electrum

Electrum Bitcoin wallet
git clone https://git.parazyd.org/electrum
Log | Files | Refs | Submodules
commit 2ec19e752879c1446b28f0c47610fa6259972566
parent 58d131d7dd5ad78d55384edad6434a43ce1f16da
Author: ThomasV <thomasv@gitorious>
Date:   Fri, 31 Jul 2015 13:49:14 +0200

fix bugs with ecdsa/dnssec

Diffstat:

Mlib/dnssec.py | 17+++++++++--------


1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/dnssec.py b/lib/dnssec.py
@@ -60,8 +60,12 @@ Pure-Python version of dns.dnssec._validate_rsig
 Uses tlslite instead of PyCrypto
 """
 def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
-    from dns.dnssec import ValidationFailure, ECKeyWrapper, ECDSAP256SHA256, ECDSAP384SHA384
-    from dns.dnssec import _find_candidate_keys, _make_hash, _is_rsa, _to_rdata, _make_algorithm_id
+    from dns.dnssec import ValidationFailure, ECDSAP256SHA256, ECDSAP384SHA384
+    from dns.dnssec import _find_candidate_keys, _make_hash, _is_ecdsa, _is_rsa, _to_rdata, _make_algorithm_id
+
+    import ecdsa
+    from tlslite.utils.keyfactory import _createPublicRSAKey
+    from tlslite.utils.cryptomath import bytesToNumber
 
     if isinstance(origin, (str, unicode)):
         origin = dns.name.from_text(origin, dns.name.root)
@@ -89,8 +93,6 @@ def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
         hash = _make_hash(rrsig.algorithm)
 
         if _is_rsa(rrsig.algorithm):
-            from tlslite.utils.keyfactory import _createPublicRSAKey
-            from tlslite.utils.cryptomath import bytesToNumber
             keyptr = candidate_key.key
             (bytes,) = struct.unpack('!B', keyptr[0:1])
             keyptr = keyptr[1:]
@@ -121,9 +123,7 @@ def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
             y = ecdsa.util.string_to_number(keyptr[key_len:key_len * 2])
             assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y)
             point = ecdsa.ellipticcurve.Point(curve.curve, x, y, curve.order)
-            verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point,
-                                                                      curve)
-            pubkey = ECKeyWrapper(verifying_key, key_len)
+            verifying_key = ecdsa.keys.VerifyingKey.from_public_point(point, curve)
             r = rrsig.signature[:key_len]
             s = rrsig.signature[key_len:]
             sig = ecdsa.ecdsa.Signature(ecdsa.util.string_to_number(r),
@@ -158,7 +158,8 @@ def python_validate_rrsig(rrset, rrsig, keys, origin=None, now=None):
                 return
 
         elif _is_ecdsa(rrsig.algorithm):
-            if pubkey.verify(digest, sig):
+            diglong = ecdsa.util.string_to_number(digest)
+            if verifying_key.pubkey.verifies(diglong, sig):
                 return
 
         else: