Commit 28c04716 authored by Robert Schütz's avatar Robert Schütz
Browse files

python3Packages.home-assistant-chip-core: don't import ecdsa 

Its only import outside of tests is in
`connectedhomeip/src/controller/python/chip/crypto/p256keypair.py` where
it is used in the `TestP256Keypair` class which is only used in tests.
parent b7f314ae

pkgs/development/python-modules/home-assistant-chip-core/default.nix

+1 −6
Original line number Diff line number Diff line 
{

  lib,

  buildPythonPackage,

  pythonOlder,

  aenum,

  home-assistant-chip-wheels,

  coloredlogs,
@@ -9,7 +8,6 @@ 
  cryptography,

  dacite,

  deprecation,

  ecdsa,

  ipdb,

  mobly,

  pygobject3,
@@ -22,8 +20,6 @@ buildPythonPackage rec { 
  inherit (home-assistant-chip-wheels) version;

  format = "wheel";



  disabled = pythonOlder "3.7";



  src = home-assistant-chip-wheels;



  # format=wheel needs src to be a wheel not a folder of wheels
@@ -31,13 +27,12 @@ buildPythonPackage rec { 
    src=($src/home_assistant_chip_core*.whl)

  '';



  propagatedBuildInputs = [

  dependencies = [

    aenum

    coloredlogs

    construct

    cryptography

    dacite

    ecdsa

    rich

    pyyaml

    ipdb

pkgs/development/python-modules/home-assistant-chip-wheels/default.nix

+3 −0
Original line number Diff line number Diff line
@@ -166,6 +166,9 @@ stdenv.mkDerivation rec { 
      patch -p1 < $patch

    done



    # ecdsa is insecure and only used in tests

    patch -p1 < ${./dont-import-ecdsa.patch}



    # unpin dependencies

    # there are many files to modify, in different formats

    sed -i 's/==.*$//' third_party/pigweed/repo/pw_env_setup/py/pw_env_setup/virtualenv_setup/python_base_requirements.txt

pkgs/development/python-modules/home-assistant-chip-wheels/dont-import-ecdsa.patch

0 → 100644
+44 −0
Original line number Diff line number Diff line 
diff --git a/src/controller/python/chip/crypto/p256keypair.py b/src/controller/python/chip/crypto/p256keypair.py

index 30198eabee..926f55318e 100644

--- a/src/controller/python/chip/crypto/p256keypair.py

+++ b/src/controller/python/chip/crypto/p256keypair.py

@@ -22,7 +22,6 @@ from ctypes import (CFUNCTYPE, POINTER, _Pointer, c_bool, c_char, c_size_t, c_ui

 from typing import TYPE_CHECKING

 

 from chip import native

-from ecdsa import ECDH, NIST256p, SigningKey  # type: ignore

 

 # WORKAROUND: Create a subscriptable pointer type (with square brackets) to ensure compliance of type hinting with ctypes

 if not TYPE_CHECKING:

@@ -133,31 +132,3 @@ class P256Keypair:

         format of section 2.3.3 of the SECG SEC 1 standard.

         '''

         raise NotImplementedError()

-

-

-class TestP256Keypair(P256Keypair):

-    ''' The P256Keypair for testing purpose. It is not safe for any productions use

-    '''

-

-    def __init__(self, private_key: SigningKey = None):

-        super().__init__()

-

-        if private_key is None:

-            self._key = SigningKey.generate(NIST256p)

-        else:

-            self._key = private_key

-

-        self._pubkey = self._key.verifying_key.to_string(encoding='uncompressed')

-

-    @property

-    def public_key(self) -> bytes:

-        return self._pubkey

-

-    def ECDSA_sign_msg(self, message: bytes) -> bytes:

-        return self._key.sign_deterministic(message, hashfunc=hashlib.sha256)

-

-    def ECDH_derive_secret(self, remote_pubkey: bytes) -> bytes:

-        ecdh = ECDH(curve=NIST256p)

-        ecdh.load_private_key(self._key)

-        ecdh.load_received_public_key_bytes(remote_pubkey[1:])

-        return ecdh.ecdh1.generate_sharedsecret_bytes()