trezor-firmware/core/src/apps/misc/get_ecdh_session_key.py

from ustruct import pack, unpack

from trezor import wire
from trezor.crypto.hashlib import sha256
from trezor.messages.ECDHSessionKey import ECDHSessionKey
from trezor.ui.text import Text
from trezor.utils import chunks

from apps.common import HARDENED
from apps.common.confirm import require_confirm
from apps.common.keychain import get_keychain
from apps.common.paths import AlwaysMatchingSchema

from .sign_identity import serialize_identity, serialize_identity_without_proto


async def get_ecdh_session_key(ctx, msg):
    if msg.ecdsa_curve_name is None:
        msg.ecdsa_curve_name = "secp256k1"

    keychain = await get_keychain(ctx, msg.ecdsa_curve_name, [AlwaysMatchingSchema])
    identity = serialize_identity(msg.identity)

    await require_confirm_ecdh_session_key(ctx, msg.identity)

    address_n = get_ecdh_path(identity, msg.identity.index or 0)
    node = keychain.derive(address_n)

    session_key = ecdh(
        seckey=node.private_key(),
        peer_public_key=msg.peer_public_key,
        curve=msg.ecdsa_curve_name,
    )
    return ECDHSessionKey(session_key=session_key)


async def require_confirm_ecdh_session_key(ctx, identity):
    lines = chunks(serialize_identity_without_proto(identity), 18)
    proto = identity.proto.upper() if identity.proto else "identity"
    text = Text("Decrypt %s" % proto)
    text.mono(*lines)
    await require_confirm(ctx, text)


def get_ecdh_path(identity: str, index: int):
    identity_hash = sha256(pack("<I", index) + identity).digest()

    address_n = (17,) + unpack("<IIII", identity_hash[:16])
    address_n = [HARDENED | x for x in address_n]

    return address_n


def ecdh(seckey: bytes, peer_public_key: bytes, curve: str) -> bytes:
    if curve == "secp256k1":
        from trezor.crypto.curve import secp256k1

        session_key = secp256k1.multiply(seckey, peer_public_key)
    elif curve == "nist256p1":
        from trezor.crypto.curve import nist256p1

        session_key = nist256p1.multiply(seckey, peer_public_key)
    elif curve == "curve25519":
        from trezor.crypto.curve import curve25519

        if peer_public_key[0] != 0x40:
            raise wire.DataError("Curve25519 public key should start with 0x40")
        session_key = b"\x04" + curve25519.multiply(seckey, peer_public_key[1:])
    else:
        raise wire.DataError("Unsupported curve for ECDH: " + curve)

    return session_key
src: run isort 6 years ago			`from ustruct import pack, unpack`

core: use wire errors instead of ValueErrors where applicable 4 years ago			`from trezor import wire`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`from trezor.crypto.hashlib import sha256`
			`from trezor.messages.ECDHSessionKey import ECDHSessionKey`
			`from trezor.ui.text import Text`
src: run isort 6 years ago			`from trezor.utils import chunks`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago
seed: pass keychain to workflows, add namespaces 6 years ago			`from apps.common import HARDENED`
src: run isort 6 years ago			`from apps.common.confirm import require_confirm`
core: update references to keychain everywhere 4 years ago			`from apps.common.keychain import get_keychain`
feat(core): update most apps to use path schemas 4 years ago			`from apps.common.paths import AlwaysMatchingSchema`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago
core: update isort config to place relative imports last 4 years ago			`from .sign_identity import serialize_identity, serialize_identity_without_proto`

apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago
core/wallet: implement keychain for apps.wallet 4 years ago			`async def get_ecdh_session_key(ctx, msg):`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`if msg.ecdsa_curve_name is None:`
src: run black 6 years ago			`msg.ecdsa_curve_name = "secp256k1"`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago
feat(core): update most apps to use path schemas 4 years ago			`keychain = await get_keychain(ctx, msg.ecdsa_curve_name, [AlwaysMatchingSchema])`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`identity = serialize_identity(msg.identity)`

apps/wallet/{sign_identity, ecdh}: show protocol as part of the header 6 years ago			`await require_confirm_ecdh_session_key(ctx, msg.identity)`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago
			`address_n = get_ecdh_path(identity, msg.identity.index or 0)`
core/wallet: implement keychain for apps.wallet 4 years ago			`node = keychain.derive(address_n)`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago
src: run black 6 years ago			`session_key = ecdh(`
			`seckey=node.private_key(),`
			`peer_public_key=msg.peer_public_key,`
			`curve=msg.ecdsa_curve_name,`
			`)`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`return ECDHSessionKey(session_key=session_key)`


			`async def require_confirm_ecdh_session_key(ctx, identity):`
apps/wallet/{sign_identity, ecdh}: show protocol as part of the header 6 years ago			`lines = chunks(serialize_identity_without_proto(identity), 18)`
src: run black 6 years ago			`proto = identity.proto.upper() if identity.proto else "identity"`
			`text = Text("Decrypt %s" % proto)`
apps: use mutable Text API 6 years ago			`text.mono(*lines)`
			`await require_confirm(ctx, text)`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago

			`def get_ecdh_path(identity: str, index: int):`
src: run black 6 years ago			`identity_hash = sha256(pack("<I", index) + identity).digest()`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago
src: run black 6 years ago			`address_n = (17,) + unpack("<IIII", identity_hash[:16])`
src/apps: some import refactoring 6 years ago			`address_n = [HARDENED \| x for x in address_n]`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago
			`return address_n`

src/apps/wallet: make flake8 happy 6 years ago
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`def ecdh(seckey: bytes, peer_public_key: bytes, curve: str) -> bytes:`
src: run black 6 years ago			`if curve == "secp256k1":`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`from trezor.crypto.curve import secp256k1`
src: run black 6 years ago
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`session_key = secp256k1.multiply(seckey, peer_public_key)`
src: run black 6 years ago			`elif curve == "nist256p1":`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`from trezor.crypto.curve import nist256p1`
src: run black 6 years ago
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`session_key = nist256p1.multiply(seckey, peer_public_key)`
src: run black 6 years ago			`elif curve == "curve25519":`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`from trezor.crypto.curve import curve25519`
src: run black 6 years ago
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`if peer_public_key[0] != 0x40:`
core: use wire errors instead of ValueErrors where applicable 4 years ago			`raise wire.DataError("Curve25519 public key should start with 0x40")`
src: run black 6 years ago			`session_key = b"\x04" + curve25519.multiply(seckey, peer_public_key[1:])`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago			`else:`
core: use wire errors instead of ValueErrors where applicable 4 years ago			`raise wire.DataError("Unsupported curve for ECDH: " + curve)`
apps/wallet/ecdh: support decryption (for GnuPG) 6 years ago
			`return session_key`