Merge pull request secure-systems-lab#793 from jku/update-vendors

ed25519: Update vendored copy
lukpueh · Apr 23, 2024 · 34a4295 · 34a4295
2 parents 433c42f + d88ebb9
commit 34a4295
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 41 deletions.
diff --git a/securesystemslib/_vendor/ed25519/ed25519.py b/securesystemslib/_vendor/ed25519/ed25519.py
@@ -31,31 +31,11 @@
 """
 
 import hashlib
-import operator
-import sys
 
 
 __version__ = "1.0.dev0"
 
 
-# Useful for very coarse version differentiation.
-PY3 = sys.version_info[0] == 3
-
-if PY3:
-    indexbytes = operator.getitem
-    intlist2bytes = bytes
-    int2byte = operator.methodcaller("to_bytes", 1, "big")
-else:
-    int2byte = chr
-    range = xrange  # noqa: F821
-
-    def indexbytes(buf, i):
-        return ord(buf[i])
-
-    def intlist2bytes(l):
-        return b"".join(chr(c) for c in l)
-
-
 b = 256
 q = 2**255 - 19
 l = 2**252 + 27742317777372353535851937790883648493
@@ -197,11 +177,8 @@ def scalarmult_B(e):
 
 def encodeint(y):
     bits = [(y >> i) & 1 for i in range(b)]
-    return b"".join(
-        [
-            int2byte(sum([bits[i * 8 + j] << j for j in range(8)]))
-            for i in range(b // 8)
-        ]
+    return bytes(
+        [sum([bits[i * 8 + j] << j for j in range(8)]) for i in range(b // 8)]
     )
 
 
@@ -211,16 +188,13 @@ def encodepoint(P):
     x = (x * zi) % q
     y = (y * zi) % q
     bits = [(y >> i) & 1 for i in range(b - 1)] + [x & 1]
-    return b"".join(
-        [
-            int2byte(sum([bits[i * 8 + j] << j for j in range(8)]))
-            for i in range(b // 8)
-        ]
+    return bytes(
+        [sum([bits[i * 8 + j] << j for j in range(8)]) for i in range(b // 8)]
     )
 
 
 def bit(h, i):
-    return (indexbytes(h, i // 8) >> (i % 8)) & 1
+    return (h[i // 8] >> (i % 8)) & 1
 
 
 def publickey_unsafe(sk):
@@ -248,9 +222,7 @@ def signature_unsafe(m, sk, pk):
     """
     h = H(sk)
     a = 2 ** (b - 2) + sum(2**i * bit(h, i) for i in range(3, b - 2))
-    r = Hint(
-        intlist2bytes([indexbytes(h, j) for j in range(b // 8, b // 4)]) + m
-    )
+    r = Hint(bytes([h[j] for j in range(b // 8, b // 4)]) + m)
     R = scalarmult_B(r)
     S = (r + Hint(encodepoint(R) + pk + m) * a) % l
     return encodepoint(R) + encodeint(S)

diff --git a/securesystemslib/_vendor/ed25519/test_ed25519.py b/securesystemslib/_vendor/ed25519/test_ed25519.py
@@ -75,12 +75,7 @@ def test_ed25519_kat(secret_key, public_key, message, signed, signature):
         if len(m) == 0:
             forgedm = b"x"
         else:
-            forgedm = ed25519.intlist2bytes(
-                [
-                    ed25519.indexbytes(m, i) + (i == len(m) - 1)
-                    for i in range(len(m))
-                ]
-            )
+            forgedm = bytes([m[i] + (i == len(m) - 1) for i in range(len(m))])
     except ValueError:
         # TODO: Yes this means that we "pass" a test if we can't generate a
         # forged message. This matches the original test suite, it's

diff --git a/securesystemslib/_vendor/test-ed25519-upstream.sh b/securesystemslib/_vendor/test-ed25519-upstream.sh
@@ -12,7 +12,7 @@ set -eu
 # This commit matches our securesystemslib/_vendor/ed25519/ content.
 # If upstream changes, we should review the changes, vendor them,
 # and update the hash here
-pyca_ed25519_expected="f98354b09ffde8444a04c71f8e3ac7b948c89a02"
+pyca_ed25519_expected="08a7962a8059e4546a21b97f4a847f75cd1a1bbb"
 pyca_ed25519_git_url="https://github.com/pyca/ed25519.git"
 
 pyca_ed25519_main_head=$(git ls-remote "$pyca_ed25519_git_url" main | cut -f1)