How to use the ledgerblue.ecWrapper.PublicKey function in ledgerblue

To help you get started, we’ve selected a few ledgerblue examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github LedgerHQ / blue-loader-python / ledgerblue / checkGenuine.py View on Github external
apdu = bytearray([0xE0, 0x51, 0x00, 0x00]) + bytearray([len(certificate)]) + certificate
    dongle.exchange(apdu)

    # provide the ephemeral certificate
    ephemeralPrivate = PrivateKey()
    ephemeralPublic = bytearray(ephemeralPrivate.pubkey.serialize(compressed=False))
    dataToSign = bytes(bytearray([0x11]) + nonce + deviceNonce + ephemeralPublic)
    signature = testMaster.ecdsa_sign(bytes(dataToSign))
    signature = testMaster.ecdsa_serialize(signature)
    certificate = bytearray([len(ephemeralPublic)]) + ephemeralPublic + bytearray([len(signature)]) + signature
    apdu = bytearray([0xE0, 0x51, 0x80, 0x00]) + bytearray([len(certificate)]) + certificate
    dongle.exchange(apdu)

    # walk the device certificates to retrieve the public key to use for authentication
    index = 0
    last_pub_key = PublicKey(binascii.unhexlify(issuerKey), raw=True)
    devicePublicKey = None
    while True:
        if index == 0:
            certificate = bytearray(dongle.exchange(bytearray.fromhex('E052000000')))
        elif index == 1:
            certificate = bytearray(dongle.exchange(bytearray.fromhex('E052800000')))
        else:
            break
        offset = 1
        certificateHeader = certificate[offset : offset + certificate[offset-1]]
        offset += certificate[offset-1] + 1
        certificatePublicKey = certificate[offset : offset + certificate[offset-1]]
        offset += certificate[offset-1] + 1
        certificateSignatureArray = certificate[offset : offset + certificate[offset-1]]
        certificateSignature = last_pub_key.ecdsa_deserialize(bytes(certificateSignatureArray))
        # first cert contains a header field which holds the certificate's public key role
github LedgerHQ / blue-loader-python / ledgerblue / verifyEndorsement2.py View on Github external
if args.key == None:
		raise Exception("Missing public key")
	if args.codehash == None:
		raise Exception("Missing code hash")
	if args.message == None:
		raise Exception("Missing message")
	if args.signature == None:
		raise Exception("Missing signature")

	# prepare data
	tweak = hmac.new(bytes(bytearray.fromhex(args.codehash)), bytes(bytearray.fromhex(args.key)), hashlib.sha256).digest()
	m = hashlib.sha256()
	m.update(bytes(bytearray.fromhex(args.message)))
	digest = m.digest()

	publicKey = PublicKey(bytes(bytearray.fromhex(args.key)), raw=True)
	publicKey.tweak_add(bytes(tweak))
	signature = publicKey.ecdsa_deserialize(bytes(bytearray.fromhex(args.signature)))
	if not publicKey.ecdsa_verify(bytes(digest), signature, raw=True):
		raise Exception("Endorsement not verified")

	print("Endorsement verified")
github LedgerHQ / blue-loader-python / ledgerblue / ecWrapper.py View on Github external
flags = secp256k1.ALL_FLAGS
			self.obj = secp256k1.PrivateKey(privkey, raw, flags, ctx)
			self.pubkey = self.obj.pubkey
		else:
			if not raw:
				raise Exception("Non raw init unsupported")
			if privkey == None:
				privkey = ecpy.ecrand.rnd(CURVE_SECP256K1.order)
			else:
				privkey = int.from_bytes(privkey,'big')
			self.obj = ECPrivateKey(privkey, CURVE_SECP256K1)
			pubkey = self.obj.get_public_key().W
			out = b"\x04"
			out += pubkey.x.to_bytes(32, 'big')
			out += pubkey.y.to_bytes(32, 'big')
			self.pubkey = PublicKey(out, raw=True)
github LedgerHQ / blue-loader-python / ledgerblue / endorsementSetup.py View on Github external
apdu = bytearray([0xE0, 0x51, 0x00, 0x00]) + bytearray([len(certificate)]) + certificate
		dongle.exchange(apdu)

		# provide the ephemeral certificate
		ephemeralPrivate = PrivateKey()
		ephemeralPublic = bytearray(ephemeralPrivate.pubkey.serialize(compressed=False))
		dataToSign = bytes(bytearray([0x11]) + nonce + deviceNonce + ephemeralPublic)
		signature = testMaster.ecdsa_sign(bytes(dataToSign))
		signature = testMaster.ecdsa_serialize(signature)
		certificate = bytearray([len(ephemeralPublic)]) + ephemeralPublic + bytearray([len(signature)]) + signature
		apdu = bytearray([0xE0, 0x51, 0x80, 0x00]) + bytearray([len(certificate)]) + certificate
		dongle.exchange(apdu)

		# walk the device certificates to retrieve the public key to use for authentication
		index = 0
		last_pub_key = PublicKey(binascii.unhexlify(issuerKey), raw=True)
		device_pub_key = None
		while True:
				if index == 0:
						certificate = bytearray(dongle.exchange(bytearray.fromhex('E052000000')))
				elif index == 1:
						certificate = bytearray(dongle.exchange(bytearray.fromhex('E052800000')))
				else:
						break
				if len(certificate) == 0:
						break
				offset = 1
				certificateHeader = certificate[offset : offset + certificate[offset-1]]
				offset += certificate[offset-1] + 1
				certificatePublicKey = certificate[offset : offset + certificate[offset-1]]
				offset += certificate[offset-1] + 1
				certificateSignatureArray = certificate[offset : offset + certificate[offset-1]]
github LedgerHQ / blue-loader-python / ledgerblue / endorsementSetup.py View on Github external
offset += certificate[offset-1] + 1
				certificatePublicKey = certificate[offset : offset + certificate[offset-1]]
				offset += certificate[offset-1] + 1
				certificateSignatureArray = certificate[offset : offset + certificate[offset-1]]
				certificateSignature = last_pub_key.ecdsa_deserialize(bytes(certificateSignatureArray))
				# first cert contains a header field which holds the certificate's public key role
				if index == 0:
						certificateSignedData = bytearray([0x02]) + certificateHeader + certificatePublicKey
						# Could check if the device certificate is signed by the issuer public key
				# ephemeral key certificate
				else:
						certificateSignedData = bytearray([0x12]) + deviceNonce + nonce + certificatePublicKey
				if not last_pub_key.ecdsa_verify(bytes(certificateSignedData), certificateSignature):
					print("pub key not signed by last_pub_key")
					return None
				last_pub_key = PublicKey(bytes(certificatePublicKey), raw=True)
				if index == 0:
					device_pub_key = last_pub_key
				index = index + 1

		return device_pub_key
github LedgerHQ / blue-loader-python / ledgerblue / deployed.py View on Github external
#if cardKey != testMasterPublic:
	#	raise Exception("Invalid batch public key")

	# provide the ephemeral certificate
	ephemeralPrivate = PrivateKey()
	ephemeralPublic = bytearray(ephemeralPrivate.pubkey.serialize(compressed=False))
	print("Using ephemeral key %s" %binascii.hexlify(ephemeralPublic))
	signature = testMaster.ecdsa_sign(bytes(ephemeralPublic))
	signature = testMaster.ecdsa_serialize(signature)
	certificate = bytearray([len(ephemeralPublic)]) + ephemeralPublic + bytearray([len(signature)]) + signature
	apdu = bytearray([0xE0, 0x51, 0x00, 0x00]) + bytearray([len(certificate)]) + certificate
	dongle.exchange(apdu)

	# walk the device certificates to retrieve the public key to use for authentication
	index = 0
	last_pub_key = PublicKey(bytes(testMasterPublic), raw=True)
	while True:
		certificate = bytearray(dongle.exchange(bytearray.fromhex('E052000000')))
		if len(certificate) == 0:
			break
		certificatePublic = certificate[1 : 1 + certificate[0]]
		certificateSignature = last_pub_key.ecdsa_deserialize(bytes(certificate[2 + certificate[0] :]))		
		if not last_pub_key.ecdsa_verify(bytes(certificatePublic), certificateSignature):
			if index == 0:
				# Not an error if loading from user key
				print("Broken certificate chain - loading from user key")
			else:
				raise Exception("Broken certificate chain")
		last_pub_key = PublicKey(bytes(certificatePublic), raw=True)
		index = index + 1

	# Commit device ECDH channel
github LedgerHQ / blue-loader-python / ledgerblue / verifyEndorsement1.py View on Github external
if args.key == None:
		raise Exception("Missing public key")
	if args.codehash == None:
		raise Exception("Missing code hash")
	if args.message == None:
		raise Exception("Missing message")
	if args.signature == None:
		raise Exception("Missing signature")

	# prepare data
	m = hashlib.sha256()
	m.update(bytes(bytearray.fromhex(args.message)))
	m.update(bytes(bytearray.fromhex(args.codehash)))
	digest = m.digest()

	publicKey = PublicKey(bytes(bytearray.fromhex(args.key)), raw=True)
	signature = publicKey.ecdsa_deserialize(bytes(bytearray.fromhex(args.signature)))
	if not publicKey.ecdsa_verify(bytes(digest), signature, raw=True):
		raise Exception("Endorsement not verified")

	print("Endorsement verified")
github LedgerHQ / blue-loader-python / ledgerblue / deployed.py View on Github external
certificateSignature = last_dev_pub_key.ecdsa_deserialize(bytes(certificateSignatureArray))
		# first cert contains a header field which holds the certificate's public key role
		if index == 0:
			devicePublicKey = certificatePublicKey
			certificateSignedData = bytearray([0x02]) + certificateHeader + certificatePublicKey
			# Could check if the device certificate is signed by the issuer public key
		# ephemeral key certificate
		else:
			certificateSignedData = bytearray([0x12]) + deviceNonce + nonce + certificatePublicKey		
		if not last_dev_pub_key.ecdsa_verify(bytes(certificateSignedData), certificateSignature):
			if index == 0:
				# Not an error if loading from user key
				print("Broken certificate chain - loading from user key")
			else:
				raise Exception("Broken certificate chain")
		last_dev_pub_key = PublicKey(bytes(certificatePublicKey), raw=True)
		index = index + 1

	# Commit device ECDH channel
	dongle.exchange(bytearray.fromhex('E053000000'))
	secret = last_dev_pub_key.ecdh(binascii.unhexlify(ephemeralPrivate.serialize()))

	#forced to specific version
	if ecdh_secret_format==1 or targetId&0xF == 0x2:
		return secret[0:16]
	elif targetId&0xF >= 0x3:
		ret = {}
		ret['ecdh_secret'] = secret
		ret['devicePublicKey'] = devicePublicKey
		return ret