jacobpascual/trezor-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace 'ed25519' by 'pynacl'

Browse Source
This commit is contained in:
onlykey
2020-07-05 16:36:36 -04:00
committed by Roman Zeyde
parent 4d9d6c0741
commit e1bbdb4bcc
5 changed files with 21 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libagent/formats.py
View File

@@ -5,7 +5,7 @@ import io
import logging import logging
import ecdsa import ecdsa
import ed25519 import nacl.signing
from . import util from . import util
@@ -88,8 +88,10 @@ def parse_pubkey(blob):
def ed25519_verify(sig, msg): def ed25519_verify(sig, msg):
assert len(sig) == 64 assert len(sig) == 64
vk = ed25519.VerifyingKey(pubkey) vk = nacl.signing.VerifyKey(bytes(pubkey),
vk.verify(sig, msg) encoder=nacl.encoding.RawEncoder)
vk.verify(msg, sig)
log.debug('verify signature')
return sig return sig
result.update(curve=CURVE_ED25519, verifier=ed25519_verify) result.update(curve=CURVE_ED25519, verifier=ed25519_verify)
@@ -101,7 +103,7 @@ def _decompress_ed25519(pubkey):
"""Load public key from the serialized blob (stripping the prefix byte).""" """Load public key from the serialized blob (stripping the prefix byte)."""
if pubkey[:1] == b'\x00': if pubkey[:1] == b'\x00':
# set by Trezor fsm_msgSignIdentity() and fsm_msgGetPublicKey() # set by Trezor fsm_msgSignIdentity() and fsm_msgGetPublicKey()
return ed25519.VerifyingKey(pubkey[1:]) return nacl.signing.VerifyKey(pubkey[1:], encoder=nacl.encoding.RawEncoder)
else: else:
return None return None
@@ -161,8 +163,8 @@ def serialize_verifying_key(vk):
Currently, NIST256P1 and ED25519 elliptic curves are supported. Currently, NIST256P1 and ED25519 elliptic curves are supported.
Raise TypeError on unsupported key format. Raise TypeError on unsupported key format.
""" """
if isinstance(vk, ed25519.keys.VerifyingKey): if isinstance(vk, nacl.signing.VerifyKey):
pubkey = vk.to_bytes() pubkey = vk.encode(encoder=nacl.encoding.RawEncoder)
key_type = SSH_ED25519_KEY_TYPE key_type = SSH_ED25519_KEY_TYPE
blob = util.frame(SSH_ED25519_KEY_TYPE) + util.frame(pubkey) blob = util.frame(SSH_ED25519_KEY_TYPE) + util.frame(pubkey)
return key_type, blob return key_type, blob

5
libagent/gpg/decode.py
View File

@@ -7,7 +7,7 @@ import logging
import struct import struct
import ecdsa import ecdsa
import ed25519 import nacl.signing
from . import protocol from . import protocol
from .. import util from .. import util
@@ -67,7 +67,8 @@ def _parse_ed25519_pubkey(mpi):
prefix, value = util.split_bits(mpi, 8, 256) prefix, value = util.split_bits(mpi, 8, 256)
if prefix != 0x40: if prefix != 0x40:
raise ValueError('Invalid MPI prefix: {}'.format(prefix)) raise ValueError('Invalid MPI prefix: {}'.format(prefix))
return ed25519.VerifyingKey(util.num2bytes(value, size=32)) vk = nacl.signing.VerifyKey(util.num2bytes(value, size=32), encoder=nacl.encoding.RawEncoder)
return vk
SUPPORTED_CURVES = { SUPPORTED_CURVES = {

7
libagent/gpg/protocol.py
View File

@@ -4,6 +4,7 @@ import base64
import hashlib import hashlib
import logging import logging
import struct import struct
import nacl.signing
from .. import formats, util from .. import formats, util
@@ -92,7 +93,7 @@ def _serialize_nist256(vk):
def _serialize_ed25519(vk): def _serialize_ed25519(vk):
return mpi((0x40 << 256) | return mpi((0x40 << 256) |
util.bytes2num(vk.to_bytes())) util.bytes2num(vk.encode(encoder=nacl.encoding.RawEncoder)))
def _compute_keygrip(params): def _compute_keygrip(params):
@@ -131,7 +132,7 @@ def keygrip_ed25519(vk):
['b', util.num2bytes(0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A, size=32)], # nopep8 ['b', util.num2bytes(0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A, size=32)], # nopep8
['g', util.num2bytes(0x04216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A6666666666666666666666666666666666666666666666666666666666666658, size=65)], # nopep8 ['g', util.num2bytes(0x04216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A6666666666666666666666666666666666666666666666666666666666666658, size=65)], # nopep8
['n', util.num2bytes(0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED, size=32)], # nopep8 ['n', util.num2bytes(0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED, size=32)], # nopep8
['q', vk.to_bytes()], ['q', vk.encode(encoder=nacl.encoding.RawEncoder)],
]) ])
@@ -144,7 +145,7 @@ def keygrip_curve25519(vk):
['b', b'\x01'], ['b', b'\x01'],
['g', util.num2bytes(0x04000000000000000000000000000000000000000000000000000000000000000920ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9, size=65)], # nopep8 ['g', util.num2bytes(0x04000000000000000000000000000000000000000000000000000000000000000920ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9, size=65)], # nopep8
['n', util.num2bytes(0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED, size=32)], # nopep8 ['n', util.num2bytes(0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED, size=32)], # nopep8
['q', vk.to_bytes()], ['q', vk.encode(encoder=nacl.encoding.RawEncoder)],
]) ])

10
libagent/gpg/tests/test_protocol.py
View File

@@ -1,5 +1,5 @@
import ecdsa import ecdsa
import ed25519 import nacl.signing
import pytest import pytest
from .. import protocol from .. import protocol
@@ -83,8 +83,8 @@ def test_nist256p1_ecdh():
def test_ed25519(): def test_ed25519():
sk = ed25519.SigningKey(b'\x00' * 32) sk = nacl.signing.SigningKey(b'\x00'*32, encoder=nacl.encoding.RawEncoder)
vk = sk.get_verifying_key() vk = sk.verify_key
pk = protocol.PublicKey(curve_name=formats.CURVE_ED25519, pk = protocol.PublicKey(curve_name=formats.CURVE_ED25519,
created=42, verifying_key=vk) created=42, verifying_key=vk)
assert repr(pk) == 'GPG public key ed25519/36B40FE6' assert repr(pk) == 'GPG public key ed25519/36B40FE6'
@@ -92,8 +92,8 @@ def test_ed25519():
def test_curve25519(): def test_curve25519():
sk = ed25519.SigningKey(b'\x00' * 32) sk = nacl.signing.SigningKey(b'\x00'*32, encoder=nacl.encoding.RawEncoder)
vk = sk.get_verifying_key() vk = sk.verify_key
pk = protocol.PublicKey(curve_name=formats.ECDH_CURVE25519, pk = protocol.PublicKey(curve_name=formats.ECDH_CURVE25519,
created=42, verifying_key=vk) created=42, verifying_key=vk)
assert repr(pk) == 'GPG public key curve25519/69460384' assert repr(pk) == 'GPG public key curve25519/69460384'

2
setup.py
View File

@@ -21,7 +21,7 @@ setup(
'ConfigArgParse>=0.12.1', 'ConfigArgParse>=0.12.1',
'python-daemon>=2.1.2', 'python-daemon>=2.1.2',
'ecdsa>=0.13', 'ecdsa>=0.13',
'ed25519>=1.4', 'pynacl>=1.4.0',
'mnemonic>=0.18', 'mnemonic>=0.18',
'pymsgbox>=1.0.6', 'pymsgbox>=1.0.6',
'semver>=2.2', 'semver>=2.2',