bytes input for SigningKey.sign_deterministic()

tomato42 · tomato42 · commit d297675bcf16 · 2019-10-25T01:30:58.000+02:00
as extra_entropy can be large, and different type than outputs
from either bits2octets or number_to_string, do not concatenate
them but rather push them to the hmac one by one

don't use six.b(), not needed on py2.6

simplify the chained comparison and remove unneeded else after return
in rfc5979.generate_k
diff --git a/src/ecdsa/_compat.py b/src/ecdsa/_compat.py
@@ -18,8 +18,21 @@ def normalise_bytes(buffer_object):
         """Cast the input into array of bytes."""
         return buffer(buffer_object)
 
+    def hmac_compat(ret):
+        return ret
 
 else:
+    if sys.version_info < (3, 4):
+        # on python 3.3 hmac.hmac.update() accepts only bytes, on newer
+        # versions it does accept memoryview() also
+        def hmac_compat(data):
+            if not isinstance(data, bytes):
+                return bytes(data)
+            return data
+    else:
+        def hmac_compat(data):
+            return data
+
     def normalise_bytes(buffer_object):
         """Cast the input into array of bytes."""
         return memoryview(buffer_object).cast('B')
diff --git a/src/ecdsa/keys.py b/src/ecdsa/keys.py
@@ -974,6 +974,8 @@ def sign_deterministic(self, data, hashfunc=None,
         :rtype: bytes or sigencode function dependant type
         """
         hashfunc = hashfunc or self.default_hashfunc
+        data = normalise_bytes(data)
+        extra_entropy = normalise_bytes(extra_entropy)
         digest = hashfunc(data).digest()
 
         return self.sign_digest_deterministic(
diff --git a/src/ecdsa/rfc6979.py b/src/ecdsa/rfc6979.py
@@ -12,7 +12,7 @@
 import hmac
 from binascii import hexlify
 from .util import number_to_string, number_to_string_crop, bit_length
-from six import b
+from ._compat import hmac_compat
 
 
 # bit_length was defined in this module previously so keep it for backwards
@@ -54,32 +54,41 @@ def generate_k(order, secexp, hash_func, data, retry_gen=0, extra_entropy=b''):
     qlen = bit_length(order)
     holen = hash_func().digest_size
     rolen = (qlen + 7) / 8
-    bx = number_to_string(secexp, order) + bits2octets(data, order) + \
-        extra_entropy
+    bx = (hmac_compat(number_to_string(secexp, order)),
+          hmac_compat(bits2octets(data, order)),
+          hmac_compat(extra_entropy))
 
     # Step B
-    v = b('\x01') * holen
+    v = b'\x01' * holen
 
     # Step C
-    k = b('\x00') * holen
+    k = b'\x00' * holen
 
     # Step D
 
-    k = hmac.new(k, v + b('\x00') + bx, hash_func).digest()
+    k = hmac.new(k, digestmod=hash_func)
+    k.update(v + b'\x00')
+    for i in bx:
+        k.update(i)
+    k = k.digest()
 
     # Step E
     v = hmac.new(k, v, hash_func).digest()
 
     # Step F
-    k = hmac.new(k, v + b('\x01') + bx, hash_func).digest()
+    k = hmac.new(k, digestmod=hash_func)
+    k.update(v + b'\x01')
+    for i in bx:
+        k.update(i)
+    k = k.digest()
 
     # Step G
     v = hmac.new(k, v, hash_func).digest()
 
     # Step H
     while True:
         # Step H1
-        t = b('')
+        t = b''
 
         # Step H2
         while len(t) < rolen:
@@ -89,11 +98,10 @@ def generate_k(order, secexp, hash_func, data, retry_gen=0, extra_entropy=b''):
         # Step H3
         secret = bits2int(t, qlen)
 
-        if secret >= 1 and secret < order:
+        if 1 <= secret < order:
             if retry_gen <= 0:
                 return secret
-            else:
-                retry_gen -= 1
+            retry_gen -= 1
 
-        k = hmac.new(k, v + b('\x00'), hash_func).digest()
+        k = hmac.new(k, v + b'\x00', hash_func).digest()
         v = hmac.new(k, v, hash_func).digest()
diff --git a/src/ecdsa/test_keys.py b/src/ecdsa/test_keys.py
@@ -178,7 +178,7 @@ def test_array_array_of_bytes_memoryview(self):
 sha1 = hashlib.sha1()
 sha1.update(data)
 data_hash = sha1.digest()
-
+assert isinstance(data_hash, bytes)
 sig_raw = sk.sign(data, sigencode=sigencode_string)
 assert isinstance(sig_raw, bytes)
 sig_der = sk.sign(data, sigencode=sigencode_der)
@@ -272,3 +272,15 @@ def test_SigningKey_from_der(convert):
     sk = SigningKey.from_der(key)
 
     assert sk.to_string() == prv_key_bytes
+
+
+# test SigningKey.sign_deterministic()
+extra_entropy=b'\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11'
+
+@pytest.mark.parametrize("convert", converters)
+def test_SigningKey_sign_deterministic(convert):
+    sig = sk.sign_deterministic(
+        convert(data),
+        extra_entropy=convert(extra_entropy))
+
+    vk.verify(sig, data)
