move verify_recover_pubkey from auth.py to chains.py

2022-09-15 14:33:56 -04:00 · 2022-09-15 14:33:56 -04:00 · d511ce24eb
commit d511ce24eb
parent 6eeb45ea11
3 changed files with 23 additions and 24 deletions
--- a/shared/auth.py
+++ b/shared/auth.py
@ -133,28 +133,6 @@ RFC_SIGNATURE_TEMPLATE = '''\
 -----END {blockchain} SIGNED MESSAGE-----
 '''

-def verify_recover_pubkey(sig, digest):
-    # verifies a message digest against a signature and recovers
-    # the address type and public key that did the signing
-    if len(sig) != 65:
-        raise ValueError('signature length != 65')
-
-    v = sig[0]
-    if 27 <= v <= 34:
-        af = AF_CLASSIC
-    elif 35 <= v <= 38:
-        af = AF_P2WPKH_P2SH
-    elif 39 <= v <= 42:
-        af = AF_P2WPKH
-    else:
-        raise ValueError('unsupported recovery id v=%s' % v)
-
-    try:
-        sig = ngu.secp256k1.signature(sig)
-        return af, sig.verify_recover(digest).to_bytes()
-    except:
-        raise ValueError('invalid signature')
-
 def sign_message_digest(digest, subpath, prompt):
    # do the signature itself!
    from glob import dis
--- a/shared/chains.py
+++ b/shared/chains.py
@ -363,4 +363,26 @@ CommonDerivations = [
 ]


+def verify_recover_pubkey(sig, digest):
+    # verifies a message digest against a signature and recovers
+    # the address type and public key that did the signing
+    if len(sig) != 65:
+        raise ValueError('signature length')
+
+    v = sig[0]
+    if 27 <= v <= 34:
+        af = AF_CLASSIC
+    elif 35 <= v <= 38:
+        af = AF_P2WPKH_P2SH
+    elif 39 <= v <= 42:
+        af = AF_P2WPKH
+    else:
+        raise ValueError('unsupported recovery: %d' % v)
+
+    try:
+        sig = ngu.secp256k1.signature(sig)
+        return af, sig.verify_recover(digest).to_bytes()
+    except:
+        raise ValueError('invalid signature')
+
 # EOF
--- a/shared/hsm.py
+++ b/shared/hsm.py
@ -16,7 +16,6 @@ from ubinascii import hexlify as b2a_hex
 from ubinascii import unhexlify as a2b_hex
 from files import CardSlot, CardMissingError
 from serializations import CTxOut
-from auth import verify_recover_pubkey

 # where we save policy/config
 POLICY_FNAME = '/flash/hsm-policy.json'
@ -347,7 +346,7 @@ class ApprovalRule:
                # we are verifying the whole consensus-encoded txout
                txo_bytes = CTxOut(o.amount, o.scriptpubkey).serialize()
                digest = chain.hash_message(txo_bytes)
-                addr_fmt, pubkey = verify_recover_pubkey(o.attestation, digest)
+                addr_fmt, pubkey = chains.verify_recover_pubkey(o.attestation, digest)
                # we have extracted a valid pubkey from the sig, but is it
                # a whitelisted pubkey or something else?
                ver_addr = chain.pubkey_to_address(pubkey, addr_fmt)