Usage of newer ecsda package #512
Conversation
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
There was a problem hiding this comment.
Reviewed 3 of 7 files at r1, all commit messages.
Reviewable status: 3 of 7 files reviewed, 9 unresolved discussions (waiting on @codeclimate[bot] and @gstarovo)
.github/workflows/ci.yml line 8 at r1 (raw file):
- master - tlslite-ng-0.7 - ecc_changes
this will need to be removed from the final PR
tlslite/keyexchange.py line 751 at r1 (raw file):
key = kex.get_random_private_key() if isinstance(key, ecdsa.keys.SigningKey): ecdhXc = bytesToNumber(key.to_string())
if it's a SigningKey we shouldn't change it to numbers, the ECDHKeyExchange needs to accept inputs that are both SigningKey and a number (so that it works with tlsfuzzer), but the rest of tlslite-ng should expect that the private keys are the SigningKey object, not an int
tlslite/keyexchange.py line 1031 at r1 (raw file):
writer = Writer() writer.add(4, 1) writer.bytes += point.to_bytes()
point.to_bytes('uncompressed') will do the proper format and won't require using a Writer()
unit_tests/test_tlslite_keyexchange.py line 1959 at r1 (raw file):
abstractPoint[1]) point = generator * cln_Xc
nit: whitespace
There was a problem hiding this comment.
Reviewed 3 of 7 files at r1, 2 of 3 files at r3, 1 of 1 files at r4, all commit messages.
Reviewable status: all files reviewed, 12 unresolved discussions (waiting on @gstarovo)
.github/workflows/ci.yml line 8 at r1 (raw file):
Previously, tomato42 (Hubert Kario) wrote…
this will need to be removed from the final PR
I was referring to the ecc_changes line, not to the whole branches section
tlslite/keyexchange.py line 25 at r4 (raw file):
X448_ORDER_SIZE from .utils.compat import int_types from .utils.codec import DecodeError, Writer
Writer is unused now, isn't it?
tlslite/keyexchange.py line 1051 at r4 (raw file):
try: abstractPoint = ecdsa.ellipticcurve.AbstractPoint() point = abstractPoint.from_bytes(curve.curve, peer_share)
no, we should use VerifyingKey.from_string() here, or better yet ecdsa.ecdh.ECDH.load_received_public_key_bytes()
tlslite/keyexchange.py line 1057 at r4 (raw file):
raise TLSIllegalParameterException("Invalid ECC point") S = ecdhYc * private
and if we use ECDH class, we can use generate_sharedsecret_bytes()
tlslite/tlsconnection.py line 1186 at r2 (raw file):
private = bytesToNumber(key.to_string()) else: private = key
why we need those changes?
There was a problem hiding this comment.
Reviewed 3 of 3 files at r6, all commit messages.
Reviewable status: all files reviewed, 11 unresolved discussions (waiting on @gstarovo)
tlslite/keyexchange.py line 1027 at r6 (raw file):
"""Calculate public value for given private key.""" if isinstance(private, ecdsa.keys.SigningKey): private = bytesToNumber(private.to_string())
why not return private.verifying_key.to_string('uncompressed')?
tlslite/keyexchange.py line 1055 at r6 (raw file):
ecdhYc = ecdsa.ellipticcurve.Point( curve.curve, point[0], point[1])
nit: whitespace
tlslite/keyexchange.py line 1063 at r6 (raw file):
return bytearray(ecdh.generate_sharedsecret_bytes()) if isinstance(private, ecdsa.keys.SigningKey): private = bytesToNumber(private.to_string())
the above two lines will never execute...
There was a problem hiding this comment.
Reviewed 1 of 1 files at r7, all commit messages.
Reviewable status: all files reviewed, 6 unresolved discussions (waiting on @gstarovo)
|
looks good, thanks! |
fixes #373
This change is