fix raw crypto_sign API

b81177c0 · Brian Warner · e0fc13b9 · b81177c0 · b81177c0 · b81177c0
Commit b81177c0 authored 10 years ago by Brian Warner
--- a/src/nacl/c/crypto_sign.py
+++ b/src/nacl/c/crypto_sign.py
@@ -26,51 +26,51 @@ crypto_sign_SECRETKEYBYTES = lib.crypto_sign_secretkeybytes()

 def crypto_sign_keypair():
    """
-    Returns a randomly generated secret key and public key.
+    Returns a randomly generated public key and secret key.

-    :rtype: (bytes(secret_key), bytes(public_key))
+    :rtype: (bytes(public_key), bytes(secret_key))
    """
-    sk = lib.ffi.new("unsigned char[]", crypto_sign_SECRETKEYBYTES)
    pk = lib.ffi.new("unsigned char[]", crypto_sign_PUBLICKEYBYTES)
+    sk = lib.ffi.new("unsigned char[]", crypto_sign_SECRETKEYBYTES)

    if lib.crypto_sign_keypair(pk, sk) != 0:
        raise CryptoError("An error occurred while generating keypairs")

    return (
-        lib.ffi.buffer(sk, crypto_sign_SECRETKEYBYTES)[:],
        lib.ffi.buffer(pk, crypto_sign_PUBLICKEYBYTES)[:],
+        lib.ffi.buffer(sk, crypto_sign_SECRETKEYBYTES)[:],
    )


 def crypto_sign_seed_keypair(seed):
    """
-    Computes and returns the secret key and public key using the seed ``seed``.
+    Computes and returns the public key and secret key using the seed ``seed``.

    :param seed: bytes
-    :rtype: (bytes(secret_key), bytes(public_key))
+    :rtype: (bytes(public_key), bytes(secret_key))
    """
    if len(seed) != crypto_sign_SEEDBYTES:
        raise ValueError("Invalid seed")

-    sk = lib.ffi.new("unsigned char[]", crypto_sign_SECRETKEYBYTES)
    pk = lib.ffi.new("unsigned char[]", crypto_sign_PUBLICKEYBYTES)
+    sk = lib.ffi.new("unsigned char[]", crypto_sign_SECRETKEYBYTES)

    if lib.crypto_sign_seed_keypair(pk, sk, seed) != 0:
        raise CryptoError("An error occured while generating keypairs")

    return (
-        lib.ffi.buffer(sk, crypto_sign_SECRETKEYBYTES)[:],
        lib.ffi.buffer(pk, crypto_sign_PUBLICKEYBYTES)[:],
+        lib.ffi.buffer(sk, crypto_sign_SECRETKEYBYTES)[:],
    )


-def crypto_sign(sk, message):
+def crypto_sign(message, sk):
    """
    Signs the message ``message`` using the secret key ``sk`` and returns the
    signed message.

-    :param sk: bytes
    :param message: bytes
+    :param sk: bytes
    :rtype: bytes
    """
    signed = lib.ffi.new("unsigned char[]", len(message) + crypto_sign_BYTES)
@@ -82,13 +82,13 @@ def crypto_sign(sk, message):
    return lib.ffi.buffer(signed, signed_len[0])[:]


-def crypto_sign_open(pk, signed):
+def crypto_sign_open(signed, pk):
    """
    Verifies the signature of the signed message ``signed`` using the public
    key ``pkg`` and returns the unsigned message.

-    :param pk: bytes
    :param signed: bytes
+    :param pk: bytes
    :rtype: bytes
    """
    message = lib.ffi.new("unsigned char[]", len(signed))

--- a/src/nacl/signing.py
+++ b/src/nacl/signing.py
@@ -96,7 +96,7 @@ class VerifyKey(encoding.Encodable, StringFixer, object):
        # Decode the signed message
        smessage = encoder.decode(smessage)

-        return nacl.c.crypto_sign_open(self._key, smessage)
+        return nacl.c.crypto_sign_open(smessage, self._key)


 class SigningKey(encoding.Encodable, StringFixer, object):
@@ -129,7 +129,7 @@ class SigningKey(encoding.Encodable, StringFixer, object):
                nacl.c.crypto_sign_SEEDBYTES
            )

-        secret_key, public_key = nacl.c.crypto_sign_seed_keypair(seed)
+        public_key, secret_key = nacl.c.crypto_sign_seed_keypair(seed)

        self._seed = seed
        self._signing_key = secret_key
@@ -158,7 +158,7 @@ class SigningKey(encoding.Encodable, StringFixer, object):
        :param encoder: A class that is used to encode the signed message.
        :rtype: :class:`~nacl.signing.SignedMessage`
        """
-        raw_signed = nacl.c.crypto_sign(self._signing_key, message)
+        raw_signed = nacl.c.crypto_sign(message, self._signing_key)

        signature = encoder.encode(raw_signed[:nacl.c.crypto_sign_BYTES])
        message = encoder.encode(raw_signed[nacl.c.crypto_sign_BYTES:])

--- a/tests/test_raw.py
+++ b/tests/test_raw.py
@@ -70,23 +70,20 @@ def test_box():


 def test_sign():
-    # TODO: NaCl C++ is pk=keypair(sk), C is keypair(pk,sk)
    seed = "\x00" * c.crypto_sign_SEEDBYTES
-    secretkey, pubkey = c.crypto_sign_seed_keypair(seed)
+    pubkey, secretkey = c.crypto_sign_seed_keypair(seed)
    assert len(pubkey) == c.crypto_sign_PUBLICKEYBYTES
    assert len(secretkey) == c.crypto_sign_SECRETKEYBYTES

-    secretkey, pubkey = c.crypto_sign_keypair()
+    pubkey, secretkey = c.crypto_sign_keypair()
    assert len(pubkey) == c.crypto_sign_PUBLICKEYBYTES
    assert len(secretkey) == c.crypto_sign_SECRETKEYBYTES

-    # TODO: NaCl is sm=sign(msg, sk)
    msg = "message"
-    sigmsg = c.crypto_sign(secretkey, msg)
+    sigmsg = c.crypto_sign(msg, secretkey)
    assert len(sigmsg) == len(msg) + c.crypto_sign_BYTES

-    # TODO: NaCl is msg=open(sm, pk)
-    msg2 = c.crypto_sign_open(pubkey, sigmsg)
+    msg2 = c.crypto_sign_open(sigmsg, pubkey)
    assert msg2 == msg

 def secret_scalar():