signing using ECDSA keys

tlsfuzzer · Apr 1, 2019 · 7a8637d · 7a8637d
1 parent 81f6247
commit 7a8637d
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 8 deletions.
diff --git a/tlslite/utils/ecdsakey.py b/tlslite/utils/ecdsakey.py
@@ -135,7 +135,7 @@ def sign(self, bytes, padding=None, hashAlg=None, saltLen=None):
         :rtype: bytearray
         :returns: An ECDSA signature on the passed-in data.
         """
-        sigBytes = self._sign(bytes)
+        sigBytes = self._sign(bytes, hashAlg)
         return sigBytes
 
     def verify(self, sigBytes, bytes, padding=None, hashAlg=None,

diff --git a/tlslite/utils/python_ecdsakey.py b/tlslite/utils/python_ecdsakey.py
@@ -1,7 +1,8 @@
 
 from .ecdsakey import ECDSAKey
 from ecdsa.util import sigencode_der, sigdecode_der
-from .tlshashlib import new
+from .tlshashlib import new, sha1, sha224, sha256, sha384, sha512
+from .cryptomath import numBits
 
 class Python_ECDSAKey(ECDSAKey):
     def __init__(self, public_key, private_key=None):
@@ -11,6 +12,10 @@ def __init__(self, public_key, private_key=None):
             self.public_key = public_key
 
         self.private_key = private_key
+        self.key_type = "ecdsa"
+
+    def __len__(self):
+        return numBits(self.public_key.curve.order)
 
     def hasPrivateKey(self):
         return bool(self.private_key)
@@ -21,14 +26,28 @@ def acceptsPassword(self):
     def generate(bits):
         raise NotImplementedError()
 
-    def _sign(self, data):
-        return private_key.sign_digest_deterministic(data,
-                                                     sigencode=sigencode_der)
+    def _sign(self, data, hAlg):
+        if hAlg == "sha1":
+            func = sha1
+        elif hAlg == "sha224":
+            func = sha224
+        elif hAlg == "sha256":
+            func = sha256
+        elif hAlg == "sha384":
+            func = sha384
+        else:
+            assert hAlg == "sha512"
+            func = sha512
+
+        return self.private_key.\
+            sign_digest_deterministic(data,
+                                      hashfunc=func,
+                                      sigencode=sigencode_der)
 
     def _hashAndSign(self, data, hAlg):
-        return private_key.sign_deterministic(data,
-                                              hash=new(hAlg),
-                                              sigencode=sigencode_der)
+        return self.private_key.sign_deterministic(data,
+                                                   hash=new(hAlg),
+                                                   sigencode=sigencode_der)
 
     def _verify(self, signature, hash_bytes):
         return self.public_key.verify_digest(signature, hash_bytes,