lili/amodem
1
0
Fork 0
mirror of https://github.com/romanz/amodem.git synced 2026-04-19 20:55:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

trezor: fixup sign_identity API

Browse Source
This commit is contained in:
Roman Zeyde
2015-07-22 14:30:36 +03:00
parent 362c2870ad
commit cf572c7417
1 changed files with 29 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
sshagent/trezor.py
View File

@@ -80,7 +80,8 @@ class Client(object):
challenge_hidden=blob, challenge_hidden=blob,
challenge_visual=visual, challenge_visual=visual,
ecdsa_curve_name=self.curve_name) ecdsa_curve_name=self.curve_name)
public_key_blob = formats.decompress_pubkey(result.public_key) verifying_key = formats.decompress_pubkey(result.public_key)
public_key_blob = formats.serialize_verifying_key(verifying_key)
assert public_key_blob == msg['public_key']['blob'] assert public_key_blob == msg['public_key']['blob']
assert len(result.signature) == 65 assert len(result.signature) == 65
assert result.signature[0] == b'\x00' assert result.signature[0] == b'\x00'
@@ -91,36 +92,49 @@ class Client(object):
return (r, s) return (r, s)
def sign_identity(self, identity, expected_address=None): def sign_identity(self, identity, expected_address=None):
from bitcoin import pubkey_to_address
visual = time.strftime('%d/%m/%y %H:%M:%S') visual = time.strftime('%d/%m/%y %H:%M:%S')
hidden = os.urandom(64) hidden = os.urandom(64)
identity = self.get_identity(identity) identity = self.get_identity(identity)
node = self.client.get_public_node(_get_address(identity))
address = pubkey_to_address(node.node.public_key)
log.info('address: %s', address)
if expected_address:
assert expected_address == address
result = self.client.sign_identity(identity=identity, result = self.client.sign_identity(identity=identity,
challenge_hidden=hidden, challenge_hidden=hidden,
challenge_visual=visual) challenge_visual=visual)
msg = sha256sum(hidden) + sha256sum(visual) assert address == result.address
assert node.node.public_key == result.public_key
sig = result.signature[1:] sig = result.signature[1:]
log.debug('verifying signature for address %s', result.address)
if expected_address:
assert expected_address == result.address
curve = formats.ecdsa.SECP256k1 curve = formats.ecdsa.SECP256k1
verifying_key = formats.decompress_pubkey(result.public_key, verifying_key = formats.decompress_pubkey(result.public_key,
curve=curve) curve=curve)
from bitcoin import electrum_sig_hash digest = message_digest(hidden=hidden, visual=visual)
from bitcoin import pubkey_to_address log.debug('digest: %s', binascii.hexlify(digest))
assert pubkey_to_address(result.public_key) == result.address signature = (util.bytes2num(sig[:32]),
util.bytes2num(sig[32:]))
log.debug('signature: %s', signature)
success = verifying_key.verify_digest(signature=signature,
digest=digest,
sigdecode=lambda sig, _: sig)
if not success:
raise ValueError('invalid signature')
digest = electrum_sig_hash(msg) log.info('signature: OK')
r = util.bytes2num(sig[:32])
s = util.bytes2num(sig[32:])
verifying_key.verify_digest(signature=(r, s), digest=digest,
sigdecode=lambda sig, _: sig)
def sha256sum(data): def message_digest(hidden, visual):
return formats.hashfunc(data).digest() from bitcoin import electrum_sig_hash
hashfunc = lambda data: formats.hashfunc(data).digest()
return electrum_sig_hash(hashfunc(hidden) + hashfunc(visual))
_identity_regexp = re.compile(''.join([ _identity_regexp = re.compile(''.join([