def CheckBlock(filename, curve): if os.path.isfile(filename): f = open(filename, "r") block = f.readlines() if len(block)%9 != 0: print("Incorrect file format") f.close() return -10000 block_count = len(block)//9 for i in range(0, block_count): # coordinates of the public key point x1 = int(block[i*9+2][22:-1]) y1 = int(block[i*9+3][22:-1]) r = int(block[i*9+7][15:-1]) s = int(block[i*9+8][15:-1]) tx = "".join(block[i*9: i*9+7]) # For the signature verfication payer = ECDSA() payer_pk = ECPublicKey(Point(x1, y1, curve)) signature = encode_sig(r, s) try: assert(payer.verify(tx.encode('UTF-8'), signature, payer_pk)) ver = 0 f.close() return ver except: ver = -i-1 f.close() return ver return 0 else: print("File does not exist") return -10000
def _do_sign(self, msg, pv_key, k): if (pv_key.curve == None): raise ECPyException('private key haz no curve') curve = pv_key.curve n = curve.order G = curve.generator k = k % n msg = int.from_bytes(msg, 'big') Q = G * k kinv = pow(k, n - 2, n) r = Q.x % n if r == 0: return None s = (kinv * (msg + pv_key.d * r)) % n if s == 0: return None sig = encode_sig(r, s, self.fmt) # r = r.to_bytes((r.bit_length()+7)//8, 'big') # s = s.to_bytes((s.bit_length()+7)//8, 'big') # if (r[0] & 0x80) == 0x80 : # r = b'\0'+r # if (s[0] & 0x80) == 0x80 : # s = b'\0'+s # sig = (b'\x30'+int((len(r)+len(s)+4)).to_bytes(1,'big') + # b'\x02'+int(len(r)).to_bytes(1,'big') + r + # b'\x02'+int(len(s)).to_bytes(1,'big') + s ) return sig
def _do_sign(self,msg,pv_key): curve = pv_key.curve B = curve.generator n = curve.order size = curve._coord_size() a, A, prefix = EDDSA._get_materials(pv_key, self._hasher, self._hash_len) eA = curve.encode_point(A) #compute R hasher = self._hasher() if curve.name =='Ed448': hasher.update(b'SigEd448\x00\x00') hasher.update(prefix) hasher.update(msg) r = hasher.digest(self._hash_len) elif curve.name =='Ed25519': hasher.update(prefix) hasher.update(msg) r = hasher.digest() else : assert False, '%s not supported'%curve.name r = int.from_bytes(r,'little') r = r % n R = r*B eR = curve.encode_point(R) #compute S hasher = self._hasher() if curve.name =='Ed448': hasher.update(b'SigEd448\x00\x00') hasher.update(eR) hasher.update(eA) hasher.update(msg) H_eR_eA_m = hasher.digest(self._hash_len) elif curve.name =='Ed25519': hasher.update(eR) hasher.update(eA) hasher.update(msg) H_eR_eA_m = hasher.digest() else: assert False, '%s not supported'%curve.name i = int.from_bytes(H_eR_eA_m, 'little') S = (r + i*a)%n #S = S.to_bytes(size,'little') #return eR+S eR = int.from_bytes(eR,'little') sig = encode_sig(eR,S,self.fmt,size) return sig
def _do_sign(self, msg, pv_key, k): if (pv_key.curve == None): raise ECPyException('private key haz no curve') curve = pv_key.curve n = curve.order G = curve.generator size = curve.size >> 3 Q = G * k hasher = self._hasher() if self.option == "ISO": xQ = (Q.x).to_bytes(size, 'big') yQ = (Q.y).to_bytes(size, 'big') hasher.update(xQ + yQ + msg) r = hasher.digest() r = int.from_bytes(r, 'big') s = (k + r * pv_key.d) % n if r == 0 or s == 0: return None elif self.option == "ISOx": xQ = (Q.x).to_bytes(size, 'big') hasher.update(xQ + msg) r = hasher.digest() r = int.from_bytes(r, 'big') s = (k + r * pv_key.d) % n if r == 0 or s == 0: return None elif self.option == "BSI": xQ = Q.x.to_bytes(size, 'big') hasher.update(msg + xQ) r = hasher.digest() r = int.from_bytes(r, 'big') s = (k - r * pv_key.d) % n if r == 0 or s == 0: return None elif self.option == "LIBSECP": if Q.y & 1: k = n - k Q = G * k r = (Q.x % n).to_bytes(size, 'big') hasher.update(r + msg) h = hasher.digest() h = int.from_bytes(h, 'big') r = Q.x % n s = (k - h * pv_key.d) % n return encode_sig(r, s, self.fmt)
def _do_sign(self, msg, pv_key, k, canonical=False): if (pv_key.curve == None): raise ECPyException('private key haz no curve') curve = pv_key.curve n = curve.order G = curve.generator k = k % n # if "msg (hash) bit length" is greater that the "domain bit length", # we only consider the left most "domain bit length" of message. msg_len = len(msg) * 8 msg = int.from_bytes(msg, 'big') if msg_len > curve.size: msg = msg >> (msg_len - curve.size) if n.bit_length() < msg.bit_length(): # msg is the 'n.bit_length()' leftmost bits of the received msg, # leading zeroes included (if any). mbyteslen = (msg.bit_length() + 7) // 8 msg = int(format(msg, f'0{8*mbyteslen}b')[:n.bit_length()], 2) Q = G * k if Q.is_infinity: return None kinv = pow(k, n - 2, n) r = Q.x % n if r == 0: return None s = (kinv * (msg + pv_key.d * r)) % n if s == 0: return None if canonical and (s > (n // 2)): s = n - s sig = encode_sig(r, s, self.fmt) # r = r.to_bytes((r.bit_length()+7)//8, 'big') # s = s.to_bytes((s.bit_length()+7)//8, 'big') # if (r[0] & 0x80) == 0x80 : # r = b'\0'+r # if (s[0] & 0x80) == 0x80 : # s = b'\0'+s # sig = (b'\x30'+int((len(r)+len(s)+4)).to_bytes(1,'big') + # b'\x02'+int(len(r)).to_bytes(1,'big') + r + # b'\x02'+int(len(s)).to_bytes(1,'big') + s ) return sig
def _do_sign(self, msg, pv_key): curve = pv_key.curve B = curve.generator n = curve.order size = curve.size >> 3 k = pv_key.d.to_bytes(size, 'big') hasher = self._hasher() hasher.update(k) h = hasher.digest() #retrieve encoded pub key a = bytearray(h[size - 1::-1]) a[0] &= ~0x40 a[0] |= 0x40 a[31] &= 0xF8 a = bytes(a) a = int.from_bytes(a, 'big') A = a * B eA = curve.encode_point(A) #OK #compute R hasher = self._hasher() hasher.update(h[size:] + msg) r = hasher.digest() r = int.from_bytes(r, 'little') r = r % n R = r * B eR = curve.encode_point(R) #compute S hasher = self._hasher() hasher.update(eR + eA + msg) H_eR_eA_m = hasher.digest() i = int.from_bytes(H_eR_eA_m, 'little') S = (r + i * a) % n #S = S.to_bytes(size,'little') #return eR+S eR = int.from_bytes(eR, 'little') sig = encode_sig(eR, S, self.fmt, size) return sig
def _do_sign(self, msg, pv_key, k, canonical=False): if (pv_key.curve == None): raise ECPyException('private key haz no curve') curve = pv_key.curve n = curve.order G = curve.generator k = k % n msg = int.from_bytes(msg, 'big') Q = G * k kinv = pow(k, n - 2, n) r = Q.x % n if r == 0: return None s = (kinv * (msg + pv_key.d * r)) % n if s == 0: return None if canonical and (s > (n // 2)): s = n - s return encode_sig(r, s, self.fmt)
def _do_sign(self, msg, pv_key, k): if (pv_key.curve == None): raise ECPyException('private key haz no curve') curve = pv_key.curve n = curve.order G = curve.generator size = (curve.size+7)//8 Q = G*k hasher = self._hasher() if self.option == "ISO": xQ = (Q.x).to_bytes(size,'big') yQ = (Q.y).to_bytes(size,'big') hasher.update(xQ+yQ+msg) r = hasher.digest() r = int.from_bytes(r,'big') if r % n == 0: return None s = (k+r*pv_key.d)%n if s==0: return None elif self.option == "ISOx": xQ = (Q.x).to_bytes(size,'big') hasher.update(xQ+msg) r = hasher.digest() r = int.from_bytes(r,'big') if r % n == 0: return None s = (k+r*pv_key.d)%n if s==0: return None elif self.option == "BSI": xQ = Q.x.to_bytes(size,'big') hasher.update(msg+xQ) r = hasher.digest() r = int.from_bytes(r,'big') if r%n == 0: return None s = (k-r*pv_key.d)%n if s==0: return None elif self.option == "LIBSECP": if Q.y & 1: k = n-k Q = G*k r = (Q.x%n).to_bytes(size,'big') hasher.update(r+msg) h = hasher.digest() h = int.from_bytes(h,'big') if h > n: return None r = Q.x % n s = (k - h*pv_key.d)%n elif self.option == "Z": if Q.y & 1: xQ = b'\x03'+Q.x.to_bytes(size,'big') else : xQ = b'\x02'+Q.x.to_bytes(size,'big') pu_key = pv_key.get_public_key() if pu_key.W.y & 1: xPub = b'\x03'+pu_key.W.x.to_bytes(size,'big') else : xPub = b'\x02'+pu_key.W.x.to_bytes(size,'big') hasher.update(xQ+xPub+msg) r = hasher.digest() r = int.from_bytes(r,'big') % n if r % n == 0: return None s = (k - r*pv_key.d) %n if s==0: return None return encode_sig(r, s, self.fmt)
f.write("Public key - x: " + str(QA.x)+"\n") f.write("Public key - y: " + str(QA.y)+"\n") f.write("Signature - r: " + str(r)+"\n") f.write("Signature - s: " + str(s)+"\n") f.close() f = open("deneme.txt", "r") x1 = int(f.readline()[16:-1]) y1 = int(f.readline()[16:-1]) r1 = int(f.readline()[15:-1]) s1 = int(f.readline()[15:-1]) f.close() verifier = ECDSA() pk1 = ECPublicKey(Point(x1, y1, curve)) sig1 = encode_sig(r1, s1) message = b'Anything goes here' try: assert(verifier.verify(message,sig1, pk1)) print("Signature verifies") except: print("Signature does not verify") message = b'Anything goes heree' try: assert(verifier.verify(message,sig1, pk1)) print("Signature verifies") except: print("Signature does not verify")
def _do_sign(self, msg, pv_key, k): if (pv_key.curve == None): raise ECPyException('private key has no curve') curve = pv_key.curve n = curve.order G = curve.generator size = curve.size >> 3 Q = G * k hasher = self._hasher() if self.option == "ISO": xQ = (Q.x).to_bytes(size, 'big') yQ = (Q.y).to_bytes(size, 'big') hasher.update(xQ + yQ + msg) r = hasher.digest() r = int.from_bytes(r, 'big') s = (k + r * pv_key.d) % n if r == 0 or s == 0: return None elif self.option == "ISOx": xQ = (Q.x).to_bytes(size, 'big') hasher.update(xQ + msg) r = hasher.digest() r = int.from_bytes(r, 'big') s = (k + r * pv_key.d) % n if r == 0 or s == 0: return None elif self.option == "BSI": xQ = Q.x.to_bytes(size, 'big') hasher.update(msg + xQ) r = hasher.digest() r = int.from_bytes(r, 'big') s = (k - r * pv_key.d) % n if r == 0 or s == 0: return None elif self.option == "LIBSECP": if Q.y & 1: k = n - k Q = G * k r = (Q.x % n).to_bytes(size, 'big') hasher.update(r + msg) h = hasher.digest() h = int.from_bytes(h, 'big') r = Q.x % n s = (k - h * pv_key.d) % n elif self.option == "Z": if Q.y & 1: xQ = b'\x03' + Q.x.to_bytes(size, 'big') else: xQ = b'\x02' + Q.x.to_bytes(size, 'big') pu_key = pv_key.get_public_key() if pu_key.W.y & 1: xPub = b'\x03' + pu_key.W.x.to_bytes(size, 'big') else: xPub = b'\x02' + pu_key.W.x.to_bytes(size, 'big') hasher.update(xQ + xPub + msg) r = hasher.digest() r = int.from_bytes(r, 'big') % n s = (k - r * pv_key.d) % n if r == 0 or s == 0: return None # https://github.com/sipa/bips/blob/bip-schnorr/bip-schnorr.mediawiki elif self.option == "SECP256K1": # R = Q... # Let k = k' if jacobi(y(R)) = 1, otherwise let k = n - k' k = k if _jacobi(Q.y, pv_key.curve.field) == 1 else n - k # Let P = d'G P = G * pv_key.d # Let e = int(hash(bytes(R) || bytes(P) || m)) mod n e = int.from_bytes( self._hasher(Q.x.to_bytes(size, "big") + P.serialize() + msg).digest(), "big") % n # The signature is bytes(R) || bytes((k + ed) mod n) r = Q.x % n s = (k + e * pv_key.d) % n return encode_sig(r, s, self.fmt, 0 if self.fmt not in ["RAW", "EDDSA"] else size)