diff --git a/pisa/inspector.py b/pisa/inspector.py index 44ada80..609f5f9 100644 --- a/pisa/inspector.py +++ b/pisa/inspector.py @@ -3,7 +3,7 @@ from binascii import unhexlify import common.cryptographer from common.constants import LOCATOR_LEN_HEX -from common.cryptographer import Cryptographer +from common.cryptographer import Cryptographer, PublicKey from pisa import errors, LOG_PREFIX from common.logger import Logger @@ -337,14 +337,14 @@ class Inspector: @staticmethod # Verifies that the appointment signature is a valid signature with public key - def check_appointment_signature(appointment_data, signature, pk_der): + def check_appointment_signature(appointment_data, signature, pk): """ Checks if the provided user signature is correct. Args: appointment_data (:obj:`dict`): the appointment that was signed by the user. signature (:obj:`str`): the user's signature (hex encoded). - pk_der (:obj:`str`): the user's public key (hex encoded, DER format). + pk (:obj:`str`): the user's public key (hex encoded). Returns: :obj:`tuple`: A tuple (return code, message) as follows: @@ -363,13 +363,19 @@ class Inspector: rcode = errors.APPOINTMENT_EMPTY_FIELD message = "empty signature received" - elif pk_der is None: + elif pk is None: rcode = errors.APPOINTMENT_EMPTY_FIELD message = "empty public key received" + elif re.match(r"^[0-9A-Fa-f]{66}$", pk) is None: + rcode = errors.APPOINTMENT_WRONG_FIELD + message = "public key must be a hex encoded 33-byte long value" + else: - pk = Cryptographer.load_public_key_der(unhexlify(pk_der)) - valid_sig = Cryptographer.verify(Appointment.from_dict(appointment_data).serialize(), signature, pk) + appointment = Appointment.from_dict(appointment_data) + rpk = Cryptographer.recover_pk(appointment.serialize(), signature) + pk = PublicKey(unhexlify(pk)) + valid_sig = Cryptographer.verify_rpk(pk, rpk) if not valid_sig: rcode = errors.APPOINTMENT_INVALID_SIGNATURE diff --git a/test/pisa/unit/test_inspector.py b/test/pisa/unit/test_inspector.py index 2cf7c54..087706a 100644 --- a/test/pisa/unit/test_inspector.py +++ b/test/pisa/unit/test_inspector.py @@ -1,8 +1,4 @@ -from binascii import hexlify, unhexlify - -from cryptography.hazmat.backends import default_backend -from cryptography.hazmat.primitives.asymmetric import ec -from cryptography.hazmat.primitives import serialization +from binascii import unhexlify from pisa.errors import * from pisa.inspector import Inspector @@ -176,17 +172,14 @@ def test_check_blob(): def test_check_appointment_signature(): # The inspector receives the public key as hex client_sk, client_pk = generate_keypair() - client_pk_der = client_pk.public_bytes( - encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo - ) - client_pk_hex = hexlify(client_pk_der).decode("utf-8") + client_pk_hex = client_pk.format().hex() dummy_appointment_data, _ = generate_dummy_appointment_data(real_height=False) assert Inspector.check_appointment_signature( dummy_appointment_data["appointment"], dummy_appointment_data["signature"], dummy_appointment_data["public_key"] ) - fake_sk = ec.generate_private_key(ec.SECP256K1, default_backend()) + fake_sk, _ = generate_keypair() # Create a bad signature to make sure inspector rejects it bad_signature = Cryptographer.sign( @@ -203,10 +196,7 @@ def test_inspect(run_bitcoind): # appointments. client_sk, client_pk = generate_keypair() - client_pk_der = client_pk.public_bytes( - encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo - ) - client_pk_hex = hexlify(client_pk_der).decode("utf-8") + client_pk_hex = client_pk.format().hex() # Valid appointment locator = get_random_value_hex(LOCATOR_LEN_BYTES)