pollutri
/
res_levis_API
1
0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 分支
203 MiB
 
 
 
 
目錄樹: 5404e09047
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from '5404e09047'
${ noResults }
res_levis_API/.venv/lib/python3.10/site-packages/ecdsa/test_keys.py

1139 line
38 KiB
原始文件 Blame 文件歷史 

  1. try:

  2.     import unittest2 as unittest

  3. except ImportError:

  4.     import unittest

  5. 

  6. try:

  7.     buffer

  8. except NameError:

  9.     buffer = memoryview

  10. 

  11. import os

  12. import array

  13. import pytest

  14. import hashlib

  15. 

  16. from .keys import (

  17.     VerifyingKey,

  18.     SigningKey,

  19.     MalformedPointError,

  20.     BadSignatureError,

  21. )

  22. from .der import (

  23.     unpem,

  24.     UnexpectedDER,

  25.     encode_sequence,

  26.     encode_oid,

  27.     encode_bitstring,

  28.     encode_integer,

  29.     encode_octet_string,

  30. )

  31. from .util import (

  32.     sigencode_string,

  33.     sigencode_der,

  34.     sigencode_strings,

  35.     sigdecode_string,

  36.     sigdecode_der,

  37.     sigdecode_strings,

  38. )

  39. from .curves import NIST256p, Curve, BRAINPOOLP160r1, Ed25519, Ed448

  40. from .ellipticcurve import Point, PointJacobi, CurveFp, INFINITY

  41. from .ecdsa import generator_brainpoolp160r1

  42. 

  43. 

  44. class TestVerifyingKeyFromString(unittest.TestCase):

  45.     """

  46.     Verify that ecdsa.keys.VerifyingKey.from_string() can be used with

  47.     bytes-like objects

  48.     """

  49. 

  50.     @classmethod

  51.     def setUpClass(cls):

  52.         cls.key_bytes = (

  53.             b"\x04L\xa2\x95\xdb\xc7Z\xd7\x1f\x93\nz\xcf\x97\xcf"

  54.             b"\xd7\xc2\xd9o\xfe8}X!\xae\xd4\xfah\xfa^\rpI\xba\xd1"

  55.             b"Y\xfb\x92xa\xebo+\x9cG\xfav\xca"

  56.         )

  57.         cls.vk = VerifyingKey.from_string(cls.key_bytes)

  58. 

  59.     def test_bytes(self):

  60.         self.assertIsNotNone(self.vk)

  61.         self.assertIsInstance(self.vk, VerifyingKey)

  62.         self.assertEqual(

  63.             self.vk.pubkey.point.x(),

  64.             105419898848891948935835657980914000059957975659675736097,

  65.         )

  66.         self.assertEqual(

  67.             self.vk.pubkey.point.y(),

  68.             4286866841217412202667522375431381222214611213481632495306,

  69.         )

  70. 

  71.     def test_bytes_memoryview(self):

  72.         vk = VerifyingKey.from_string(buffer(self.key_bytes))

  73. 

  74.         self.assertEqual(self.vk.to_string(), vk.to_string())

  75. 

  76.     def test_bytearray(self):

  77.         vk = VerifyingKey.from_string(bytearray(self.key_bytes))

  78. 

  79.         self.assertEqual(self.vk.to_string(), vk.to_string())

  80. 

  81.     def test_bytesarray_memoryview(self):

  82.         vk = VerifyingKey.from_string(buffer(bytearray(self.key_bytes)))

  83. 

  84.         self.assertEqual(self.vk.to_string(), vk.to_string())

  85. 

  86.     def test_array_array_of_bytes(self):

  87.         arr = array.array("B", self.key_bytes)

  88.         vk = VerifyingKey.from_string(arr)

  89. 

  90.         self.assertEqual(self.vk.to_string(), vk.to_string())

  91. 

  92.     def test_array_array_of_bytes_memoryview(self):

  93.         arr = array.array("B", self.key_bytes)

  94.         vk = VerifyingKey.from_string(buffer(arr))

  95. 

  96.         self.assertEqual(self.vk.to_string(), vk.to_string())

  97. 

  98.     def test_array_array_of_ints(self):

  99.         arr = array.array("I", self.key_bytes)

  100.         vk = VerifyingKey.from_string(arr)

  101. 

  102.         self.assertEqual(self.vk.to_string(), vk.to_string())

  103. 

  104.     def test_array_array_of_ints_memoryview(self):

  105.         arr = array.array("I", self.key_bytes)

  106.         vk = VerifyingKey.from_string(buffer(arr))

  107. 

  108.         self.assertEqual(self.vk.to_string(), vk.to_string())

  109. 

  110.     def test_bytes_uncompressed(self):

  111.         vk = VerifyingKey.from_string(b"\x04" + self.key_bytes)

  112. 

  113.         self.assertEqual(self.vk.to_string(), vk.to_string())

  114. 

  115.     def test_bytearray_uncompressed(self):

  116.         vk = VerifyingKey.from_string(bytearray(b"\x04" + self.key_bytes))

  117. 

  118.         self.assertEqual(self.vk.to_string(), vk.to_string())

  119. 

  120.     def test_bytes_compressed(self):

  121.         vk = VerifyingKey.from_string(b"\x02" + self.key_bytes[:24])

  122. 

  123.         self.assertEqual(self.vk.to_string(), vk.to_string())

  124. 

  125.     def test_bytearray_compressed(self):

  126.         vk = VerifyingKey.from_string(bytearray(b"\x02" + self.key_bytes[:24]))

  127. 

  128.         self.assertEqual(self.vk.to_string(), vk.to_string())

  129. 

  130.     def test_ed25519_VerifyingKey_from_string_imported(self):

  131.         with self.assertRaises(MalformedPointError):

  132.             VerifyingKey.from_string(b"AAA", Ed25519)

  133. 

  134. 

  135. class TestVerifyingKeyFromDer(unittest.TestCase):

  136.     """

  137.     Verify that ecdsa.keys.VerifyingKey.from_der() can be used with

  138.     bytes-like objects.

  139.     """

  140. 

  141.     @classmethod

  142.     def setUpClass(cls):

  143.         prv_key_str = (

  144.             "-----BEGIN EC PRIVATE KEY-----\n"

  145.             "MF8CAQEEGF7IQgvW75JSqULpiQQ8op9WH6Uldw6xxaAKBggqhkjOPQMBAaE0AzIA\n"

  146.             "BLiBd9CE7xf15FY5QIAoNg+fWbSk1yZOYtoGUdzkejWkxbRc9RWTQjqLVXucIJnz\n"

  147.             "bA==\n"

  148.             "-----END EC PRIVATE KEY-----\n"

  149.         )

  150.         key_str = (

  151.             "-----BEGIN PUBLIC KEY-----\n"

  152.             "MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEuIF30ITvF/XkVjlAgCg2D59ZtKTX\n"

  153.             "Jk5i2gZR3OR6NaTFtFz1FZNCOotVe5wgmfNs\n"

  154.             "-----END PUBLIC KEY-----\n"

  155.         )

  156.         cls.key_pem = key_str

  157. 

  158.         cls.key_bytes = unpem(key_str)

  159.         assert isinstance(cls.key_bytes, bytes)

  160.         cls.vk = VerifyingKey.from_pem(key_str)

  161.         cls.sk = SigningKey.from_pem(prv_key_str)

  162. 

  163.         key_str = (

  164.             "-----BEGIN PUBLIC KEY-----\n"

  165.             "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE4H3iRbG4TSrsSRb/gusPQB/4YcN8\n"

  166.             "Poqzgjau4kfxBPyZimeRfuY/9g/wMmPuhGl4BUve51DsnKJFRr8psk0ieA==\n"

  167.             "-----END PUBLIC KEY-----\n"

  168.         )

  169.         cls.vk2 = VerifyingKey.from_pem(key_str)

  170. 

  171.         cls.sk2 = SigningKey.generate(vk.curve)

  172. 

  173.     def test_load_key_with_explicit_parameters(self):

  174.         pub_key_str = (

  175.             "-----BEGIN PUBLIC KEY-----\n"

  176.             "MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAA\n"

  177.             "AAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA////\n"

  178.             "///////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSd\n"

  179.             "NgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5\n"

  180.             "RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA\n"

  181.             "//////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABIr1UkgYs5jmbFc7it1/YI2X\n"

  182.             "T//IlaEjMNZft1owjqpBYH2ErJHk4U5Pp4WvWq1xmHwIZlsH7Ig4KmefCfR6SmU=\n"

  183.             "-----END PUBLIC KEY-----"

  184.         )

  185.         pk = VerifyingKey.from_pem(pub_key_str)

  186. 

  187.         pk_exp = VerifyingKey.from_string(

  188.             b"\x04\x8a\xf5\x52\x48\x18\xb3\x98\xe6\x6c\x57\x3b\x8a\xdd\x7f"

  189.             b"\x60\x8d\x97\x4f\xff\xc8\x95\xa1\x23\x30\xd6\x5f\xb7\x5a\x30"

  190.             b"\x8e\xaa\x41\x60\x7d\x84\xac\x91\xe4\xe1\x4e\x4f\xa7\x85\xaf"

  191.             b"\x5a\xad\x71\x98\x7c\x08\x66\x5b\x07\xec\x88\x38\x2a\x67\x9f"

  192.             b"\x09\xf4\x7a\x4a\x65",

  193.             curve=NIST256p,

  194.         )

  195.         self.assertEqual(pk, pk_exp)

  196. 

  197.     def test_load_key_with_explicit_with_explicit_disabled(self):

  198.         pub_key_str = (

  199.             "-----BEGIN PUBLIC KEY-----\n"

  200.             "MIIBSzCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAABAAAA\n"

  201.             "AAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA////\n"

  202.             "///////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMVAMSd\n"

  203.             "NgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5\n"

  204.             "RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA\n"

  205.             "//////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABIr1UkgYs5jmbFc7it1/YI2X\n"

  206.             "T//IlaEjMNZft1owjqpBYH2ErJHk4U5Pp4WvWq1xmHwIZlsH7Ig4KmefCfR6SmU=\n"

  207.             "-----END PUBLIC KEY-----"

  208.         )

  209.         with self.assertRaises(UnexpectedDER):

  210.             VerifyingKey.from_pem(

  211.                 pub_key_str, valid_curve_encodings=["named_curve"]

  212.             )

  213. 

  214.     def test_load_key_with_disabled_format(self):

  215.         with self.assertRaises(MalformedPointError) as e:

  216.             VerifyingKey.from_der(self.key_bytes, valid_encodings=["raw"])

  217. 

  218.         self.assertIn("enabled (raw) encodings", str(e.exception))

  219. 

  220.     def test_custom_hashfunc(self):

  221.         vk = VerifyingKey.from_der(self.key_bytes, hashlib.sha256)

  222. 

  223.         self.assertIs(vk.default_hashfunc, hashlib.sha256)

  224. 

  225.     def test_from_pem_with_custom_hashfunc(self):

  226.         vk = VerifyingKey.from_pem(self.key_pem, hashlib.sha256)

  227. 

  228.         self.assertIs(vk.default_hashfunc, hashlib.sha256)

  229. 

  230.     def test_bytes(self):

  231.         vk = VerifyingKey.from_der(self.key_bytes)

  232. 

  233.         self.assertEqual(self.vk.to_string(), vk.to_string())

  234. 

  235.     def test_bytes_memoryview(self):

  236.         vk = VerifyingKey.from_der(buffer(self.key_bytes))

  237. 

  238.         self.assertEqual(self.vk.to_string(), vk.to_string())

  239. 

  240.     def test_bytearray(self):

  241.         vk = VerifyingKey.from_der(bytearray(self.key_bytes))

  242. 

  243.         self.assertEqual(self.vk.to_string(), vk.to_string())

  244. 

  245.     def test_bytesarray_memoryview(self):

  246.         vk = VerifyingKey.from_der(buffer(bytearray(self.key_bytes)))

  247. 

  248.         self.assertEqual(self.vk.to_string(), vk.to_string())

  249. 

  250.     def test_array_array_of_bytes(self):

  251.         arr = array.array("B", self.key_bytes)

  252.         vk = VerifyingKey.from_der(arr)

  253. 

  254.         self.assertEqual(self.vk.to_string(), vk.to_string())

  255. 

  256.     def test_array_array_of_bytes_memoryview(self):

  257.         arr = array.array("B", self.key_bytes)

  258.         vk = VerifyingKey.from_der(buffer(arr))

  259. 

  260.         self.assertEqual(self.vk.to_string(), vk.to_string())

  261. 

  262.     def test_equality_on_verifying_keys(self):

  263.         self.assertTrue(self.vk == self.sk.get_verifying_key())

  264. 

  265.     def test_inequality_on_verifying_keys(self):

  266.         self.assertFalse(self.vk == self.vk2)

  267. 

  268.     def test_inequality_on_verifying_keys_not_implemented(self):

  269.         self.assertFalse(self.vk == None)

  270. 

  271.     def test_VerifyingKey_inequality_on_same_curve(self):

  272.         self.assertNotEqual(self.vk, self.sk2.verifying_key)

  273. 

  274.     def test_SigningKey_inequality_on_same_curve(self):

  275.         self.assertNotEqual(self.sk, self.sk2)

  276. 

  277.     def test_inequality_on_wrong_types(self):

  278.         self.assertFalse(self.vk == self.sk)

  279. 

  280.     def test_from_public_point_old(self):

  281.         pj = self.vk.pubkey.point

  282.         point = Point(pj.curve(), pj.x(), pj.y())

  283. 

  284.         vk = VerifyingKey.from_public_point(point, self.vk.curve)

  285. 

  286.         self.assertTrue(vk == self.vk)

  287. 

  288.     def test_ed25519_VerifyingKey_repr__(self):

  289.         sk = SigningKey.from_string(Ed25519.generator.to_bytes(), Ed25519)

  290.         string = repr(sk.verifying_key)

  291. 

  292.         self.assertEqual(

  293.             "VerifyingKey.from_string("

  294.             "bytearray(b'K\\x0c\\xfbZH\\x8e\\x8c\\x8c\\x07\\xee\\xda\\xfb"

  295.             "\\xe1\\x97\\xcd\\x90\\x18\\x02\\x15h]\\xfe\\xbe\\xcbB\\xba\\xe6r"

  296.             "\\x10\\xae\\xf1P'), Ed25519, None)",

  297.             string,

  298.         )

  299. 

  300.     def test_edwards_from_public_point(self):

  301.         point = Ed25519.generator

  302.         with self.assertRaises(ValueError) as e:

  303.             VerifyingKey.from_public_point(point, Ed25519)

  304. 

  305.         self.assertIn("incompatible with Edwards", str(e.exception))

  306. 

  307.     def test_edwards_precompute_no_side_effect(self):

  308.         sk = SigningKey.from_string(Ed25519.generator.to_bytes(), Ed25519)

  309.         vk = sk.verifying_key

  310.         vk2 = VerifyingKey.from_string(vk.to_string(), Ed25519)

  311.         vk.precompute()

  312. 

  313.         self.assertEqual(vk, vk2)

  314. 

  315.     def test_parse_malfomed_eddsa_der_pubkey(self):

  316.         der_str = encode_sequence(

  317.             encode_sequence(encode_oid(*Ed25519.oid)),

  318.             encode_bitstring(bytes(Ed25519.generator.to_bytes()), 0),

  319.             encode_bitstring(b"\x00", 0),

  320.         )

  321. 

  322.         with self.assertRaises(UnexpectedDER) as e:

  323.             VerifyingKey.from_der(der_str)

  324. 

  325.         self.assertIn("trailing junk after public key", str(e.exception))

  326. 

  327.     def test_edwards_from_public_key_recovery(self):

  328.         with self.assertRaises(ValueError) as e:

  329.             VerifyingKey.from_public_key_recovery(b"", b"", Ed25519)

  330. 

  331.         self.assertIn("unsupported for Edwards", str(e.exception))

  332. 

  333.     def test_edwards_from_public_key_recovery_with_digest(self):

  334.         with self.assertRaises(ValueError) as e:

  335.             VerifyingKey.from_public_key_recovery_with_digest(

  336.                 b"", b"", Ed25519

  337.             )

  338. 

  339.         self.assertIn("unsupported for Edwards", str(e.exception))

  340. 

  341.     def test_load_ed25519_from_pem(self):

  342.         vk_pem = (

  343.             "-----BEGIN PUBLIC KEY-----\n"

  344.             "MCowBQYDK2VwAyEAIwBQ0NZkIiiO41WJfm5BV42u3kQm7lYnvIXmCy8qy2U=\n"

  345.             "-----END PUBLIC KEY-----\n"

  346.         )

  347. 

  348.         vk = VerifyingKey.from_pem(vk_pem)

  349. 

  350.         self.assertIsInstance(vk.curve, Curve)

  351.         self.assertIs(vk.curve, Ed25519)

  352. 

  353.         vk_str = (

  354.             b"\x23\x00\x50\xd0\xd6\x64\x22\x28\x8e\xe3\x55\x89\x7e\x6e\x41\x57"

  355.             b"\x8d\xae\xde\x44\x26\xee\x56\x27\xbc\x85\xe6\x0b\x2f\x2a\xcb\x65"

  356.         )

  357. 

  358.         vk_2 = VerifyingKey.from_string(vk_str, Ed25519)

  359. 

  360.         self.assertEqual(vk, vk_2)

  361. 

  362.     def test_export_ed255_to_pem(self):

  363.         vk_str = (

  364.             b"\x23\x00\x50\xd0\xd6\x64\x22\x28\x8e\xe3\x55\x89\x7e\x6e\x41\x57"

  365.             b"\x8d\xae\xde\x44\x26\xee\x56\x27\xbc\x85\xe6\x0b\x2f\x2a\xcb\x65"

  366.         )

  367. 

  368.         vk = VerifyingKey.from_string(vk_str, Ed25519)

  369. 

  370.         vk_pem = (

  371.             b"-----BEGIN PUBLIC KEY-----\n"

  372.             b"MCowBQYDK2VwAyEAIwBQ0NZkIiiO41WJfm5BV42u3kQm7lYnvIXmCy8qy2U=\n"

  373.             b"-----END PUBLIC KEY-----\n"

  374.         )

  375. 

  376.         self.assertEqual(vk_pem, vk.to_pem())

  377. 

  378.     def test_export_ed255_to_ssh(self):

  379.         vk_str = (

  380.             b"\x23\x00\x50\xd0\xd6\x64\x22\x28\x8e\xe3\x55\x89\x7e\x6e\x41\x57"

  381.             b"\x8d\xae\xde\x44\x26\xee\x56\x27\xbc\x85\xe6\x0b\x2f\x2a\xcb\x65"

  382.         )

  383. 

  384.         vk = VerifyingKey.from_string(vk_str, Ed25519)

  385. 

  386.         vk_ssh = b"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICMAUNDWZCIojuNViX5uQVeNrt5EJu5WJ7yF5gsvKstl\n"

  387. 

  388.         self.assertEqual(vk_ssh, vk.to_ssh())

  389. 

  390.     def test_ed25519_export_import(self):

  391.         sk = SigningKey.generate(Ed25519)

  392.         vk = sk.verifying_key

  393. 

  394.         vk2 = VerifyingKey.from_pem(vk.to_pem())

  395. 

  396.         self.assertEqual(vk, vk2)

  397. 

  398.     def test_ed25519_sig_verify(self):

  399.         vk_pem = (

  400.             "-----BEGIN PUBLIC KEY-----\n"

  401.             "MCowBQYDK2VwAyEAIwBQ0NZkIiiO41WJfm5BV42u3kQm7lYnvIXmCy8qy2U=\n"

  402.             "-----END PUBLIC KEY-----\n"

  403.         )

  404. 

  405.         vk = VerifyingKey.from_pem(vk_pem)

  406. 

  407.         data = b"data\n"

  408. 

  409.         # signature created by OpenSSL 3.0.0 beta1

  410.         sig = (

  411.             b"\x64\x47\xab\x6a\x33\xcd\x79\x45\xad\x98\x11\x6c\xb9\xf2\x20\xeb"

  412.             b"\x90\xd6\x50\xe3\xc7\x8f\x9f\x60\x10\xec\x75\xe0\x2f\x27\xd3\x96"

  413.             b"\xda\xe8\x58\x7f\xe0\xfe\x46\x5c\x81\xef\x50\xec\x29\x9f\xae\xd5"

  414.             b"\xad\x46\x3c\x91\x68\x83\x4d\xea\x8d\xa8\x19\x04\x04\x79\x03\x0b"

  415.         )

  416. 

  417.         self.assertTrue(vk.verify(sig, data))

  418. 

  419.     def test_ed25519_sig_verify_malformed(self):

  420.         vk_pem = (

  421.             "-----BEGIN PUBLIC KEY-----\n"

  422.             "MCowBQYDK2VwAyEAIwBQ0NZkIiiO41WJfm5BV42u3kQm7lYnvIXmCy8qy2U=\n"

  423.             "-----END PUBLIC KEY-----\n"

  424.         )

  425. 

  426.         vk = VerifyingKey.from_pem(vk_pem)

  427. 

  428.         data = b"data\n"

  429. 

  430.         # modified signature from test_ed25519_sig_verify

  431.         sig = (

  432.             b"\xAA\x47\xab\x6a\x33\xcd\x79\x45\xad\x98\x11\x6c\xb9\xf2\x20\xeb"

  433.             b"\x90\xd6\x50\xe3\xc7\x8f\x9f\x60\x10\xec\x75\xe0\x2f\x27\xd3\x96"

  434.             b"\xda\xe8\x58\x7f\xe0\xfe\x46\x5c\x81\xef\x50\xec\x29\x9f\xae\xd5"

  435.             b"\xad\x46\x3c\x91\x68\x83\x4d\xea\x8d\xa8\x19\x04\x04\x79\x03\x0b"

  436.         )

  437. 

  438.         with self.assertRaises(BadSignatureError):

  439.             vk.verify(sig, data)

  440. 

  441.     def test_ed448_from_pem(self):

  442.         pem_str = (

  443.             "-----BEGIN PUBLIC KEY-----\n"

  444.             "MEMwBQYDK2VxAzoAeQtetSu7CMEzE+XWB10Bg47LCA0giNikOxHzdp+tZ/eK/En0\n"

  445.             "dTdYD2ll94g58MhSnBiBQB9A1MMA\n"

  446.             "-----END PUBLIC KEY-----\n"

  447.         )

  448. 

  449.         vk = VerifyingKey.from_pem(pem_str)

  450. 

  451.         self.assertIsInstance(vk.curve, Curve)

  452.         self.assertIs(vk.curve, Ed448)

  453. 

  454.         vk_str = (

  455.             b"\x79\x0b\x5e\xb5\x2b\xbb\x08\xc1\x33\x13\xe5\xd6\x07\x5d\x01\x83"

  456.             b"\x8e\xcb\x08\x0d\x20\x88\xd8\xa4\x3b\x11\xf3\x76\x9f\xad\x67\xf7"

  457.             b"\x8a\xfc\x49\xf4\x75\x37\x58\x0f\x69\x65\xf7\x88\x39\xf0\xc8\x52"

  458.             b"\x9c\x18\x81\x40\x1f\x40\xd4\xc3\x00"

  459.         )

  460. 

  461.         vk2 = VerifyingKey.from_string(vk_str, Ed448)

  462. 

  463.         self.assertEqual(vk, vk2)

  464. 

  465.     def test_ed448_to_pem(self):

  466.         vk_str = (

  467.             b"\x79\x0b\x5e\xb5\x2b\xbb\x08\xc1\x33\x13\xe5\xd6\x07\x5d\x01\x83"

  468.             b"\x8e\xcb\x08\x0d\x20\x88\xd8\xa4\x3b\x11\xf3\x76\x9f\xad\x67\xf7"

  469.             b"\x8a\xfc\x49\xf4\x75\x37\x58\x0f\x69\x65\xf7\x88\x39\xf0\xc8\x52"

  470.             b"\x9c\x18\x81\x40\x1f\x40\xd4\xc3\x00"

  471.         )

  472.         vk = VerifyingKey.from_string(vk_str, Ed448)

  473. 

  474.         vk_pem = (

  475.             b"-----BEGIN PUBLIC KEY-----\n"

  476.             b"MEMwBQYDK2VxAzoAeQtetSu7CMEzE+XWB10Bg47LCA0giNikOxHzdp+tZ/eK/En0dTdYD2ll94g5\n"

  477.             b"8MhSnBiBQB9A1MMA\n"

  478.             b"-----END PUBLIC KEY-----\n"

  479.         )

  480. 

  481.         self.assertEqual(vk_pem, vk.to_pem())

  482. 

  483.     def test_ed448_export_import(self):

  484.         sk = SigningKey.generate(Ed448)

  485.         vk = sk.verifying_key

  486. 

  487.         vk2 = VerifyingKey.from_pem(vk.to_pem())

  488. 

  489.         self.assertEqual(vk, vk2)

  490. 

  491.     def test_ed448_sig_verify(self):

  492.         pem_str = (

  493.             "-----BEGIN PUBLIC KEY-----\n"

  494.             "MEMwBQYDK2VxAzoAeQtetSu7CMEzE+XWB10Bg47LCA0giNikOxHzdp+tZ/eK/En0\n"

  495.             "dTdYD2ll94g58MhSnBiBQB9A1MMA\n"

  496.             "-----END PUBLIC KEY-----\n"

  497.         )

  498. 

  499.         vk = VerifyingKey.from_pem(pem_str)

  500. 

  501.         data = b"data\n"

  502. 

  503.         # signature created by OpenSSL 3.0.0 beta1

  504.         sig = (

  505.             b"\x68\xed\x2c\x70\x35\x22\xca\x1c\x35\x03\xf3\xaa\x51\x33\x3d\x00"

  506.             b"\xc0\xae\xb0\x54\xc5\xdc\x7f\x6f\x30\x57\xb4\x1d\xcb\xe9\xec\xfa"

  507.             b"\xc8\x45\x3e\x51\xc1\xcb\x60\x02\x6a\xd0\x43\x11\x0b\x5f\x9b\xfa"

  508.             b"\x32\x88\xb2\x38\x6b\xed\xac\x09\x00\x78\xb1\x7b\x5d\x7e\xf8\x16"

  509.             b"\x31\xdd\x1b\x3f\x98\xa0\xce\x19\xe7\xd8\x1c\x9f\x30\xac\x2f\xd4"

  510.             b"\x1e\x55\xbf\x21\x98\xf6\x4c\x8c\xbe\x81\xa5\x2d\x80\x4c\x62\x53"

  511.             b"\x91\xd5\xee\x03\x30\xc6\x17\x66\x4b\x9e\x0c\x8d\x40\xd0\xad\xae"

  512.             b"\x0a\x00"

  513.         )

  514. 

  515.         self.assertTrue(vk.verify(sig, data))

  516. 

  517. 

  518. class TestSigningKey(unittest.TestCase):

  519.     """

  520.     Verify that ecdsa.keys.SigningKey.from_der() can be used with

  521.     bytes-like objects.

  522.     """

  523. 

  524.     @classmethod

  525.     def setUpClass(cls):

  526.         prv_key_str = (

  527.             "-----BEGIN EC PRIVATE KEY-----\n"

  528.             "MF8CAQEEGF7IQgvW75JSqULpiQQ8op9WH6Uldw6xxaAKBggqhkjOPQMBAaE0AzIA\n"

  529.             "BLiBd9CE7xf15FY5QIAoNg+fWbSk1yZOYtoGUdzkejWkxbRc9RWTQjqLVXucIJnz\n"

  530.             "bA==\n"

  531.             "-----END EC PRIVATE KEY-----\n"

  532.         )

  533.         cls.sk1 = SigningKey.from_pem(prv_key_str)

  534. 

  535.         prv_key_str = (

  536.             "-----BEGIN PRIVATE KEY-----\n"

  537.             "MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBheyEIL1u+SUqlC6YkE\n"

  538.             "PKKfVh+lJXcOscWhNAMyAAS4gXfQhO8X9eRWOUCAKDYPn1m0pNcmTmLaBlHc5Ho1\n"

  539.             "pMW0XPUVk0I6i1V7nCCZ82w=\n"

  540.             "-----END PRIVATE KEY-----\n"

  541.         )

  542.         cls.sk1_pkcs8 = SigningKey.from_pem(prv_key_str)

  543. 

  544.         prv_key_str = (

  545.             "-----BEGIN EC PRIVATE KEY-----\n"

  546.             "MHcCAQEEIKlL2EAm5NPPZuXwxRf4nXMk0A80y6UUbiQ17be/qFhRoAoGCCqGSM49\n"

  547.             "AwEHoUQDQgAE4H3iRbG4TSrsSRb/gusPQB/4YcN8Poqzgjau4kfxBPyZimeRfuY/\n"

  548.             "9g/wMmPuhGl4BUve51DsnKJFRr8psk0ieA==\n"

  549.             "-----END EC PRIVATE KEY-----\n"

  550.         )

  551.         cls.sk2 = SigningKey.from_pem(prv_key_str)

  552. 

  553.     def test_to_der_pkcs8(self):

  554.         self.assertEqual(

  555.             self.sk1.to_der(format="pkcs8"),

  556.             b"0o\x02\x01\x010\x13\x06\x07*\x86H\xce=\x02\x01\x06\x08*\x86H"

  557.             b"\xce=\x03\x01\x01\x04U0S\x02\x01\x01\x04\x18^\xc8B\x0b\xd6\xef"

  558.             b"\x92R\xa9B\xe9\x89\x04<\xa2\x9fV\x1f\xa5%w\x0e\xb1\xc5\xa14\x03"

  559.             b"2\x00\x04\xb8\x81w\xd0\x84\xef\x17\xf5\xe4V9@\x80(6\x0f\x9fY"

  560.             b"\xb4\xa4\xd7&Nb\xda\x06Q\xdc\xe4z5\xa4\xc5\xb4\\\xf5\x15\x93B:"

  561.             b"\x8bU{\x9c \x99\xf3l",

  562.         )

  563. 

  564.     def test_decoding_explicit_curve_parameters(self):

  565.         prv_key_str = (

  566.             "-----BEGIN PRIVATE KEY-----\n"

  567.             "MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB\n"

  568.             "AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA\n"

  569.             "///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV\n"

  570.             "AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg\n"

  571.             "9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A\n"

  572.             "AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgIXtREfUmR16r\n"

  573.             "ZbmvDGD2lAEFPZa2DLPyz0czSja58yChRANCAASK9VJIGLOY5mxXO4rdf2CNl0//\n"

  574.             "yJWhIzDWX7daMI6qQWB9hKyR5OFOT6eFr1qtcZh8CGZbB+yIOCpnnwn0ekpl\n"

  575.             "-----END PRIVATE KEY-----\n"

  576.         )

  577. 

  578.         sk = SigningKey.from_pem(prv_key_str)

  579. 

  580.         sk2 = SigningKey.from_string(

  581.             b"\x21\x7b\x51\x11\xf5\x26\x47\x5e\xab\x65\xb9\xaf\x0c\x60\xf6"

  582.             b"\x94\x01\x05\x3d\x96\xb6\x0c\xb3\xf2\xcf\x47\x33\x4a\x36\xb9"

  583.             b"\xf3\x20",

  584.             curve=NIST256p,

  585.         )

  586. 

  587.         self.assertEqual(sk, sk2)

  588. 

  589.     def test_decoding_explicit_curve_parameters_with_explicit_disabled(self):

  590.         prv_key_str = (

  591.             "-----BEGIN PRIVATE KEY-----\n"

  592.             "MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB\n"

  593.             "AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA\n"

  594.             "///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV\n"

  595.             "AMSdNgiG5wSTamZ44ROdJreBn36QBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg\n"

  596.             "9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8A\n"

  597.             "AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgIXtREfUmR16r\n"

  598.             "ZbmvDGD2lAEFPZa2DLPyz0czSja58yChRANCAASK9VJIGLOY5mxXO4rdf2CNl0//\n"

  599.             "yJWhIzDWX7daMI6qQWB9hKyR5OFOT6eFr1qtcZh8CGZbB+yIOCpnnwn0ekpl\n"

  600.             "-----END PRIVATE KEY-----\n"

  601.         )

  602. 

  603.         with self.assertRaises(UnexpectedDER):

  604.             SigningKey.from_pem(

  605.                 prv_key_str, valid_curve_encodings=["named_curve"]

  606.             )

  607. 

  608.     def test_equality_on_signing_keys(self):

  609.         sk = SigningKey.from_secret_exponent(

  610.             self.sk1.privkey.secret_multiplier, self.sk1.curve

  611.         )

  612.         self.assertEqual(self.sk1, sk)

  613.         self.assertEqual(self.sk1_pkcs8, sk)

  614. 

  615.     def test_verify_with_empty_message(self):

  616.         sig = self.sk1.sign(b"")

  617. 

  618.         self.assertTrue(sig)

  619. 

  620.         vk = self.sk1.verifying_key

  621. 

  622.         self.assertTrue(vk.verify(sig, b""))

  623. 

  624.     def test_verify_with_precompute(self):

  625.         sig = self.sk1.sign(b"message")

  626. 

  627.         vk = self.sk1.verifying_key

  628. 

  629.         vk.precompute()

  630. 

  631.         self.assertTrue(vk.verify(sig, b"message"))

  632. 

  633.     def test_compare_verifying_key_with_precompute(self):

  634.         vk1 = self.sk1.verifying_key

  635.         vk1.precompute()

  636. 

  637.         vk2 = self.sk1_pkcs8.verifying_key

  638. 

  639.         self.assertEqual(vk1, vk2)

  640. 

  641.     def test_verify_with_lazy_precompute(self):

  642.         sig = self.sk2.sign(b"other message")

  643. 

  644.         vk = self.sk2.verifying_key

  645. 

  646.         vk.precompute(lazy=True)

  647. 

  648.         self.assertTrue(vk.verify(sig, b"other message"))

  649. 

  650.     def test_inequality_on_signing_keys(self):

  651.         self.assertNotEqual(self.sk1, self.sk2)

  652. 

  653.     def test_inequality_on_signing_keys_not_implemented(self):

  654.         self.assertNotEqual(self.sk1, None)

  655. 

  656.     def test_ed25519_from_pem(self):

  657.         pem_str = (

  658.             "-----BEGIN PRIVATE KEY-----\n"

  659.             "MC4CAQAwBQYDK2VwBCIEIDS6x9FO1PG8T4xIPg8Zd0z8uL6sVGZFEZrX17gHC/XU\n"

  660.             "-----END PRIVATE KEY-----\n"

  661.         )

  662. 

  663.         sk = SigningKey.from_pem(pem_str)

  664. 

  665.         sk_str = SigningKey.from_string(

  666.             b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"

  667.             b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",

  668.             Ed25519,

  669.         )

  670. 

  671.         self.assertEqual(sk, sk_str)

  672. 

  673.     def test_ed25519_from_der_bad_alg_id_params(self):

  674.         der_str = encode_sequence(

  675.             encode_integer(1),

  676.             encode_sequence(encode_oid(*Ed25519.oid), encode_integer(1)),

  677.             encode_octet_string(encode_octet_string(b"A" * 32)),

  678.         )

  679. 

  680.         with self.assertRaises(UnexpectedDER) as e:

  681.             SigningKey.from_der(der_str)

  682. 

  683.         self.assertIn("Non NULL parameters", str(e.exception))

  684. 

  685.     def test_ed25519_from_der_junk_after_priv_key(self):

  686.         der_str = encode_sequence(

  687.             encode_integer(1),

  688.             encode_sequence(

  689.                 encode_oid(*Ed25519.oid),

  690.             ),

  691.             encode_octet_string(encode_octet_string(b"A" * 32) + b"B"),

  692.         )

  693. 

  694.         with self.assertRaises(UnexpectedDER) as e:

  695.             SigningKey.from_der(der_str)

  696. 

  697.         self.assertIn(

  698.             "trailing junk after the encoded private key", str(e.exception)

  699.         )

  700. 

  701.     def test_ed25519_sign(self):

  702.         sk_str = SigningKey.from_string(

  703.             b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"

  704.             b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",

  705.             Ed25519,

  706.         )

  707. 

  708.         msg = b"message"

  709. 

  710.         sig = sk_str.sign(msg, sigencode=sigencode_der)

  711. 

  712.         self.assertEqual(

  713.             sig,

  714.             b"\xe1,v\xc9>%\xda\xd2~>\xc3&\na\xf4@|\x9e`X\x11\x13@<\x987\xd4"

  715.             b"\r\xb1\xf5\xb3\x15\x7f%i{\xdf}\xdd\xb1\xf3\x02\x7f\x80\x02\xc2"

  716.             b'|\xe5\xd6\x06\xc4\n\xa3\xb0\xf6}\xc0\xed)"+E\xaf\x00',

  717.         )

  718. 

  719.     def test_ed25519_sign_digest_deterministic(self):

  720.         sk_str = SigningKey.from_string(

  721.             b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"

  722.             b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",

  723.             Ed25519,

  724.         )

  725.         with self.assertRaises(ValueError) as e:

  726.             sk_str.sign_digest_deterministic(b"a" * 20)

  727. 

  728.         self.assertIn("Method unsupported for Edwards", str(e.exception))

  729. 

  730.     def test_ed25519_sign_digest(self):

  731.         sk_str = SigningKey.from_string(

  732.             b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"

  733.             b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",

  734.             Ed25519,

  735.         )

  736.         with self.assertRaises(ValueError) as e:

  737.             sk_str.sign_digest(b"a" * 20)

  738. 

  739.         self.assertIn("Method unsupported for Edwards", str(e.exception))

  740. 

  741.     def test_ed25519_sign_number(self):

  742.         sk_str = SigningKey.from_string(

  743.             b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"

  744.             b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",

  745.             Ed25519,

  746.         )

  747.         with self.assertRaises(ValueError) as e:

  748.             sk_str.sign_number(20)

  749. 

  750.         self.assertIn("Method unsupported for Edwards", str(e.exception))

  751. 

  752.     def test_ed25519_to_der_ssleay(self):

  753.         pem_str = (

  754.             "-----BEGIN PRIVATE KEY-----\n"

  755.             "MC4CAQAwBQYDK2VwBCIEIDS6x9FO1PG8T4xIPg8Zd0z8uL6sVGZFEZrX17gHC/XU\n"

  756.             "-----END PRIVATE KEY-----\n"

  757.         )

  758. 

  759.         sk = SigningKey.from_pem(pem_str)

  760. 

  761.         with self.assertRaises(ValueError) as e:

  762.             sk.to_der(format="ssleay")

  763. 

  764.         self.assertIn("Only PKCS#8 format", str(e.exception))

  765. 

  766.     def test_ed25519_to_pem(self):

  767.         sk = SigningKey.from_string(

  768.             b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"

  769.             b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",

  770.             Ed25519,

  771.         )

  772. 

  773.         pem_str = (

  774.             b"-----BEGIN PRIVATE KEY-----\n"

  775.             b"MC4CAQAwBQYDK2VwBCIEIDS6x9FO1PG8T4xIPg8Zd0z8uL6sVGZFEZrX17gHC/XU\n"

  776.             b"-----END PRIVATE KEY-----\n"

  777.         )

  778. 

  779.         self.assertEqual(sk.to_pem(format="pkcs8"), pem_str)

  780. 

  781.     def test_ed25519_to_ssh(self):

  782.         sk = SigningKey.from_string(

  783.             b"\x34\xBA\xC7\xD1\x4E\xD4\xF1\xBC\x4F\x8C\x48\x3E\x0F\x19\x77\x4C"

  784.             b"\xFC\xB8\xBE\xAC\x54\x66\x45\x11\x9A\xD7\xD7\xB8\x07\x0B\xF5\xD4",

  785.             Ed25519,

  786.         )

  787. 

  788.         ssh_str = (

  789.             b"-----BEGIN OPENSSH PRIVATE KEY-----\n"

  790.             b"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZWQyNTUx\n"

  791.             b"OQAAACAjAFDQ1mQiKI7jVYl+bkFXja7eRCbuVie8heYLLyrLZQAAAIgAAAAAAAAAAAAAAAtzc2gt\n"

  792.             b"ZWQyNTUxOQAAACAjAFDQ1mQiKI7jVYl+bkFXja7eRCbuVie8heYLLyrLZQAAAEA0usfRTtTxvE+M\n"

  793.             b"SD4PGXdM/Li+rFRmRRGa19e4Bwv11CMAUNDWZCIojuNViX5uQVeNrt5EJu5WJ7yF5gsvKstlAAAA\n"

  794.             b"AAECAwQF\n"

  795.             b"-----END OPENSSH PRIVATE KEY-----\n"

  796.         )

  797. 

  798.         self.assertEqual(sk.to_ssh(), ssh_str)

  799. 

  800.     def test_ed25519_to_and_from_pem(self):

  801.         sk = SigningKey.generate(Ed25519)

  802. 

  803.         decoded = SigningKey.from_pem(sk.to_pem(format="pkcs8"))

  804. 

  805.         self.assertEqual(sk, decoded)

  806. 

  807.     def test_ed25519_custom_entropy(self):

  808.         sk = SigningKey.generate(Ed25519, entropy=os.urandom)

  809. 

  810.         self.assertIsNotNone(sk)

  811. 

  812.     def test_ed25519_from_secret_exponent(self):

  813.         with self.assertRaises(ValueError) as e:

  814.             SigningKey.from_secret_exponent(1234567890, curve=Ed25519)

  815. 

  816.         self.assertIn("don't support setting the secret", str(e.exception))

  817. 

  818.     def test_ed448_from_pem(self):

  819.         pem_str = (

  820.             "-----BEGIN PRIVATE KEY-----\n"

  821.             "MEcCAQAwBQYDK2VxBDsEOTyFuXqFLXgJlV8uDqcOw9nG4IqzLiZ/i5NfBDoHPzmP\n"

  822.             "OP0JMYaLGlTzwovmvCDJ2zLaezu9NLz9aQ==\n"

  823.             "-----END PRIVATE KEY-----\n"

  824.         )

  825.         sk = SigningKey.from_pem(pem_str)

  826. 

  827.         sk_str = SigningKey.from_string(

  828.             b"\x3C\x85\xB9\x7A\x85\x2D\x78\x09\x95\x5F\x2E\x0E\xA7\x0E\xC3\xD9"

  829.             b"\xC6\xE0\x8A\xB3\x2E\x26\x7F\x8B\x93\x5F\x04\x3A\x07\x3F\x39\x8F"

  830.             b"\x38\xFD\x09\x31\x86\x8B\x1A\x54\xF3\xC2\x8B\xE6\xBC\x20\xC9\xDB"

  831.             b"\x32\xDA\x7B\x3B\xBD\x34\xBC\xFD\x69",

  832.             Ed448,

  833.         )

  834. 

  835.         self.assertEqual(sk, sk_str)

  836. 

  837.     def test_ed448_to_pem(self):

  838.         sk = SigningKey.from_string(

  839.             b"\x3C\x85\xB9\x7A\x85\x2D\x78\x09\x95\x5F\x2E\x0E\xA7\x0E\xC3\xD9"

  840.             b"\xC6\xE0\x8A\xB3\x2E\x26\x7F\x8B\x93\x5F\x04\x3A\x07\x3F\x39\x8F"

  841.             b"\x38\xFD\x09\x31\x86\x8B\x1A\x54\xF3\xC2\x8B\xE6\xBC\x20\xC9\xDB"

  842.             b"\x32\xDA\x7B\x3B\xBD\x34\xBC\xFD\x69",

  843.             Ed448,

  844.         )

  845.         pem_str = (

  846.             b"-----BEGIN PRIVATE KEY-----\n"

  847.             b"MEcCAQAwBQYDK2VxBDsEOTyFuXqFLXgJlV8uDqcOw9nG4IqzLiZ/i5NfBDoHPzmPOP0JMYaLGlTz\n"

  848.             b"wovmvCDJ2zLaezu9NLz9aQ==\n"

  849.             b"-----END PRIVATE KEY-----\n"

  850.         )

  851. 

  852.         self.assertEqual(sk.to_pem(format="pkcs8"), pem_str)

  853. 

  854.     def test_ed448_encode_decode(self):

  855.         sk = SigningKey.generate(Ed448)

  856. 

  857.         decoded = SigningKey.from_pem(sk.to_pem(format="pkcs8"))

  858. 

  859.         self.assertEqual(decoded, sk)

  860. 

  861. 

  862. class TestTrivialCurve(unittest.TestCase):

  863.     @classmethod

  864.     def setUpClass(cls):

  865.         # To test what happens with r or s in signing happens to be zero we

  866.         # need to find a scalar that creates one of the points on a curve that

  867.         # has x coordinate equal to zero.

  868.         # Even for secp112r2 curve that's non trivial so use this toy

  869.         # curve, for which we can iterate over all points quickly

  870.         curve = CurveFp(163, 84, 58)

  871.         gen = PointJacobi(curve, 2, 87, 1, 167, generator=True)

  872. 

  873.         cls.toy_curve = Curve("toy_p8", curve, gen, (1, 2, 0))

  874. 

  875.         cls.sk = SigningKey.from_secret_exponent(

  876.             140,

  877.             cls.toy_curve,

  878.             hashfunc=hashlib.sha1,

  879.         )

  880. 

  881.     def test_generator_sanity(self):

  882.         gen = self.toy_curve.generator

  883. 

  884.         self.assertEqual(gen * gen.order(), INFINITY)

  885. 

  886.     def test_public_key_sanity(self):

  887.         self.assertEqual(self.sk.verifying_key.to_string(), b"\x98\x1e")

  888. 

  889.     def test_deterministic_sign(self):

  890.         sig = self.sk.sign_deterministic(b"message")

  891. 

  892.         self.assertEqual(sig, b"-.")

  893. 

  894.         self.assertTrue(self.sk.verifying_key.verify(sig, b"message"))

  895. 

  896.     def test_deterministic_sign_random_message(self):

  897.         msg = os.urandom(32)

  898.         sig = self.sk.sign_deterministic(msg)

  899.         self.assertEqual(len(sig), 2)

  900.         self.assertTrue(self.sk.verifying_key.verify(sig, msg))

  901. 

  902.     def test_deterministic_sign_that_rises_R_zero_error(self):

  903.         # the raised RSZeroError is caught and handled internally by

  904.         # sign_deterministic methods

  905.         msg = b"\x00\x4f"

  906.         sig = self.sk.sign_deterministic(msg)

  907.         self.assertEqual(sig, b"\x36\x9e")

  908.         self.assertTrue(self.sk.verifying_key.verify(sig, msg))

  909. 

  910.     def test_deterministic_sign_that_rises_S_zero_error(self):

  911.         msg = b"\x01\x6d"

  912.         sig = self.sk.sign_deterministic(msg)

  913.         self.assertEqual(sig, b"\x49\x6c")

  914.         self.assertTrue(self.sk.verifying_key.verify(sig, msg))

  915. 

  916. 

  917. # test VerifyingKey.verify()

  918. prv_key_str = (

  919.     "-----BEGIN EC PRIVATE KEY-----\n"

  920.     "MF8CAQEEGF7IQgvW75JSqULpiQQ8op9WH6Uldw6xxaAKBggqhkjOPQMBAaE0AzIA\n"

  921.     "BLiBd9CE7xf15FY5QIAoNg+fWbSk1yZOYtoGUdzkejWkxbRc9RWTQjqLVXucIJnz\n"

  922.     "bA==\n"

  923.     "-----END EC PRIVATE KEY-----\n"

  924. )

  925. key_bytes = unpem(prv_key_str)

  926. assert isinstance(key_bytes, bytes)

  927. sk = SigningKey.from_der(key_bytes)

  928. vk = sk.verifying_key

  929. 

  930. data = (

  931.     b"some string for signing"

  932.     b"contents don't really matter"

  933.     b"but do include also some crazy values: "

  934.     b"\x00\x01\t\r\n\x00\x00\x00\xff\xf0"

  935. )

  936. assert len(data) % 4 == 0

  937. sha1 = hashlib.sha1()

  938. sha1.update(data)

  939. data_hash = sha1.digest()

  940. assert isinstance(data_hash, bytes)

  941. sig_raw = sk.sign(data, sigencode=sigencode_string)

  942. assert isinstance(sig_raw, bytes)

  943. sig_der = sk.sign(data, sigencode=sigencode_der)

  944. assert isinstance(sig_der, bytes)

  945. sig_strings = sk.sign(data, sigencode=sigencode_strings)

  946. assert isinstance(sig_strings[0], bytes)

  947. 

  948. verifiers = []

  949. for modifier, fun in [

  950.     ("bytes", lambda x: x),

  951.     ("bytes memoryview", buffer),

  952.     ("bytearray", bytearray),

  953.     ("bytearray memoryview", lambda x: buffer(bytearray(x))),

  954.     ("array.array of bytes", lambda x: array.array("B", x)),

  955.     ("array.array of bytes memoryview", lambda x: buffer(array.array("B", x))),

  956.     ("array.array of ints", lambda x: array.array("I", x)),

  957.     ("array.array of ints memoryview", lambda x: buffer(array.array("I", x))),

  958. ]:

  959.     if "ints" in modifier:

  960.         conv = lambda x: x

  961.     else:

  962.         conv = fun

  963.     for sig_format, signature, decoder, mod_apply in [

  964.         ("raw", sig_raw, sigdecode_string, lambda x: conv(x)),

  965.         ("der", sig_der, sigdecode_der, lambda x: conv(x)),

  966.         (

  967.             "strings",

  968.             sig_strings,

  969.             sigdecode_strings,

  970.             lambda x: tuple(conv(i) for i in x),

  971.         ),

  972.     ]:

  973.         for method_name, vrf_mthd, vrf_data in [

  974.             ("verify", vk.verify, data),

  975.             ("verify_digest", vk.verify_digest, data_hash),

  976.         ]:

  977.             verifiers.append(

  978.                 pytest.param(

  979.                     signature,

  980.                     decoder,

  981.                     mod_apply,

  982.                     fun,

  983.                     vrf_mthd,

  984.                     vrf_data,

  985.                     id="{2}-{0}-{1}".format(modifier, sig_format, method_name),

  986.                 )

  987.             )

  988. 

  989. 

  990. @pytest.mark.parametrize(

  991.     "signature,decoder,mod_apply,fun,vrf_mthd,vrf_data", verifiers

  992. )

  993. def test_VerifyingKey_verify(

  994.     signature, decoder, mod_apply, fun, vrf_mthd, vrf_data

  995. ):

  996.     sig = mod_apply(signature)

  997. 

  998.     assert vrf_mthd(sig, fun(vrf_data), sigdecode=decoder)

  999. 

  1000. 

  1001. # test SigningKey.from_string()

  1002. prv_key_bytes = (

  1003.     b"^\xc8B\x0b\xd6\xef\x92R\xa9B\xe9\x89\x04<\xa2"

  1004.     b"\x9fV\x1f\xa5%w\x0e\xb1\xc5"

  1005. )

  1006. assert len(prv_key_bytes) == 24

  1007. converters = []

  1008. for modifier, convert in [

  1009.     ("bytes", lambda x: x),

  1010.     ("bytes memoryview", buffer),

  1011.     ("bytearray", bytearray),

  1012.     ("bytearray memoryview", lambda x: buffer(bytearray(x))),

  1013.     ("array.array of bytes", lambda x: array.array("B", x)),

  1014.     ("array.array of bytes memoryview", lambda x: buffer(array.array("B", x))),

  1015.     ("array.array of ints", lambda x: array.array("I", x)),

  1016.     ("array.array of ints memoryview", lambda x: buffer(array.array("I", x))),

  1017. ]:

  1018.     converters.append(pytest.param(convert, id=modifier))

  1019. 

  1020. 

  1021. @pytest.mark.parametrize("convert", converters)

  1022. def test_SigningKey_from_string(convert):

  1023.     key = convert(prv_key_bytes)

  1024.     sk = SigningKey.from_string(key)

  1025. 

  1026.     assert sk.to_string() == prv_key_bytes

  1027. 

  1028. 

  1029. # test SigningKey.from_der()

  1030. prv_key_str = (

  1031.     "-----BEGIN EC PRIVATE KEY-----\n"

  1032.     "MF8CAQEEGF7IQgvW75JSqULpiQQ8op9WH6Uldw6xxaAKBggqhkjOPQMBAaE0AzIA\n"

  1033.     "BLiBd9CE7xf15FY5QIAoNg+fWbSk1yZOYtoGUdzkejWkxbRc9RWTQjqLVXucIJnz\n"

  1034.     "bA==\n"

  1035.     "-----END EC PRIVATE KEY-----\n"

  1036. )

  1037. key_bytes = unpem(prv_key_str)

  1038. assert isinstance(key_bytes, bytes)

  1039. 

  1040. # last two converters are for array.array of ints, those require input

  1041. # that's multiple of 4, which no curve we support produces

  1042. @pytest.mark.parametrize("convert", converters[:-2])

  1043. def test_SigningKey_from_der(convert):

  1044.     key = convert(key_bytes)

  1045.     sk = SigningKey.from_der(key)

  1046. 

  1047.     assert sk.to_string() == prv_key_bytes

  1048. 

  1049. 

  1050. # test SigningKey.sign_deterministic()

  1051. extra_entropy = b"\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11"

  1052. 

  1053. 

  1054. @pytest.mark.parametrize("convert", converters)

  1055. def test_SigningKey_sign_deterministic(convert):

  1056.     sig = sk.sign_deterministic(

  1057.         convert(data), extra_entropy=convert(extra_entropy)

  1058.     )

  1059. 

  1060.     vk.verify(sig, data)

  1061. 

  1062. 

  1063. # test SigningKey.sign_digest_deterministic()

  1064. @pytest.mark.parametrize("convert", converters)

  1065. def test_SigningKey_sign_digest_deterministic(convert):

  1066.     sig = sk.sign_digest_deterministic(

  1067.         convert(data_hash), extra_entropy=convert(extra_entropy)

  1068.     )

  1069. 

  1070.     vk.verify(sig, data)

  1071. 

  1072. 

  1073. @pytest.mark.parametrize("convert", converters)

  1074. def test_SigningKey_sign(convert):

  1075.     sig = sk.sign(convert(data))

  1076. 

  1077.     vk.verify(sig, data)

  1078. 

  1079. 

  1080. @pytest.mark.parametrize("convert", converters)

  1081. def test_SigningKey_sign_digest(convert):

  1082.     sig = sk.sign_digest(convert(data_hash))

  1083. 

  1084.     vk.verify(sig, data)

  1085. 

  1086. 

  1087. def test_SigningKey_with_unlikely_value():

  1088.     sk = SigningKey.from_secret_exponent(NIST256p.order - 1, curve=NIST256p)

  1089.     vk = sk.verifying_key

  1090.     sig = sk.sign(b"hello")

  1091.     assert vk.verify(sig, b"hello")

  1092. 

  1093. 

  1094. def test_SigningKey_with_custom_curve_old_point():

  1095.     generator = generator_brainpoolp160r1

  1096.     generator = Point(

  1097.         generator.curve(),

  1098.         generator.x(),

  1099.         generator.y(),

  1100.         generator.order(),

  1101.     )

  1102. 

  1103.     curve = Curve(

  1104.         "BRAINPOOLP160r1",

  1105.         generator.curve(),

  1106.         generator,

  1107.         (1, 3, 36, 3, 3, 2, 8, 1, 1, 1),

  1108.     )

  1109. 

  1110.     sk = SigningKey.from_secret_exponent(12, curve)

  1111. 

  1112.     sk2 = SigningKey.from_secret_exponent(12, BRAINPOOLP160r1)

  1113. 

  1114.     assert sk.privkey == sk2.privkey

  1115. 

  1116. 

  1117. def test_VerifyingKey_inequality_with_different_curves():

  1118.     sk1 = SigningKey.from_secret_exponent(2, BRAINPOOLP160r1)

  1119.     sk2 = SigningKey.from_secret_exponent(2, NIST256p)

  1120. 

  1121.     assert not (sk1.verifying_key == sk2.verifying_key)

  1122. 

  1123. 

  1124. def test_VerifyingKey_inequality_with_different_secret_points():

  1125.     sk1 = SigningKey.from_secret_exponent(2, BRAINPOOLP160r1)

  1126.     sk2 = SigningKey.from_secret_exponent(3, BRAINPOOLP160r1)

  1127. 

  1128.     assert not (sk1.verifying_key == sk2.verifying_key)

  1129. 

  1130. 

  1131. def test_SigningKey_from_pem_pkcs8v2_EdDSA():

  1132.     pem = """-----BEGIN PRIVATE KEY-----

  1133.     MFMCAQEwBQYDK2VwBCIEICc2F2ag1n1QP0jY+g9qWx5sDkx0s/HdNi3cSRHw+zsI

  1134.     oSMDIQA+HQ2xCif8a/LMWR2m5HaCm5I2pKe/cc8OiRANMHxjKQ==

  1135.     -----END PRIVATE KEY-----"""

  1136. 

  1137.     sk = SigningKey.from_pem(pem)

  1138.     assert sk.curve == Ed25519