jacobpascual/trezor-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gpg: raise proper exception when keygrip mismatch is detected

Browse Source
This commit is contained in:
Roman Zeyde
2016-10-17 10:53:43 +03:00
parent 7de88a3980
commit 79b6d31dfe
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
trezor_agent/gpg/agent.py
View File

@@ -37,6 +37,11 @@ def sig_encode(r, s):
return '(7:sig-val(5:ecdsa(1:r32:{})(1:s32:{})))'.format(r, s)
def _verify_keygrip(expected, actual):
if expected != actual:
raise KeyError('Keygrip mismatch: {!r} != {!r}', expected, actual)
def pksign(keygrip, digest, algo):
"""Sign a message digest using a private EC key."""
assert algo == '8', 'Unsupported hash algorithm ID {}'.format(algo)
@@ -46,7 +51,7 @@ def pksign(keygrip, digest, algo):
use_custom=True, ecdh=False)
pubkey, conn = encode.load_from_public_key(pubkey_dict=pubkey_dict)
with contextlib.closing(conn):
assert pubkey.keygrip == binascii.unhexlify(keygrip)
_verify_keygrip(pubkey.keygrip, binascii.unhexlify(keygrip))
r, s = conn.sign(binascii.unhexlify(digest))
result = sig_encode(r, s)
log.debug('result: %r', result)
@@ -91,7 +96,7 @@ def pkdecrypt(keygrip, conn):
use_custom=True, ecdh=True)
pubkey, conn = encode.load_from_public_key(pubkey_dict=local_pubkey)
with contextlib.closing(conn):
assert pubkey.keygrip == binascii.unhexlify(keygrip)
_verify_keygrip(pubkey.keygrip, binascii.unhexlify(keygrip))
return _serialize_point(conn.ecdh(remote_pubkey))