From a114242243b065fc2109d826329dc56c19e30895 Mon Sep 17 00:00:00 2001
From: Roman Zeyde <romanzeyde@google.com>
Date: Sun, 24 Apr 2016 10:33:29 +0300
Subject: [PATCH] gpg: small fixes before merging to master

---
 trezor_agent/gpg/decode.py | 63 ++++++++++++++++++++------------------
 trezor_agent/gpg/signer.py | 16 +++++-----
 trezor_agent/util.py       |  4 +--
 3 files changed, 44 insertions(+), 39 deletions(-)

diff --git a/trezor_agent/gpg/decode.py b/trezor_agent/gpg/decode.py
index 9eb7778..726b9e4 100644
--- a/trezor_agent/gpg/decode.py
+++ b/trezor_agent/gpg/decode.py
@@ -89,9 +89,38 @@ def split_bits(value, *bits):
     assert value == 0
     return reversed(result)
 
+
+def _parse_nist256p1_verifier(mpi):
+    prefix, x, y = split_bits(mpi, 4, 256, 256)
+    assert prefix == 4
+    point = ecdsa.ellipticcurve.Point(curve=ecdsa.NIST256p.curve,
+                                      x=x, y=y)
+    vk = ecdsa.VerifyingKey.from_public_point(
+        point=point, curve=ecdsa.curves.NIST256p,
+        hashfunc=hashlib.sha256)
+
+    def _nist256p1_verify(signature, digest):
+        vk.verify_digest(signature=signature,
+                         digest=digest,
+                         sigdecode=lambda rs, order: rs)
+    return _nist256p1_verify
+
+
+def _parse_ed25519_verifier(mpi):
+    prefix, value = split_bits(mpi, 8, 256)
+    assert prefix == 0x40
+    vk = ed25519.VerifyingKey(num2bytes(value, size=32))
+
+    def _ed25519_verify(signature, digest):
+        sig = b''.join(num2bytes(val, size=32)
+                       for val in signature)
+        vk.verify(sig, digest)
+    return _ed25519_verify
+
+
 SUPPORTED_CURVES = {
-    b'\x2A\x86\x48\xCE\x3D\x03\x01\x07': 'nist256p1',
-    b'\x2B\x06\x01\x04\x01\xDA\x47\x0F\x01': 'ed25519',
+    b'\x2A\x86\x48\xCE\x3D\x03\x01\x07': _parse_nist256p1_verifier,
+    b'\x2B\x06\x01\x04\x01\xDA\x47\x0F\x01': _parse_ed25519_verifier,
 }
 
 
@@ -177,37 +206,11 @@ class Parser(object):
             oid_size = stream.readfmt('B')
             oid = stream.read(oid_size)
             assert oid in SUPPORTED_CURVES
-            curve_name = SUPPORTED_CURVES[oid]
+            parser = SUPPORTED_CURVES[oid]
 
             mpi = parse_mpi(stream)
             log.debug('mpi: %x (%d bits)', mpi, mpi.bit_length())
-            if curve_name == 'nist256p1':
-                prefix, x, y = split_bits(mpi, 4, 256, 256)
-                assert prefix == 4
-                point = ecdsa.ellipticcurve.Point(curve=ecdsa.NIST256p.curve,
-                                                  x=x, y=y)
-                vk = ecdsa.VerifyingKey.from_public_point(
-                    point=point, curve=ecdsa.curves.NIST256p,
-                    hashfunc=hashlib.sha256)
-
-                def _nist256p1_verify(signature, digest):
-                    vk.verify_digest(signature=signature,
-                                     digest=digest,
-                                     sigdecode=lambda rs, order: rs)
-                p['verifier'] = _nist256p1_verify
-            elif curve_name == 'ed25519':
-                prefix, value = split_bits(mpi, 8, 256)
-                assert prefix == 0x40
-                vk = ed25519.VerifyingKey(num2bytes(value, size=32))
-
-                def _ed25519_verify(signature, digest):
-                    sig = b''.join(num2bytes(val, size=32)
-                                   for val in signature)
-                    vk.verify(sig, digest)
-                p['verifier'] = _ed25519_verify
-            else:
-                raise ValueError('unsupported curve {}'.format(curve_name))
-
+            p['verifier'] = parser(mpi)
             assert not stream.read()
 
         # https://tools.ietf.org/html/rfc4880#section-12.2
diff --git a/trezor_agent/gpg/signer.py b/trezor_agent/gpg/signer.py
index 986b947..4480615 100755
--- a/trezor_agent/gpg/signer.py
+++ b/trezor_agent/gpg/signer.py
@@ -216,12 +216,11 @@ class Signer(object):
             ecdsa_curve_name=self.curve_name)
         assert result.signature[:1] == b'\x00'
         sig = result.signature[1:]
-        sig = [util.bytes2num(sig[:32]),
-               util.bytes2num(sig[32:])]
+        sig = mpi(util.bytes2num(sig[:32])) + mpi(util.bytes2num(sig[32:]))
 
-        hash_prefix = digest[:2]  # used for decoder's sanity check
-        signature = mpi(sig[0]) + mpi(sig[1])  # actual ECDSA signature
-        return header + hashed + unhashed + hash_prefix + signature
+        return (header + hashed + unhashed +
+                digest[:2] +  # used for decoder's sanity check
+                sig)  # actual ECDSA signature
 
 
 def split_lines(body, size):
@@ -240,9 +239,12 @@ def armor(blob, type_str):
 
 
 def load_from_gpg(user_id):
-    log.info('loading public key %r from local GPG keyring', user_id)
     pubkey_bytes = subprocess.check_output(['gpg2', '--export', user_id])
-    return decode.load_public_key(io.BytesIO(pubkey_bytes))
+    if pubkey_bytes:
+        return decode.load_public_key(io.BytesIO(pubkey_bytes))
+    else:
+        log.error('could not find public key %r in local GPG keyring', user_id)
+        raise KeyError(user_id)
 
 
 def main():
diff --git a/trezor_agent/util.py b/trezor_agent/util.py
index 822dbe7..350114b 100644
--- a/trezor_agent/util.py
+++ b/trezor_agent/util.py
@@ -78,8 +78,8 @@ def frame(*msgs):
 
 
 def crc24(blob):
-    CRC24_INIT = 0xB704CEL
-    CRC24_POLY = 0x1864CFBL
+    CRC24_INIT = 0x0B704CE
+    CRC24_POLY = 0x1864CFB
 
     crc = CRC24_INIT
     for octet in bytearray(blob):