arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-24 22:31:35 +00:00
Code Issues Releases Wiki Activity

Add GPG v2.1 support by signing message digest

Browse Source
This commit is contained in:
Roman Zeyde 2016-04-15 22:04:45 +03:00
parent 0fa0e331f2
commit 2b2414cb91
3 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
firmware/crypto.c
View File

@ -90,6 +90,16 @@ int sshMessageSign(const uint8_t *message, size_t message_len, const uint8_t *pr
return ecdsa_sign(&nist256p1, privkey, message, message_len, signature + 1, NULL); return ecdsa_sign(&nist256p1, privkey, message, message_len, signature + 1, NULL);
} }
int gpgMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature)
{
// GPG should sign a SHA256 digest of the original message.
if (message_len != 32) {
return 1;
}
signature[0] = 0; // prefix: pad with zero, so all signatures are 65 bytes
return ecdsa_sign_digest(&nist256p1, privkey, message, signature + 1, NULL);
}
int cryptoMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature) int cryptoMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature)
{ {
SHA256_CTX ctx; SHA256_CTX ctx;

2
firmware/crypto.h
View File

@ -34,6 +34,8 @@ uint32_t ser_length_hash(SHA256_CTX *ctx, uint32_t len);
int sshMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature); int sshMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature);
int gpgMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature);
int cryptoMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature); int cryptoMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature);
int cryptoMessageVerify(const uint8_t *message, size_t message_len, const uint8_t *address_raw, const uint8_t *signature); int cryptoMessageVerify(const uint8_t *message, size_t message_len, const uint8_t *address_raw, const uint8_t *signature);

5
firmware/fsm.c
View File

@ -731,11 +731,14 @@ void fsm_msgSignIdentity(SignIdentity *msg)
memcpy(public_key, node->public_key, sizeof(public_key)); memcpy(public_key, node->public_key, sizeof(public_key));
bool sign_ssh = msg->identity.has_proto && (strcmp(msg->identity.proto, "ssh") == 0); bool sign_ssh = msg->identity.has_proto && (strcmp(msg->identity.proto, "ssh") == 0);
bool sign_gpg = msg->identity.has_proto && (strcmp(msg->identity.proto, "gpg") == 0);
int result = 0; int result = 0;
layoutProgressSwipe("Signing", 0); layoutProgressSwipe("Signing", 0);
if (sign_ssh) { // SSH does not sign visual challenge if (sign_ssh) { // SSH does not sign visual challenge
result = sshMessageSign(msg->challenge_hidden.bytes, msg->challenge_hidden.size, node->private_key, resp->signature.bytes); result = sshMessageSign(msg->challenge_hidden.bytes, msg->challenge_hidden.size, node->private_key, resp->signature.bytes);
} else if (sign_gpg) { // GPG should sign a message digest
result = gpgMessageSign(msg->challenge_hidden.bytes, msg->challenge_hidden.size, node->private_key, resp->signature.bytes);
} else { } else {
uint8_t digest[64]; uint8_t digest[64];
sha256_Raw(msg->challenge_hidden.bytes, msg->challenge_hidden.size, digest); sha256_Raw(msg->challenge_hidden.bytes, msg->challenge_hidden.size, digest);
@ -744,7 +747,7 @@ void fsm_msgSignIdentity(SignIdentity *msg)
} }
if (result == 0) { if (result == 0) {
if (sign_ssh) { if (curve != SECP256K1_NAME) {
resp->has_address = false; resp->has_address = false;
} else { } else {
resp->has_address = true; resp->has_address = true;