Replace 'ed25519' by 'pynacl'

2020-07-05 16:36:36 -04:00
parent 4d9d6c0741
commit e1bbdb4bcc
5 changed files with 21 additions and 17 deletions
--- a/libagent/formats.py
+++ b/libagent/formats.py
@@ -5,7 +5,7 @@ import io
 import logging

 import ecdsa
-import ed25519
+import nacl.signing

 from . import util

@@ -88,8 +88,10 @@ def parse_pubkey(blob):

        def ed25519_verify(sig, msg):
            assert len(sig) == 64
-            vk = ed25519.VerifyingKey(pubkey)
-            vk.verify(sig, msg)
+            vk = nacl.signing.VerifyKey(bytes(pubkey),
+                                        encoder=nacl.encoding.RawEncoder)
+            vk.verify(msg, sig)
+            log.debug('verify signature')
            return sig

        result.update(curve=CURVE_ED25519, verifier=ed25519_verify)
@@ -101,7 +103,7 @@ def _decompress_ed25519(pubkey):
    """Load public key from the serialized blob (stripping the prefix byte)."""
    if pubkey[:1] == b'\x00':
        # set by Trezor fsm_msgSignIdentity() and fsm_msgGetPublicKey()
-        return ed25519.VerifyingKey(pubkey[1:])
+        return nacl.signing.VerifyKey(pubkey[1:], encoder=nacl.encoding.RawEncoder)
    else:
        return None

@@ -161,8 +163,8 @@ def serialize_verifying_key(vk):
    Currently, NIST256P1 and ED25519 elliptic curves are supported.
    Raise TypeError on unsupported key format.
    """
-    if isinstance(vk, ed25519.keys.VerifyingKey):
-        pubkey = vk.to_bytes()
+    if isinstance(vk, nacl.signing.VerifyKey):
+        pubkey = vk.encode(encoder=nacl.encoding.RawEncoder)
        key_type = SSH_ED25519_KEY_TYPE
        blob = util.frame(SSH_ED25519_KEY_TYPE) + util.frame(pubkey)
        return key_type, blob
--- a/libagent/gpg/decode.py
+++ b/libagent/gpg/decode.py
@@ -7,7 +7,7 @@ import logging
 import struct

 import ecdsa
-import ed25519
+import nacl.signing

 from . import protocol
 from .. import util
@@ -67,7 +67,8 @@ def _parse_ed25519_pubkey(mpi):
    prefix, value = util.split_bits(mpi, 8, 256)
    if prefix != 0x40:
        raise ValueError('Invalid MPI prefix: {}'.format(prefix))
-    return ed25519.VerifyingKey(util.num2bytes(value, size=32))
+    vk = nacl.signing.VerifyKey(util.num2bytes(value, size=32), encoder=nacl.encoding.RawEncoder)
+    return vk


 SUPPORTED_CURVES = {
--- a/libagent/gpg/protocol.py
+++ b/libagent/gpg/protocol.py
@@ -4,6 +4,7 @@ import base64
 import hashlib
 import logging
 import struct
+import nacl.signing

 from .. import formats, util

@@ -92,7 +93,7 @@ def _serialize_nist256(vk):

 def _serialize_ed25519(vk):
    return mpi((0x40 << 256) |
-               util.bytes2num(vk.to_bytes()))
+               util.bytes2num(vk.encode(encoder=nacl.encoding.RawEncoder)))


 def _compute_keygrip(params):
@@ -131,7 +132,7 @@ def keygrip_ed25519(vk):
        ['b', util.num2bytes(0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A, size=32)],  # nopep8
        ['g', util.num2bytes(0x04216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A6666666666666666666666666666666666666666666666666666666666666658, size=65)],  # nopep8
        ['n', util.num2bytes(0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED, size=32)],  # nopep8
-        ['q', vk.to_bytes()],
+        ['q', vk.encode(encoder=nacl.encoding.RawEncoder)],
    ])


@@ -144,7 +145,7 @@ def keygrip_curve25519(vk):
        ['b', b'\x01'],
        ['g', util.num2bytes(0x04000000000000000000000000000000000000000000000000000000000000000920ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9, size=65)],  # nopep8
        ['n', util.num2bytes(0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED, size=32)],  # nopep8
-        ['q', vk.to_bytes()],
+        ['q', vk.encode(encoder=nacl.encoding.RawEncoder)],
    ])


--- a/libagent/gpg/tests/test_protocol.py
+++ b/libagent/gpg/tests/test_protocol.py
@@ -1,5 +1,5 @@
 import ecdsa
-import ed25519
+import nacl.signing
 import pytest

 from .. import protocol
@@ -83,8 +83,8 @@ def test_nist256p1_ecdh():


 def test_ed25519():
-    sk = ed25519.SigningKey(b'\x00' * 32)
-    vk = sk.get_verifying_key()
+    sk = nacl.signing.SigningKey(b'\x00'*32, encoder=nacl.encoding.RawEncoder)
+    vk = sk.verify_key
    pk = protocol.PublicKey(curve_name=formats.CURVE_ED25519,
                            created=42, verifying_key=vk)
    assert repr(pk) == 'GPG public key ed25519/36B40FE6'
@@ -92,8 +92,8 @@ def test_ed25519():


 def test_curve25519():
-    sk = ed25519.SigningKey(b'\x00' * 32)
-    vk = sk.get_verifying_key()
+    sk = nacl.signing.SigningKey(b'\x00'*32, encoder=nacl.encoding.RawEncoder)
+    vk = sk.verify_key
    pk = protocol.PublicKey(curve_name=formats.ECDH_CURVE25519,
                            created=42, verifying_key=vk)
    assert repr(pk) == 'GPG public key curve25519/69460384'