tfix bugs with ecdsa/dnssec - electrum - Electrum Bitcoin wallet
HTML git clone https://git.parazyd.org/electrum
DIR Log
DIR Files
DIR Refs
DIR Submodules
---
DIR commit 2ec19e752879c1446b28f0c47610fa6259972566
DIR parent 58d131d7dd5ad78d55384edad6434a43ce1f16da
HTML Author: ThomasV <thomasv@gitorious>
Date: Fri, 31 Jul 2015 13:49:14 +0200
fix bugs with ecdsa/dnssec
Diffstat:
M lib/dnssec.py | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
---
DIR diff --git a/lib/dnssec.py b/lib/dnssec.py
t@@ -60,8 +60,12 @@ Pure-Python version of dns.dnssec._validate_rsig
Uses tlslite instead of PyCrypto
"""
def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
- from dns.dnssec import ValidationFailure, ECKeyWrapper, ECDSAP256SHA256, ECDSAP384SHA384
- from dns.dnssec import _find_candidate_keys, _make_hash, _is_rsa, _to_rdata, _make_algorithm_id
+ from dns.dnssec import ValidationFailure, ECDSAP256SHA256, ECDSAP384SHA384
+ from dns.dnssec import _find_candidate_keys, _make_hash, _is_ecdsa, _is_rsa, _to_rdata, _make_algorithm_id
+
+ import ecdsa
+ from tlslite.utils.keyfactory import _createPublicRSAKey
+ from tlslite.utils.cryptomath import bytesToNumber
if isinstance(origin, (str, unicode)):
origin = dns.name.from_text(origin, dns.name.root)
t@@ -89,8 +93,6 @@ def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
hash = _make_hash(rrsig.algorithm)
if _is_rsa(rrsig.algorithm):
- from tlslite.utils.keyfactory import _createPublicRSAKey
- from tlslite.utils.cryptomath import bytesToNumber
keyptr = candidate_key.key
(bytes,) = struct.unpack('!B', keyptr[0:1])
keyptr = keyptr[1:]
t@@ -121,9 +123,7 @@ def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
y = ecdsa.util.string_to_number(keyptr[key_len:key_len * 2])
assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)
point = ecdsa.ellipticcurve.Point(curve.curve, x, y, curve.order)
- verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point,
- curve)
- pubkey = ECKeyWrapper(verifying_key, key_len)
+ verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point, curve)
r = rrsig.signature[:key_len]
s = rrsig.signature[key_len:]
sig = ecdsa.ecdsa.Signature(ecdsa.util.string_to_number(r),
t@@ -158,7 +158,8 @@ def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
return
elif _is_ecdsa(rrsig.algorithm):
- if pubkey.verify(digest, sig):
+ diglong = ecdsa.util.string_to_number(digest)
+ if verifying_key.pubkey.verifies(diglong, sig):
return
else: