gpg: load correct key if ECDH is requested

8 years ago · d9fbfccd35
parent fe4d9ed3c8
commit d9fbfccd35
3 changed files with 7 additions and 6 deletions
--- a/trezor_agent/gpg/agent.py
+++ b/trezor_agent/gpg/agent.py
@ -41,7 +41,7 @@ def pksign(keygrip, digest, algo):
    assert algo == '8'
    pubkey_dict = decode.load_public_key(
        pubkey_bytes=keyring.export_public_key(user_id=None),
-        use_custom=True)
+        use_custom=True, ecdh=False)
    pubkey, conn = encode.load_from_public_key(pubkey_dict=pubkey_dict)
    with contextlib.closing(conn):
        assert pubkey.keygrip == binascii.unhexlify(keygrip)
@ -85,7 +85,7 @@ def pkdecrypt(keygrip, conn):

    local_pubkey = decode.load_public_key(
        pubkey_bytes=keyring.export_public_key(user_id=None),
-        use_custom=True)
+        use_custom=True, ecdh=True)
    pubkey, conn = encode.load_from_public_key(pubkey_dict=local_pubkey)
    with contextlib.closing(conn):
        assert pubkey.keygrip == binascii.unhexlify(keygrip)
--- a/trezor_agent/gpg/decode.py
+++ b/trezor_agent/gpg/decode.py
@ -268,7 +268,7 @@ def digest_packets(packets):
    return hashlib.sha256(data_to_hash.getvalue()).digest()


-def load_public_key(pubkey_bytes, use_custom=False):
+def load_public_key(pubkey_bytes, use_custom=False, ecdh=False):
    """Parse and validate GPG public key from an input stream."""
    stream = io.BytesIO(pubkey_bytes)
    packets = list(parse_packets(util.Reader(stream)))
@ -288,8 +288,9 @@ def load_public_key(pubkey_bytes, use_custom=False):
    packet = pubkey
    while use_custom:
        if packet['type'] in ('pubkey', 'subkey') and signature['_is_custom']:
-            log.debug('found custom %s', packet['type'])
-            break
+            if ecdh == (packet['algo'] == proto.ECDH_ALGO_ID):
+                log.debug('found custom %s', packet['type'])
+                break

        packet, signature = packets[:2]
        packets = packets[2:]
--- a/trezor_agent/gpg/encode.py
+++ b/trezor_agent/gpg/encode.py
@ -202,7 +202,7 @@ def load_from_public_key(pubkey_dict):
    conn = HardwareSigner(user_id, curve_name=curve_name)
    pubkey = proto.PublicKey(
        curve_name=curve_name, created=created,
-        verifying_key=conn.pubkey(), ecdh=ecdh)
+        verifying_key=conn.pubkey(ecdh=ecdh), ecdh=ecdh)
    assert pubkey.key_id() == pubkey_dict['key_id']
    log.info('%s created at %s for "%s"',
             pubkey, _time_format(pubkey.created), user_id)