Linting for pyelliptic.ecc: edit doc example for python3 and PEP8,

remove redundant parentheses, reuse Cipher.gen_IV(),
fix misspelled ECDH and a wrong docstring for .get_curve().
This commit is contained in:
Lee Miller 2022-06-30 17:42:40 +03:00
parent ce199a24dc
commit 99fda8c84f
Signed by untrusted user: lee.miller
GPG Key ID: 4F97A5EA88F4AB63

View File

@ -18,28 +18,31 @@ class ECC(object):
Asymmetric encryption with Elliptic Curve Cryptography (ECC) Asymmetric encryption with Elliptic Curve Cryptography (ECC)
ECDH, ECDSA and ECIES ECDH, ECDSA and ECIES
>>> from binascii import hexlify
>>> import pyelliptic >>> import pyelliptic
>>> alice = pyelliptic.ECC() # default curve: sect283r1 >>> alice = pyelliptic.ECC() # default curve: sect283r1
>>> bob = pyelliptic.ECC(curve='sect571r1') >>> bob = pyelliptic.ECC(curve='sect571r1')
>>> ciphertext = alice.encrypt("Hello Bob", bob.get_pubkey()) >>> ciphertext = alice.encrypt("Hello Bob", bob.get_pubkey())
>>> print bob.decrypt(ciphertext) >>> print(bob.decrypt(ciphertext))
>>> signature = bob.sign("Hello Alice") >>> signature = bob.sign("Hello Alice")
>>> # alice's job : >>> # alice's job :
>>> print pyelliptic.ECC( >>> print(pyelliptic.ECC(
>>> pubkey=bob.get_pubkey()).verify(signature, "Hello Alice") >>> pubkey=bob.get_pubkey()).verify(signature, "Hello Alice"))
>>> # ERROR !!! >>> # ERROR !!!
>>> try: >>> try:
>>> key = alice.get_ecdh_key(bob.get_pubkey()) >>> key = alice.get_ecdh_key(bob.get_pubkey())
>>> except: >>> except:
>>> print("For ECDH key agreement, the keys must be defined on the same curve !") >>> print(
"For ECDH key agreement, the keys must be defined"
" on the same curve!")
>>> alice = pyelliptic.ECC(curve='sect571r1') >>> alice = pyelliptic.ECC(curve='sect571r1')
>>> print alice.get_ecdh_key(bob.get_pubkey()).encode('hex') >>> print(hexlify(alice.get_ecdh_key(bob.get_pubkey())))
>>> print bob.get_ecdh_key(alice.get_pubkey()).encode('hex') >>> print(hexlify(bob.get_ecdh_key(alice.get_pubkey())))
""" """
@ -53,7 +56,7 @@ class ECC(object):
curve='sect283r1', curve='sect283r1',
): # pylint: disable=too-many-arguments ): # pylint: disable=too-many-arguments
""" """
For a normal and High level use, specifie pubkey, For a normal and high level use, specifie pubkey,
privkey (if you need) and the curve privkey (if you need) and the curve
""" """
if isinstance(curve, str): if isinstance(curve, str):
@ -87,12 +90,12 @@ class ECC(object):
@staticmethod @staticmethod
def get_curves(): def get_curves():
""" """
static method, returns the list of all the curves available Static method, returns the list of all the curves available
""" """
return OpenSSL.curves.keys() return OpenSSL.curves.keys()
def get_curve(self): def get_curve(self):
"""Encryption object from curve name""" """The name of currently used curve"""
return OpenSSL.get_curve_by_id(self.curve) return OpenSSL.get_curve_by_id(self.curve)
def get_curve_id(self): def get_curve_id(self):
@ -157,9 +160,9 @@ class ECC(object):
key = OpenSSL.EC_KEY_new_by_curve_name(self.curve) key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
if key == 0: if key == 0:
raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...") raise Exception("[OpenSSL] EC_KEY_new_by_curve_name FAIL ...")
if (OpenSSL.EC_KEY_generate_key(key)) == 0: if OpenSSL.EC_KEY_generate_key(key) == 0:
raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_generate_key FAIL ...")
if (OpenSSL.EC_KEY_check_key(key)) == 0: if OpenSSL.EC_KEY_check_key(key) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
priv_key = OpenSSL.EC_KEY_get0_private_key(key) priv_key = OpenSSL.EC_KEY_get0_private_key(key)
@ -192,7 +195,7 @@ class ECC(object):
def get_ecdh_key(self, pubkey): def get_ecdh_key(self, pubkey):
""" """
High level function. Compute public key with the local private key High level function. Compute public key with the local private key
and returns a 512bits shared key and returns a 512bits shared key.
""" """
curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey) curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
if curve != self.curve: if curve != self.curve:
@ -214,16 +217,16 @@ class ECC(object):
other_group = OpenSSL.EC_KEY_get0_group(other_key) other_group = OpenSSL.EC_KEY_get0_group(other_key)
other_pub_key = OpenSSL.EC_POINT_new(other_group) other_pub_key = OpenSSL.EC_POINT_new(other_group)
if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(other_group, if OpenSSL.EC_POINT_set_affine_coordinates_GFp(other_group,
other_pub_key, other_pub_key,
other_pub_key_x, other_pub_key_x,
other_pub_key_y, other_pub_key_y,
0)) == 0: 0) == 0:
raise Exception( raise Exception(
"[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...") "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
if (OpenSSL.EC_KEY_set_public_key(other_key, other_pub_key)) == 0: if OpenSSL.EC_KEY_set_public_key(other_key, other_pub_key) == 0:
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
if (OpenSSL.EC_KEY_check_key(other_key)) == 0: if OpenSSL.EC_KEY_check_key(other_key) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
own_key = OpenSSL.EC_KEY_new_by_curve_name(self.curve) own_key = OpenSSL.EC_KEY_new_by_curve_name(self.curve)
@ -232,7 +235,7 @@ class ECC(object):
own_priv_key = OpenSSL.BN_bin2bn( own_priv_key = OpenSSL.BN_bin2bn(
self.privkey, len(self.privkey), None) self.privkey, len(self.privkey), None)
if (OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key)) == 0: if OpenSSL.EC_KEY_set_private_key(own_key, own_priv_key) == 0:
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
@ -258,7 +261,7 @@ class ECC(object):
def check_key(self, privkey, pubkey): def check_key(self, privkey, pubkey):
""" """
Check the public key and the private key. Check the public key and the private key.
The private key is optional (replace by None) The private key is optional (replace by None).
""" """
curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey) curve, pubkey_x, pubkey_y, _ = ECC._decode_pubkey(pubkey)
if privkey is None: if privkey is None:
@ -286,22 +289,22 @@ class ECC(object):
pub_key_y = OpenSSL.BN_bin2bn(pubkey_y, len(pubkey_y), None) pub_key_y = OpenSSL.BN_bin2bn(pubkey_y, len(pubkey_y), None)
if privkey is not None: if privkey is not None:
if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0: if OpenSSL.EC_KEY_set_private_key(key, priv_key) == 0:
raise Exception( raise Exception(
"[OpenSSL] EC_KEY_set_private_key FAIL ...") "[OpenSSL] EC_KEY_set_private_key FAIL ...")
group = OpenSSL.EC_KEY_get0_group(key) group = OpenSSL.EC_KEY_get0_group(key)
pub_key = OpenSSL.EC_POINT_new(group) pub_key = OpenSSL.EC_POINT_new(group)
if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key, if OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
pub_key_x, pub_key_x,
pub_key_y, pub_key_y,
0)) == 0: 0) == 0:
raise Exception( raise Exception(
"[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...") "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0: if OpenSSL.EC_KEY_set_public_key(key, pub_key) == 0:
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
if (OpenSSL.EC_KEY_check_key(key)) == 0: if OpenSSL.EC_KEY_check_key(key) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
return 0 return 0
@ -339,21 +342,21 @@ class ECC(object):
pub_key_y = OpenSSL.BN_bin2bn(self.pubkey_y, len(self.pubkey_y), pub_key_y = OpenSSL.BN_bin2bn(self.pubkey_y, len(self.pubkey_y),
None) None)
if (OpenSSL.EC_KEY_set_private_key(key, priv_key)) == 0: if OpenSSL.EC_KEY_set_private_key(key, priv_key) == 0:
raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_set_private_key FAIL ...")
group = OpenSSL.EC_KEY_get0_group(key) group = OpenSSL.EC_KEY_get0_group(key)
pub_key = OpenSSL.EC_POINT_new(group) pub_key = OpenSSL.EC_POINT_new(group)
if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key, if OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
pub_key_x, pub_key_x,
pub_key_y, pub_key_y,
0)) == 0: 0) == 0:
raise Exception( raise Exception(
"[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...") "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0: if OpenSSL.EC_KEY_set_public_key(key, pub_key) == 0:
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
if (OpenSSL.EC_KEY_check_key(key)) == 0: if OpenSSL.EC_KEY_check_key(key) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
@ -362,12 +365,13 @@ class ECC(object):
OpenSSL.EVP_MD_CTX_init(md_ctx) OpenSSL.EVP_MD_CTX_init(md_ctx)
OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None) OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
if (OpenSSL.EVP_DigestUpdate(md_ctx, buff, size)) == 0: if OpenSSL.EVP_DigestUpdate(md_ctx, buff, size) == 0:
raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...") raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len) OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
OpenSSL.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key) OpenSSL.ECDSA_sign(0, digest, dgst_len.contents, sig, siglen, key)
if (OpenSSL.ECDSA_verify(0, digest, dgst_len.contents, sig, if OpenSSL.ECDSA_verify(
siglen.contents, key)) != 1: 0, digest, dgst_len.contents, sig, siglen.contents, key
) != 1:
raise Exception("[OpenSSL] ECDSA_verify FAIL ...") raise Exception("[OpenSSL] ECDSA_verify FAIL ...")
return sig.raw[:siglen.contents.value] return sig.raw[:siglen.contents.value]
@ -386,7 +390,7 @@ class ECC(object):
def verify(self, sig, inputb, digest_alg=OpenSSL.digest_ecdsa_sha1): def verify(self, sig, inputb, digest_alg=OpenSSL.digest_ecdsa_sha1):
""" """
Verify the signature with the input and the local public key. Verify the signature with the input and the local public key.
Returns a boolean Returns a boolean.
""" """
try: try:
bsig = OpenSSL.malloc(sig, len(sig)) bsig = OpenSSL.malloc(sig, len(sig))
@ -409,22 +413,22 @@ class ECC(object):
group = OpenSSL.EC_KEY_get0_group(key) group = OpenSSL.EC_KEY_get0_group(key)
pub_key = OpenSSL.EC_POINT_new(group) pub_key = OpenSSL.EC_POINT_new(group)
if (OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key, if OpenSSL.EC_POINT_set_affine_coordinates_GFp(group, pub_key,
pub_key_x, pub_key_x,
pub_key_y, pub_key_y,
0)) == 0: 0) == 0:
raise Exception( raise Exception(
"[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...") "[OpenSSL] EC_POINT_set_affine_coordinates_GFp FAIL ...")
if (OpenSSL.EC_KEY_set_public_key(key, pub_key)) == 0: if OpenSSL.EC_KEY_set_public_key(key, pub_key) == 0:
raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_set_public_key FAIL ...")
if (OpenSSL.EC_KEY_check_key(key)) == 0: if OpenSSL.EC_KEY_check_key(key) == 0:
raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...") raise Exception("[OpenSSL] EC_KEY_check_key FAIL ...")
if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL: if OpenSSL._hexversion > 0x10100000 and not OpenSSL._libreSSL:
OpenSSL.EVP_MD_CTX_new(md_ctx) OpenSSL.EVP_MD_CTX_new(md_ctx)
else: else:
OpenSSL.EVP_MD_CTX_init(md_ctx) OpenSSL.EVP_MD_CTX_init(md_ctx)
OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None) OpenSSL.EVP_DigestInit_ex(md_ctx, digest_alg(), None)
if (OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb))) == 0: if OpenSSL.EVP_DigestUpdate(md_ctx, binputb, len(inputb)) == 0:
raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...") raise Exception("[OpenSSL] EVP_DigestUpdate FAIL ...")
OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len) OpenSSL.EVP_DigestFinal_ex(md_ctx, digest, dgst_len)
@ -468,7 +472,7 @@ class ECC(object):
ephemcurve=None, ephemcurve=None,
ciphername='aes-256-cbc', ciphername='aes-256-cbc',
): # pylint: disable=too-many-arguments ): # pylint: disable=too-many-arguments
"""ECHD encryption, keys supplied in binary data format""" """ECDH encryption, keys supplied in binary data format"""
if ephemcurve is None: if ephemcurve is None:
ephemcurve = curve ephemcurve = curve
@ -476,7 +480,7 @@ class ECC(object):
key = sha512(ephem.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest() key = sha512(ephem.raw_get_ecdh_key(pubkey_x, pubkey_y)).digest()
key_e, key_m = key[:32], key[32:] key_e, key_m = key[:32], key[32:]
pubkey = ephem.get_pubkey() pubkey = ephem.get_pubkey()
_iv = OpenSSL.rand(OpenSSL.get_cipher(ciphername).get_blocksize()) _iv = Cipher.gen_IV(ciphername)
ctx = Cipher(key_e, _iv, 1, ciphername) ctx = Cipher(key_e, _iv, 1, ciphername)
ciphertext = _iv + pubkey + ctx.ciphering(data) ciphertext = _iv + pubkey + ctx.ciphering(data)
mac = hmac_sha256(key_m, ciphertext) mac = hmac_sha256(key_m, ciphertext)