From 11fc2d36f79eb9a656a9dc536f44e01cc91c879a Mon Sep 17 00:00:00 2001 From: grdddj Date: Sat, 17 Sep 2022 19:53:27 +0200 Subject: [PATCH] chore(core): decrease misc size by 430 bytes --- core/src/apps/misc/cipher_key_value.py | 37 +++---- core/src/apps/misc/get_ecdh_session_key.py | 96 ++++++++----------- core/src/apps/misc/get_entropy.py | 16 ++-- core/src/apps/misc/get_firmware_hash.py | 15 +-- core/src/apps/misc/sign_identity.py | 106 +++++++++------------ 5 files changed, 118 insertions(+), 152 deletions(-) diff --git a/core/src/apps/misc/cipher_key_value.py b/core/src/apps/misc/cipher_key_value.py index 6d3d07fce0..e65c8e9412 100644 --- a/core/src/apps/misc/cipher_key_value.py +++ b/core/src/apps/misc/cipher_key_value.py @@ -1,25 +1,25 @@ from typing import TYPE_CHECKING -from trezor import wire -from trezor.crypto import aes, hmac -from trezor.messages import CipheredKeyValue -from trezor.ui.layouts import confirm_action - -from apps.common.keychain import get_keychain -from apps.common.paths import AlwaysMatchingSchema - if TYPE_CHECKING: - from trezor.messages import CipherKeyValue + from trezor.messages import CipherKeyValue, CipheredKeyValue + from trezor.wire import Context # This module implements the SLIP-0011 symmetric encryption of key-value pairs using a # deterministic hierarchy, see https://github.com/satoshilabs/slips/blob/master/slip-0011.md. -async def cipher_key_value(ctx: wire.Context, msg: CipherKeyValue) -> CipheredKeyValue: +async def cipher_key_value(ctx: Context, msg: CipherKeyValue) -> CipheredKeyValue: + from trezor.wire import DataError + from trezor.messages import CipheredKeyValue + from trezor.crypto import aes, hmac + from apps.common.keychain import get_keychain + from apps.common.paths import AlwaysMatchingSchema + from trezor.ui.layouts import confirm_action + keychain = await get_keychain(ctx, "secp256k1", [AlwaysMatchingSchema]) if len(msg.value) % 16 > 0: - raise wire.DataError("Value length must be a multiple of 16") + raise DataError("Value length must be a multiple of 16") encrypt = msg.encrypt decrypt = not msg.encrypt @@ -31,11 +31,9 @@ async def cipher_key_value(ctx: wire.Context, msg: CipherKeyValue) -> CipheredKe await confirm_action(ctx, "cipher_key_value", title, description=msg.key) node = keychain.derive(msg.address_n) - value = compute_cipher_key_value(msg, node.private_key()) - return CipheredKeyValue(value=value) - -def compute_cipher_key_value(msg: CipherKeyValue, seckey: bytes) -> bytes: + # compute_cipher_key_value + seckey = node.private_key() data = msg.key.encode() data += b"E1" if msg.ask_on_encrypt else b"E0" data += b"D1" if msg.ask_on_decrypt else b"D0" @@ -46,8 +44,11 @@ def compute_cipher_key_value(msg: CipherKeyValue, seckey: bytes) -> bytes: else: iv = data[32:48] - ctx = aes(aes.CBC, key, iv) + hash_ctx = aes(aes.CBC, key, iv) if msg.encrypt: - return ctx.encrypt(msg.value) + value = hash_ctx.encrypt(msg.value) else: - return ctx.decrypt(msg.value) + value = hash_ctx.decrypt(msg.value) + # END compute_cipher_key_value + + return CipheredKeyValue(value=value) diff --git a/core/src/apps/misc/get_ecdh_session_key.py b/core/src/apps/misc/get_ecdh_session_key.py index 065b2285ed..0eb7355a1e 100644 --- a/core/src/apps/misc/get_ecdh_session_key.py +++ b/core/src/apps/misc/get_ecdh_session_key.py @@ -1,85 +1,67 @@ from typing import TYPE_CHECKING -from ustruct import pack, unpack - -from trezor import ui, wire -from trezor.crypto.hashlib import sha256 -from trezor.messages import ECDHSessionKey -from trezor.ui.layouts import confirm_address - -from apps.common.keychain import get_keychain -from apps.common.paths import HARDENED, AlwaysMatchingSchema - -from .sign_identity import serialize_identity, serialize_identity_without_proto if TYPE_CHECKING: - from trezor.messages import GetECDHSessionKey, IdentityType - - from apps.common.paths import Bip32Path + from trezor.messages import GetECDHSessionKey, ECDHSessionKey + from trezor.wire import Context # This module implements the SLIP-0017 Elliptic Curve Diffie-Hellman algorithm, using a # deterministic hierarchy, see https://github.com/satoshilabs/slips/blob/master/slip-0017.md. -async def get_ecdh_session_key( - ctx: wire.Context, msg: GetECDHSessionKey -) -> ECDHSessionKey: - if msg.ecdsa_curve_name is None: - msg.ecdsa_curve_name = "secp256k1" - - keychain = await get_keychain(ctx, msg.ecdsa_curve_name, [AlwaysMatchingSchema]) - identity = serialize_identity(msg.identity) - - await require_confirm_ecdh_session_key(ctx, msg.identity) - - address_n = get_ecdh_path(identity, msg.identity.index or 0) - node = keychain.derive(address_n) - - session_key = ecdh( - seckey=node.private_key(), - peer_public_key=msg.peer_public_key, - curve=msg.ecdsa_curve_name, +async def get_ecdh_session_key(ctx: Context, msg: GetECDHSessionKey) -> ECDHSessionKey: + from trezor.ui.layouts import confirm_address + from .sign_identity import ( + get_identity_path, + serialize_identity_without_proto, + serialize_identity, ) - return ECDHSessionKey(session_key=session_key, public_key=node.public_key()) + from trezor import ui + from trezor.wire import DataError + from trezor.messages import ECDHSessionKey + from apps.common.keychain import get_keychain + from apps.common.paths import AlwaysMatchingSchema + msg_identity = msg.identity # local_cache_attribute + peer_public_key = msg.peer_public_key # local_cache_attribute + curve_name = msg.ecdsa_curve_name or "secp256k1" -async def require_confirm_ecdh_session_key( - ctx: wire.Context, identity: IdentityType -) -> None: - proto = identity.proto.upper() if identity.proto else "identity" + keychain = await get_keychain(ctx, curve_name, [AlwaysMatchingSchema]) + identity = serialize_identity(msg_identity) + + # require_confirm_ecdh_session_key + proto = msg_identity.proto.upper() if msg_identity.proto else "identity" await confirm_address( ctx, f"Decrypt {proto}", - serialize_identity_without_proto(identity), - description=None, + serialize_identity_without_proto(msg_identity), + None, icon=ui.ICON_DEFAULT, icon_color=ui.ORANGE_ICON, ) + # END require_confirm_ecdh_session_key + address_n = get_identity_path(identity, msg_identity.index or 0, 17) + node = keychain.derive(address_n) -def get_ecdh_path(identity: str, index: int) -> Bip32Path: - identity_hash = sha256(pack(" bytes: - if curve == "secp256k1": + # ecdh + if curve_name == "secp256k1": from trezor.crypto.curve import secp256k1 - session_key = secp256k1.multiply(seckey, peer_public_key) - elif curve == "nist256p1": + session_key = secp256k1.multiply(node.private_key(), peer_public_key) + elif curve_name == "nist256p1": from trezor.crypto.curve import nist256p1 - session_key = nist256p1.multiply(seckey, peer_public_key) - elif curve == "curve25519": + session_key = nist256p1.multiply(node.private_key(), peer_public_key) + elif curve_name == "curve25519": from trezor.crypto.curve import curve25519 if peer_public_key[0] != 0x40: - raise wire.DataError("Curve25519 public key should start with 0x40") - session_key = b"\x04" + curve25519.multiply(seckey, peer_public_key[1:]) + raise DataError("Curve25519 public key should start with 0x40") + session_key = b"\x04" + curve25519.multiply( + node.private_key(), peer_public_key[1:] + ) else: - raise wire.DataError("Unsupported curve for ECDH: " + curve) + raise DataError("Unsupported curve for ECDH: " + curve_name) + # END ecdh - return session_key + return ECDHSessionKey(session_key=session_key, public_key=node.public_key()) diff --git a/core/src/apps/misc/get_entropy.py b/core/src/apps/misc/get_entropy.py index 62a1114dc7..679ab8e959 100644 --- a/core/src/apps/misc/get_entropy.py +++ b/core/src/apps/misc/get_entropy.py @@ -1,22 +1,22 @@ from typing import TYPE_CHECKING -from trezor.crypto import random -from trezor.enums import ButtonRequestType -from trezor.messages import Entropy -from trezor.ui.layouts import confirm_action - if TYPE_CHECKING: from trezor.wire import Context - from trezor.messages import GetEntropy + from trezor.messages import GetEntropy, Entropy async def get_entropy(ctx: Context, msg: GetEntropy) -> Entropy: + from trezor.crypto import random + from trezor.enums import ButtonRequestType + from trezor.messages import Entropy + from trezor.ui.layouts import confirm_action + await confirm_action( ctx, "get_entropy", "Confirm entropy", - action="Do you really want\nto send entropy?", - description="Continue only if you\nknow what you are doing!", + "Do you really want\nto send entropy?", + "Continue only if you\nknow what you are doing!", br_code=ButtonRequestType.ProtectCall, ) diff --git a/core/src/apps/misc/get_firmware_hash.py b/core/src/apps/misc/get_firmware_hash.py index 4f88f127ad..695fef739e 100644 --- a/core/src/apps/misc/get_firmware_hash.py +++ b/core/src/apps/misc/get_firmware_hash.py @@ -1,16 +1,16 @@ from typing import TYPE_CHECKING -from trezor import ui, wire, workflow -from trezor.messages import FirmwareHash -from trezor.ui.layouts import draw_simple_text -from trezor.utils import DISABLE_ANIMATION, firmware_hash - if TYPE_CHECKING: - from trezor.messages import GetFirmwareHash + from trezor.messages import GetFirmwareHash, FirmwareHash from trezor.wire import Context async def get_firmware_hash(ctx: Context, msg: GetFirmwareHash) -> FirmwareHash: + from trezor.messages import FirmwareHash + from trezor.utils import firmware_hash + from trezor.ui.layouts import draw_simple_text + from trezor import wire, workflow + workflow.close_others() draw_simple_text("Please wait") @@ -23,6 +23,9 @@ async def get_firmware_hash(ctx: Context, msg: GetFirmwareHash) -> FirmwareHash: def _render_progress(progress: int, total: int) -> None: + from trezor.utils import DISABLE_ANIMATION + from trezor import ui + if not DISABLE_ANIMATION: p = 1000 * progress // total ui.display.loader(p, False, 18, ui.WHITE, ui.BG) diff --git a/core/src/apps/misc/sign_identity.py b/core/src/apps/misc/sign_identity.py index 816af01280..8077c24c86 100644 --- a/core/src/apps/misc/sign_identity.py +++ b/core/src/apps/misc/sign_identity.py @@ -1,38 +1,45 @@ from typing import TYPE_CHECKING -from ustruct import pack, unpack -from trezor import wire from trezor.crypto.hashlib import sha256 -from trezor.messages import SignedIdentity -from trezor.ui.layouts import confirm_sign_identity from apps.common import coininfo -from apps.common.keychain import get_keychain -from apps.common.paths import HARDENED, AlwaysMatchingSchema if TYPE_CHECKING: - from trezor.messages import IdentityType, SignIdentity - + from trezor.messages import IdentityType, SignIdentity, SignedIdentity + from trezor.wire import Context from apps.common.paths import Bip32Path # This module implements the SLIP-0013 authentication using a deterministic hierarchy, see # https://github.com/satoshilabs/slips/blob/master/slip-0013.md. -async def sign_identity(ctx: wire.Context, msg: SignIdentity) -> SignedIdentity: - if msg.ecdsa_curve_name is None: - msg.ecdsa_curve_name = "secp256k1" +async def sign_identity(ctx: Context, msg: SignIdentity) -> SignedIdentity: + from trezor.messages import SignedIdentity + from trezor.ui.layouts import confirm_sign_identity + from apps.common.keychain import get_keychain + from apps.common.paths import AlwaysMatchingSchema - keychain = await get_keychain(ctx, msg.ecdsa_curve_name, [AlwaysMatchingSchema]) - identity = serialize_identity(msg.identity) + msg_identity = msg.identity # local_cache_attribute + msg_identity_proto = msg_identity.proto # local_cache_attribute + challenge_visual = msg.challenge_visual # local_cache_attribute + challenge_hidden = msg.challenge_hidden # local_cache_attribute + curve_name = msg.ecdsa_curve_name or "secp256k1" - await require_confirm_sign_identity(ctx, msg.identity, msg.challenge_visual) + keychain = await get_keychain(ctx, curve_name, [AlwaysMatchingSchema]) + identity = serialize_identity(msg_identity) - address_n = get_identity_path(identity, msg.identity.index or 0) + # require_confirm_sign_identity + proto = msg_identity_proto.upper() if msg_identity_proto else "identity" + await confirm_sign_identity( + ctx, proto, serialize_identity_without_proto(msg_identity), challenge_visual + ) + # END require_confirm_sign_identity + + address_n = get_identity_path(identity, msg_identity.index or 0, 13) node = keychain.derive(address_n) coin = coininfo.by_name("Bitcoin") - if msg.ecdsa_curve_name == "secp256k1": + if curve_name == "secp256k1": # hardcoded bitcoin address type address: str | None = node.address(coin.address_type) else: @@ -42,51 +49,22 @@ async def sign_identity(ctx: wire.Context, msg: SignIdentity) -> SignedIdentity: pubkey = b"\x00" + pubkey[1:] seckey = node.private_key() - if msg.identity.proto == "gpg": - signature = sign_challenge( - seckey, - msg.challenge_hidden, - msg.challenge_visual, - "gpg", - msg.ecdsa_curve_name, - ) - elif msg.identity.proto == "signify": - signature = sign_challenge( - seckey, - msg.challenge_hidden, - msg.challenge_visual, - "signify", - msg.ecdsa_curve_name, - ) - elif msg.identity.proto == "ssh": - signature = sign_challenge( - seckey, - msg.challenge_hidden, - msg.challenge_visual, - "ssh", - msg.ecdsa_curve_name, - ) + if msg_identity_proto in ("gpg", "signify", "ssh"): + sigtype = msg_identity_proto else: - signature = sign_challenge( - seckey, - msg.challenge_hidden, - msg.challenge_visual, - coin, - msg.ecdsa_curve_name, - ) + sigtype = coin + + signature = sign_challenge( + seckey, + challenge_hidden, + challenge_visual, + sigtype, + curve_name, + ) return SignedIdentity(address=address, public_key=pubkey, signature=signature) -async def require_confirm_sign_identity( - ctx: wire.Context, identity: IdentityType, challenge_visual: str | None -) -> None: - proto = identity.proto.upper() if identity.proto else "identity" - await confirm_sign_identity( - ctx, proto, serialize_identity_without_proto(identity), challenge_visual - ) - - def serialize_identity(identity: IdentityType) -> str: s = "" if identity.proto: @@ -110,12 +88,13 @@ def serialize_identity_without_proto(identity: IdentityType) -> str: return s -def get_identity_path(identity: str, index: int) -> Bip32Path: +def get_identity_path(identity: str, index: int, num: int) -> Bip32Path: + from ustruct import pack, unpack + from apps.common.paths import HARDENED + identity_hash = sha256(pack(" bytes: from apps.common.signverify import message_digest + from trezor.wire import DataError if sigtype == "gpg": data = challenge_hidden elif sigtype == "signify": if curve != "ed25519": - raise wire.DataError("Unsupported curve") + raise DataError("Unsupported curve") data = challenge_hidden elif sigtype == "ssh": if curve != "ed25519": @@ -146,7 +126,7 @@ def sign_challenge( ) data = message_digest(sigtype, challenge) else: - raise wire.DataError("Unsupported sigtype") + raise DataError("Unsupported sigtype") if curve == "secp256k1": from trezor.crypto.curve import secp256k1 @@ -161,7 +141,7 @@ def sign_challenge( signature = ed25519.sign(seckey, data) else: - raise wire.DataError("Unknown curve") + raise DataError("Unknown curve") if curve == "ed25519": signature = b"\x00" + signature