From 0a036e092c919149fc1d79dcbb566b9fa4cd1f60 Mon Sep 17 00:00:00 2001
From: John-Mark Gurney <jmg@funkthat.com>
Date: Sun, 11 Sep 2022 13:17:35 -0700
Subject: [PATCH] switch to edgold from cryptography.

We were only using the ed448 code, and cryptography requires rust
to compile, and contains a LOT of other code, while edgold is much
smaller, and doesn't require a rust compiler, and will work on more
systems..  Keep around an old identity generated from cryptography
to make sure the two libraries are compatible.
---
 ui/fixtures/cryptography.persona.pasn1 | Bin 0 -> 344 bytes
 ui/medashare/cli.py                    |  45 ++++++++++++++-----------
 ui/setup.py                            |   2 +-
 3 files changed, 27 insertions(+), 20 deletions(-)
 create mode 100644 ui/fixtures/cryptography.persona.pasn1

diff --git a/ui/fixtures/cryptography.persona.pasn1 b/ui/fixtures/cryptography.persona.pasn1
new file mode 100644
index 0000000000000000000000000000000000000000..ec26604c9f2795adbf8e514cecdcbb34b6f878ec
GIT binary patch
literal 344
zcmV-e0jK`pf&o+v2x(+xZggpMdEkNp1`G&oZ)9m^X=P*>7BVn0GB7zYFfcVVGc+<T
zF*G$bF*aHZ25@y^Yh`%^Ib$DS^)0>>A8YHAX!Q)8bEKRPf4EmITGnjJBRQ4fbiw=(
zhC_wtZz|*J{M4FTEp00c$2_16Ab<=5b7^M;a`9&O8!}#0Q)1)ShlPS-n#-e3Fhme;
zfz901`m@Nkd*SUB^v}v(gw$q#8SNunhUbMmBq~Vb=7983V7HaekM|UoJkW?Ubk}em
zbyQnay=LaQ1%lZjj>W7!SEtz`<K0vXes@5?qEG7x8i{4K#|;1s1ax_DWef;uWMyu2
zX>@rE1a)<3WCRdW@u@2el0oCPM>TD@pR}9|18Ze@1UZ)!aZ-+MIB3w@ZEu{vDQmD@
quBwG8DsOcd5;U@R`GME2U1=`<fnV}tb;g`ZDWebBFmX_Qa<vzQ1C@>d

literal 0
HcmV?d00001

diff --git a/ui/medashare/cli.py b/ui/medashare/cli.py
index 31a4d19..ab4960a 100644
--- a/ui/medashare/cli.py
+++ b/ui/medashare/cli.py
@@ -28,11 +28,7 @@ def _debprint(*args): # pragma: no cover
 
 #import pdb, sys; mypdb = pdb.Pdb(stdout=sys.stderr); mypdb.set_trace()
 
-from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey, \
-    Ed448PublicKey
-from cryptography.hazmat.primitives.serialization import Encoding, \
-    PrivateFormat, PublicFormat, NoEncryption
-
+from edgold.ed448 import EDDSA448
 from unittest import mock
 
 from .hostid import hostuuid
@@ -128,8 +124,7 @@ class Persona(object):
 
 		if 'pubkey' in self._identity:
 			pubkeybytes = self._identity.pubkey
-			self._pubkey = Ed448PublicKey.from_public_bytes(
-			    pubkeybytes)
+			self._pubkey = EDDSA448(pub=pubkeybytes)
 
 		self._created_by_ref = self._identity.uuid
 
@@ -188,7 +183,7 @@ class Persona(object):
 		idobj = self._identity
 		pubstr = _asn1coder.dumps([ idobj.uuid, idobj.pubkey ])
 
-		return base58.b58encode_check(pubstr)
+		return base58.b58encode_check(pubstr).decode('ascii')
 
 	def new_version(self, *args):
 		'''Update the Persona's Identity object.'''
@@ -207,8 +202,7 @@ class Persona(object):
 			}
 			if self._key is not None:
 				obj['key'] = \
-				    self._key.private_bytes(Encoding.Raw,
-				    PrivateFormat.Raw, NoEncryption())
+				    self._key.export_key('raw')
 
 			fp.write(_asn1coder.dumps(obj))
 
@@ -221,8 +215,7 @@ class Persona(object):
 
 		kwargs = {}
 		if 'key' in objs:
-			kwargs['key'] = Ed448PrivateKey.from_private_bytes(
-			    objs['key'])
+			kwargs['key'] = EDDSA448(objs['key'])
 
 		return cls(Identity(objs['identity']), **kwargs)
 
@@ -234,10 +227,9 @@ class Persona(object):
 		if self._key:
 			raise RuntimeError('a key already exists')
 
-		self._key = Ed448PrivateKey.generate()
+		self._key = EDDSA448.generate()
 		self._pubkey = self._key.public_key()
-		pubkey = self._pubkey.public_bytes(Encoding.Raw,
-		    PublicFormat.Raw)
+		pubkey = self._pubkey.export_key('raw')
 		self._identity = self.sign(self._identity.new_version(('pubkey',
 		    pubkey)))
 
@@ -264,8 +256,7 @@ class Persona(object):
 	def verify(self, obj):
 		sigbytes = self._makesigbytes(obj)
 
-		pubkey = self._pubkey.public_bytes(Encoding.Raw,
-		    PublicFormat.Raw)
+		pubkey = self._pubkey.export_key('raw')
 		self._pubkey.verify(obj['sig'], sigbytes)
 
 		return True
@@ -872,7 +863,7 @@ def cmd_pubkey(options):
 
 	persona = Persona.load(identfname)
 
-	print(persona.get_pubkey().decode('ascii'))
+	print(persona.get_pubkey())
 
 @init_datastructs
 def cmd_modify(options, persona, objstr, cache):
@@ -1721,6 +1712,22 @@ class _TestCases(unittest.TestCase):
 		# that it does have a common property
 		self.assertIn('type', odict)
 
+	def test_cryptography_persona(self):
+		# Verify that a persona generated by cryptography still works
+		persona = Persona.load(self.fixtures / 'cryptography.persona.pasn1')
+
+		realpubkey = 'nFyLw6kB15DrM46ni9eEBRb6QD4rsPuco3ymj3mvz5YM8j3hY6chcjewU7FvqDpWALTSZ3E212SxCNErdYzPjgbxTnrYNyzeYTM2k58krEcKvWW6h'
+		pubkey = persona.get_pubkey()
+
+		self.assertEqual(realpubkey, pubkey)
+
+		vpersona = Persona.from_pubkey(realpubkey)
+
+		ident = persona.get_identity()
+		vpersona.verify(ident)
+
+		self.assertEqual(ident.uuid, uuid.UUID('52f1a92b-0c92-41e3-b647-356db89fb49c'))
+
 	def test_persona(self):
 		# that a newly created persona
 		persona = Persona()
@@ -1741,7 +1748,7 @@ class _TestCases(unittest.TestCase):
 		# that get_pubkey returns the correct thing
 		pubstr = _asn1coder.dumps([ idobj.uuid, idobj['pubkey'] ])
 		self.assertEqual(persona.get_pubkey(),
-		    base58.b58encode_check(pubstr))
+		    base58.b58encode_check(pubstr).decode('ascii'))
 
 		# and that there is a signature
 		self.assertIsInstance(idobj['sig'], bytes)
diff --git a/ui/setup.py b/ui/setup.py
index 36e1b5d..7498ff3 100644
--- a/ui/setup.py
+++ b/ui/setup.py
@@ -21,7 +21,7 @@ setup(
     install_requires=[
 	'alembic',
 	'base58',
-	'cryptography',
+	'edgold @ git+https://www.funkthat.com/gitea/jmg/ed448goldilocks.git@pyupdate#egg=edgold&subdirectory=python',
         'databases[sqlite]',
         'fastapi',
         'fastapi_restful',