From 20f75e001b24e36ab04bc20767d3b1bd77575f5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= Date: Wed, 14 Aug 2024 16:44:26 +0200 Subject: [PATCH] fix(core,legacy): fix curve25519 public key prefix --- core/.changelog.d/4093.changed | 1 + core/src/apps/misc/get_ecdh_session_key.py | 5 +---- legacy/firmware/.changelog.d/4093.changed | 1 + legacy/firmware/fsm_msg_crypto.h | 3 --- tests/device_tests/misc/test_msg_getecdhsessionkey.py | 2 +- 5 files changed, 4 insertions(+), 8 deletions(-) create mode 100644 core/.changelog.d/4093.changed create mode 100644 legacy/firmware/.changelog.d/4093.changed diff --git a/core/.changelog.d/4093.changed b/core/.changelog.d/4093.changed new file mode 100644 index 0000000000..ab2575938f --- /dev/null +++ b/core/.changelog.d/4093.changed @@ -0,0 +1 @@ +Changed prefix of public key returned by `get_ecdh_session_key` for curve25519. diff --git a/core/src/apps/misc/get_ecdh_session_key.py b/core/src/apps/misc/get_ecdh_session_key.py index 1aacc16725..68b55baed1 100644 --- a/core/src/apps/misc/get_ecdh_session_key.py +++ b/core/src/apps/misc/get_ecdh_session_key.py @@ -46,12 +46,10 @@ async def get_ecdh_session_key(msg: GetECDHSessionKey) -> ECDHSessionKey: from trezor.crypto.curve import secp256k1 session_key = secp256k1.multiply(node.private_key(), peer_public_key) - public_key = node.public_key() elif curve_name == "nist256p1": from trezor.crypto.curve import nist256p1 session_key = nist256p1.multiply(node.private_key(), peer_public_key) - public_key = node.public_key() elif curve_name == "curve25519": from trezor.crypto.curve import curve25519 @@ -60,9 +58,8 @@ async def get_ecdh_session_key(msg: GetECDHSessionKey) -> ECDHSessionKey: session_key = b"\x04" + curve25519.multiply( node.private_key(), peer_public_key[1:] ) - public_key = b"\x01" + node.public_key()[1:] else: raise DataError("Unsupported curve for ECDH: " + curve_name) # END ecdh - return ECDHSessionKey(session_key=session_key, public_key=public_key) + return ECDHSessionKey(session_key=session_key, public_key=node.public_key()) diff --git a/legacy/firmware/.changelog.d/4093.changed b/legacy/firmware/.changelog.d/4093.changed new file mode 100644 index 0000000000..ab2575938f --- /dev/null +++ b/legacy/firmware/.changelog.d/4093.changed @@ -0,0 +1 @@ +Changed prefix of public key returned by `get_ecdh_session_key` for curve25519. diff --git a/legacy/firmware/fsm_msg_crypto.h b/legacy/firmware/fsm_msg_crypto.h index 5712371709..7ddaec6c48 100644 --- a/legacy/firmware/fsm_msg_crypto.h +++ b/legacy/firmware/fsm_msg_crypto.h @@ -221,9 +221,6 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) { return; } memcpy(resp->public_key.bytes, node->public_key, 33); - if (strcmp(curve, CURVE25519_NAME) == 0) { - resp->public_key.bytes[0] = 0x01; - } resp->public_key.size = 33; resp->has_public_key = true; msg_write(MessageType_MessageType_ECDHSessionKey, resp); diff --git a/tests/device_tests/misc/test_msg_getecdhsessionkey.py b/tests/device_tests/misc/test_msg_getecdhsessionkey.py index f09ff530c0..8c38f612b1 100644 --- a/tests/device_tests/misc/test_msg_getecdhsessionkey.py +++ b/tests/device_tests/misc/test_msg_getecdhsessionkey.py @@ -84,5 +84,5 @@ def test_ecdh(client: Client): ) assert ( result.public_key.hex() - == "019753a0738c55c7ba7c17dd4a9a975ce9b0d2b62e8a1ecef4a76767fad99d3c71" + == "009753a0738c55c7ba7c17dd4a9a975ce9b0d2b62e8a1ecef4a76767fad99d3c71" )