bytes input for VerifyingKey.verify()

tomato42 · tomato42 · commit 6f0cbf807c6f · 2019-10-25T00:32:53.000+02:00
diff --git a/src/ecdsa/der.py b/src/ecdsa/der.py
@@ -180,7 +180,7 @@ def remove_integer(string):
     if not string:
         raise UnexpectedDER("Empty string is an invalid encoding of an "
                             "integer")
-    if not string.startswith(b("\x02")):
+    if string[:1] != b"\x02":
         n = string[0] if isinstance(string[0], integer_types) \
                 else ord(string[0])
         raise UnexpectedDER("wanted type 'integer' (0x02), got 0x%02x" % n)
diff --git a/src/ecdsa/keys.py b/src/ecdsa/keys.py
@@ -543,7 +543,7 @@ def verify(self, signature, data, hashfunc=None,
         as the `sigdecode` parameter.
 
         :param signature: encoding of the signature
-        :type signature: bytes like object
+        :type signature: sigdecode method dependant
         :param data: data signed by the `signature`, will be hashed using
             `hashfunc`, if specified, or default hash function
         :type data: bytes like object
@@ -565,6 +565,10 @@ def verify(self, signature, data, hashfunc=None,
         :return: True if the verification was successful
         :rtype: bool
         """
+        # signature doesn't have to be a bytes-like-object so don't normalise
+        # it, the decoders will do that
+        data = normalise_bytes(data)
+
         hashfunc = hashfunc or self.default_hashfunc
         digest = hashfunc(data).digest()
         return self.verify_digest(signature, digest, sigdecode)
@@ -579,7 +583,7 @@ def verify_digest(self, signature, digest, sigdecode=sigdecode_string):
         as the `sigdecode` parameter.
 
         :param signature: encoding of the signature
-        :type signature: bytes like object
+        :type signature: sigdecode method dependant
         :param digest: raw hash value that the signature authenticates.
         :type digest: bytes like object
         :param sigdecode: Callable to define the way the signature needs to
@@ -597,6 +601,9 @@ def verify_digest(self, signature, digest, sigdecode=sigdecode_string):
         :return: True if the verification was successful
         :rtype: bool
         """
+        # signature doesn't have to be a bytes-like-object so don't normalise
+        # it, the decoders will do that
+        digest = normalise_bytes(digest)
         if len(digest) > self.curve.baselen:
             raise BadDigestError("this curve (%s) is too short "
                                  "for your digest (%d)" % (self.curve.name,
diff --git a/src/ecdsa/test_keys.py b/src/ecdsa/test_keys.py
@@ -12,9 +12,12 @@
 import six
 import sys
 import pytest
+import hashlib
 
-from .keys import VerifyingKey
+from .keys import VerifyingKey, SigningKey
 from .der import unpem
+from .util import sigencode_string, sigencode_der, sigencode_strings, \
+    sigdecode_string, sigdecode_der, sigdecode_strings
 
 
 class TestVerifyingKeyFromString(unittest.TestCase):
@@ -153,3 +156,70 @@ def test_array_array_of_bytes_memoryview(self):
         vk = VerifyingKey.from_der(buffer(arr))
 
         self.assertEqual(self.vk.to_string(), vk.to_string())
+
+
+# test VerifyingKey.verify()
+prv_key_str = (
+    "-----BEGIN EC PRIVATE KEY-----\n"
+    "MF8CAQEEGF7IQgvW75JSqULpiQQ8op9WH6Uldw6xxaAKBggqhkjOPQMBAaE0AzIA\n"
+    "BLiBd9CE7xf15FY5QIAoNg+fWbSk1yZOYtoGUdzkejWkxbRc9RWTQjqLVXucIJnz\n"
+    "bA==\n"
+    "-----END EC PRIVATE KEY-----\n")
+key_bytes = unpem(prv_key_str)
+assert isinstance(key_bytes, bytes)
+sk = SigningKey.from_der(key_bytes)
+vk = sk.verifying_key
+
+data = (b"some string for signing"
+        b"contents don't really matter"
+        b"but do include also some crazy values: "
+        b"\x00\x01\t\r\n\x00\x00\x00\xff\xf0")
+assert len(data) % 4 == 0
+sha1 = hashlib.sha1()
+sha1.update(data)
+data_hash = sha1.digest()
+
+sig_raw = sk.sign(data, sigencode=sigencode_string)
+assert isinstance(sig_raw, bytes)
+sig_der = sk.sign(data, sigencode=sigencode_der)
+assert isinstance(sig_der, bytes)
+sig_strings = sk.sign(data, sigencode=sigencode_strings)
+assert isinstance(sig_strings[0], bytes)
+
+verifiers = []
+for modifier, fun in [
+    ("bytes", lambda x: x),
+    ("bytes memoryview", lambda x: buffer(x)),
+    ("bytearray", lambda x: bytearray(x)),
+    ("bytearray memoryview", lambda x: buffer(bytearray(x))),
+    ("array.array of bytes", lambda x: array.array('B', x)),
+    ("array.array of bytes memoryview", lambda x: buffer(array.array('B', x))),
+    ("array.array of ints", lambda x: array.array('I', x)),
+    ("array.array of ints memoryview", lambda x: buffer(array.array('I', x)))
+    ]:
+    if "ints" in modifier:
+        conv = lambda x: x
+    else:
+        conv = fun
+    for sig_format, signature, decoder, mod_apply in [
+        ("raw", sig_raw, sigdecode_string, lambda x: conv(x)),
+        ("der", sig_der, sigdecode_der, lambda x: conv(x)),
+        ("strings", sig_strings, sigdecode_strings, lambda x:
+            tuple(conv(i) for i in x))
+        ]:
+        for method_name, vrf_mthd, vrf_data in [
+            ("verify", vk.verify, data),
+            ("verify_digest", vk.verify_digest, data_hash)
+            ]:
+            verifiers.append(pytest.param(
+                signature, decoder, mod_apply, fun, vrf_mthd, vrf_data,
+                id="{2}-{0}-{1}".format(modifier, sig_format, method_name)))
+
+@pytest.mark.parametrize(
+    "signature,decoder,mod_apply,fun,vrf_mthd,vrf_data",
+    verifiers)
+def test_VerifyingKey_verify(
+        signature, decoder, mod_apply, fun, vrf_mthd, vrf_data):
+    sig = mod_apply(signature)
+
+    assert vrf_mthd(sig, fun(vrf_data), sigdecode=decoder)
diff --git a/src/ecdsa/util.py b/src/ecdsa/util.py
@@ -6,6 +6,7 @@
 from hashlib import sha256
 from six import PY3, int2byte, b, next
 from . import der
+from ._compat import normalise_bytes
 
 # RFC5480:
 #   The "unrestricted" algorithm identifier is:
@@ -312,6 +313,7 @@ def sigdecode_string(signature, order):
     :return: tuple with decoded 'r' and 's' values of signature
     :rtype: tuple of ints
     """
+    signature = normalise_bytes(signature)
     l = orderlen(order)
     if not len(signature) == 2 * l:
         raise MalformedSignature(
@@ -347,6 +349,8 @@ def sigdecode_strings(rs_strings, order):
             "Invalid number of strings provided: {0}, expected 2"
             .format(len(rs_strings)))
     (r_str, s_str) = rs_strings
+    r_str = normalise_bytes(r_str)
+    s_str = normalise_bytes(s_str)
     l = orderlen(order)
     if not len(r_str) == l:
         raise MalformedSignature(
@@ -388,14 +392,15 @@ def sigdecode_der(sig_der, order):
     :return: tuple with decoded 'r' and 's' values of signature
     :rtype: tuple of ints
     """
+    sig_der = normalise_bytes(sig_der)
     # return der.encode_sequence(der.encode_integer(r), der.encode_integer(s))
     rs_strings, empty = der.remove_sequence(sig_der)
-    if empty != b(""):
+    if empty != b"":
         raise der.UnexpectedDER("trailing junk after DER sig: %s" %
                                 binascii.hexlify(empty))
     r, rest = der.remove_integer(rs_strings)
     s, empty = der.remove_integer(rest)
-    if empty != b(""):
+    if empty != b"":
         raise der.UnexpectedDER("trailing junk after DER numbers: %s" %
                                 binascii.hexlify(empty))
     return r, s
