From e1bbdb4bccb9c81a34123cc89fbb6ef2750ab33b Mon Sep 17 00:00:00 2001 From: onlykey Date: Sun, 5 Jul 2020 16:36:36 -0400 Subject: [PATCH] Replace 'ed25519' by 'pynacl' --- libagent/formats.py | 14 ++++++++------ libagent/gpg/decode.py | 5 +++-- libagent/gpg/protocol.py | 7 ++++--- libagent/gpg/tests/test_protocol.py | 10 +++++----- setup.py | 2 +- 5 files changed, 21 insertions(+), 17 deletions(-) diff --git a/libagent/formats.py b/libagent/formats.py index 468da74..5189c75 100644 --- a/libagent/formats.py +++ b/libagent/formats.py @@ -5,7 +5,7 @@ import io import logging import ecdsa -import ed25519 +import nacl.signing from . import util @@ -88,8 +88,10 @@ def parse_pubkey(blob): def ed25519_verify(sig, msg): assert len(sig) == 64 - vk = ed25519.VerifyingKey(pubkey) - vk.verify(sig, msg) + vk = nacl.signing.VerifyKey(bytes(pubkey), + encoder=nacl.encoding.RawEncoder) + vk.verify(msg, sig) + log.debug('verify signature') return sig result.update(curve=CURVE_ED25519, verifier=ed25519_verify) @@ -101,7 +103,7 @@ def _decompress_ed25519(pubkey): """Load public key from the serialized blob (stripping the prefix byte).""" if pubkey[:1] == b'\x00': # set by Trezor fsm_msgSignIdentity() and fsm_msgGetPublicKey() - return ed25519.VerifyingKey(pubkey[1:]) + return nacl.signing.VerifyKey(pubkey[1:], encoder=nacl.encoding.RawEncoder) else: return None @@ -161,8 +163,8 @@ def serialize_verifying_key(vk): Currently, NIST256P1 and ED25519 elliptic curves are supported. Raise TypeError on unsupported key format. """ - if isinstance(vk, ed25519.keys.VerifyingKey): - pubkey = vk.to_bytes() + if isinstance(vk, nacl.signing.VerifyKey): + pubkey = vk.encode(encoder=nacl.encoding.RawEncoder) key_type = SSH_ED25519_KEY_TYPE blob = util.frame(SSH_ED25519_KEY_TYPE) + util.frame(pubkey) return key_type, blob diff --git a/libagent/gpg/decode.py b/libagent/gpg/decode.py index f3b620f..470369e 100644 --- a/libagent/gpg/decode.py +++ b/libagent/gpg/decode.py @@ -7,7 +7,7 @@ import logging import struct import ecdsa -import ed25519 +import nacl.signing from . import protocol from .. import util @@ -67,7 +67,8 @@ def _parse_ed25519_pubkey(mpi): prefix, value = util.split_bits(mpi, 8, 256) if prefix != 0x40: raise ValueError('Invalid MPI prefix: {}'.format(prefix)) - return ed25519.VerifyingKey(util.num2bytes(value, size=32)) + vk = nacl.signing.VerifyKey(util.num2bytes(value, size=32), encoder=nacl.encoding.RawEncoder) + return vk SUPPORTED_CURVES = { diff --git a/libagent/gpg/protocol.py b/libagent/gpg/protocol.py index ad62f7f..c0bb7eb 100644 --- a/libagent/gpg/protocol.py +++ b/libagent/gpg/protocol.py @@ -4,6 +4,7 @@ import base64 import hashlib import logging import struct +import nacl.signing from .. import formats, util @@ -92,7 +93,7 @@ def _serialize_nist256(vk): def _serialize_ed25519(vk): return mpi((0x40 << 256) | - util.bytes2num(vk.to_bytes())) + util.bytes2num(vk.encode(encoder=nacl.encoding.RawEncoder))) def _compute_keygrip(params): @@ -131,7 +132,7 @@ def keygrip_ed25519(vk): ['b', util.num2bytes(0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A, size=32)], # nopep8 ['g', util.num2bytes(0x04216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A6666666666666666666666666666666666666666666666666666666666666658, size=65)], # nopep8 ['n', util.num2bytes(0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED, size=32)], # nopep8 - ['q', vk.to_bytes()], + ['q', vk.encode(encoder=nacl.encoding.RawEncoder)], ]) @@ -144,7 +145,7 @@ def keygrip_curve25519(vk): ['b', b'\x01'], ['g', util.num2bytes(0x04000000000000000000000000000000000000000000000000000000000000000920ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9, size=65)], # nopep8 ['n', util.num2bytes(0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED, size=32)], # nopep8 - ['q', vk.to_bytes()], + ['q', vk.encode(encoder=nacl.encoding.RawEncoder)], ]) diff --git a/libagent/gpg/tests/test_protocol.py b/libagent/gpg/tests/test_protocol.py index 2b1b303..cc9be43 100644 --- a/libagent/gpg/tests/test_protocol.py +++ b/libagent/gpg/tests/test_protocol.py @@ -1,5 +1,5 @@ import ecdsa -import ed25519 +import nacl.signing import pytest from .. import protocol @@ -83,8 +83,8 @@ def test_nist256p1_ecdh(): def test_ed25519(): - sk = ed25519.SigningKey(b'\x00' * 32) - vk = sk.get_verifying_key() + sk = nacl.signing.SigningKey(b'\x00'*32, encoder=nacl.encoding.RawEncoder) + vk = sk.verify_key pk = protocol.PublicKey(curve_name=formats.CURVE_ED25519, created=42, verifying_key=vk) assert repr(pk) == 'GPG public key ed25519/36B40FE6' @@ -92,8 +92,8 @@ def test_ed25519(): def test_curve25519(): - sk = ed25519.SigningKey(b'\x00' * 32) - vk = sk.get_verifying_key() + sk = nacl.signing.SigningKey(b'\x00'*32, encoder=nacl.encoding.RawEncoder) + vk = sk.verify_key pk = protocol.PublicKey(curve_name=formats.ECDH_CURVE25519, created=42, verifying_key=vk) assert repr(pk) == 'GPG public key curve25519/69460384' diff --git a/setup.py b/setup.py index cc7708c..c5e8122 100755 --- a/setup.py +++ b/setup.py @@ -21,7 +21,7 @@ setup( 'ConfigArgParse>=0.12.1', 'python-daemon>=2.1.2', 'ecdsa>=0.13', - 'ed25519>=1.4', + 'pynacl>=1.4.0', 'mnemonic>=0.18', 'pymsgbox>=1.0.6', 'semver>=2.2',