starkbank / ecdsa-python Goto Github PK

In ecdsa.py methods verify and sign
can you add argument : prehashed
prehashed (bool): The message being passed has already been hashed by hashfunc

It seems the random number generator used by default when generating a private key is not secure:
When you call:
>privateKey = PrivateKey()
It does
randint(1, curve.N - 1)
While "randint" is imported from "random" module.
Instead random should use " random.SystemRandom"

Issue:
Having the conversion to "byte string", the hashing plus conversion to integer inside the Ecdsa.verify() function is highly unflexible and can be performing badly.
There are multiple reasons why you want to do this outside Ecdsa.verify().

One example is huge data that you want to hash in parts and not to keep completely in memory.
With the current implementation of Ecdsa.verify() this is not possible.
Another example would be verifying the ECDSA signature multiple times with different public keys, then all the conversions are done multiple times which is wasting performance.

Suggestion:
Create a new function called Ecdsa.verifyNumber() that directly takes an integer value "numberMessage" as a parameter def verifyNumber(cls, numberMessage, signature, publicKey), which skips all these conversions (typically for "prehashed" values).
Additionally enhance the existing Ecdsa.verify() function to handle different variable types of the message parameter.

Ecdsa.sign() could profit from the same changes.

Code (not tested, but shall be compatible with Python 3 and 2.7)

## Python 2 future-compatible workarounds: (see: http://python-future.org/compatible_idioms.html)
## interpret long as int, support int.from_bytes()
from builtins import int
## support bytes()
from builtins import bytes

...
    @classmethod
    def verifyNumber(cls, numberMessage, signature, publicKey):
        curve = publicKey.curve
        sigR = signature.r
        sigS = signature.s
        inv = Math.inv(sigS, curve.N)
        u1 = Math.multiply(curve.G, n=(numberMessage * inv) % curve.N, A=curve.A, P=curve.P, N=curve.N)
        u2 = Math.multiply(publicKey.point, n=(sigR * inv) % curve.N, A=curve.A, P=curve.P, N=curve.N)
        add = Math.add(u1, u2, P=curve.P, A=curve.A)
        return sigR == add.x

    @classmethod
    def verify(cls, message, signature, publicKey, hashfunc=sha256):
        if isinstance(message, int):
            numberMessage = message
        elif isinstance(message, bytes) \
        or isinstance(message, bytearray):
            if not hashfunc is None:
                hashMessage = hashfunc(message).digest()
            else:
                hashMessage = message
            # TODO: numberMessage = int.from_bytes(hashMessage, byteorder="big")
            numberMessage = BinaryAscii.numberFromString(hashMessage)
        else:
            hashMessage = hashfunc(toBytes(message)).digest()
            # TODO: numberMessage = int.from_bytes(hashMessage, byteorder="big")
            numberMessage = BinaryAscii.numberFromString(hashMessage)
        #
        return verifyNumber(numberMessage, signature, publicKey)

The ecdsa-python library is curently used in the aioflureedb, where a user of aioflureedb who has a private key, will also need to explicitly use the address of the key in order to do any signed operations.

So, just an idea, that maybe if it is possible, it would be amazing if PublicKey in ecdsa-python could get a toAddress(...) method, so code could simply do:

from ellipticcurve import privateKey, BlockChain

private_key = privateKey.PrivateKey.fromString(privkey)
address = private_key.publicKey().toAddress(Blockchain.FLUREEDB)

or if more in line with the library design:

from base58 import b58encode
from ellipticcurve import privateKey, BlockChain

private_key = privateKey.PrivateKey.fromString(privkey)
address = b58encode(private_key.publicKey().toAddress(BlockChain.FLUREEDB))

Public keys are often encoded using compressed public key format (see image). In compressed public keys, instead 0f [0x04 X Y], the public key is encoded as [0x02 X] for even values of Y and as [0x03 X] for odd values of Y.

The toString functionality is trivial enough to implement in the client through the available API, but the fromString functionality it seems really needs something to be implemented in the library.

Hi,

Thanks for this wonderful lib.

I am trying to use this to sign and verify in Java, using your "Ecdsa-java" but have trouble sending the signature from Python to Java. If you could kindly provide an example to illustrate signing in Python and verifying in Java that would be really great.

Many thanks,
Vaidya.

Hello,

are you aware of any encoding issues using the publicKey's toString function?

I just took your sample from the page and printed the publicKey using it's toString function and I am not getting anything that I would know how to use further. Can you please help?

þ{Ç»ô�Aª,õ5%���¸¢5å�ùI¦Ï­¼-môÿãO+�Us«ËÀ�ÆÁFj^E����¨�ó*ñ�Ýc.ù[Ú¿"

from json import dumps
from ellipticcurve.ecdsa import Ecdsa
from ellipticcurve.privateKey import PrivateKey

privateKey = PrivateKey.fromPem("""
    -----BEGIN EC PARAMETERS-----
    BgUrgQQACg==
    -----END EC PARAMETERS-----
    -----BEGIN EC PRIVATE KEY-----
    MHQCAQEEIODvZuS34wFbt0X53+P5EnSj6tMjfVK01dD1dgDH02RzoAcGBSuBBAAK
    oUQDQgAE/nvHu/SQQaos9TUljQsUuKI15Zr5SabPrbwtbfT/408rkVVzq8vAisbB
    RmpeRREXj5aog/Mq8RrdYy75W9q/Ig==
    -----END EC PRIVATE KEY-----
""")
message = dumps({
    "transfers": [
        {
            "amount": 100000000,
            "taxId": "594.739.480-42",
            "name": "Daenerys Targaryen Stormborn",
            "bankCode": "341",
            "branchCode": "2201",
            "accountNumber": "76543-8",
            "tags": ["daenerys", "targaryen", "transfer-1-external-id"]
        }
    ]
})
signature = Ecdsa.sign(message, privateKey)
print(signature.toBase64())
publicKey = privateKey.publicKey()

print(publicKey.toString())

print(Ecdsa.verify(message, signature, publicKey))

MEUCIQDhaCXUL/PScSj8dgASpKhmJybSDBTaP2GN8wgKAoYgggIgVXSxRXQqDigq6DbjoHrZx/tZ4glwdMNRyDqt1na2030=
þ{Ç»ô�Aª,õ5%���¸¢5å�ùI¦Ï­¼-môÿãO+�Us«ËÀ�ÆÁFj^E����¨�ó*ñ�Ýc.ù[Ú¿"
True

I am quite confused with the string encoding.

Hello,

I'm running into issues when trying to verify a signature when using python3. I'm running the following test:

from ellipticcurve.ecdsa import Ecdsa
from ellipticcurve.signature import Signature
from ellipticcurve.publicKey import PublicKey

public_key = 'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEDr2LjtURuePQzplybdC+u4CwrqDqBaWjcMMsTbhdbcwHBcepxo7yAQGhHPTnlvFYPAZFceEu/1FwCM/QmGUhA=='
signature= 'MEUCIQCtIHJeH93Y+qpYeWrySphQgpNGNr/U+UyUlBkU6n7RAwIgJTz2C+8a8xonZGi6BpSzoQsbVRamr2nlxFDWYNH2j/0='
message = '1588788367{"event":"test_event","category":"example_payload","message_id":"message_id"}'

key = PublicKey.fromPem(publicKey)
decoded_signature = Signature.fromBase64(signature)
Ecdsa.verify(payload, decoded_signature, key) # returns True in python2 and False in python3

I would expect the call to Ecdsa.verify to return True, which is does in python2, but it returns False in python3. This same key, signature, and payload has been tested and verified successfully using the starkbank nodejs and php ecdsa packages.

I noticed when defining custom elliptic curve in some cases the verify() doesn't always return TRUE even for valid signatures.

To fix that I had to change these lines in verify() method like this:

add = Math.add(u1, u2, P=curve.P, A=curve.A)
return sigR == add.x

to:

add = Math.add(u1, u2, P=curve.P, A=curve.A)
modX = add.x % curve.N
return sigR == modX

After this fix the verify() results were stable on every valid signature.

While the recovery info can be encoded in the signatures and parsing of signatures with recovery info is supported, it currently isn't actually possible to verify a signature with recovery info without still suplying a public key first.

Either the verify function should work without an explicit public key, or the signature should allow the public key to be extracted from it so that public key could be handed to the ecdsa verify.

(This issue is related to #37 in that the functionality I need to implement in this project has recovery info in signatures AND a public key that is compressed. If either of these issues were solved validation would be possible.)

Hello,

Can I use ecdsa point addition or multiplication using this library?
Thanks!

I having an issue with "encoding" - Im using your sign function

[ERROR] AttributeError: 'bytes' object has no attribute 'encode'
File "/var/task/ecdsaSignFile.py", line 21, in signFile
signature = Ecdsa.sign(fileData, privateKey)
File "/opt/python/lib/python3.8/site-packages/ellipticcurve/ecdsa.py", line 13, in sign
byteMessage = hashfunc(toBytes(message)).digest()
File "/opt/python/lib/python3.8/site-packages/ellipticcurve/utils/compatibility.py", line 15, in toBytes
return string.encode(encoding)

This is using your File.read from utilities
I have also tried standard python file open
#fileData = open(fileToSign, 'rb')
fileData = File.read(fileToSign, "rb")
This is running on Amazon Linux which I believe uses UTF8
The file is an AES128 encrypted file

Any suggestions please

hello, tell me how to check that the public keys lie on the curve.?
and how to check that after the operation of multiplication I left the border of the curve?

when installing this package through CI I see the following warning:

DEPRECATION: starkbank-ecdsa is being installed using the legacy 'setup.py install' method, because it does not have a 'pyproject.toml' and the 'wheel' package is not installed. pip 23.1 will enforce this behaviour change. A possible replacement is to enable the '--use-pep517' option. Discussion can be found at pypa/pip#8559