arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-17 21:22:10 +00:00
Code Issues Releases Wiki Activity

feat(legacy): Implement SLIP-0021 symmetric key derivation.

Browse Source
This commit is contained in:
Andrew Kozlik 2022-12-15 12:42:36 +01:00 committed by matejcik
parent 779f5dbc7d
commit 1ecb0f0c1c
3 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
legacy/firmware/crypto.c
View File

@ -818,3 +818,17 @@ bool change_output_to_input_script_type(OutputScriptType output_script_type,
}
}
void slip21_from_seed(const uint8_t *seed, int seed_len, Slip21Node *out) {
hmac_sha512((uint8_t *)"Symmetric key seed", 18, seed, seed_len, out->data);
}
void slip21_derive_path(Slip21Node *inout, const uint8_t *label,
size_t label_len) {
HMAC_SHA512_CTX hctx = {0};
hmac_sha512_Init(&hctx, inout->data, 32);
hmac_sha512_Update(&hctx, (uint8_t *)"\0", 1);
hmac_sha512_Update(&hctx, label, label_len);
hmac_sha512_Final(&hctx, inout->data);
}
const uint8_t *slip21_key(const Slip21Node *node) { return &node->data[32]; }

9
legacy/firmware/crypto.h
View File

@ -41,6 +41,10 @@
#define ser_length_size(len) ((len) < 253 ? 1 : (len) < 0x10000 ? 3 : 5)
typedef struct {
uint8_t data[64];
} Slip21Node;
uint32_t ser_length(uint32_t len, uint8_t *out);
uint32_t ser_length_hash(Hasher *hasher, uint32_t len);
@ -91,4 +95,9 @@ bool is_segwit_output_script_type(OutputScriptType script_type);
bool change_output_to_input_script_type(OutputScriptType output_script_type,
InputScriptType *input_script_type);
void slip21_from_seed(const uint8_t *seed, int seed_len, Slip21Node *out);
void slip21_derive_path(Slip21Node *inout, const uint8_t *label,
size_t label_len);
const uint8_t *slip21_key(const Slip21Node *node);
#endif

18
legacy/firmware/fsm.c
View File

@ -241,6 +241,24 @@ static HDNode *fsm_getDerivedNode(const char *curve, const uint32_t *address_n,
return &node;
}
static bool fsm_getSlip21Key(const char *path[], size_t path_count,
uint8_t key[32]) {
const uint8_t *seed = config_getSeed();
if (seed == NULL) {
return false;
}
static CONFIDENTIAL Slip21Node node;
slip21_from_seed(seed, 64, &node);
for (size_t i = 0; i < path_count; ++i) {
slip21_derive_path(&node, (uint8_t *)path[i], strlen(path[i]));
}
memcpy(key, slip21_key(&node), 32);
memzero(&node, sizeof(node));
return true;
}
static bool fsm_layoutAddress(const char *address, const char *desc,
bool ignorecase, size_t prefixlen,
const uint32_t *address_n, size_t address_n_count,