diff --git a/src/pyelliptic/ecc.py b/src/pyelliptic/ecc.py index fb1dd004..d25b0129 100644 --- a/src/pyelliptic/ecc.py +++ b/src/pyelliptic/ecc.py @@ -18,28 +18,31 @@ class ECC(object): Asymmetric encryption with Elliptic Curve Cryptography (ECC) ECDH, ECDSA and ECIES + >>> from binascii import hexlify >>> import pyelliptic >>> alice = pyelliptic.ECC() # default curve: sect283r1 >>> bob = pyelliptic.ECC(curve='sect571r1') >>> ciphertext = alice.encrypt("Hello Bob", bob.get_pubkey()) - >>> print bob.decrypt(ciphertext) + >>> print(bob.decrypt(ciphertext)) >>> signature = bob.sign("Hello Alice") >>> # alice's job : - >>> print pyelliptic.ECC( - >>> pubkey=bob.get_pubkey()).verify(signature, "Hello Alice") + >>> print(pyelliptic.ECC( + >>> pubkey=bob.get_pubkey()).verify(signature, "Hello Alice")) >>> # ERROR !!! >>> try: >>> key = alice.get_ecdh_key(bob.get_pubkey()) >>> except: - >>> print("For ECDH key agreement, the keys must be defined on the same curve !") + >>> print( + "For ECDH key agreement, the keys must be defined" + " on the same curve!") >>> alice = pyelliptic.ECC(curve='sect571r1') - >>> print alice.get_ecdh_key(bob.get_pubkey()).encode('hex') - >>> print bob.get_ecdh_key(alice.get_pubkey()).encode('hex') + >>> print(hexlify(alice.get_ecdh_key(bob.get_pubkey()))) + >>> print(hexlify(bob.get_ecdh_key(alice.get_pubkey()))) """ @@ -53,7 +56,7 @@ class ECC(object): curve='sect283r1', ): # pylint: disable=too-many-arguments """ - For a normal and High level use, specifie pubkey, + For a normal and high level use, specifie pubkey, privkey (if you need) and the curve """ if isinstance(curve, str): @@ -87,12 +90,12 @@ class ECC(object): @staticmethod def get_curves(): """ - static method, returns the list of all the curves available + Static method, returns the list of all the curves available """ return OpenSSL.curves.keys() def get_curve(self): - """Encryption object from curve name""" + """The name of currently used curve""" return OpenSSL.get_curve_by_id(self.curve) def get_curve_id(self): @@ -157,9 +160,9 @@ class ECC(object): key = OpenSSL.EC_KEY_new_by_curve_name(self.curve) if key == 0: raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...") - if (OpenSSL.EC_KEY_generate_key(key)) == 0: + if OpenSSL.EC_KEY_generate_key(key) == 0: raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ...") - if (OpenSSL.EC_KEY_check_key(key)) == 0: + if OpenSSL.EC_KEY_check_key(key) == 0: raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") priv_key = OpenSSL.EC_KEY_get0_private_key(key) @@ -192,7 +195,7 @@ class ECC(object): def get_ecdh_key(self, pubkey): """ High level function. Compute public key with the local private key - and returns a 512bits shared key + and returns a 512bits shared key. """ curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey) if curve != self.curve: @@ -214,16 +217,16 @@ class ECC(object): other_group = OpenSSL.EC_KEY_get0_group(other_key) other_pub_key = OpenSSL.EC_POINT_new(other_group) - if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(other_group, - other_pub_key, - other_pub_key_x, - other_pub_key_y, - 0)) == 0: + if OpenSSL.EC_POINT_set_affine_coordinates_GFp(other_group, + other_pub_key, + other_pub_key_x, + other_pub_key_y, + 0) == 0: raise Exception( "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...") - if (OpenSSL.EC_KEY_set_public_key(other_key, other_pub_key)) == 0: + if OpenSSL.EC_KEY_set_public_key(other_key, other_pub_key) == 0: raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") - if (OpenSSL.EC_KEY_check_key(other_key)) == 0: + if OpenSSL.EC_KEY_check_key(other_key) == 0: raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") own_key = OpenSSL.EC_KEY_new_by_curve_name(self.curve) @@ -232,7 +235,7 @@ class ECC(object): own_priv_key = OpenSSL.BN_bin2bn( self.privkey, len(self.privkey), None) - if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0: + if OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key) == 0: raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...") if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: @@ -258,7 +261,7 @@ class ECC(object): def check_key(self, privkey, pubkey): """ Check the public key and the private key. - The private key is optional (replace by None) + The private key is optional (replace by None). """ curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey) if privkey is None: @@ -286,22 +289,22 @@ class ECC(object): pub_key_y = OpenSSL.BN_bin2bn(pubkey_y, len(pubkey_y), None) if privkey is not None: - if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0: + if OpenSSL.EC_KEY_set_private_key(key, priv_key) == 0: raise Exception( "[OpenSSL] EC_KEY_set_private_key FAIL ...") group = OpenSSL.EC_KEY_get0_group(key) pub_key = OpenSSL.EC_POINT_new(group) - if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key, - pub_key_x, - pub_key_y, - 0)) == 0: + if OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key, + pub_key_x, + pub_key_y, + 0) == 0: raise Exception( "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...") - if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0: + if OpenSSL.EC_KEY_set_public_key(key, pub_key) == 0: raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") - if (OpenSSL.EC_KEY_check_key(key)) == 0: + if OpenSSL.EC_KEY_check_key(key) == 0: raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") return 0 @@ -339,21 +342,21 @@ class ECC(object): pub_key_y = OpenSSL.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), None) - if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0: + if OpenSSL.EC_KEY_set_private_key(key, priv_key) == 0: raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...") group = OpenSSL.EC_KEY_get0_group(key) pub_key = OpenSSL.EC_POINT_new(group) - if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key, - pub_key_x, - pub_key_y, - 0)) == 0: + if OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key, + pub_key_x, + pub_key_y, + 0) == 0: raise Exception( "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...") - if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0: + if OpenSSL.EC_KEY_set_public_key(key, pub_key) == 0: raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") - if (OpenSSL.EC_KEY_check_key(key)) == 0: + if OpenSSL.EC_KEY_check_key(key) == 0: raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: @@ -362,12 +365,13 @@ class ECC(object): OpenSSL.EVP_MD_CTX_init(md_ctx) OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None) - if (OpenSSL.EVP_DigestUpdate(md_ctx, buff, size)) == 0: + if OpenSSL.EVP_DigestUpdate(md_ctx, buff, size) == 0: raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...") OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len) OpenSSL.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key) - if (OpenSSL.ECDSA_verify(0, digest, dgst_len.contents, sig, - siglen.contents, key)) != 1: + if OpenSSL.ECDSA_verify( + 0, digest, dgst_len.contents, sig, siglen.contents, key + ) != 1: raise Exception("[OpenSSL] ECDSA_verify FAIL ...") return sig.raw[:siglen.contents.value] @@ -386,7 +390,7 @@ class ECC(object): def verify(self, sig, inputb, digest_alg=OpenSSL.digest_ecdsa_sha1): """ Verify the signature with the input and the local public key. - Returns a boolean + Returns a boolean. """ try: bsig = OpenSSL.malloc(sig, len(sig)) @@ -409,22 +413,22 @@ class ECC(object): group = OpenSSL.EC_KEY_get0_group(key) pub_key = OpenSSL.EC_POINT_new(group) - if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key, - pub_key_x, - pub_key_y, - 0)) == 0: + if OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key, + pub_key_x, + pub_key_y, + 0) == 0: raise Exception( "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...") - if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0: + if OpenSSL.EC_KEY_set_public_key(key, pub_key) == 0: raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") - if (OpenSSL.EC_KEY_check_key(key)) == 0: + if OpenSSL.EC_KEY_check_key(key) == 0: raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: OpenSSL.EVP_MD_CTX_new(md_ctx) else: OpenSSL.EVP_MD_CTX_init(md_ctx) OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None) - if (OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb))) == 0: + if OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb)) == 0: raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...") OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len) @@ -468,7 +472,7 @@ class ECC(object): ephemcurve=None, ciphername='aes-256-cbc', ): # pylint: disable=too-many-arguments - """ECHD encryption, keys supplied in binary data format""" + """ECDH encryption, keys supplied in binary data format""" if ephemcurve is None: ephemcurve = curve @@ -476,7 +480,7 @@ class ECC(object): key = sha512(ephem.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest() key_e, key_m = key[:32], key[32:] pubkey = ephem.get_pubkey() - _iv = OpenSSL.rand(OpenSSL.get_cipher(ciphername).get_blocksize()) + _iv = Cipher.gen_IV(ciphername) ctx = Cipher(key_e, _iv, 1, ciphername) ciphertext = _iv + pubkey + ctx.ciphering(data) mac = hmac_sha256(key_m, ciphertext)