diff --git a/securesystemslib/_vendor/ed25519/ed25519.py b/securesystemslib/_vendor/ed25519/ed25519.py index 862d0a5f..0dbeaee4 100644 --- a/securesystemslib/_vendor/ed25519/ed25519.py +++ b/securesystemslib/_vendor/ed25519/ed25519.py @@ -31,31 +31,11 @@ """ import hashlib -import operator -import sys __version__ = "1.0.dev0" -# Useful for very coarse version differentiation. -PY3 = sys.version_info[0] == 3 - -if PY3: - indexbytes = operator.getitem - intlist2bytes = bytes - int2byte = operator.methodcaller("to_bytes", 1, "big") -else: - int2byte = chr - range = xrange # noqa: F821 - - def indexbytes(buf, i): - return ord(buf[i]) - - def intlist2bytes(l): - return b"".join(chr(c) for c in l) - - b = 256 q = 2**255 - 19 l = 2**252 + 27742317777372353535851937790883648493 @@ -197,11 +177,8 @@ def scalarmult_B(e): def encodeint(y): bits = [(y >> i) & 1 for i in range(b)] - return b"".join( - [ - int2byte(sum([bits[i * 8 + j] << j for j in range(8)])) - for i in range(b // 8) - ] + return bytes( + [sum([bits[i * 8 + j] << j for j in range(8)]) for i in range(b // 8)] ) @@ -211,16 +188,13 @@ def encodepoint(P): x = (x * zi) % q y = (y * zi) % q bits = [(y >> i) & 1 for i in range(b - 1)] + [x & 1] - return b"".join( - [ - int2byte(sum([bits[i * 8 + j] << j for j in range(8)])) - for i in range(b // 8) - ] + return bytes( + [sum([bits[i * 8 + j] << j for j in range(8)]) for i in range(b // 8)] ) def bit(h, i): - return (indexbytes(h, i // 8) >> (i % 8)) & 1 + return (h[i // 8] >> (i % 8)) & 1 def publickey_unsafe(sk): @@ -248,9 +222,7 @@ def signature_unsafe(m, sk, pk): """ h = H(sk) a = 2 ** (b - 2) + sum(2**i * bit(h, i) for i in range(3, b - 2)) - r = Hint( - intlist2bytes([indexbytes(h, j) for j in range(b // 8, b // 4)]) + m - ) + r = Hint(bytes([h[j] for j in range(b // 8, b // 4)]) + m) R = scalarmult_B(r) S = (r + Hint(encodepoint(R) + pk + m) * a) % l return encodepoint(R) + encodeint(S) diff --git a/securesystemslib/_vendor/ed25519/test_ed25519.py b/securesystemslib/_vendor/ed25519/test_ed25519.py index 3a012a48..a8a15eb8 100644 --- a/securesystemslib/_vendor/ed25519/test_ed25519.py +++ b/securesystemslib/_vendor/ed25519/test_ed25519.py @@ -75,12 +75,7 @@ def test_ed25519_kat(secret_key, public_key, message, signed, signature): if len(m) == 0: forgedm = b"x" else: - forgedm = ed25519.intlist2bytes( - [ - ed25519.indexbytes(m, i) + (i == len(m) - 1) - for i in range(len(m)) - ] - ) + forgedm = bytes([m[i] + (i == len(m) - 1) for i in range(len(m))]) except ValueError: # TODO: Yes this means that we "pass" a test if we can't generate a # forged message. This matches the original test suite, it's diff --git a/securesystemslib/_vendor/test-ed25519-upstream.sh b/securesystemslib/_vendor/test-ed25519-upstream.sh index 3a0b07d6..e4f11109 100755 --- a/securesystemslib/_vendor/test-ed25519-upstream.sh +++ b/securesystemslib/_vendor/test-ed25519-upstream.sh @@ -12,7 +12,7 @@ set -eu # This commit matches our securesystemslib/_vendor/ed25519/ content. # If upstream changes, we should review the changes, vendor them, # and update the hash here -pyca_ed25519_expected="f98354b09ffde8444a04c71f8e3ac7b948c89a02" +pyca_ed25519_expected="08a7962a8059e4546a21b97f4a847f75cd1a1bbb" pyca_ed25519_git_url="https://github.com/pyca/ed25519.git" pyca_ed25519_main_head=$(git ls-remote "$pyca_ed25519_git_url" main | cut -f1)