From c11e9c77f8b8e60112968c1ef20e066f1437329b Mon Sep 17 00:00:00 2001 From: jMyles Date: Fri, 9 Feb 2018 02:30:44 -0800 Subject: [PATCH 1/2] New ECDSA sign function. --- nkms/crypto/api.py | 53 ++++++++++++---------------------------------- 1 file changed, 13 insertions(+), 40 deletions(-) diff --git a/nkms/crypto/api.py b/nkms/crypto/api.py index 112c94e5c..379e046d1 100644 --- a/nkms/crypto/api.py +++ b/nkms/crypto/api.py @@ -1,10 +1,13 @@ -from typing import Tuple, Union, List +from random import SystemRandom +from typing import Tuple, Union import sha3 -from py_ecc.secp256k1 import N, privtopub, ecdsa_raw_recover, ecdsa_raw_sign -from random import SystemRandom +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.asymmetric import ec +from py_ecc.secp256k1 import ecdsa_raw_recover -from nkms.keystore.constants import SIG_KEYPAIR_BYTE, PUB_KEY_BYTE +import umbral +from nkms.crypto.signature import Signature SYSTEM_RAND = SystemRandom() @@ -91,34 +94,6 @@ def ecdsa_bytes2pub( return (x, y) -def ecdsa_gen_priv() -> bytes: - """ - Generates an ECDSA Private Key. - - :return: Byte encoded ECDSA privkey - """ - privkey = secure_random_range(1, N) - return privkey.to_bytes(32, byteorder='big') # TODO: Add metabytes. - - -def ecdsa_priv2pub( - privkey: bytes, - to_bytes: bool = True -) -> Union[bytes, Tuple[int]]: - """ - Returns the public component of an ECDSA private key. - - :param privkey: Private key as an int or bytestring - :param to_bytes: Serialize to bytes or not? - - :return: Byte encoded or Tuple[int] ECDSA pubkey - """ - pubkey = privtopub(privkey) - if to_bytes: - return SIG_KEYPAIR_BYTE + PUB_KEY_BYTE + ecdsa_pub2bytes(pubkey) - return pubkey - - def ecdsa_gen_sig( v: int, r: int, @@ -155,20 +130,18 @@ def ecdsa_load_sig( return (v, r, s) -def ecdsa_sign( - msghash: bytes, - privkey: bytes -) -> Tuple[int, int, int]: +def ecdsa_sign(message: bytes, privkey: umbral.keys.UmbralPrivateKey) -> bytes: """ Accepts a hashed message and signs it with the private key given. - :param msghash: Hashed message to sign + :param message: Message to hash and sign :param privkey: Private key to sign with - :return: Tuple(v, r, s) + :return: signature """ - v, r, s = ecdsa_raw_sign(msghash, privkey) - return (v, r, s) + cryptography_priv_key = privkey.bn_key.to_cryptography_priv_key() + signature_bytes = cryptography_priv_key.sign(message, ec.ECDSA(hashes.BLAKE2b(64))) + return Signature(signature_bytes) def ecdsa_verify( From fd8ba6670d313b5cc33ddd90074817dbfbcc3fb7 Mon Sep 17 00:00:00 2001 From: jMyles Date: Fri, 9 Feb 2018 02:33:38 -0800 Subject: [PATCH 2/2] SigningKeypair implements new ECDSA sign function. --- nkms/keystore/keypairs.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/nkms/keystore/keypairs.py b/nkms/keystore/keypairs.py index fc7f2772d..04ad5a5a9 100644 --- a/nkms/keystore/keypairs.py +++ b/nkms/keystore/keypairs.py @@ -4,8 +4,7 @@ from nacl.secret import SecretBox from nkms.crypto import api as API from nkms.keystore import constants -from npre import umbral -from npre import elliptic_curve as ec +import umbral class Keypair(object): @@ -164,14 +163,15 @@ class SigningKeypair(Keypair): :param create_pubkey: Create the pubkey or not? """ - self.privkey = API.ecdsa_gen_priv() + self.privkey = umbral.keys.UmbralPrivateKey.gen_key() + if create_pubkey: - self._gen_pubkey() + self.pubkey = self.privkey.get_pub_key() def _gen_pubkey(self): self.pubkey = PublicKey(API.ecdsa_priv2pub(self.privkey)) - def sign(self, msghash: bytes) -> bytes: + def sign(self, message: bytes) -> bytes: """ Signs a hashed message and returns a signature. @@ -179,8 +179,8 @@ class SigningKeypair(Keypair): :return: Signature in bytes """ - v, r, s = API.ecdsa_sign(msghash, self.privkey) - return API.ecdsa_gen_sig(v, r, s) + signature = API.ecdsa_sign(message, self.privkey) + return signature def verify(self, msghash: bytes, signature: bytes) -> bool: """