diff --git a/firmware/fsm_msg_stellar.h b/firmware/fsm_msg_stellar.h index d60191da4..de92b76b6 100644 --- a/firmware/fsm_msg_stellar.h +++ b/firmware/fsm_msg_stellar.h @@ -21,13 +21,27 @@ void fsm_msgStellarGetPublicKey(StellarGetPublicKey *msg) void fsm_msgStellarSignMessage(StellarSignMessage *msg) { - CHECK_INITIALIZED - CHECK_PIN - RESP_INIT(StellarMessageSignature); - // Will exit if the user does not confirm - stellar_confirmSignString(msg, resp); + CHECK_INITIALIZED + + layoutSignMessage(msg->message.bytes, msg->message.size); + if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) { + fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL); + layoutHome(); + return; + } + + CHECK_PIN + + // Populate response message + stellar_signMessage(msg->message.bytes, msg->message.size, msg->address_n, msg->address_n_count, resp->signature.bytes); + resp->has_signature = true; + resp->signature.size = 64; + + stellar_getPubkeyAtAddress(msg->address_n, msg->address_n_count, resp->public_key.bytes, sizeof(resp->public_key.bytes)); + resp->has_public_key = true; + resp->public_key.size = 32; msg_write(MessageType_MessageType_StellarMessageSignature, resp); @@ -36,7 +50,7 @@ void fsm_msgStellarSignMessage(StellarSignMessage *msg) void fsm_msgStellarVerifyMessage(StellarVerifyMessage *msg) { - if (!stellar_verifySignature(msg)) { + if (!stellar_verifyMessage(msg)) { fsm_sendFailure(FailureType_Failure_DataError, _("Invalid signature")); return; } diff --git a/firmware/stellar.c b/firmware/stellar.c index e242dee2c..80dd1eb13 100644 --- a/firmware/stellar.c +++ b/firmware/stellar.c @@ -71,68 +71,6 @@ static const char **split_message(const uint8_t *msg, uint32_t len, uint32_t row return ret; } -void stellar_confirmSignString(StellarSignMessage *msg, StellarMessageSignature *resp) -{ - // Max protobuf length is 1024, so string is 1023 + null - int message_len = strnlen(msg->message, 1023); - - // Verify that message only includes printable ascii characters - bool is_valid = true; - for (int i=0; i < message_len; i++) { - if (msg->message[i] < 32) { - is_valid = false; - break; - } - if (msg->message[i] >126) { - is_valid = false; - break; - } - } - if (!is_valid) { - stellar_layoutSigningDialog( - _("Cannot sign message"), - NULL, - _("Message contains"), - _("non-printable ascii"), - _("characters."), - msg->address_n, - msg->address_n_count, - NULL, - false - ); - protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false); - layoutHome(); - return; - } - - // Message can be signed, display as much of it as possible to the user - const char **str_message_lines = split_message((const uint8_t*)(msg->message), message_len, 24); - - stellar_layoutSigningDialog( - _("Sign message?"), - str_message_lines[0], - str_message_lines[1], - str_message_lines[2], - str_message_lines[3], - msg->address_n, - msg->address_n_count, - NULL, - true - ); - if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) { - return; - } - - // Populate response message - stellar_signString((const unsigned char*)(msg->message), msg->address_n, msg->address_n_count, resp->signature.bytes); - resp->has_signature = true; - resp->signature.size = 64; - - stellar_getPubkeyAtAddress(msg->address_n, msg->address_n_count, resp->public_key.bytes, sizeof(resp->public_key.bytes)); - resp->has_public_key = true; - resp->public_key.size = 32; -} - /* * Starts the signing process and parses the transaction header */ @@ -1192,18 +1130,13 @@ void stellar_getSignatureForActiveTx(uint8_t *out_signature) memcpy(out_signature, signature, sizeof(signature)); } -void stellar_signString(const uint8_t *str_to_sign, uint32_t *address_n, size_t address_n_count, uint8_t *out_signature) +void stellar_signMessage(const uint8_t *message, uint32_t message_len, uint32_t *address_n, size_t address_n_count, uint8_t *out_signature) { HDNode *node = stellar_deriveNode(address_n, address_n_count); - - uint8_t signature[64]; - // Maximum field size in protobuf message is 1024, so strlen of 1023 + null - ed25519_sign(str_to_sign, strnlen((const char *)str_to_sign, 1023), node->private_key, node->public_key + 1, signature); - - memcpy(out_signature, signature, sizeof(signature)); + ed25519_sign(message, message_len, node->private_key, node->public_key + 1, out_signature); } -bool stellar_verifySignature(StellarVerifyMessage *msg) +bool stellar_verifyMessage(StellarVerifyMessage *msg) { // returns 0 if signature is valid return ed25519_sign_open( diff --git a/firmware/stellar.h b/firmware/stellar.h index 4e01ae9df..d94bfb6ab 100644 --- a/firmware/stellar.h +++ b/firmware/stellar.h @@ -57,10 +57,8 @@ void stellar_confirmAccountMergeOp(StellarAccountMergeOp *msg); void stellar_confirmManageDataOp(StellarManageDataOp *msg); void stellar_confirmBumpSequenceOp(StellarBumpSequenceOp *msg); -void stellar_confirmSignString(StellarSignMessage *msg, StellarMessageSignature *resp); - -void stellar_signString(const uint8_t *str_to_sign, uint32_t *address_n, size_t address_n_count, uint8_t *out_signature); -bool stellar_verifySignature(StellarVerifyMessage *msg); +void stellar_signMessage(const uint8_t *message, uint32_t message_len, uint32_t *address_n, size_t address_n_count, uint8_t *out_signature); +bool stellar_verifyMessage(StellarVerifyMessage *msg); // Layout void stellar_layoutGetPublicKey(uint32_t *address_n, size_t address_n_count); diff --git a/vendor/trezor-common b/vendor/trezor-common index b466b721a..b91db285b 160000 --- a/vendor/trezor-common +++ b/vendor/trezor-common @@ -1 +1 @@ -Subproject commit b466b721a213a354ff7d8feacb27d2be80f61312 +Subproject commit b91db285ba8947d6c65a6a807fba87ebc1d43f5d