aljaz/python-teos
1
0
Fork 0
mirror of https://github.com/aljazceru/python-teos.git synced 2026-02-23 15:34:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Switched to cryptography instead of ecdsa for signatures

Browse Source
This commit is contained in:
Salvatore Ingala
2019-10-17 17:01:51 +08:00
parent edd04c23ea
commit db522500c3
5 changed files with 48 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
apps/generate_key.py
View File

@@ -1,21 +1,47 @@
import ecdsa
import os.path import os.path
from sys import exit from sys import exit
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import ec
# Simple tool to generate an ECDSA private key using the secp256k1 curve and save private and public keys # Simple tool to generate an ECDSA private key using the secp256k1 curve and save private and public keys
# as signing_key_priv.pem and signing_key_pub.pem # as signing_key_priv.pem and signing_key_pub.pem
FILE_NAME_PRIV = 'signing_key_priv.pem' FILE_NAME_PRIV = 'signing_key_priv.pem'
FILE_NAME_PUB = 'signing_key_pub.pem' FILE_NAME_PUB = 'signing_key_pub.pem'
def save_sk(sk, filename):
pem = sk.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption()
)
with open(filename, 'wb') as pem_out:
pem_out.write(pem)
def save_pk(pk, filename):
pem = pk.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
with open(filename, 'wb') as pem_out:
pem_out.write(pem)
if __name__ == '__main__': if __name__ == '__main__':
if os.path.exists(FILE_NAME_PRIV): if os.path.exists(FILE_NAME_PRIV):
print("A key with name \"{}\" already exists. Aborting.".format(FILE_NAME_PRIV)) print("A key with name \"{}\" already exists. Aborting.".format(FILE_NAME_PRIV))
exit(1) exit(1)
sk = ecdsa.SigningKey.generate(curve=ecdsa.SECP256k1) sk = ec.generate_private_key(
pk = sk.get_verifying_key() ec.SECP256K1, default_backend()
)
pk = sk.public_key()
open(FILE_NAME_PRIV, 'wb').write(sk.to_pem()) save_sk(sk, FILE_NAME_PRIV)
open(FILE_NAME_PUB, 'wb').write(pk.to_pem()) save_pk(pk, FILE_NAME_PUB)
print("Saved private key \"{}\" and public key \"{}\".".format(FILE_NAME_PRIV, FILE_NAME_PUB)) print("Saved private key \"{}\" and public key \"{}\".".format(FILE_NAME_PRIV, FILE_NAME_PUB))

3
pisa/pisad.py
View File

@@ -36,7 +36,8 @@ if __name__ == '__main__':
start_api() start_api()
else: else:
logger.error("bitcoind is running on a different network, check conf.py and bitcoin.conf. Shutting down") logger.error("bitcoind is running on a different network, check conf.py and bitcoin.conf."
"Shutting down")
else: else:
logger.error("Can't connect to bitcoind. Shutting down") logger.error("Can't connect to bitcoind. Shutting down")

1
pisa/requirements.txt
View File

@@ -1,5 +1,4 @@
zmq zmq
flask flask
cryptography cryptography
ecdsa
requests requests

17
pisa/watcher.py
View File

@@ -1,7 +1,11 @@
from uuid import uuid4 from uuid import uuid4
from queue import Queue from queue import Queue
from threading import Thread from threading import Thread
from ecdsa import SigningKey
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.hazmat.primitives.asymmetric import ec
from pisa.logger import Logger from pisa.logger import Logger
from pisa.cleaner import Cleaner from pisa.cleaner import Cleaner
@@ -26,7 +30,9 @@ class Watcher:
if SIGNING_KEY_FILE is None: if SIGNING_KEY_FILE is None:
raise ValueError("No signing key provided. Please fix your pisa.conf") raise ValueError("No signing key provided. Please fix your pisa.conf")
else: else:
self.signing_key = SigningKey.from_pem(open(SIGNING_KEY_FILE).read()) with open(SIGNING_KEY_FILE, "r") as key_file:
pubkey_pem = key_file.read().encode("utf-8")
self.signing_key = load_pem_private_key(pubkey_pem, password=None, backend=default_backend())
def add_appointment(self, appointment): def add_appointment(self, appointment):
# Rationale: # Rationale:
@@ -67,9 +73,10 @@ class Watcher:
logger.info("New appointment accepted.", locator=appointment.locator) logger.info("New appointment accepted.", locator=appointment.locator)
if self.signing_key is not None: signature = self.signing_key.sign(
signature = self.signing_key.sign(appointment.to_json().encode('utf8')) appointment.to_json().encode("utf-8"),
ec.ECDSA(hashes.SHA256())
)
else: else:
appointment_added = False appointment_added = False

6
test/unit/test_watcher.py
View File

@@ -75,7 +75,7 @@ def test_add_appointment(run_bitcoind, watcher):
# We should be able to add appointments up to the limit # We should be able to add appointments up to the limit
for _ in range(10): for _ in range(10):
added_appointment = watcher.add_appointment(create_appointment()) added_appointment, sig = watcher.add_appointment(create_appointment())
assert added_appointment is True assert added_appointment is True
@@ -85,11 +85,11 @@ def test_add_too_many_appointments(watcher):
watcher.appointments = dict() watcher.appointments = dict()
for _ in range(MAX_APPOINTMENTS): for _ in range(MAX_APPOINTMENTS):
added_appointment = watcher.add_appointment(create_appointment()) added_appointment, sig = watcher.add_appointment(create_appointment())
assert added_appointment is True assert added_appointment is True
added_appointment = watcher.add_appointment(create_appointment()) added_appointment, sig = watcher.add_appointment(create_appointment())
assert added_appointment is False assert added_appointment is False