def _verify_sig(self, data): if self.app_key is None: log.debug('App key is None') return # Checking to see if there is a signature key in the version file. if 'signature' in data.keys(): signature = data['signature'] log.debug('Deleting signature from update data') # We are removing the signature to prepare the data # for verification. del data['signature'] update_data = json.dumps(data, sort_keys=True) pub_key = ed25519.VerifyingKey(self.app_key, encoding='base64') if six.PY3: if not isinstance(update_data, bytes): update_data = bytes(update_data, encoding='utf-8') try: pub_key.verify(signature, update_data, encoding='base64') except Exception as err: log.debug('Version file not verified') log.debug(err, exc_info=True) else: log.debug('Version file verified') self.verified = True else: log.debug('Signature not in update data')
def check2(encoding, expected): PREFIX = "public0-" p = vk1.to_ascii(PREFIX, encoding) self.assertEqual(p, expected) vk2 = ed25519.VerifyingKey(p, prefix=PREFIX, encoding=encoding) self.assertEqual(repr(vk1.to_bytes()), repr(vk2.to_bytes())) self.assertEqual(vk1, vk2)
def test_OOP(self): sk_s = unhexlify("4ba96b0b5303328c7405220598a587c4" "acb06ed9a9601d149f85400195f1ec3d" "a66d161e090652b054740748f059f92a" "5b731f1c27b05571f6d942e4f8b7b264") sk = ed25519.SigningKey(sk_s) self.assertEqual(len(sk.to_bytes()), 64) self.assertEqual(sk.to_bytes(), sk_s) sk2_seed = unhexlify("4ba96b0b5303328c7405220598a587c4" "acb06ed9a9601d149f85400195f1ec3d") sk2 = ed25519.SigningKey(sk2_seed) self.assertEqual(sk2.to_bytes(), sk.to_bytes()) vk = sk.get_verifying_key() self.assertEqual(len(vk.to_bytes()), 32) exp_vks = unhexlify("a66d161e090652b054740748f059f92a" "5b731f1c27b05571f6d942e4f8b7b264") self.assertEqual(vk.to_bytes(), exp_vks) self.assertEqual(ed25519.VerifyingKey(vk.to_bytes()), vk) msg = b"hello world" sig = sk.sign(msg) self.assertEqual(len(sig), 64) exp_sig = unhexlify("6eaffe94f2972b35158b6aaa9b69c1da" "97f0896aca29c41b1dd7b32e6c9e2ff6" "76fc8d8b034709cdcc37d8aeb86bebfb" "173ace3c319e211ea1d7e8d8884c1808") self.assertEqual(sig, exp_sig) self.assertEqual(vk.verify(sig, msg), None) # also, don't throw self.assertRaises(ed25519.BadSignatureError, vk.verify, sig, msg + b".. NOT!")
def from_address(cls, address): """Generate a :class:`Keypair` object via a strkey encoded public key. :param str address: A base32 encoded public key encoded as described in :func:`encode_check` :return: A new :class:`Keypair` with only a verifying (public) key. """ public_key = decode_check("account", address) if len(public_key) != 32: raise XdrLengthError('Invalid Stellar address') verifying_key = ed25519.VerifyingKey(public_key) return cls(verifying_key)
def test_signature(self, datadir): version_data = json.loads(datadir.read('version.json')) sig = version_data['signature'] del version_data['signature'] data = json.dumps(version_data, sort_keys=True) if six.PY3: version_data = bytes(data, 'utf-8') else: version_data = data public_key = ed25519.VerifyingKey(datadir.read('jms.pub'), encoding='base64') public_key.verify(sig, version_data, encoding='base64')
def test_signature(self, shared_datadir): json_raw = (shared_datadir / 'version.json').read_text() version_data = json.loads(json_raw) sig = version_data['signature'] del version_data['signature'] data = json.dumps(version_data, sort_keys=True) if six.PY3: version_data = bytes(data, 'utf-8') else: version_data = data jms_pub = (shared_datadir / 'jms.pub').read_text() public_key = ed25519.VerifyingKey(jms_pub, encoding='base64') public_key.verify(sig, version_data, encoding='base64')
def test_prefix(self): sk1, vk1 = ed25519.create_keypair() PREFIX = b"private0-" p = sk1.to_bytes(PREFIX) # that gives us a binary string with a prefix self.assertTrue(p[:len(PREFIX)] == PREFIX, repr(p)) sk2 = ed25519.SigningKey(p, prefix=PREFIX) self.assertEqual(sk1, sk2) self.assertEqual(repr(sk1.to_bytes()), repr(sk2.to_bytes())) self.assertRaises(ed25519.BadPrefixError, ed25519.SigningKey, p, prefix=b"WRONG-") # SigningKey.to_seed() can do a prefix too p = sk1.to_seed(PREFIX) self.assertTrue(p[:len(PREFIX)] == PREFIX, repr(p)) sk3 = ed25519.SigningKey(p, prefix=PREFIX) self.assertEqual(sk1, sk3) self.assertEqual(repr(sk1.to_bytes()), repr(sk3.to_bytes())) self.assertRaises(ed25519.BadPrefixError, ed25519.SigningKey, p, prefix=b"WRONG-") # verifying keys can do this too PREFIX = b"public0-" p = vk1.to_bytes(PREFIX) self.assertTrue(p.startswith(PREFIX), repr(p)) vk2 = ed25519.VerifyingKey(p, prefix=PREFIX) self.assertEqual(vk1, vk2) self.assertEqual(repr(vk1.to_bytes()), repr(vk2.to_bytes())) self.assertRaises(ed25519.BadPrefixError, ed25519.VerifyingKey, p, prefix=b"WRONG-") # and signatures PREFIX = b"sig0-" p = sk1.sign(b"msg", PREFIX) self.assertTrue(p.startswith(PREFIX), repr(p)) vk1.verify(p, b"msg", PREFIX) self.assertRaises(ed25519.BadPrefixError, vk1.verify, p, b"msg", prefix=b"WRONG-")
def _get_signing_key(self): # Here we will download the keys.gz file, decompress it then return # its contents. If an error happens you'll get None. key_data_str = self._get_key_data() if key_data_str is None: return # Key data dict key_data = json.loads(key_data_str.decode('utf-8')) # Get the public key so we can verify it's authenticity with the # root public key. pub_key = key_data['app_public'] if six.PY3: if not isinstance(pub_key, bytes): pub_key = bytes(pub_key, encoding='utf-8') else: pub_key = str(pub_key) # The signature that we'll validate sig = key_data['signature'] # Let's generate our signing key. signing_key = ed25519.VerifyingKey(self.root_key, encoding='base64') try: signing_key.verify(sig, pub_key, encoding='base64') except Exception as err: # This is bad. Very bad. # Create another keypack.pyu & import it not your repo. log.debug('Key file not verified') log.debug(err, exc_info=True) else: # Everything checks out log.debug('Key file verified') self.app_key = pub_key
def from_address(cls, address): public_key = decode_check("account", address) if len(public_key) != 32: raise XdrLengthError('Invalid Stellar address') verifying_key = ed25519.VerifyingKey(public_key) return cls(verifying_key)
def build_slow_ed25519_verifier(public_key: bytes, /) -> VerifierT: """`VerifyBuilderT` implementation which will always be present.""" _verify_key(public_key) return _build_verifier(_pure_ed25519.VerifyingKey(public_key).verify, _pure_ed25519.BadSignatureError)