From 1072d2662a1ec2709fed5da38389e68b0f83742a Mon Sep 17 00:00:00 2001 From: Luke Murphy Date: Sat, 5 Oct 2019 11:34:57 +0200 Subject: [PATCH] Implement key_pair, sign, and verify --- hypercore_crypto/__init__.py | 6 +++++ hypercore_crypto/crypto.py | 45 ++++++++++++++++++------------------ test/test_crypto.py | 9 ++++++++ 3 files changed, 38 insertions(+), 22 deletions(-) create mode 100644 test/test_crypto.py diff --git a/hypercore_crypto/__init__.py b/hypercore_crypto/__init__.py index 87fe1a8..89b29d3 100644 --- a/hypercore_crypto/__init__.py +++ b/hypercore_crypto/__init__.py @@ -1,10 +1,16 @@ """hypercore-crypto module.""" +# Note(decentral1se): Included to match export list of the original Javascript +# reference implementation. However, we don't implement this function +# ourselves. +from nacl.hash import blake2b # noqa + from hypercore_crypto.crypto import ( # noqa blake2b, data, discovery_key, encode_unsigned_int64, + key_pair, leaf, parent, random_bytes, diff --git a/hypercore_crypto/crypto.py b/hypercore_crypto/crypto.py index 0862b83..3ab3e01 100644 --- a/hypercore_crypto/crypto.py +++ b/hypercore_crypto/crypto.py @@ -1,11 +1,15 @@ """Cryptography primitives for Hypercore.""" +from typing import Optional, Tuple + +import nacl.exceptions from nacl.bindings import ( + crypto_sign, crypto_sign_keypair, - crypto_sign_PUBLICKEYBYTES, - crypto_sign_SECRETKEYBYTES, crypto_sign_seed_keypair, ) +from nacl.hash import blake2b +from nacl.signing import VerifyKey # https://en.wikipedia.org/wiki/Merkle_tree#Second_preimage_attack LEAF_TYPE = bytearray([0]) @@ -14,30 +18,31 @@ ROOT_TYPE = bytearray([2]) HYPERCORE = bytearray('hypercore', encoding='utf-8') -# TODO(decentral1se): don't forget to type this -def key_pair(seed=None): - """The signed public/secret key length.""" - - public_key = bytearray(crypto_sign_PUBLICKEYBYTES) - secret_key = bytearray(crypto_sign_SECRETKEYBYTES) +def key_pair(seed: Optional[bytes] = None) -> Tuple[bytes, bytes]: + """A new public key and secret key pair. + The seed must be at least 32 characters in length. + """ if seed: - crypto_sign_seed_keypair(public_key, secret_key, seed) - else: - crypto_sign_keypair(public_key, secret_key) - - return {'public-key': public_key, 'secret-key': secret_key} + return crypto_sign_seed_keypair(seed) + return crypto_sign_keypair() -def sign(): - pass +def sign(message: bytes, secret_key: bytes) -> bytes: + """Signed message from a secret key.""" + return crypto_sign(message, secret_key) -def verify(): - pass +def verify(signed_message: bytes, signature: bytes, public_key: bytes) -> bool: + """Verify a signed message.""" + try: + VerifyKey(public_key).verify(signed_message, signature=signature) + except (nacl.exceptions.TypeError, nacl.exceptions.BadSignatureError): + return False + return True -def data(): +def data(data: bytes): pass @@ -63,7 +68,3 @@ def discovery_key(): def encode_unsigned_int64(): pass - - -def blake2b(): - pass diff --git a/test/test_crypto.py b/test/test_crypto.py new file mode 100644 index 0000000..18bd364 --- /dev/null +++ b/test/test_crypto.py @@ -0,0 +1,9 @@ +"""Cryptography primitives test module.""" + +from hypercore_crypto import key_pair + + +def test_key_pair_length(): + public_key, secret_key = key_pair() + assert len(public_key) == 32 + assert len(secret_key) == 64