From 79b6d31dfe8bba5c3f27c5f3a011e5a658d87400 Mon Sep 17 00:00:00 2001 From: Roman Zeyde Date: Mon, 17 Oct 2016 10:53:43 +0300 Subject: [PATCH] gpg: raise proper exception when keygrip mismatch is detected --- trezor_agent/gpg/agent.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/trezor_agent/gpg/agent.py b/trezor_agent/gpg/agent.py index 8eae332..36679e8 100644 --- a/trezor_agent/gpg/agent.py +++ b/trezor_agent/gpg/agent.py @@ -37,6 +37,11 @@ def sig_encode(r, s): return '(7:sig-val(5:ecdsa(1:r32:{})(1:s32:{})))'.format(r, s) +def _verify_keygrip(expected, actual): + if expected != actual: + raise KeyError('Keygrip mismatch: {!r} != {!r}', expected, actual) + + def pksign(keygrip, digest, algo): """Sign a message digest using a private EC key.""" assert algo == '8', 'Unsupported hash algorithm ID {}'.format(algo) @@ -46,7 +51,7 @@ def pksign(keygrip, digest, algo): use_custom=True, ecdh=False) pubkey, conn = encode.load_from_public_key(pubkey_dict=pubkey_dict) with contextlib.closing(conn): - assert pubkey.keygrip == binascii.unhexlify(keygrip) + _verify_keygrip(pubkey.keygrip, binascii.unhexlify(keygrip)) r, s = conn.sign(binascii.unhexlify(digest)) result = sig_encode(r, s) log.debug('result: %r', result) @@ -91,7 +96,7 @@ def pkdecrypt(keygrip, conn): use_custom=True, ecdh=True) pubkey, conn = encode.load_from_public_key(pubkey_dict=local_pubkey) with contextlib.closing(conn): - assert pubkey.keygrip == binascii.unhexlify(keygrip) + _verify_keygrip(pubkey.keygrip, binascii.unhexlify(keygrip)) return _serialize_point(conn.ecdh(remote_pubkey))