gpg: add SLIP-0017 support for ECDH session key generation

8 years ago · fe4d9ed3c8
parent 092445af71
commit fe4d9ed3c8
2 changed files with 11 additions and 11 deletions
--- a/trezor_agent/client.py
+++ b/trezor_agent/client.py
@ -128,8 +128,8 @@ def identity_to_string(identity):
    return ''.join(result)


-def get_address(identity):
-    """Compute BIP32 derivation address for SignIdentity API."""
+def get_address(identity, ecdh=False):
+    """Compute BIP32 derivation address according to SLIP-0013/0017."""
    index = struct.pack('<L', identity.index)
    addr = index + identity_to_string(identity).encode('ascii')
    log.debug('address string: %r', addr)
@ -137,7 +137,8 @@ def get_address(identity):
    s = io.BytesIO(bytearray(digest))

    hardened = 0x80000000
-    address_n = [13] + list(util.recv(s, '<LLLL'))
+    addr_0 = [13, 17][bool(ecdh)]
+    address_n = [addr_0] + list(util.recv(s, '<LLLL'))
    return [(hardened | value) for value in address_n]


--- a/trezor_agent/gpg/encode.py
+++ b/trezor_agent/gpg/encode.py
@ -19,9 +19,9 @@ class HardwareSigner(object):
        self.identity.host = user_id
        self.curve_name = curve_name

-    def pubkey(self):
+    def pubkey(self, ecdh=False):
        """Return public key as VerifyingKey object."""
-        addr = client.get_address(self.identity)
+        addr = client.get_address(identity=self.identity, ecdh=ecdh)
        public_node = self.client_wrapper.connection.get_public_node(
            n=addr, ecdsa_curve_name=self.curve_name)

@ -42,14 +42,13 @@ class HardwareSigner(object):

    def ecdh(self, pubkey):
        """Derive shared secret using ECDH from remote public key."""
-        result = self.client_wrapper.connection.sign_identity(
+        result = self.client_wrapper.connection.get_ecdh_session_key(
            identity=self.identity,
-            challenge_hidden=pubkey,
-            challenge_visual=b'',
+            peer_public_key=pubkey,
            ecdsa_curve_name=self.curve_name)
-        assert len(result.signature) == 65
-        assert result.signature[:1] == b'\x04'
-        return result.signature
+        assert len(result.session_key) == 65
+        assert result.session_key[:1] == b'\x04'
+        return result.session_key

    def close(self):
        """Close the connection to the device."""