def test_multisig_verify_helper_verification(self): engine = test_engine() message = vm.ByteStringStackItem(b'hello') kp1 = cryptography.KeyPair(private_key=b'\x01' * 32) kp2 = cryptography.KeyPair(private_key=b'\x02' * 32) sig1 = cryptography.sign(message.to_array(), kp1.private_key) sig2 = cryptography.sign(message.to_array(), kp2.private_key) # quick pre-check the verify_signature function actually passes self.assertTrue( cryptography.verify_signature(message.to_array(), sig1, kp1.public_key.encode_point(False), cryptography.ECCCurve.SECP256R1)) self.assertTrue( cryptography.verify_signature(message.to_array(), sig2, kp2.public_key.encode_point(False), cryptography.ECCCurve.SECP256R1)) # first do a check on regular data (meaning; check sig1 with pub_key1, sig2 with pub_key2) public_keys = [ kp1.public_key.encode_point(False), kp2.public_key.encode_point(False) ] signatures = [sig1, sig2] self.assertTrue( _check_multisig(engine, message, public_keys, signatures, cryptography.ECCCurve.SECP256R1)) # same as previous, but supplying the keys out of order public_keys = [ kp2.public_key.encode_point(False), kp1.public_key.encode_point(False) ] signatures = [sig1, sig2] self.assertFalse( _check_multisig(engine, message, public_keys, signatures, cryptography.ECCCurve.SECP256R1)) # now validate it will try all available public keys for a given signature (for 1-of-2, 3-of-5 like contracts) public_keys = [ kp2.public_key.encode_point(False), kp1.public_key.encode_point(False) ] signatures = [sig1] self.assertTrue( _check_multisig(engine, message, public_keys, signatures, cryptography.ECCCurve.SECP256R1)) # test handling an exception caused by an invalid public key public_keys = [b''] signatures = [sig1] self.assertFalse( _check_multisig(engine, message, public_keys, signatures, cryptography.ECCCurve.SECP256R1))
def check_multisig_with_ECDSA_Secp256r1(engine: contracts.ApplicationEngine, public_keys: List[bytes], signatures: List[bytes]) -> bool: len_pub_keys = len(public_keys) len_sigs = len(signatures) if len_sigs == 0: raise ValueError("No signatures supplied") if len_pub_keys == 0: raise ValueError("No public keys supplied") if len_sigs > len_pub_keys: raise ValueError(f"Verification requires {len_sigs} public keys, got only {len_pub_keys}") message = engine.script_container.get_hash_data(settings.network.magic) engine.add_gas(len_pub_keys * CHECKSIG_PRICE * engine.exec_fee_factor) i = 0 j = 0 try: while i < len_sigs and j < len_pub_keys: if cryptography.verify_signature(message, signatures[i], public_keys[j], cryptography.ECCCurve.SECP256R1): i += 1 j += 1 if len_sigs - i > len_pub_keys - j: return False except cryptography.ECCException as e: return False return True
def verify_with_ECDSA_Secp256r1(engine: contracts.ApplicationEngine, public_key: bytes, signature: bytes) -> bool: return cryptography.verify_signature(engine.script_container.get_hash_data(settings.network.magic), signature, public_key, cryptography.ECCCurve.SECP256R1)
def _check_multisig(engine: contracts.ApplicationEngine, stack_item: vm.StackItem, public_keys: List[bytes], signatures: List[bytes], curve: cryptography.ECCCurve) -> bool: len_pub_keys = len(public_keys) len_sigs = len(signatures) if len_sigs == 0: raise ValueError("No signatures supplied") if len_pub_keys == 0: raise ValueError("No public keys supplied") if len_sigs > len_pub_keys: raise ValueError( f"Verification requires {len_sigs} public keys, got only {len_pub_keys}" ) message = stackitem_to_hash_data(engine, stack_item) engine.add_gas(len_pub_keys * 1000000) i = 0 j = 0 try: while i < len_sigs and j < len_pub_keys: if cryptography.verify_signature(message, signatures[i], public_keys[j], curve): i += 1 j += 1 if len_sigs - i > len_pub_keys - j: return False except cryptography.ECCException as e: return False return True
def is_valid(self, contract_hash: types.UInt160) -> bool: """ Validate if the group has agreed on allowing the specific contract_hash. Args: contract_hash: """ return cryptography.verify_signature( contract_hash.to_array(), self.signature, self.public_key.encode_point(False), cryptography.ECCCurve.SECP256R1)
def test_verify_secp256k1(self): """ byte[] message = System.Text.Encoding.Default.GetBytes("hello"); byte[] signature = "5331be791532d157df5b5620620d938bcb622ad02c81cfc184c460efdad18e695480d77440c511e9ad02ea30d773cb54e88f8cbb069644aefa283957085f38b5".HexToBytes(); byte[] pubKey = "03ea01cb94bdaf0cd1c01b159d474f9604f4af35a3e2196f6bdfdb33b2aa4961fa".HexToBytes(); Crypto.VerifySignature(message, signature, pubKey, Neo.Cryptography.ECC.ECCurve.Secp256k1).Should().BeTrue(); """ message = b'hello' signature = binascii.unhexlify( b'5331be791532d157df5b5620620d938bcb622ad02c81cfc184c460efdad18e695480d77440c511e9ad02ea30d773cb54e88f8cbb069644aefa283957085f38b5' ) public_key = binascii.unhexlify( b'03ea01cb94bdaf0cd1c01b159d474f9604f4af35a3e2196f6bdfdb33b2aa4961fa' ) self.assertTrue( cryptography.verify_signature(message, signature, public_key, cryptography.ECCCurve.SECP256K1)) sb = vm.ScriptBuilder() sb.emit_push(signature) sb.emit_push(public_key) sb.emit_push(message) sb.emit_syscall( syscall_name_to_int("Neo.Crypto.VerifyWithECDsaSecp256k1")) engine = test_engine() script = vm.Script(sb.to_array()) engine.load_script(script) engine.execute() self.assertEqual(vm.VMState.HALT, engine.state) self.assertEqual(1, len(engine.result_stack)) self.assertEqual(vm.BooleanStackItem(True), engine.result_stack.pop()) # again with bad signature bad_signature = b'\xFF' + signature[1:] sb = vm.ScriptBuilder() sb.emit_push(bad_signature) sb.emit_push(public_key) sb.emit_push(message) sb.emit_syscall( syscall_name_to_int("Neo.Crypto.VerifyWithECDsaSecp256k1")) engine = test_engine() script = vm.Script(sb.to_array()) engine.load_script(script) engine.execute() self.assertEqual(vm.VMState.HALT, engine.state) self.assertEqual(1, len(engine.result_stack)) self.assertEqual(vm.BooleanStackItem(False), engine.result_stack.pop())
def verify_with_ecdsa(self, message: bytes, public_key: bytes, signature: bytes, curve: NamedCurve) -> bool: return cryptography.verify_signature(message, signature, public_key, self.curves.get(curve))
def verify_with_ECDSA_Secp256k1(engine: contracts.ApplicationEngine, stack_item: vm.StackItem, public_key: bytes, signature: bytes) -> bool: value = stackitem_to_hash_data(engine, stack_item) return cryptography.verify_signature(value, signature, public_key, cryptography.ECCCurve.SECP256K1)