1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 22:38:08 +00:00

feat(common): Add AuthenticateDevice message.

[no changelog]
This commit is contained in:
Andrew Kozlik 2023-08-23 09:59:52 +02:00 committed by Andrew Kozlik
parent b221f128ec
commit 2dc5857336
7 changed files with 89 additions and 1 deletions

View File

@ -280,6 +280,25 @@ message FirmwareHash {
required bytes hash = 1;
}
/**
* Request: Request a signature of the provided challenge.
* @start
* @next AuthenticityProof
* @next Failure
*/
message AuthenticateDevice {
required bytes challenge = 1; // A random challenge to sign.
}
/**
* Response: Signature of the provided challenge along with a certificate issued by the Trezor company.
* @end
*/
message AuthenticityProof {
repeated bytes certificates = 1; // A certificate chain starting with the device certificate, followed by intermediate CA certificates, the last of which is signed by Trezor company's root CA.
required bytes signature = 2; // A DER-encoded signature of "\0x13AuthenticateDevice:" + length-prefixed challenge that should be verified using the device certificate.
}
/**
* Request: Request device to wipe all sensitive data and settings
* @start

View File

@ -122,6 +122,8 @@ enum MessageType {
MessageType_UnlockedPathRequest = 94 [(bitcoin_only) = true, (wire_out) = true];
MessageType_ShowDeviceTutorial = 95 [(bitcoin_only) = true, (wire_in) = true];
MessageType_UnlockBootloader = 96 [(bitcoin_only) = true, (wire_in) = true];
MessageType_AuthenticateDevice = 97 [(bitcoin_only) = true, (wire_out) = true];
MessageType_AuthenticityProof = 98 [(bitcoin_only) = true, (wire_in) = true];
MessageType_SetU2FCounter = 63 [(wire_in) = true];
MessageType_GetNextU2FCounter = 80 [(wire_in) = true];

View File

@ -48,6 +48,8 @@ UnlockPath = 93
UnlockedPathRequest = 94
ShowDeviceTutorial = 95
UnlockBootloader = 96
AuthenticateDevice = 97
AuthenticityProof = 98
FirmwareErase = 6
FirmwareUpload = 7
FirmwareRequest = 8

View File

@ -65,6 +65,8 @@ if TYPE_CHECKING:
UnlockedPathRequest = 94
ShowDeviceTutorial = 95
UnlockBootloader = 96
AuthenticateDevice = 97
AuthenticityProof = 98
SetU2FCounter = 63
GetNextU2FCounter = 80
NextU2FCounter = 81

View File

@ -2362,6 +2362,36 @@ if TYPE_CHECKING:
def is_type_of(cls, msg: Any) -> TypeGuard["FirmwareHash"]:
return isinstance(msg, cls)
class AuthenticateDevice(protobuf.MessageType):
challenge: "bytes"
def __init__(
self,
*,
challenge: "bytes",
) -> None:
pass
@classmethod
def is_type_of(cls, msg: Any) -> TypeGuard["AuthenticateDevice"]:
return isinstance(msg, cls)
class AuthenticityProof(protobuf.MessageType):
certificates: "list[bytes]"
signature: "bytes"
def __init__(
self,
*,
signature: "bytes",
certificates: "list[bytes] | None" = None,
) -> None:
pass
@classmethod
def is_type_of(cls, msg: Any) -> TypeGuard["AuthenticityProof"]:
return isinstance(msg, cls)
class WipeDevice(protobuf.MessageType):
@classmethod

View File

@ -8,7 +8,7 @@ SKIPPED_MESSAGES := Binance Cardano DebugMonero Eos Monero Ontology Ripple SdPro
TxAckInput TxAckOutput TxAckPrev TxAckPaymentRequest \
EthereumSignTypedData EthereumTypedDataStructRequest EthereumTypedDataStructAck \
EthereumTypedDataValueRequest EthereumTypedDataValueAck ShowDeviceTutorial \
UnlockBootloader
UnlockBootloader AuthenticateDevice AuthenticityProof
ifeq ($(BITCOIN_ONLY), 1)
SKIPPED_MESSAGES += Ethereum NEM Stellar

View File

@ -73,6 +73,8 @@ class MessageType(IntEnum):
UnlockedPathRequest = 94
ShowDeviceTutorial = 95
UnlockBootloader = 96
AuthenticateDevice = 97
AuthenticityProof = 98
SetU2FCounter = 63
GetNextU2FCounter = 80
NextU2FCounter = 81
@ -3466,6 +3468,37 @@ class FirmwareHash(protobuf.MessageType):
self.hash = hash
class AuthenticateDevice(protobuf.MessageType):
MESSAGE_WIRE_TYPE = 97
FIELDS = {
1: protobuf.Field("challenge", "bytes", repeated=False, required=True),
}
def __init__(
self,
*,
challenge: "bytes",
) -> None:
self.challenge = challenge
class AuthenticityProof(protobuf.MessageType):
MESSAGE_WIRE_TYPE = 98
FIELDS = {
1: protobuf.Field("certificates", "bytes", repeated=True, required=False, default=None),
2: protobuf.Field("signature", "bytes", repeated=False, required=True),
}
def __init__(
self,
*,
signature: "bytes",
certificates: Optional[Sequence["bytes"]] = None,
) -> None:
self.certificates: Sequence["bytes"] = certificates if certificates is not None else []
self.signature = signature
class WipeDevice(protobuf.MessageType):
MESSAGE_WIRE_TYPE = 5