add support for reading and writing curve parameters in DER

Author: tomato42

src/ecdsa/curves.py

@@ -1,7 +1,8 @@
 from __future__ import division
 
-from . import der, ecdsa
-from .util import orderlen
+from . import der, ecdsa, ellipticcurve
+from .util import orderlen, number_to_string, string_to_number
+from ._compat import normalise_bytes
 
 
 # orderlen was defined in this module previously, so keep it in __all__,
@@ -29,9 +30,15 @@
     "BRAINPOOLP320r1",
     "BRAINPOOLP384r1",
     "BRAINPOOLP512r1",
+    "PRIME_FIELD_OID",
+    "CHARACTERISTIC_TWO_FIELD_OID",
 ]
 
 
+PRIME_FIELD_OID = (1, 2, 840, 10045, 1, 1)
+CHARACTERISTIC_TWO_FIELD_OID = (1, 2, 840, 10045, 1, 2)
+
+
 class UnknownCurveError(Exception):
     pass
 
@@ -47,11 +54,142 @@ def __init__(self, name, curve, generator, oid, openssl_name=None):
         self.verifying_key_length = 2 * orderlen(curve.p())
         self.signature_length = 2 * self.baselen
         self.oid = oid
-        self.encoded_oid = der.encode_oid(*oid)
+        if oid:
+            self.encoded_oid = der.encode_oid(*oid)
+
+    def __eq__(self, other):
+        if isinstance(other, Curve):
+            return (
+                self.curve == other.curve and self.generator == other.generator
+            )
+        return NotImplemented
+
+    def __ne__(self, other):
+        return not self == other
 
     def __repr__(self):
         return self.name
 
+    def to_der(self, encoding=None, point_encoding="uncompressed"):
+        """Serialise the curve parameters to binary string.
+
+        :param str encoding: the format to save the curve parameters in.
+            Default is ``named_curve``, with fallback being the ``explicit``
+            if the OID is not set for the curve.
+        :param str point_encoding: the point encoding of the generator when
+            explicit curve encoding is used. Ignored for ``named_curve``
+            format.
+        """
+        if encoding is None:
+            if self.oid:
+                encoding = "named_curve"
+            else:
+                encoding = "explicit"
+
+        if encoding == "named_curve":
+            if not self.oid:
+                raise UnknownCurveError(
+                    "Can't encode curve using named_curve encoding without "
+                    "associated curve OID"
+                )
+            return der.encode_oid(*self.oid)
+
+        # encode the ECParameters sequence
+        curve_p = self.curve.p()
+        version = der.encode_integer(1)
+        field_id = der.encode_sequence(
+            der.encode_oid(*PRIME_FIELD_OID), der.encode_integer(curve_p)
+        )
+        curve = der.encode_sequence(
+            der.encode_octet_string(
+                number_to_string(self.curve.a() % curve_p, curve_p)
+            ),
+            der.encode_octet_string(
+                number_to_string(self.curve.b() % curve_p, curve_p)
+            ),
+        )
+        base = der.encode_octet_string(self.generator.to_bytes(point_encoding))
+        order = der.encode_integer(self.generator.order())
+        seq_elements = [version, field_id, curve, base, order]
+        if self.curve.cofactor():
+            cofactor = der.encode_integer(self.curve.cofactor())
+            seq_elements.append(cofactor)
+
+        return der.encode_sequence(*seq_elements)
+
+    @staticmethod
+    def from_der(data):
+        """Decode the curve parameters from DER file.
+
+        :param data: the binary string to decode the parameters from
+        :type data: bytes-like object
+        """
+        data = normalise_bytes(data)
+        if not der.is_sequence(data):
+            oid, empty = der.remove_object(data)
+            if empty:
+                raise der.UnexpectedDER("Unexpected data after OID")
+            return find_curve(oid)
+
+        seq, empty = der.remove_sequence(data)
+        if empty:
+            raise der.UnexpectedDER(
+                "Unexpected data after ECParameters structure"
+            )
+        # decode the ECParameters sequence
+        version, rest = der.remove_integer(seq)
+        if version != 1:
+            raise der.UnexpectedDER("Unknown parameter encoding format")
+        field_id, rest = der.remove_sequence(rest)
+        curve, rest = der.remove_sequence(rest)
+        base_bytes, rest = der.remove_octet_string(rest)
+        order, rest = der.remove_integer(rest)
+        cofactor = None
+        if rest:
+            cofactor, rest = der.remove_integer(rest)
+
+        # decode the ECParameters.fieldID sequence
+        field_type, rest = der.remove_object(field_id)
+        if field_type == CHARACTERISTIC_TWO_FIELD_OID:
+            raise UnknownCurveError("Characteristic 2 curves unsupported")
+        if field_type != PRIME_FIELD_OID:
+            raise UnknownCurveError(
+                "Unknown field type: {0}".format(field_type)
+            )
+        prime, empty = der.remove_integer(rest)
+        if empty:
+            raise der.UnexpectedDER(
+                "Unexpected data after ECParameters.fieldID.Prime-p element"
+            )
+
+        # decode the ECParameters.curve sequence
+        curve_a_bytes, rest = der.remove_octet_string(curve)
+        curve_b_bytes, rest = der.remove_octet_string(rest)
+        # seed can be defined here, but we don't parse it, so ignore `rest`
+
+        curve_a = string_to_number(curve_a_bytes)
+        curve_b = string_to_number(curve_b_bytes)
+
+        curve_fp = ellipticcurve.CurveFp(prime, curve_a, curve_b, cofactor)
+
+        # decode the ECParameters.base point
+
+        base = ellipticcurve.PointJacobi.from_bytes(
+            curve_fp,
+            base_bytes,
+            valid_encodings=("uncompressed", "compressed", "hybrid"),
+            order=order,
+            generator=True,
+        )
+        tmp_curve = Curve("unknown", curve_fp, base, None)
+
+        # if the curve matches one of the well-known ones, use the well-known
+        # one in preference, as it will have the OID and name associated
+        for i in curves:
+            if tmp_curve == i:
+                return i
+        return tmp_curve
+
 
 # the SEC curves
 SECP112r1 = Curve(

src/ecdsa/ellipticcurve.py

@@ -51,7 +51,7 @@
 from . import numbertheory
 from ._compat import normalise_bytes
 from .errors import MalformedPointError
-from .util import orderlen, string_to_number
+from .util import orderlen, string_to_number, number_to_string
 
 
 @python_2_unicode_compatible
@@ -101,10 +101,11 @@ def __eq__(self, other):
         only the prime and curve parameters are considered.
         """
         if isinstance(other, CurveFp):
+            p = self.__p
             return (
                 self.__p == other.__p
-                and self.__a == other.__a
-                and self.__b == other.__b
+                and self.__a % p == other.__a % p
+                and self.__b % p == other.__b % p
             )
         return NotImplemented
 
@@ -142,6 +143,7 @@ def __str__(self):
 
 class AbstractPoint(object):
     """Class for common methods of elliptic curve points."""
+
     @staticmethod
     def _from_raw_encoding(data, raw_encoding_length):
         """
@@ -207,11 +209,7 @@ def _from_hybrid(cls, data, raw_encoding_length, validate_encoding):
 
     @classmethod
     def from_bytes(
-        cls,
-        curve,
-        data,
-        validate_encoding=True,
-        valid_encodings=None
+        cls, curve, data, validate_encoding=True, valid_encodings=None
     ):
         """
         Initialise the object from byte encoding of a point.
@@ -265,17 +263,14 @@ def from_bytes(
         elif key_len == raw_encoding_length + 1 and (
             "hybrid" in valid_encodings or "uncompressed" in valid_encodings
         ):
-            if (
-                data[:1] in (b"\x06", b"\x07")
-                and "hybrid" in valid_encodings
-            ):
+            if data[:1] in (b"\x06", b"\x07") and "hybrid" in valid_encodings:
                 coord_x, coord_y = cls._from_hybrid(
                     data, raw_encoding_length, validate_encoding
                 )
             elif data[:1] == b"\x04" and "uncompressed" in valid_encodings:
-                 coord_x, coord_y = cls._from_raw_encoding(
+                coord_x, coord_y = cls._from_raw_encoding(
                     data[1:], raw_encoding_length
-                 )
+                )
             else:
                 raise MalformedPointError(
                     "Invalid X9.62 encoding of the public point"
@@ -293,6 +288,49 @@ def from_bytes(
             )
         return coord_x, coord_y
 
+    def _raw_encode(self):
+        """Convert the point to the :term:`raw encoding`."""
+        prime = self.curve().p()
+        x_str = number_to_string(self.x(), prime)
+        y_str = number_to_string(self.y(), prime)
+        return x_str + y_str
+
+    def _compressed_encode(self):
+        """Encode the point into the compressed form."""
+        prime = self.curve().p()
+        x_str = number_to_string(self.x(), prime)
+        if self.y() & 1:
+            return b"\x03" + x_str
+        return b"\x02" + x_str
+
+    def _hybrid_encode(self):
+        """Encode the point into the hybrid form."""
+        raw_enc = self._raw_encode()
+        if self.y() & 1:
+            return b"\x07" + raw_enc
+        return b"\x06" + raw_enc
+
+    def to_bytes(self, encoding="raw"):
+        """
+        Convert the point to a byte string.
+
+        The method by default uses the :term:`raw encoding` (specified
+        by `encoding="raw"`. It can also output points in :term:`uncompressed`,
+        :term:`compressed`, and :term:`hybrid` formats.
+
+        :return: :term:`raw encoding` of a public on the curve
+        :rtype: bytes
+        """
+        assert encoding in ("raw", "uncompressed", "compressed", "hybrid")
+        if encoding == "raw":
+            return self._raw_encode()
+        elif encoding == "uncompressed":
+            return b"\x04" + self._raw_encode()
+        elif encoding == "hybrid":
+            return self._hybrid_encode()
+        else:
+            return self._compressed_encode()
+
 
 class PointJacobi(AbstractPoint):
     """
@@ -341,7 +379,7 @@ def from_bytes(
         validate_encoding=True,
         valid_encodings=None,
         order=None,
-        generator=False
+        generator=False,
     ):
         """
         Initialise the object from byte encoding of a point.
@@ -920,7 +958,7 @@ def from_bytes(
         data,
         validate_encoding=True,
         valid_encodings=None,
-        order=None
+        order=None,
     ):
         """
         Initialise the object from byte encoding of a point.
@@ -956,7 +994,6 @@ def from_bytes(
         )
         return Point(curve, coord_x, coord_y, order)
 
-
     def __eq__(self, other):
         """Return True if the points are identical, False otherwise.
 

src/ecdsa/errors.py

@@ -2,5 +2,3 @@ class MalformedPointError(AssertionError):
     """Raised in case the encoding of private or public key is malformed."""
 
     pass
-
-

src/ecdsa/keys.py

@@ -78,7 +78,6 @@
 from . import rfc6979
 from . import ellipticcurve
 from .curves import NIST192p, find_curve
-from .numbertheory import square_root_mod_prime, SquareRootError
 from .ecdsa import RSZeroError
 from .util import string_to_number, number_to_string, randrange
 from .util import sigencode_string, sigdecode_string, bit_length
@@ -311,7 +310,7 @@ def from_string(
             curve.curve,
             string,
             validate_encoding=validate_point,
-            valid_encodings=valid_encodings
+            valid_encodings=valid_encodings,
         )
         return cls.from_public_point(point, curve, hashfunc, validate_point)
 
@@ -526,30 +525,6 @@ def from_public_key_recovery_with_digest(
         ]
         return verifying_keys
 
-    def _raw_encode(self):
-        """Convert the public key to the :term:`raw encoding`."""
-        order = self.curve.curve.p()
-        x_str = number_to_string(self.pubkey.point.x(), order)
-        y_str = number_to_string(self.pubkey.point.y(), order)
-        return x_str + y_str
-
-    def _compressed_encode(self):
-        """Encode the public point into the compressed form."""
-        order = self.curve.curve.p()
-        x_str = number_to_string(self.pubkey.point.x(), order)
-        if self.pubkey.point.y() & 1:
-            return b("\x03") + x_str
-        else:
-            return b("\x02") + x_str
-
-    def _hybrid_encode(self):
-        """Encode the public point into the hybrid form."""
-        raw_enc = self._raw_encode()
-        if self.pubkey.point.y() & 1:
-            return b("\x07") + raw_enc
-        else:
-            return b("\x06") + raw_enc
-
     def to_string(self, encoding="raw"):
         """
         Convert the public key to a byte string.
@@ -571,14 +546,7 @@ def to_string(self, encoding="raw"):
         :rtype: bytes
         """
         assert encoding in ("raw", "uncompressed", "compressed", "hybrid")
-        if encoding == "raw":
-            return self._raw_encode()
-        elif encoding == "uncompressed":
-            return b("\x04") + self._raw_encode()
-        elif encoding == "hybrid":
-            return self._hybrid_encode()
-        else:
-            return self._compressed_encode()
+        return self.pubkey.point.to_bytes(encoding)
 
     def to_pem(self, point_encoding="uncompressed"):
         """