BTCPrivate
/
electrum-bitcoinprivate
mirror of https://github.com/BTCPrivate/electrum-bitcoinprivate.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix bugs with ecdsa/dnssec

This commit is contained in:
ThomasV 2015-07-31 13:49:14 +02:00
parent 58d131d7dd
commit 2ec19e7528
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/dnssec.py
View File

@ -60,8 +60,12 @@ Pure-Python version of dns.dnssec._validate_rsig
Uses tlslite instead of PyCrypto
"""
def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
from dns.dnssec import ValidationFailure, ECKeyWrapper, ECDSAP256SHA256, ECDSAP384SHA384
from dns.dnssec import _find_candidate_keys, _make_hash, _is_rsa, _to_rdata, _make_algorithm_id
from dns.dnssec import ValidationFailure, ECDSAP256SHA256, ECDSAP384SHA384
from dns.dnssec import _find_candidate_keys, _make_hash, _is_ecdsa, _is_rsa, _to_rdata, _make_algorithm_id
import ecdsa
from tlslite.utils.keyfactory import _createPublicRSAKey
from tlslite.utils.cryptomath import bytesToNumber
if isinstance(origin, (str, unicode)):
origin = dns.name.from_text(origin, dns.name.root)
@ -89,8 +93,6 @@ def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
hash = _make_hash(rrsig.algorithm)
if _is_rsa(rrsig.algorithm):
from tlslite.utils.keyfactory import _createPublicRSAKey
from tlslite.utils.cryptomath import bytesToNumber
keyptr = candidate_key.key
(bytes,) = struct.unpack('!B', keyptr[0:1])
keyptr = keyptr[1:]
@ -121,9 +123,7 @@ def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
y = ecdsa.util.string_to_number(keyptr[key_len:key_len * 2])
assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)
point = ecdsa.ellipticcurve.Point(curve.curve, x, y, curve.order)
verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point,
curve)
pubkey = ECKeyWrapper(verifying_key, key_len)
verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point, curve)
r = rrsig.signature[:key_len]
s = rrsig.signature[key_len:]
sig = ecdsa.ecdsa.Signature(ecdsa.util.string_to_number(r),
@ -158,7 +158,8 @@ def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
return
elif _is_ecdsa(rrsig.algorithm):
if pubkey.verify(digest, sig):
diglong = ecdsa.util.string_to_number(digest)
if verifying_key.pubkey.verifies(diglong, sig):
return
else: