From 3488138285588f594859a6e4df57f01c64f58fc7 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Fri, 19 Nov 2021 10:54:52 +0100 Subject: [PATCH] chore(legacy): drop unused ECIES code [no changelog] --- legacy/firmware/crypto.c | 123 --------------------------------------- legacy/firmware/crypto.h | 12 ---- 2 files changed, 135 deletions(-) diff --git a/legacy/firmware/crypto.c b/legacy/firmware/crypto.c index fa408a62f..8159aa96a 100644 --- a/legacy/firmware/crypto.c +++ b/legacy/firmware/crypto.c @@ -254,129 +254,6 @@ int cryptoMessageVerify(const CoinInfo *coin, const uint8_t *message, return 0; } -/* ECIES disabled -int cryptoMessageEncrypt(curve_point *pubkey, const uint8_t *msg, size_t -msg_size, bool display_only, uint8_t *nonce, size_t *nonce_len, uint8_t -*payload, size_t *payload_len, uint8_t *hmac, size_t *hmac_len, const uint8_t -*privkey, const uint8_t *address_raw) -{ - if (privkey && address_raw) { // signing == true - HDNode node = {0}; - payload[0] = display_only ? 0x81 : 0x01; - uint32_t l = ser_length(msg_size, payload + 1); - memcpy(payload + 1 + l, msg, msg_size); - memcpy(payload + 1 + l + msg_size, address_raw, 21); - hdnode_from_xprv(0, 0, 0, privkey, privkey, SECP256K1_NAME, -&node); if (cryptoMessageSign(&node, msg, msg_size, payload + 1 + l + msg_size + -21) != 0) { return 1; - } - *payload_len = 1 + l + msg_size + 21 + 65; - } else { - payload[0] = display_only ? 0x80 : 0x00; - uint32_t l = ser_length(msg_size, payload + 1); - memcpy(payload + 1 + l, msg, msg_size); - *payload_len = 1 + l + msg_size; - } - // generate random nonce - curve_point R = {0}; - bignum256 k = {0}; - if (generate_k_random(&secp256k1, &k) != 0) { - return 2; - } - // compute k*G - scalar_multiply(&secp256k1, &k, &R); - nonce[0] = 0x02 | (R.y.val[0] & 0x01); - bn_write_be(&R.x, nonce + 1); - *nonce_len = 33; - // compute shared secret - point_multiply(&secp256k1, &k, pubkey, &R); - uint8_t shared_secret[33] = {0}; - shared_secret[0] = 0x02 | (R.y.val[0] & 0x01); - bn_write_be(&R.x, shared_secret + 1); - // generate keying bytes - uint8_t keying_bytes[80] = {0}; - uint8_t salt[22 + 33] = {0}; - memcpy(salt, "Bitcoin Secure Message", 22); - memcpy(salt + 22, nonce, 33); - pbkdf2_hmac_sha256(shared_secret, 33, salt, 22 + 33, 2048, keying_bytes, -80); - // encrypt payload - aes_encrypt_ctx ctx = {0}; - aes_encrypt_key256(keying_bytes, &ctx); - aes_cfb_encrypt(payload, payload, *payload_len, keying_bytes + 64, -&ctx); - // compute hmac - uint8_t out[32] = {0}; - hmac_sha256(keying_bytes + 32, 32, payload, *payload_len, out); - memcpy(hmac, out, 8); - *hmac_len = 8; - - return 0; -} - -int cryptoMessageDecrypt(curve_point *nonce, uint8_t *payload, size_t -payload_len, const uint8_t *hmac, size_t hmac_len, const uint8_t *privkey, -uint8_t *msg, size_t *msg_len, bool *display_only, bool *signing, uint8_t -*address_raw) -{ - if (hmac_len != 8) { - return 1; - } - // compute shared secret - curve_point R = {0}; - bignum256 k = {0}; - bn_read_be(privkey, &k); - point_multiply(&secp256k1, &k, nonce, &R); - uint8_t shared_secret[33] = {0}; - shared_secret[0] = 0x02 | (R.y.val[0] & 0x01); - bn_write_be(&R.x, shared_secret + 1); - // generate keying bytes - uint8_t keying_bytes[80] = {0}; - uint8_t salt[22 + 33] = {0}; - memcpy(salt, "Bitcoin Secure Message", 22); - salt[22] = 0x02 | (nonce->y.val[0] & 0x01); - bn_write_be(&(nonce->x), salt + 23); - pbkdf2_hmac_sha256(shared_secret, 33, salt, 22 + 33, 2048, keying_bytes, -80); - // compute hmac - uint8_t out[32] = {0}; - hmac_sha256(keying_bytes + 32, 32, payload, payload_len, out); - if (memcmp(hmac, out, 8) != 0) { - return 2; - } - // decrypt payload - aes_encrypt_ctx ctx = {0}; - aes_encrypt_key256(keying_bytes, &ctx); - aes_cfb_decrypt(payload, payload, payload_len, keying_bytes + 64, &ctx); - // check first byte - if (payload[0] != 0x00 && payload[0] != 0x01 && payload[0] != 0x80 && -payload[0] != 0x81) { return 3; - } - *signing = payload[0] & 0x01; - *display_only = payload[0] & 0x80; - uint32_t l = 0; uint32_t o = 0; - l = deser_length(payload + 1, &o); - if (*signing) { - // FIXME: assumes a raw address is 21 bytes (also below). - if (1 + l + o + 21 + 65 != payload_len) { - return 4; - } - // FIXME: cryptoMessageVerify changed to take the address_type -as a parameter. if (cryptoMessageVerify(payload + 1 + l, o, payload + 1 + l + o, -payload + 1 + l + o + 21) != 0) { return 5; - } - memcpy(address_raw, payload + 1 + l + o, 21); - } else { - if (1 + l + o != payload_len) { - return 4; - } - } - memcpy(msg, payload + 1 + l, o); - *msg_len = o; - return 0; -} -*/ - const HDNode *cryptoMultisigPubkey(const CoinInfo *coin, const MultisigRedeemScriptType *multisig, uint32_t index) { diff --git a/legacy/firmware/crypto.h b/legacy/firmware/crypto.h index 7b716e6a0..2c26b8905 100644 --- a/legacy/firmware/crypto.h +++ b/legacy/firmware/crypto.h @@ -62,18 +62,6 @@ int cryptoMessageVerify(const CoinInfo *coin, const uint8_t *message, size_t message_len, const char *address, const uint8_t *signature); -/* ECIES disabled -int cryptoMessageEncrypt(curve_point *pubkey, const uint8_t *msg, size_t -msg_size, bool display_only, uint8_t *nonce, size_t *nonce_len, uint8_t -*payload, size_t *payload_len, uint8_t *hmac, size_t *hmac_len, const uint8_t -*privkey, const uint8_t *address_raw); - -int cryptoMessageDecrypt(curve_point *nonce, uint8_t *payload, size_t -payload_len, const uint8_t *hmac, size_t hmac_len, const uint8_t *privkey, -uint8_t *msg, size_t *msg_len, bool *display_only, bool *signing, uint8_t -*address_raw); -*/ - const HDNode *cryptoMultisigPubkey(const CoinInfo *coin, const MultisigRedeemScriptType *multisig, uint32_t index);