mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-21 21:00:58 +00:00
Merge pull request #542 from trezor/tsusanka/curve-check
paths: validate curve as well
This commit is contained in:
commit
35ac4742bd
@ -3,7 +3,8 @@ from trezor.messages import MessageType
|
||||
|
||||
from apps.common import HARDENED
|
||||
|
||||
SEED_NAMESPACE = [[HARDENED | 44, HARDENED | 1815]]
|
||||
CURVE = "ed25519"
|
||||
SEED_NAMESPACE = [HARDENED | 44, HARDENED | 1815]
|
||||
|
||||
|
||||
def boot():
|
||||
|
@ -1,7 +1,7 @@
|
||||
from trezor import log, wire
|
||||
from trezor.messages.CardanoAddress import CardanoAddress
|
||||
|
||||
from apps.cardano import seed
|
||||
from apps.cardano import CURVE, seed
|
||||
from apps.cardano.address import derive_address_and_node, validate_full_path
|
||||
from apps.common import paths
|
||||
from apps.common.layout import address_n_to_str, show_address, show_qr
|
||||
@ -10,7 +10,7 @@ from apps.common.layout import address_n_to_str, show_address, show_qr
|
||||
async def get_address(ctx, msg):
|
||||
keychain = await seed.get_keychain(ctx)
|
||||
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE)
|
||||
|
||||
try:
|
||||
address, _ = derive_address_and_node(keychain, msg.address_n)
|
||||
|
@ -4,7 +4,7 @@ from trezor import log, wire
|
||||
from trezor.messages.CardanoPublicKey import CardanoPublicKey
|
||||
from trezor.messages.HDNodeType import HDNodeType
|
||||
|
||||
from apps.cardano import seed
|
||||
from apps.cardano import CURVE, seed
|
||||
from apps.cardano.address import derive_address_and_node
|
||||
from apps.common import layout, paths
|
||||
from apps.common.seed import remove_ed25519_prefix
|
||||
@ -18,6 +18,7 @@ async def get_public_key(ctx, msg):
|
||||
paths.validate_path_for_get_public_key,
|
||||
keychain,
|
||||
msg.address_n,
|
||||
CURVE,
|
||||
slip44_id=1815,
|
||||
)
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
from trezor import wire
|
||||
from trezor.crypto import bip32
|
||||
|
||||
from apps.cardano import SEED_NAMESPACE
|
||||
from apps.cardano import CURVE, SEED_NAMESPACE
|
||||
from apps.common import cache, mnemonic, storage
|
||||
from apps.common.request_passphrase import protect_by_passphrase
|
||||
|
||||
@ -11,8 +11,8 @@ class Keychain:
|
||||
self.path = path
|
||||
self.root = root
|
||||
|
||||
def validate_path(self, checked_path: list):
|
||||
if checked_path[:2] != SEED_NAMESPACE[0]:
|
||||
def validate_path(self, checked_path: list, checked_curve: str):
|
||||
if checked_curve != CURVE or checked_path[:2] != SEED_NAMESPACE:
|
||||
raise wire.DataError("Forbidden key path")
|
||||
|
||||
def derive(self, node_path: list) -> bip32.HDNode:
|
||||
@ -40,8 +40,8 @@ async def get_keychain(ctx: wire.Context) -> Keychain:
|
||||
root = bip32.from_mnemonic_cardano(mnemonic.restore(), passphrase)
|
||||
|
||||
# derive the namespaced root node
|
||||
for i in SEED_NAMESPACE[0]:
|
||||
for i in SEED_NAMESPACE:
|
||||
root.derive_cardano(i)
|
||||
|
||||
keychain = Keychain(SEED_NAMESPACE[0], root)
|
||||
keychain = Keychain(SEED_NAMESPACE, root)
|
||||
return keychain
|
||||
|
@ -7,7 +7,7 @@ from trezor.messages.CardanoSignedTx import CardanoSignedTx
|
||||
from trezor.messages.CardanoTxRequest import CardanoTxRequest
|
||||
from trezor.messages.MessageType import CardanoTxAck
|
||||
|
||||
from apps.cardano import cbor, seed
|
||||
from apps.cardano import CURVE, cbor, seed
|
||||
from apps.cardano.address import (
|
||||
derive_address_and_node,
|
||||
is_safe_output_address,
|
||||
@ -85,7 +85,7 @@ async def sign_tx(ctx, msg):
|
||||
display_homescreen()
|
||||
|
||||
for i in msg.inputs:
|
||||
await validate_path(ctx, validate_full_path, keychain, i.address_n)
|
||||
await validate_path(ctx, validate_full_path, keychain, i.address_n, CURVE)
|
||||
|
||||
# sign the transaction bundle and prepare the result
|
||||
transaction = Transaction(
|
||||
|
@ -8,8 +8,8 @@ from apps.common import HARDENED
|
||||
from apps.common.confirm import require_confirm
|
||||
|
||||
|
||||
async def validate_path(ctx, validate_func, keychain, path, **kwargs):
|
||||
keychain.validate_path(path)
|
||||
async def validate_path(ctx, validate_func, keychain, path, curve, **kwargs):
|
||||
keychain.validate_path(path, curve)
|
||||
if not validate_func(path, **kwargs):
|
||||
await show_path_warning(ctx, path)
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
from trezor import ui, wire
|
||||
from trezor.crypto import bip32
|
||||
|
||||
from apps.common import cache, mnemonic, storage
|
||||
from apps.common import HARDENED, cache, mnemonic, storage
|
||||
from apps.common.request_passphrase import protect_by_passphrase
|
||||
|
||||
allow = list
|
||||
@ -25,9 +25,11 @@ class Keychain:
|
||||
del self.roots
|
||||
del self.seed
|
||||
|
||||
def validate_path(self, checked_path: list):
|
||||
def validate_path(self, checked_path: list, checked_curve: str):
|
||||
for curve, *path in self.namespaces:
|
||||
if path == checked_path[: len(path)]: # TODO: check curve_name
|
||||
if path == checked_path[: len(path)] and curve == checked_curve:
|
||||
if "ed25519" in curve and not _path_hardened(checked_path):
|
||||
break
|
||||
return
|
||||
raise wire.DataError("Forbidden key path")
|
||||
|
||||
@ -67,6 +69,14 @@ async def get_keychain(ctx: wire.Context, namespaces: list) -> Keychain:
|
||||
return keychain
|
||||
|
||||
|
||||
def _path_hardened(path: list) -> bool:
|
||||
# TODO: move to paths.py after #538 is fixed
|
||||
for i in path:
|
||||
if not (i & HARDENED):
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
@ui.layout_no_slide
|
||||
async def _compute_seed(ctx: wire.Context) -> bytes:
|
||||
passphrase = cache.get_passphrase()
|
||||
|
@ -4,11 +4,13 @@ from trezor.messages import MessageType
|
||||
from apps.common import HARDENED
|
||||
from apps.ethereum.networks import all_slip44_ids_hardened
|
||||
|
||||
CURVE = "secp256k1"
|
||||
|
||||
|
||||
def boot():
|
||||
ns = []
|
||||
for i in all_slip44_ids_hardened():
|
||||
ns.append(["secp256k1", HARDENED | 44, i])
|
||||
ns.append([CURVE, HARDENED | 44, i])
|
||||
wire.add(MessageType.EthereumGetAddress, __name__, "get_address", ns)
|
||||
wire.add(MessageType.EthereumGetPublicKey, __name__, "get_public_key", ns)
|
||||
wire.add(MessageType.EthereumSignTx, __name__, "sign_tx", ns)
|
||||
|
@ -4,12 +4,12 @@ from trezor.messages.EthereumAddress import EthereumAddress
|
||||
|
||||
from apps.common import paths
|
||||
from apps.common.layout import address_n_to_str, show_address, show_qr
|
||||
from apps.ethereum import networks
|
||||
from apps.ethereum import CURVE, networks
|
||||
from apps.ethereum.address import address_from_bytes, validate_full_path
|
||||
|
||||
|
||||
async def get_address(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE)
|
||||
|
||||
node = keychain.derive(msg.address_n)
|
||||
seckey = node.private_key()
|
||||
|
@ -2,12 +2,12 @@ from trezor.messages.EthereumPublicKey import EthereumPublicKey
|
||||
from trezor.messages.HDNodeType import HDNodeType
|
||||
|
||||
from apps.common import coins, layout, paths
|
||||
from apps.ethereum import address
|
||||
from apps.ethereum import CURVE, address
|
||||
|
||||
|
||||
async def get_public_key(ctx, msg, keychain):
|
||||
await paths.validate_path(
|
||||
ctx, address.validate_path_for_get_public_key, keychain, msg.address_n
|
||||
ctx, address.validate_path_for_get_public_key, keychain, msg.address_n, CURVE
|
||||
)
|
||||
node = keychain.derive(msg.address_n)
|
||||
|
||||
|
@ -7,7 +7,7 @@ from trezor.utils import HashWriter
|
||||
from apps.common import paths
|
||||
from apps.common.confirm import require_confirm
|
||||
from apps.common.signverify import split_message
|
||||
from apps.ethereum import address
|
||||
from apps.ethereum import CURVE, address
|
||||
|
||||
|
||||
def message_digest(message):
|
||||
@ -20,7 +20,9 @@ def message_digest(message):
|
||||
|
||||
|
||||
async def sign_message(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, address.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, address.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
await require_confirm_sign_message(ctx, msg.message)
|
||||
|
||||
node = keychain.derive(msg.address_n)
|
||||
|
@ -8,7 +8,7 @@ from trezor.messages.MessageType import EthereumTxAck
|
||||
from trezor.utils import HashWriter
|
||||
|
||||
from apps.common import paths
|
||||
from apps.ethereum import address, tokens
|
||||
from apps.ethereum import CURVE, address, tokens
|
||||
from apps.ethereum.address import validate_full_path
|
||||
from apps.ethereum.layout import (
|
||||
require_confirm_data,
|
||||
@ -23,7 +23,7 @@ MAX_CHAIN_ID = 2147483629
|
||||
async def sign_tx(ctx, msg, keychain):
|
||||
msg = sanitize(msg)
|
||||
check(msg)
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE)
|
||||
|
||||
data_total = msg.data_length
|
||||
|
||||
|
@ -3,9 +3,11 @@ from trezor.messages import MessageType
|
||||
|
||||
from apps.common import HARDENED
|
||||
|
||||
CURVE = "ed25519"
|
||||
|
||||
|
||||
def boot():
|
||||
ns = [["ed25519", HARDENED | 44, HARDENED | 134]]
|
||||
ns = [[CURVE, HARDENED | 44, HARDENED | 134]]
|
||||
wire.add(MessageType.LiskGetPublicKey, __name__, "get_public_key", ns)
|
||||
wire.add(MessageType.LiskGetAddress, __name__, "get_address", ns)
|
||||
wire.add(MessageType.LiskSignTx, __name__, "sign_tx", ns)
|
||||
|
@ -1,15 +1,16 @@
|
||||
from trezor.messages.LiskAddress import LiskAddress
|
||||
|
||||
from .helpers import LISK_CURVE, get_address_from_public_key, validate_full_path
|
||||
from .helpers import get_address_from_public_key, validate_full_path
|
||||
|
||||
from apps.common import paths
|
||||
from apps.common.layout import address_n_to_str, show_address, show_qr
|
||||
from apps.lisk import CURVE
|
||||
|
||||
|
||||
async def get_address(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE)
|
||||
|
||||
node = keychain.derive(msg.address_n, LISK_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
pubkey = node.public_key()
|
||||
pubkey = pubkey[1:] # skip ed25519 pubkey marker
|
||||
address = get_address_from_public_key(pubkey)
|
||||
|
@ -1,14 +1,14 @@
|
||||
from trezor.messages.LiskPublicKey import LiskPublicKey
|
||||
|
||||
from .helpers import LISK_CURVE, validate_full_path
|
||||
|
||||
from apps.common import layout, paths
|
||||
from apps.lisk import CURVE
|
||||
from apps.lisk.helpers import validate_full_path
|
||||
|
||||
|
||||
async def get_public_key(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE)
|
||||
|
||||
node = keychain.derive(msg.address_n, LISK_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
pubkey = node.public_key()
|
||||
pubkey = pubkey[1:] # skip ed25519 pubkey marker
|
||||
|
||||
|
@ -2,8 +2,6 @@ from trezor.crypto.hashlib import sha256
|
||||
|
||||
from apps.common import HARDENED
|
||||
|
||||
LISK_CURVE = "ed25519"
|
||||
|
||||
|
||||
def get_address_from_public_key(pubkey):
|
||||
pubkeyhash = sha256(pubkey).digest()
|
||||
|
@ -4,11 +4,11 @@ from trezor.messages.LiskMessageSignature import LiskMessageSignature
|
||||
from trezor.ui.text import Text
|
||||
from trezor.utils import HashWriter
|
||||
|
||||
from .helpers import LISK_CURVE, validate_full_path
|
||||
|
||||
from apps.common import paths
|
||||
from apps.common.confirm import require_confirm
|
||||
from apps.common.signverify import split_message
|
||||
from apps.lisk import CURVE
|
||||
from apps.lisk.helpers import validate_full_path
|
||||
from apps.wallet.sign_tx.writers import write_varint
|
||||
|
||||
|
||||
@ -23,10 +23,10 @@ def message_digest(message):
|
||||
|
||||
|
||||
async def sign_message(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE)
|
||||
await require_confirm_sign_message(ctx, msg.message)
|
||||
|
||||
node = keychain.derive(msg.address_n, LISK_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
seckey = node.private_key()
|
||||
pubkey = node.public_key()
|
||||
pubkey = pubkey[1:] # skip ed25519 pubkey marker
|
||||
|
@ -8,16 +8,12 @@ from trezor.messages.LiskSignedTx import LiskSignedTx
|
||||
from trezor.utils import HashWriter
|
||||
|
||||
from apps.common import paths
|
||||
from apps.lisk import layout
|
||||
from apps.lisk.helpers import (
|
||||
LISK_CURVE,
|
||||
get_address_from_public_key,
|
||||
validate_full_path,
|
||||
)
|
||||
from apps.lisk import CURVE, layout
|
||||
from apps.lisk.helpers import get_address_from_public_key, validate_full_path
|
||||
|
||||
|
||||
async def sign_tx(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(ctx, validate_full_path, keychain, msg.address_n, CURVE)
|
||||
|
||||
pubkey, seckey = _get_keys(keychain, msg)
|
||||
transaction = _update_raw_tx(msg.transaction, pubkey)
|
||||
@ -41,7 +37,7 @@ async def sign_tx(ctx, msg, keychain):
|
||||
|
||||
|
||||
def _get_keys(keychain, msg):
|
||||
node = keychain.derive(msg.address_n, LISK_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
|
||||
seckey = node.private_key()
|
||||
pubkey = node.public_key()
|
||||
|
@ -2,11 +2,13 @@ from trezor.messages.MoneroAddress import MoneroAddress
|
||||
|
||||
from apps.common import paths
|
||||
from apps.common.layout import address_n_to_str, show_address, show_qr
|
||||
from apps.monero import misc
|
||||
from apps.monero import CURVE, misc
|
||||
|
||||
|
||||
async def get_address(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, misc.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, misc.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
creds = misc.get_creds(keychain, msg.address_n, msg.network_type)
|
||||
|
||||
|
@ -20,7 +20,7 @@ from trezor.messages.MoneroGetTxKeyAck import MoneroGetTxKeyAck
|
||||
from trezor.messages.MoneroGetTxKeyRequest import MoneroGetTxKeyRequest
|
||||
|
||||
from apps.common import paths
|
||||
from apps.monero import misc
|
||||
from apps.monero import CURVE, misc
|
||||
from apps.monero.layout import confirms
|
||||
from apps.monero.xmr import crypto
|
||||
from apps.monero.xmr.crypto import chacha_poly
|
||||
@ -30,7 +30,9 @@ _GET_TX_KEY_REASON_TX_DERIVATION = 1
|
||||
|
||||
|
||||
async def get_tx_keys(ctx, msg: MoneroGetTxKeyRequest, keychain):
|
||||
await paths.validate_path(ctx, misc.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, misc.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
do_deriv = msg.reason == _GET_TX_KEY_REASON_TX_DERIVATION
|
||||
await confirms.require_confirm_tx_key(ctx, export_key=not do_deriv)
|
||||
|
@ -2,13 +2,15 @@ from trezor.messages.MoneroGetWatchKey import MoneroGetWatchKey
|
||||
from trezor.messages.MoneroWatchKey import MoneroWatchKey
|
||||
|
||||
from apps.common import paths
|
||||
from apps.monero import misc
|
||||
from apps.monero import CURVE, misc
|
||||
from apps.monero.layout import confirms
|
||||
from apps.monero.xmr import crypto
|
||||
|
||||
|
||||
async def get_watch_only(ctx, msg: MoneroGetWatchKey, keychain):
|
||||
await paths.validate_path(ctx, misc.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, misc.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
await confirms.require_confirm_watchkey(ctx)
|
||||
|
||||
|
@ -8,7 +8,7 @@ from trezor.messages.MoneroKeyImageSyncFinalAck import MoneroKeyImageSyncFinalAc
|
||||
from trezor.messages.MoneroKeyImageSyncStepAck import MoneroKeyImageSyncStepAck
|
||||
|
||||
from apps.common import paths
|
||||
from apps.monero import misc
|
||||
from apps.monero import CURVE, misc
|
||||
from apps.monero.layout import confirms
|
||||
from apps.monero.xmr import crypto, key_image, monero
|
||||
from apps.monero.xmr.crypto import chacha_poly
|
||||
@ -47,7 +47,9 @@ class KeyImageSync:
|
||||
|
||||
|
||||
async def _init_step(s, ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, misc.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, misc.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
s.creds = misc.get_creds(keychain, msg.address_n, msg.network_type)
|
||||
|
||||
|
@ -9,7 +9,7 @@ from trezor.messages.MoneroLiveRefreshStepAck import MoneroLiveRefreshStepAck
|
||||
from trezor.messages.MoneroLiveRefreshStepRequest import MoneroLiveRefreshStepRequest
|
||||
|
||||
from apps.common import paths
|
||||
from apps.monero import misc
|
||||
from apps.monero import CURVE, misc
|
||||
from apps.monero.layout import confirms
|
||||
from apps.monero.xmr import crypto, key_image, monero
|
||||
from apps.monero.xmr.crypto import chacha_poly
|
||||
@ -44,7 +44,9 @@ class LiveRefreshState:
|
||||
async def _init_step(
|
||||
s: LiveRefreshState, ctx, msg: MoneroLiveRefreshStartRequest, keychain
|
||||
):
|
||||
await paths.validate_path(ctx, misc.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, misc.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
await confirms.require_confirm_live_refresh(ctx)
|
||||
|
||||
|
@ -4,7 +4,7 @@ Initializes a new transaction.
|
||||
|
||||
import gc
|
||||
|
||||
from apps.monero import misc, signing
|
||||
from apps.monero import CURVE, misc, signing
|
||||
from apps.monero.layout import confirms
|
||||
from apps.monero.signing.state import State
|
||||
from apps.monero.xmr import crypto, monero
|
||||
@ -24,7 +24,9 @@ async def init_transaction(
|
||||
from apps.monero.signing import offloading_keys
|
||||
from apps.common import paths
|
||||
|
||||
await paths.validate_path(state.ctx, misc.validate_full_path, keychain, address_n)
|
||||
await paths.validate_path(
|
||||
state.ctx, misc.validate_full_path, keychain, address_n, CURVE
|
||||
)
|
||||
|
||||
state.creds = misc.get_creds(keychain, address_n, network_type)
|
||||
state.client_version = tsx_data.client_version or 0
|
||||
|
@ -3,11 +3,10 @@ from trezor.messages import MessageType
|
||||
|
||||
from apps.common import HARDENED
|
||||
|
||||
CURVE = "ed25519-keccak"
|
||||
|
||||
|
||||
def boot():
|
||||
ns = [
|
||||
["ed25519-keccak", HARDENED | 44, HARDENED | 43],
|
||||
["ed25519-keccak", HARDENED | 44, HARDENED | 1],
|
||||
]
|
||||
ns = [[CURVE, HARDENED | 44, HARDENED | 43], [CURVE, HARDENED | 44, HARDENED | 1]]
|
||||
wire.add(MessageType.NEMGetAddress, __name__, "get_address", ns)
|
||||
wire.add(MessageType.NEMSignTx, __name__, "sign_tx", ns)
|
||||
|
@ -1,17 +1,19 @@
|
||||
from trezor.messages.NEMAddress import NEMAddress
|
||||
|
||||
from .helpers import NEM_CURVE, check_path, get_network_str
|
||||
from .validators import validate_network
|
||||
|
||||
from apps.common.layout import address_n_to_str, show_address, show_qr
|
||||
from apps.common.paths import validate_path
|
||||
from apps.nem import CURVE
|
||||
from apps.nem.helpers import check_path, get_network_str
|
||||
from apps.nem.validators import validate_network
|
||||
|
||||
|
||||
async def get_address(ctx, msg, keychain):
|
||||
network = validate_network(msg.network)
|
||||
await validate_path(ctx, check_path, keychain, msg.address_n, network=network)
|
||||
await validate_path(
|
||||
ctx, check_path, keychain, msg.address_n, CURVE, network=network
|
||||
)
|
||||
|
||||
node = keychain.derive(msg.address_n, NEM_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
address = node.nem_address(network)
|
||||
|
||||
if msg.show_display:
|
||||
|
@ -5,7 +5,6 @@ from apps.common import HARDENED
|
||||
NEM_NETWORK_MAINNET = const(0x68)
|
||||
NEM_NETWORK_TESTNET = const(0x98)
|
||||
NEM_NETWORK_MIJIN = const(0x60)
|
||||
NEM_CURVE = "ed25519-keccak"
|
||||
|
||||
NEM_TRANSACTION_TYPE_TRANSFER = const(0x0101)
|
||||
NEM_TRANSACTION_TYPE_IMPORTANCE_TRANSFER = const(0x0801)
|
||||
|
@ -4,8 +4,8 @@ from trezor.messages.NEMSignTx import NEMSignTx
|
||||
|
||||
from apps.common import seed
|
||||
from apps.common.paths import validate_path
|
||||
from apps.nem import mosaic, multisig, namespace, transfer
|
||||
from apps.nem.helpers import NEM_CURVE, NEM_HASH_ALG, check_path
|
||||
from apps.nem import CURVE, mosaic, multisig, namespace, transfer
|
||||
from apps.nem.helpers import NEM_HASH_ALG, check_path
|
||||
from apps.nem.validators import validate
|
||||
|
||||
|
||||
@ -17,10 +17,11 @@ async def sign_tx(ctx, msg: NEMSignTx, keychain):
|
||||
check_path,
|
||||
keychain,
|
||||
msg.transaction.address_n,
|
||||
CURVE,
|
||||
network=msg.transaction.network,
|
||||
)
|
||||
|
||||
node = keychain.derive(msg.transaction.address_n, NEM_CURVE)
|
||||
node = keychain.derive(msg.transaction.address_n, CURVE)
|
||||
|
||||
if msg.multisig:
|
||||
public_key = msg.multisig.signer
|
||||
|
@ -3,8 +3,10 @@ from trezor.messages import MessageType
|
||||
|
||||
from apps.common import HARDENED
|
||||
|
||||
CURVE = "secp256k1"
|
||||
|
||||
|
||||
def boot():
|
||||
ns = [["secp256k1", HARDENED | 44, HARDENED | 144]]
|
||||
ns = [[CURVE, HARDENED | 44, HARDENED | 144]]
|
||||
wire.add(MessageType.RippleGetAddress, __name__, "get_address", ns)
|
||||
wire.add(MessageType.RippleSignTx, __name__, "sign_tx", ns)
|
||||
|
@ -3,11 +3,13 @@ from trezor.messages.RippleGetAddress import RippleGetAddress
|
||||
|
||||
from apps.common import paths
|
||||
from apps.common.layout import address_n_to_str, show_address, show_qr
|
||||
from apps.ripple import helpers
|
||||
from apps.ripple import CURVE, helpers
|
||||
|
||||
|
||||
async def get_address(ctx, msg: RippleGetAddress, keychain):
|
||||
await paths.validate_path(ctx, helpers.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, helpers.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
node = keychain.derive(msg.address_n)
|
||||
pubkey = node.public_key()
|
||||
|
@ -6,14 +6,16 @@ from trezor.messages.RippleSignTx import RippleSignTx
|
||||
from trezor.wire import ProcessError
|
||||
|
||||
from apps.common import paths
|
||||
from apps.ripple import helpers, layout
|
||||
from apps.ripple import CURVE, helpers, layout
|
||||
from apps.ripple.serialize import serialize
|
||||
|
||||
|
||||
async def sign_tx(ctx, msg: RippleSignTx, keychain):
|
||||
validate(msg)
|
||||
|
||||
await paths.validate_path(ctx, helpers.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, helpers.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
node = keychain.derive(msg.address_n)
|
||||
source_address = helpers.address_from_public_key(node.public_key())
|
||||
|
@ -3,8 +3,10 @@ from trezor.messages import MessageType
|
||||
|
||||
from apps.common import HARDENED
|
||||
|
||||
CURVE = "ed25519"
|
||||
|
||||
|
||||
def boot():
|
||||
ns = [["ed25519", HARDENED | 44, HARDENED | 148]]
|
||||
ns = [[CURVE, HARDENED | 44, HARDENED | 148]]
|
||||
wire.add(MessageType.StellarGetAddress, __name__, "get_address", ns)
|
||||
wire.add(MessageType.StellarSignTx, __name__, "sign_tx", ns)
|
||||
|
@ -2,7 +2,6 @@ from micropython import const
|
||||
|
||||
from trezor.messages import MessageType
|
||||
|
||||
STELLAR_CURVE = "ed25519"
|
||||
TX_TYPE = bytearray("\x00\x00\x00\x02")
|
||||
|
||||
# source: https://github.com/stellar/go/blob/3d2c1defe73dbfed00146ebe0e8d7e07ce4bb1b6/xdr/Stellar-transaction.x#L16
|
||||
|
@ -3,13 +3,15 @@ from trezor.messages.StellarGetAddress import StellarGetAddress
|
||||
|
||||
from apps.common import paths, seed
|
||||
from apps.common.layout import address_n_to_str, show_address, show_qr
|
||||
from apps.stellar import helpers
|
||||
from apps.stellar import CURVE, helpers
|
||||
|
||||
|
||||
async def get_address(ctx, msg: StellarGetAddress, keychain):
|
||||
await paths.validate_path(ctx, helpers.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, helpers.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
node = keychain.derive(msg.address_n, helpers.STELLAR_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
pubkey = seed.remove_ed25519_prefix(node.public_key())
|
||||
address = helpers.address_from_public_key(pubkey)
|
||||
|
||||
|
@ -5,8 +5,6 @@ from trezor.wire import ProcessError
|
||||
|
||||
from apps.common import HARDENED
|
||||
|
||||
STELLAR_CURVE = "ed25519"
|
||||
|
||||
|
||||
def public_key_from_address(address: str) -> bytes:
|
||||
"""Extracts public key from an address
|
||||
|
@ -8,14 +8,16 @@ from trezor.messages.StellarTxOpRequest import StellarTxOpRequest
|
||||
from trezor.wire import ProcessError
|
||||
|
||||
from apps.common import paths, seed
|
||||
from apps.stellar import consts, helpers, layout, writers
|
||||
from apps.stellar import CURVE, consts, helpers, layout, writers
|
||||
from apps.stellar.operations import process_operation
|
||||
|
||||
|
||||
async def sign_tx(ctx, msg: StellarSignTx, keychain):
|
||||
await paths.validate_path(ctx, helpers.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, helpers.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
node = keychain.derive(msg.address_n, consts.STELLAR_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
pubkey = seed.remove_ed25519_prefix(node.public_key())
|
||||
|
||||
if msg.num_operations == 0:
|
||||
|
@ -3,9 +3,11 @@ from trezor.messages import MessageType
|
||||
|
||||
from apps.common import HARDENED
|
||||
|
||||
CURVE = "ed25519"
|
||||
|
||||
|
||||
def boot():
|
||||
ns = [["ed25519", HARDENED | 44, HARDENED | 1729]]
|
||||
ns = [[CURVE, HARDENED | 44, HARDENED | 1729]]
|
||||
wire.add(MessageType.TezosGetAddress, __name__, "get_address", ns)
|
||||
wire.add(MessageType.TezosSignTx, __name__, "sign_tx", ns)
|
||||
wire.add(MessageType.TezosGetPublicKey, __name__, "get_public_key", ns)
|
||||
|
@ -3,13 +3,15 @@ from trezor.messages.TezosAddress import TezosAddress
|
||||
|
||||
from apps.common import paths, seed
|
||||
from apps.common.layout import address_n_to_str, show_address, show_qr
|
||||
from apps.tezos import helpers
|
||||
from apps.tezos import CURVE, helpers
|
||||
|
||||
|
||||
async def get_address(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, helpers.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, helpers.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
|
||||
pk = seed.remove_ed25519_prefix(node.public_key())
|
||||
pkh = hashlib.blake2b(pk, outlen=20).digest()
|
||||
|
@ -6,13 +6,15 @@ from trezor.utils import chunks
|
||||
|
||||
from apps.common import paths, seed
|
||||
from apps.common.confirm import require_confirm
|
||||
from apps.tezos import helpers
|
||||
from apps.tezos import CURVE, helpers
|
||||
|
||||
|
||||
async def get_public_key(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, helpers.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, helpers.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
pk = seed.remove_ed25519_prefix(node.public_key())
|
||||
pk_prefixed = helpers.base58_encode_check(pk, prefix=helpers.TEZOS_PUBLICKEY_PREFIX)
|
||||
|
||||
|
@ -4,7 +4,6 @@ from trezor.crypto import base58
|
||||
|
||||
from apps.common import HARDENED
|
||||
|
||||
TEZOS_CURVE = "ed25519"
|
||||
TEZOS_AMOUNT_DIVISIBILITY = const(6)
|
||||
TEZOS_ED25519_ADDRESS_PREFIX = "tz1"
|
||||
TEZOS_ORIGINATED_ADDRESS_PREFIX = "KT1"
|
||||
|
@ -6,13 +6,15 @@ from trezor.messages.TezosSignedTx import TezosSignedTx
|
||||
|
||||
from apps.common import paths
|
||||
from apps.common.writers import write_bytes, write_uint8
|
||||
from apps.tezos import helpers, layout
|
||||
from apps.tezos import CURVE, helpers, layout
|
||||
|
||||
|
||||
async def sign_tx(ctx, msg, keychain):
|
||||
await paths.validate_path(ctx, helpers.validate_full_path, keychain, msg.address_n)
|
||||
await paths.validate_path(
|
||||
ctx, helpers.validate_full_path, keychain, msg.address_n, CURVE
|
||||
)
|
||||
|
||||
node = keychain.derive(msg.address_n, helpers.TEZOS_CURVE)
|
||||
node = keychain.derive(msg.address_n, CURVE)
|
||||
|
||||
if msg.transaction is not None:
|
||||
to = _get_address_from_contract(msg.transaction.destination)
|
||||
|
@ -16,6 +16,7 @@ async def get_address(ctx, msg, keychain):
|
||||
addresses.validate_full_path,
|
||||
keychain,
|
||||
msg.address_n,
|
||||
coin.curve_name,
|
||||
coin=coin,
|
||||
script_type=msg.script_type,
|
||||
)
|
||||
|
@ -24,6 +24,7 @@ async def sign_message(ctx, msg, keychain):
|
||||
validate_full_path,
|
||||
keychain,
|
||||
msg.address_n,
|
||||
coin.curve_name,
|
||||
coin=coin,
|
||||
script_type=msg.script_type,
|
||||
validate_script_type=False,
|
||||
|
79
tests/test_apps.common.seed.py
Normal file
79
tests/test_apps.common.seed.py
Normal file
@ -0,0 +1,79 @@
|
||||
from common import *
|
||||
from apps.common import HARDENED
|
||||
from apps.common.seed import Keychain, _path_hardened
|
||||
from trezor import wire
|
||||
|
||||
|
||||
class TestKeychain(unittest.TestCase):
|
||||
|
||||
def test_validate_path(self):
|
||||
n = [
|
||||
["ed25519", 44 | HARDENED, 134 | HARDENED],
|
||||
["secp256k1", 44 | HARDENED, 11 | HARDENED],
|
||||
]
|
||||
k = Keychain(b"", n)
|
||||
|
||||
correct = (
|
||||
([44 | HARDENED, 134 | HARDENED], "ed25519"),
|
||||
([44 | HARDENED, 11 | HARDENED], "secp256k1"),
|
||||
([44 | HARDENED, 11 | HARDENED, 12], "secp256k1"),
|
||||
)
|
||||
for c in correct:
|
||||
self.assertEqual(None, k.validate_path(*c))
|
||||
|
||||
fails = [
|
||||
([44 | HARDENED, 134], "ed25519"), # path does not match
|
||||
([44 | HARDENED, 134], "secp256k1"), # curve and path does not match
|
||||
([44 | HARDENED, 134 | HARDENED], "nist256p"), # curve not included
|
||||
([44, 134], "ed25519"), # path does not match (non-hardened items)
|
||||
([44 | HARDENED, 134 | HARDENED, 123], "ed25519"), # non-hardened item in ed25519
|
||||
([44 | HARDENED, 13 | HARDENED], "secp256k1"), # invalid second item
|
||||
]
|
||||
for f in fails:
|
||||
with self.assertRaises(wire.DataError):
|
||||
k.validate_path(*f)
|
||||
|
||||
def test_validate_path_special_ed25519(self):
|
||||
n = [
|
||||
["ed25519-keccak", 44 | HARDENED, 134 | HARDENED],
|
||||
]
|
||||
k = Keychain(b"", n)
|
||||
|
||||
correct = (
|
||||
([44 | HARDENED, 134 | HARDENED], "ed25519-keccak"),
|
||||
)
|
||||
for c in correct:
|
||||
self.assertEqual(None, k.validate_path(*c))
|
||||
|
||||
fails = [
|
||||
([44 | HARDENED, 134 | HARDENED, 1], "ed25519-keccak"),
|
||||
]
|
||||
for f in fails:
|
||||
with self.assertRaises(wire.DataError):
|
||||
k.validate_path(*f)
|
||||
|
||||
def test_validate_path_empty_namespace(self):
|
||||
k = Keychain(b"", [["secp256k1"]])
|
||||
correct = (
|
||||
([], "secp256k1"),
|
||||
([1, 2, 3, 4], "secp256k1"),
|
||||
([44 | HARDENED, 11 | HARDENED], "secp256k1"),
|
||||
([44 | HARDENED, 11 | HARDENED, 12], "secp256k1"),
|
||||
)
|
||||
for c in correct:
|
||||
self.assertEqual(None, k.validate_path(*c))
|
||||
|
||||
with self.assertRaises(wire.DataError):
|
||||
k.validate_path([1, 2, 3, 4], "ed25519")
|
||||
k.validate_path([], "ed25519")
|
||||
|
||||
def test_path_hardened(self):
|
||||
self.assertTrue(_path_hardened([44 | HARDENED, 1 | HARDENED, 0 | HARDENED]))
|
||||
self.assertTrue(_path_hardened([0 | HARDENED, ]))
|
||||
|
||||
self.assertFalse(_path_hardened([44, 44 | HARDENED, 0 | HARDENED]))
|
||||
self.assertFalse(_path_hardened([0, ]))
|
||||
self.assertFalse(_path_hardened([44 | HARDENED, 1 | HARDENED, 0 | HARDENED, 0 | HARDENED, 0]))
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
@ -1,7 +1,8 @@
|
||||
from common import *
|
||||
from ubinascii import unhexlify
|
||||
from trezor.crypto import bip32
|
||||
from apps.nem.helpers import NEM_NETWORK_MAINNET, NEM_CURVE
|
||||
from apps.nem import CURVE
|
||||
from apps.nem.helpers import NEM_NETWORK_MAINNET
|
||||
|
||||
|
||||
class TestNemHDNode(unittest.TestCase):
|
||||
@ -81,7 +82,7 @@ class TestNemHDNode(unittest.TestCase):
|
||||
child_num=0,
|
||||
chain_code=bytearray(32),
|
||||
private_key=private_key,
|
||||
curve_name=NEM_CURVE
|
||||
curve_name=CURVE
|
||||
)
|
||||
|
||||
self.assertEqual(node.nem_address(NEM_NETWORK_MAINNET), test[2])
|
||||
@ -222,7 +223,7 @@ class TestNemHDNode(unittest.TestCase):
|
||||
child_num=0,
|
||||
chain_code=bytearray(32),
|
||||
private_key=private_key,
|
||||
curve_name=NEM_CURVE
|
||||
curve_name=CURVE
|
||||
)
|
||||
|
||||
encrypted = node.nem_encrypt(unhexlify(test['public']),
|
||||
|
Loading…
Reference in New Issue
Block a user