mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-09 06:50:58 +00:00
Add GPG v2.1 support by signing message digest
This commit is contained in:
parent
0fa0e331f2
commit
2b2414cb91
@ -90,6 +90,16 @@ int sshMessageSign(const uint8_t *message, size_t message_len, const uint8_t *pr
|
||||
return ecdsa_sign(&nist256p1, privkey, message, message_len, signature + 1, NULL);
|
||||
}
|
||||
|
||||
int gpgMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature)
|
||||
{
|
||||
// GPG should sign a SHA256 digest of the original message.
|
||||
if (message_len != 32) {
|
||||
return 1;
|
||||
}
|
||||
signature[0] = 0; // prefix: pad with zero, so all signatures are 65 bytes
|
||||
return ecdsa_sign_digest(&nist256p1, privkey, message, signature + 1, NULL);
|
||||
}
|
||||
|
||||
int cryptoMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature)
|
||||
{
|
||||
SHA256_CTX ctx;
|
||||
|
@ -34,6 +34,8 @@ uint32_t ser_length_hash(SHA256_CTX *ctx, uint32_t len);
|
||||
|
||||
int sshMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature);
|
||||
|
||||
int gpgMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature);
|
||||
|
||||
int cryptoMessageSign(const uint8_t *message, size_t message_len, const uint8_t *privkey, uint8_t *signature);
|
||||
|
||||
int cryptoMessageVerify(const uint8_t *message, size_t message_len, const uint8_t *address_raw, const uint8_t *signature);
|
||||
|
@ -731,11 +731,14 @@ void fsm_msgSignIdentity(SignIdentity *msg)
|
||||
memcpy(public_key, node->public_key, sizeof(public_key));
|
||||
|
||||
bool sign_ssh = msg->identity.has_proto && (strcmp(msg->identity.proto, "ssh") == 0);
|
||||
bool sign_gpg = msg->identity.has_proto && (strcmp(msg->identity.proto, "gpg") == 0);
|
||||
|
||||
int result = 0;
|
||||
layoutProgressSwipe("Signing", 0);
|
||||
if (sign_ssh) { // SSH does not sign visual challenge
|
||||
result = sshMessageSign(msg->challenge_hidden.bytes, msg->challenge_hidden.size, node->private_key, resp->signature.bytes);
|
||||
} else if (sign_gpg) { // GPG should sign a message digest
|
||||
result = gpgMessageSign(msg->challenge_hidden.bytes, msg->challenge_hidden.size, node->private_key, resp->signature.bytes);
|
||||
} else {
|
||||
uint8_t digest[64];
|
||||
sha256_Raw(msg->challenge_hidden.bytes, msg->challenge_hidden.size, digest);
|
||||
@ -744,7 +747,7 @@ void fsm_msgSignIdentity(SignIdentity *msg)
|
||||
}
|
||||
|
||||
if (result == 0) {
|
||||
if (sign_ssh) {
|
||||
if (curve != SECP256K1_NAME) {
|
||||
resp->has_address = false;
|
||||
} else {
|
||||
resp->has_address = true;
|
||||
|
Loading…
Reference in New Issue
Block a user