gpg: allow Curve25519 for ECDH

8 years ago · d236f4667e
parent 42813ddbb4
commit d236f4667e
3 changed files with 15 additions and 7 deletions
--- a/trezor_agent/gpg/agent.py
+++ b/trezor_agent/gpg/agent.py
@ -92,11 +92,7 @@ def pkdecrypt(keygrip, conn):
    pubkey, conn = encode.load_from_public_key(pubkey_dict=local_pubkey)
    with contextlib.closing(conn):
        assert pubkey.keygrip == binascii.unhexlify(keygrip)
-        shared_secret = conn.ecdh(remote_pubkey)
-
-    assert len(shared_secret) == 65
-    assert shared_secret[:1] == b'\x04'
-    return _serialize_point(shared_secret)
+        return _serialize_point(conn.ecdh(remote_pubkey))


 def handle_connection(conn):
--- a/trezor_agent/gpg/device.py
+++ b/trezor_agent/gpg/device.py
@ -45,7 +45,7 @@ class HardwareSigner(object):
            identity=self.identity,
            peer_public_key=pubkey,
            ecdsa_curve_name=formats.get_ecdh_curve_name(self.curve_name))
-        assert len(result.session_key) == 65
+        assert len(result.session_key) in {65, 33}  # NIST256 or Curve25519
        assert result.session_key[:1] == b'\x04'
        return result.session_key

--- a/trezor_agent/gpg/protocol.py
+++ b/trezor_agent/gpg/protocol.py
@ -128,6 +128,18 @@ def _keygrip_ed25519(vk):
    ])


+def _keygrip_curve25519(vk):
+    # pylint: disable=line-too-long
+    return _compute_keygrip([
+        ['p', util.num2bytes(0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED, size=32)],  # nopep8
+        ['a', b'\x01\xDB\x41'],
+        ['b', b'\x01'],
+        ['g', util.num2bytes(0x04000000000000000000000000000000000000000000000000000000000000000920ae19a1b8a086b4e01edd2c7748d14c923d4d7e6d7c61b229e9c5a27eced3d9, size=65)],  # nopep8
+        ['n', util.num2bytes(0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED, size=32)],  # nopep8
+        ['q', vk.to_bytes()],
+    ])
+
+
 SUPPORTED_CURVES = {
    formats.CURVE_NIST256: {
        # https://tools.ietf.org/html/rfc6637#section-11
@ -146,7 +158,7 @@ SUPPORTED_CURVES = {
        'oid': b'\x2B\x06\x01\x04\x01\x97\x55\x01\x05\x01',
        'algo_id': 18,
        'serialize': _serialize_ed25519,
-        'keygrip': _keygrip_ed25519,
+        'keygrip': _keygrip_curve25519,
    },
 }