Moved verify to utils; implemented it in Character.verify_from. Awesome cleanup. Fixes #99.

2017-11-05 20:30:34 -08:00 · 2017-11-05 20:30:34 -08:00 · ae7683478b
parent c85acc3675
commit ae7683478b
4 changed files with 11 additions and 14 deletions
--- a/nkms/characters.py
+++ b/nkms/characters.py
@ -8,6 +8,7 @@ from nkms.crypto import api as API
 from nkms.crypto.api import secure_random
 from nkms.crypto.constants import NOT_SIGNED, NO_DECRYPTION_PERFORMED
 from nkms.crypto.powers import CryptoPower, SigningPower, EncryptingPower
+from nkms.crypto.utils import verify
 from nkms.network import blockchain_client
 from nkms.network.blockchain_client import list_all_ursulas
 from nkms.network.server import NuCypherDHTServer, NuCypherSeedOnlyDHTServer
@ -138,18 +139,14 @@ class Character(object):
        if signature_is_on_cleartext:
            if decrypt:
                cleartext = self._crypto_power.decrypt(message)
-                msg_digest = API.keccak_digest(cleartext)
+                message = cleartext
            else:
                raise ValueError(
                    "Can't look for a signature on the cleartext if we're not decrypting.")
-        else:
-            msg_digest = API.keccak_digest(message)

        actor = self._lookup_actor(actor_whom_sender_claims_to_be)
-        signature_pub_key = actor.seal

-        sig = API.ecdsa_load_sig(signature)
-        return API.ecdsa_verify(*sig, msg_digest, signature_pub_key), cleartext
+        return verify(signature, message, actor.seal), cleartext

    def _lookup_actor(self, actor: "Character"):
        try:
--- a/nkms/crypto/_alpha.py
+++ b/nkms/crypto/_alpha.py
@ -1,6 +0,0 @@
-from nkms.crypto import api
-
-def verify(signature, message, pubkey):
-    msg_digest = api.keccak_digest(message)
-    ecdsa_sig = api.ecdsa_load_sig(signature)
-    return api.ecdsa_verify(*ecdsa_sig, msg_digest, pubkey)
--- a/nkms/crypto/utils.py
+++ b/nkms/crypto/utils.py
@ -0,0 +1,6 @@
+from nkms.crypto import api
+
+def verify(signature: bytes, message: bytes, pubkey: bytes) -> bool:
+    msg_digest = api.keccak_digest(message)
+    ecdsa_sig = api.ecdsa_load_sig(signature)
+    return api.ecdsa_verify(*ecdsa_sig, msg_digest, pubkey)
--- a/nkms/network/protocols.py
+++ b/nkms/network/protocols.py
@ -6,7 +6,7 @@ from kademlia.utils import digest
 from nkms.network.constants import NODE_HAS_NO_STORAGE
 from nkms.network.node import NuCypherNode
 from nkms.network.routing import NuCypherRoutingTable
-from nkms.crypto import api as API, _alpha
+from nkms.crypto import api as API, utils


 class NuCypherHashProtocol(KademliaProtocol):
@ -45,7 +45,7 @@ class NuCypherHashProtocol(KademliaProtocol):
        if value.startswith(b"uaddr"):
            signature, ursula_pubkey_sig, interface_info = msgpack.loads(value.lstrip(b"uaddr-"))
            proper_key = digest(ursula_pubkey_sig)
-            verified = _alpha.verify(signature, interface_info, ursula_pubkey_sig)
+            verified = utils.verify(signature, interface_info, ursula_pubkey_sig)
            if not verified or not proper_key == key:
                # TODO: What exactly to do in this scenario?
                self.log.warning("Possible Vladimir detected - tried to set incorrect Ursula interface key.")