblocking(1) sock.sendto(cmd, (MCAST_ADDR, MCAST_PORT))
def ed25519_signature(private_public_key, content): signature = ed25519.signature(content, *private_public_key) return "ed25519-%s" % format_digest(signature)
def Signature(m, sk): #note this seems to return nicely sized version of the signature #contrast with, i.e. tweetnacl.. sk2 = ed25519.encodeint(MiniNero.hexToInt(sk)) pk = ed25519.publickey(sk2) return binascii.hexlify(ed25519.signature(m, sk2, pk))
def getSignature(m,sk,pk): R,S = ed.signature(m,sk,pk) return(R,S)
def sign_manifest(manifest, private_key, public_key): sig = ed25519.signature("MAN\0" + manifest, private_key, public_key) return manifest + SField.sfSignature + prepend_length_byte(sig)
def Sign(private_key, data): return ed25519.signature(data, private_key[:32], private_key[32:])
if not args.check: print "Firmware check hash required for signing, use --check" exit(1) priv_key = "" try: with open(args.signfile, "r") as f: priv_key = f.read() except: print "Cannot read key file '%s'" % args.signfile exit(1) pub_key = ed25519.publickey(priv_key) fw_signature = ed25519.signature(fw_hash, priv_key, pub_key) fw_verification += build_section(section_magic.ed25519, fw_signature) # Append pubkey fingerprint. pub_key_fp = hashlib.sha512(pub_key).digest() pub_key_fp = pub_key_fp[:4] fw_verification += build_section(section_magic.fp, pub_key_fp) # This variable contains full firmware image with all required parts # Verified and verification sections are always present. Verification # section can be empty. fw_image = build_section(section_magic.verified, fw_verified) + build_section( section_magic.verification, fw_verification) # Print resulting firmware image structure print_sections(fw_image, int(args.fw_base, 16))
fichier.close() info_pk = generateurKeystore.exportPub(args.user_id) info_sk = generateurKeystore.exportSec(args.user_id) if info_pk < 0 or info_pk < 0: print "Erreur id introuvable" else: userPK = info_pk[2] userSK = info_sk[2] userPK = str(userPK).rstrip().decode('hex') userSK = str(userSK).rstrip().decode('hex') sig = ed25519.signature(msg, userSK, userPK) fichier = open(args.out_info, "w") fichier.write(sig.encode("hex")) fichier.close() print "La signature a été génerée" #ecctool -check -in message.txt -sig message.sig -id alice elif args.check : action = 0 if action != -1 and args.in_info : action = 1 else: print("[ERREUR] -in manquant")
def sign(self, msg, key): pk = ed25519.publickey(key) return ed25519.signature(msg, key, pk)
# Affiche de clés if args.typeKey and args.id: if args.typeKey == 'pub' or args.typeKey == 'sec': key = gk.getkey(args.id, args.typeKey) if key: print key else: print "Pas d'entrée trouvée pour " + args.id else: print args.typeKey + " est une mauvaise option pour l'argument -export" # Génére la signature if args.message and args.id and args.gensign: sk = gk.getkey(args.id, 'sec') pk = gk.genPkBrut(args.id) sign = ed.signature(args.message, sk, pk) if sign: print sign.encode('hex') # Vérifie si la signature est valide if args.sign and args.message and args.id: sk = gk.getkey(args.id, 'sec') pk = gk.genPkBrut(args.id) sign = str(args.sign).rstrip().decode('hex') try: ed.checkvalid(sign, args.message, pk) print "La signature est valide" except: print "La signature n'a pu être validée"
# warning: currently 37 seconds/line on a fast machine # fields on each input line: sk, pk, m, sm # each field hex # each field colon-terminated # sk includes pk at end # sm includes m at end while 1: line = sys.stdin.readline() if not line: break x = line.split(':') sk = binascii.unhexlify(x[0][0:64]) pk = ed25519.publickey(sk) m = binascii.unhexlify(x[2]) s = ed25519.signature(m,sk,pk) ed25519_checkvalid.checkvalid(s,m,pk) forgedsuccess = 0 try: if len(m) == 0: forgedm = "x" else: forgedmlen = len(m) forgedm = ''.join([chr(ord(m[i])+(i==forgedmlen-1)) for i in range(forgedmlen)]) ed25519_checkvalid.checkvalid(s,forgedm,pk) forgedsuccess = 1 except: pass assert not forgedsuccess assert x[0] == binascii.hexlify(sk + pk) assert x[1] == binascii.hexlify(pk)
output_fn = sys.argv[1] privkey_fn = sys.argv[2] vmlinuz_fn = sys.argv[3] cmdline_fn = sys.argv[4] initrd_fns = sys.argv[5:] def read_file(fn): with open(fn, 'rb') as f: return f.read() vmlinuz_data = read_file(vmlinuz_fn) cmdline_data = read_file(cmdline_fn) initrd_datas = [read_file(fn) for fn in initrd_fns] buf = bytearray( struct.pack("=3Q", len(vmlinuz_data), sum(map(len, initrd_datas)), len(cmdline_data))) buf += vmlinuz_data for initrd_data in initrd_datas: buf += initrd_data buf += cmdline_data privkey = read_file(privkey_fn) buf += ed25519.signature(buf, privkey, ed25519.publickey(privkey)) with open(output_fn, 'wb') as f: f.write(buf)
import nacl.signing import random # Test vectors from ed25519_test.vectors, approx 1/sec on a fast machine # fields on each input line: sk, pk, m, sm # each field is hex and colon-terminated # sk includes pk at end; sm includes m at end with open("ed25519_test.vectors", 'r') as file_handle: for num, line in enumerate(file_handle): print("Line number {}".format(num)) x = line.split(':') secret_key = bytes.fromhex(x[0][0:64]) public_key = ed25519.get_public_key(secret_key) message = bytes.fromhex(x[2]) signature = ed25519.signature(message, secret_key, public_key) ed25519.check_valid(signature, message, public_key) forged_success = 0 if len(message) == 0: forged_message = b"x" else: forged_message = message[:-1] + bytes([message[-1] ^ 0x01]) try: ed25519.check_valid(signature, forged_message, public_key) forged_success = 1 except ed25519.BadSignatureError: pass assert not forged_success assert x[0] == secret_key.hex() + public_key.hex() assert x[1] == public_key.hex() assert x[3] == signature.hex() + message.hex() print("Testing against libsodium")
def Signature(m, sk): sk2 = ed25519.encodeint(MiniNero.hexToInt(sk)) pk = ed25519.publickey(sk2) return binascii.hexlify(ed25519.signature(m, sk2, pk))
return hashlib.sha512(m).digest() import ed25519 import os sk = "".join( chr(c) for c in [ 4, 213, 116, 80, 117, 4, 70, 166, 244, 214, 234, 159, 197, 101, 182, 177, 106, 180, 68, 125, 51, 32, 159, 77, 27, 151, 233, 91, 109, 184, 147, 235 ]) pk = "".join( chr(c) for c in [ 79, 236, 107, 197, 85, 239, 235, 109, 123, 181, 230, 115, 206, 112, 218, 80, 174, 167, 119, 187, 113, 153, 17, 115, 77, 100, 154, 84, 181, 194, 254, 99 ]) hash = H(file('../tap/TunSafe-TAP-9.21.2.exe', 'rb').read()) print hash.encode('hex'), repr(hash) #sk = os.urandom(32) #pk = ed25519.publickey(sk) #print 'sk', [ord(c) for c in sk] #print 'pk', [ord(c) for c in pk] #m = 'test' s = ed25519.signature(hash, sk, pk) file('../tap/TunSafe-TAP-9.21.2.exe.sig', 'wb').write(s.encode('hex'))
def H(m): return hashlib.sha512(m).digest() import ed25519 import os # Load signing keys from location outside of repo keys = json.loads( file('../../../misc/config/installer_signing_key.json', 'r').read()) def tobin(xs): return "".join(chr(x) for x in xs) def gen_key(): sk = os.urandom(32) pk = ed25519.publickey(sk) print 'sk', [ord(c) for c in sk] print 'pk', [ord(c) for c in pk] hash = H(file('../tap/TunSafe-TAP-auto.exe', 'rb').read()) print hash.encode('hex'), repr(hash) #m = 'test' s = ed25519.signature(hash, tobin(keys['PRIVATE_KEY']), tobin(keys['PUBLIC_KEY'])) file('../tap/TunSafe-TAP-auto.exe.sig', 'wb').write(s.encode('hex'))
Run profiling of ed25519 functions case - must be one of: pub -- generating a public key sig -- generating a signature val -- validating a signature loop - how many times to repeat test """ seed = os.urandom(32) data = b"The quick brown fox jumps over the lazy dog" private_key = seed public_key = ed25519.publickey(seed) signature = ed25519.signature(data, private_key, public_key) gen_public_key = 'ed25519.publickey(seed)' gen_signature = 'ed25519.signature(data, private_key, public_key)' do_validation = 'ed25519.checkvalid(signature, data, public_key)' case = { 'pub': gen_public_key, 'sig': gen_signature, 'val': do_validation, } length = 300 choice = '' if len(sys.argv) >= 2:
def sign_manifest(manifest, private_key, public_key): sig = ed25519.signature('MAN\0' + manifest, private_key, public_key) return manifest + SField.sfSignature + prepend_length_byte(sig)
import ed25519 sk = 32 * chr(0) pk = ed25519.publickey(sk) print "publickey for 0 is", pk.encode('hex') for i in [0, 1, 10]: print "encodeint %d = %s" % (i, ed25519.encodeint(i).encode('hex')) for p in [ (0, 0), (1, 1), (10, 0), (1, 10), (9639205628789703341510410801487549615560488670885798085067615194958049462616, 18930617471878267742194159801949745215346600387277955685031939302387136031291 ) ]: print "encodepoint %s = %s" % (repr(p), ed25519.encodepoint(p).encode('hex')) msg = "This is a secret message" sig = ed25519.signature(msg, sk, pk) print 'signature("%s") = %s' % (msg, sig.encode('hex')) try: ed25519.checkvalid(sig, msg, pk) print 'check signature result: true' except: print 'check signature result: false'