alpcentaur
/
basabuuka_prototyp
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
4.1 GiB
Tree: 9ed0e1f6e7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9ed0e1f6e7'
${ noResults }
basabuuka_prototyp/venv/lib/python3.5/site-packages/ecdsa/keys.py

283 lines
12 KiB
Raw Normal View History

initial commit
4 years ago
 
  1. import binascii
  2. 

  3. from . import ecdsa
  4. from . import der
  5. from . import rfc6979
  6. from .curves import NIST192p, find_curve
  7. from .util import string_to_number, number_to_string, randrange
  8. from .util import sigencode_string, sigdecode_string
  9. from .util import oid_ecPublicKey, encoded_oid_ecPublicKey
  10. from .six import PY3, b
  11. from hashlib import sha1
  12. 

  13. class BadSignatureError(Exception):
  14.     pass
  15. class BadDigestError(Exception):
  16.     pass
  17. 

  18. class VerifyingKey:
  19.     def __init__(self, _error__please_use_generate=None):
  20.         if not _error__please_use_generate:
  21.             raise TypeError("Please use SigningKey.generate() to construct me")
  22. 

  23.     @classmethod
  24.     def from_public_point(klass, point, curve=NIST192p, hashfunc=sha1):
  25.         self = klass(_error__please_use_generate=True)
  26.         self.curve = curve
  27.         self.default_hashfunc = hashfunc
  28.         self.pubkey = ecdsa.Public_key(curve.generator, point)
  29.         self.pubkey.order = curve.order
  30.         return self
  31. 

  32.     @classmethod
  33.     def from_string(klass, string, curve=NIST192p, hashfunc=sha1,
  34.                     validate_point=True):
  35.         order = curve.order
  36.         assert len(string) == curve.verifying_key_length, \
  37.                (len(string), curve.verifying_key_length)
  38.         xs = string[:curve.baselen]
  39.         ys = string[curve.baselen:]
  40.         assert len(xs) == curve.baselen, (len(xs), curve.baselen)
  41.         assert len(ys) == curve.baselen, (len(ys), curve.baselen)
  42.         x = string_to_number(xs)
  43.         y = string_to_number(ys)
  44.         if validate_point:
  45.             assert ecdsa.point_is_valid(curve.generator, x, y)
  46.         from . import ellipticcurve
  47.         point = ellipticcurve.Point(curve.curve, x, y, order)
  48.         return klass.from_public_point(point, curve, hashfunc)
  49. 

  50.     @classmethod
  51.     def from_pem(klass, string):
  52.         return klass.from_der(der.unpem(string))
  53. 

  54.     @classmethod
  55.     def from_der(klass, string):
  56.         # [[oid_ecPublicKey,oid_curve], point_str_bitstring]
  57.         s1,empty = der.remove_sequence(string)
  58.         if empty != b(""):
  59.             raise der.UnexpectedDER("trailing junk after DER pubkey: %s" %
  60.                                     binascii.hexlify(empty))
  61.         s2,point_str_bitstring = der.remove_sequence(s1)
  62.         # s2 = oid_ecPublicKey,oid_curve
  63.         oid_pk, rest = der.remove_object(s2)
  64.         oid_curve, empty = der.remove_object(rest)
  65.         if empty != b(""):
  66.             raise der.UnexpectedDER("trailing junk after DER pubkey objects: %s" %
  67.                                     binascii.hexlify(empty))
  68.         assert oid_pk == oid_ecPublicKey, (oid_pk, oid_ecPublicKey)
  69.         curve = find_curve(oid_curve)
  70.         point_str, empty = der.remove_bitstring(point_str_bitstring)
  71.         if empty != b(""):
  72.             raise der.UnexpectedDER("trailing junk after pubkey pointstring: %s" %
  73.                                     binascii.hexlify(empty))
  74.         assert point_str.startswith(b("\x00\x04"))
  75.         return klass.from_string(point_str[2:], curve)
  76. 

  77.     def to_string(self):
  78.         # VerifyingKey.from_string(vk.to_string()) == vk as long as the
  79.         # curves are the same: the curve itself is not included in the
  80.         # serialized form
  81.         order = self.pubkey.order
  82.         x_str = number_to_string(self.pubkey.point.x(), order)
  83.         y_str = number_to_string(self.pubkey.point.y(), order)
  84.         return x_str + y_str
  85. 

  86.     def to_pem(self):
  87.         return der.topem(self.to_der(), "PUBLIC KEY")
  88. 

  89.     def to_der(self):
  90.         order = self.pubkey.order
  91.         x_str = number_to_string(self.pubkey.point.x(), order)
  92.         y_str = number_to_string(self.pubkey.point.y(), order)
  93.         point_str = b("\x00\x04") + x_str + y_str
  94.         return der.encode_sequence(der.encode_sequence(encoded_oid_ecPublicKey,
  95.                                                        self.curve.encoded_oid),
  96.                                    der.encode_bitstring(point_str))
  97. 

  98.     def verify(self, signature, data, hashfunc=None, sigdecode=sigdecode_string):
  99.         hashfunc = hashfunc or self.default_hashfunc
  100.         digest = hashfunc(data).digest()
  101.         return self.verify_digest(signature, digest, sigdecode)
  102. 

  103.     def verify_digest(self, signature, digest, sigdecode=sigdecode_string):
  104.         if len(digest) > self.curve.baselen:
  105.             raise BadDigestError("this curve (%s) is too short "
  106.                                  "for your digest (%d)" % (self.curve.name,
  107.                                                            8*len(digest)))
  108.         number = string_to_number(digest)
  109.         r, s = sigdecode(signature, self.pubkey.order)
  110.         sig = ecdsa.Signature(r, s)
  111.         if self.pubkey.verifies(number, sig):
  112.             return True
  113.         raise BadSignatureError
  114. 

  115. class SigningKey:
  116.     def __init__(self, _error__please_use_generate=None):
  117.         if not _error__please_use_generate:
  118.             raise TypeError("Please use SigningKey.generate() to construct me")
  119. 

  120.     @classmethod
  121.     def generate(klass, curve=NIST192p, entropy=None, hashfunc=sha1):
  122.         secexp = randrange(curve.order, entropy)
  123.         return klass.from_secret_exponent(secexp, curve, hashfunc)
  124. 

  125.     # to create a signing key from a short (arbitrary-length) seed, convert
  126.     # that seed into an integer with something like
  127.     # secexp=util.randrange_from_seed__X(seed, curve.order), and then pass
  128.     # that integer into SigningKey.from_secret_exponent(secexp, curve)
  129. 

  130.     @classmethod
  131.     def from_secret_exponent(klass, secexp, curve=NIST192p, hashfunc=sha1):
  132.         self = klass(_error__please_use_generate=True)
  133.         self.curve = curve
  134.         self.default_hashfunc = hashfunc
  135.         self.baselen = curve.baselen
  136.         n = curve.order
  137.         assert 1 <= secexp < n
  138.         pubkey_point = curve.generator*secexp
  139.         pubkey = ecdsa.Public_key(curve.generator, pubkey_point)
  140.         pubkey.order = n
  141.         self.verifying_key = VerifyingKey.from_public_point(pubkey_point, curve,
  142.                                                             hashfunc)
  143.         self.privkey = ecdsa.Private_key(pubkey, secexp)
  144.         self.privkey.order = n
  145.         return self
  146. 

  147.     @classmethod
  148.     def from_string(klass, string, curve=NIST192p, hashfunc=sha1):
  149.         assert len(string) == curve.baselen, (len(string), curve.baselen)
  150.         secexp = string_to_number(string)
  151.         return klass.from_secret_exponent(secexp, curve, hashfunc)
  152. 

  153.     @classmethod
  154.     def from_pem(klass, string, hashfunc=sha1):
  155.         # the privkey pem file has two sections: "EC PARAMETERS" and "EC
  156.         # PRIVATE KEY". The first is redundant.
  157.         if PY3 and isinstance(string, str):
  158.             string = string.encode()
  159.         privkey_pem = string[string.index(b("-----BEGIN EC PRIVATE KEY-----")):]
  160.         return klass.from_der(der.unpem(privkey_pem), hashfunc)
  161.     @classmethod
  162.     def from_der(klass, string, hashfunc=sha1):
  163.         # SEQ([int(1), octetstring(privkey),cont[0], oid(secp224r1),
  164.         #      cont[1],bitstring])
  165.         s, empty = der.remove_sequence(string)
  166.         if empty != b(""):
  167.             raise der.UnexpectedDER("trailing junk after DER privkey: %s" %
  168.                                     binascii.hexlify(empty))
  169.         one, s = der.remove_integer(s)
  170.         if one != 1:
  171.             raise der.UnexpectedDER("expected '1' at start of DER privkey,"
  172.                                     " got %d" % one)
  173.         privkey_str, s = der.remove_octet_string(s)
  174.         tag, curve_oid_str, s = der.remove_constructed(s)
  175.         if tag != 0:
  176.             raise der.UnexpectedDER("expected tag 0 in DER privkey,"
  177.                                     " got %d" % tag)
  178.         curve_oid, empty = der.remove_object(curve_oid_str)
  179.         if empty != b(""):
  180.             raise der.UnexpectedDER("trailing junk after DER privkey "
  181.                                     "curve_oid: %s" % binascii.hexlify(empty))
  182.         curve = find_curve(curve_oid)
  183. 

  184.         # we don't actually care about the following fields
  185.         #
  186.         #tag, pubkey_bitstring, s = der.remove_constructed(s)
  187.         #if tag != 1:
  188.         #    raise der.UnexpectedDER("expected tag 1 in DER privkey, got %d"
  189.         #                            % tag)
  190.         #pubkey_str = der.remove_bitstring(pubkey_bitstring)
  191.         #if empty != "":
  192.         #    raise der.UnexpectedDER("trailing junk after DER privkey "
  193.         #                            "pubkeystr: %s" % binascii.hexlify(empty))
  194. 

  195.         # our from_string method likes fixed-length privkey strings
  196.         if len(privkey_str) < curve.baselen:
  197.             privkey_str = b("\x00")*(curve.baselen-len(privkey_str)) + privkey_str
  198.         return klass.from_string(privkey_str, curve, hashfunc)
  199. 

  200.     def to_string(self):
  201.         secexp = self.privkey.secret_multiplier
  202.         s = number_to_string(secexp, self.privkey.order)
  203.         return s
  204. 

  205.     def to_pem(self):
  206.         # TODO: "BEGIN ECPARAMETERS"
  207.         return der.topem(self.to_der(), "EC PRIVATE KEY")
  208. 

  209.     def to_der(self):
  210.         # SEQ([int(1), octetstring(privkey),cont[0], oid(secp224r1),
  211.         #      cont[1],bitstring])
  212.         encoded_vk = b("\x00\x04") + self.get_verifying_key().to_string()
  213.         return der.encode_sequence(der.encode_integer(1),
  214.                                    der.encode_octet_string(self.to_string()),
  215.                                    der.encode_constructed(0, self.curve.encoded_oid),
  216.                                    der.encode_constructed(1, der.encode_bitstring(encoded_vk)),
  217.                                    )
  218. 

  219.     def get_verifying_key(self):
  220.         return self.verifying_key
  221. 

  222.     def sign_deterministic(self, data, hashfunc=None, sigencode=sigencode_string):
  223.         hashfunc = hashfunc or self.default_hashfunc
  224.         digest = hashfunc(data).digest()
  225. 

  226.         return self.sign_digest_deterministic(digest, hashfunc=hashfunc, sigencode=sigencode)
  227. 

  228.     def sign_digest_deterministic(self, digest, hashfunc=None, sigencode=sigencode_string):
  229.         """

  230.         Calculates 'k' from data itself, removing the need for strong
  231.         random generator and producing deterministic (reproducible) signatures.
  232.         See RFC 6979 for more details.
  233.         """

  234.         secexp = self.privkey.secret_multiplier
  235.         k = rfc6979.generate_k(
  236.             self.curve.generator.order(), secexp, hashfunc, digest)
  237. 

  238.         return self.sign_digest(digest, sigencode=sigencode, k=k)
  239. 

  240.     def sign(self, data, entropy=None, hashfunc=None, sigencode=sigencode_string, k=None):
  241.         """

  242.         hashfunc= should behave like hashlib.sha1 . The output length of the
  243.         hash (in bytes) must not be longer than the length of the curve order
  244.         (rounded up to the nearest byte), so using SHA256 with nist256p is
  245.         ok, but SHA256 with nist192p is not. (In the 2**-96ish unlikely event
  246.         of a hash output larger than the curve order, the hash will
  247.         effectively be wrapped mod n).
  248. 

  249.         Use hashfunc=hashlib.sha1 to match openssl's -ecdsa-with-SHA1 mode,
  250.         or hashfunc=hashlib.sha256 for openssl-1.0.0's -ecdsa-with-SHA256.
  251.         """

  252. 

  253.         hashfunc = hashfunc or self.default_hashfunc
  254.         h = hashfunc(data).digest()
  255.         return self.sign_digest(h, entropy, sigencode, k)
  256. 

  257.     def sign_digest(self, digest, entropy=None, sigencode=sigencode_string, k=None):
  258.         if len(digest) > self.curve.baselen:
  259.             raise BadDigestError("this curve (%s) is too short "
  260.                                  "for your digest (%d)" % (self.curve.name,
  261.                                                            8*len(digest)))
  262.         number = string_to_number(digest)
  263.         r, s = self.sign_number(number, entropy, k)
  264.         return sigencode(r, s, self.privkey.order)
  265. 

  266.     def sign_number(self, number, entropy=None, k=None):
  267.         # returns a pair of numbers
  268.         order = self.privkey.order
  269.         # privkey.sign() may raise RuntimeError in the amazingly unlikely
  270.         # (2**-192) event that r=0 or s=0, because that would leak the key.
  271.         # We could re-try with a different 'k', but we couldn't test that
  272.         # code, so I choose to allow the signature to fail instead.
  273. 

  274.         # If k is set, it is used directly. In other cases
  275.         # it is generated using entropy function
  276.         if k is not None:
  277.             _k = k
  278.         else:
  279.             _k = randrange(order, entropy)
  280. 

  281.         assert 1 <= _k < order
  282.         sig = self.privkey.sign(number, _k)
  283.         return sig.r, sig.s