trezor: reorg some code

2026-02-07 18:08:03 +08:00 · 2015-06-16 10:04:02 +03:00
parent c3c875eb3e
commit 6fb49e025d
1 changed files with 19 additions and 22 deletions
--- a/sshagent/trezor.py
+++ b/sshagent/trezor.py
@@ -11,24 +11,9 @@ from . import formats
 import logging
 log = logging.getLogger(__name__)

-def label_addr(ident):
-    index = '\x00' * 4
-    addr = index + '{}://{}'.format(ident.proto, ident.host)
-    h = bytearray(formats.hashfunc(addr).digest())
-
-    address_n = [0] * 5
-    address_n[0] = 13
-    address_n[1] = h[0] | (h[1] << 8) | (h[2] << 16) | (h[3] << 24)
-    address_n[2] = h[4] | (h[5] << 8) | (h[6] << 16) | (h[7] << 24)
-    address_n[3] = h[8] | (h[9] << 8) | (h[10] << 16) | (h[11] << 24)
-    address_n[4] = h[12] | (h[13] << 8) | (h[14] << 16) | (h[15] << 24)
-    return [-x for x in address_n]  # prime each address component
-

 class Client(object):

-    proto = 'ssh'
-
    def __init__(self):
        devices = HidTransport.enumerate()
        if len(devices) != 1:
@@ -47,18 +32,15 @@ class Client(object):
    def close(self):
        self.client.close()

-    def _get_identity(self, label):
-        return IdentityType(host=label, proto=self.proto)
-
    def get_public_key(self, label):
-        addr = label_addr(self._get_identity(label))
+        addr = _get_address(_get_identity(label))
        log.info('getting %r SSH public key from Trezor...', label)
        node = self.client.get_public_node(addr)
        return node.node.public_key

    def sign_ssh_challenge(self, label, blob):
-        ident = self._get_identity(label)
-        msg = parse_ssh_blob(blob)
+        ident = _get_identity(label)
+        msg = _parse_ssh_blob(blob)
        request = 'user: "{user}"'.format(**msg)

        log.info('confirm %s connection to %r using Trezor...',
@@ -66,12 +48,27 @@ class Client(object):
        s = self.client.sign_identity(identity=ident,
                                      challenge_hidden=blob,
                                      challenge_visual=request)
+        assert len(s.signature) == 64
        r = util.bytes2num(s.signature[:32])
        s = util.bytes2num(s.signature[32:])
        return (r, s)


-def parse_ssh_blob(data):
+def _get_identity(label, proto='ssh'):
+        return IdentityType(host=label, proto=proto)
+
+
+def _get_address(ident):
+    index = '\x00' * 4
+    addr = index + '{}://{}'.format(ident.proto, ident.host)
+    digest = formats.hashfunc(addr).digest()
+    s = io.BytesIO(bytearray(digest))
+
+    address_n = [13] + list(util.recv(s, '<LLLL'))
+    return [-a for a in address_n]  # prime each address component
+
+
+def _parse_ssh_blob(data):
    res = {}
    if data:
        i = io.BytesIO(data)