chore(legacy): remove CoSi functionality

2 years ago · 3602a8dde9
parent 2e10618876
commit 3602a8dde9
9 changed files with 14 additions and 157 deletions
--- a/common/protob/messages.proto
+++ b/common/protob/messages.proto
@ -169,6 +169,7 @@ enum MessageType {
    MessageType_SignedIdentity = 54 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_GetECDHSessionKey = 61 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_ECDHSessionKey = 62 [(bitcoin_only) = true, (wire_out) = true];
+
    MessageType_CosiCommit = 71 [(bitcoin_only) = true, (wire_in) = true];
    MessageType_CosiCommitment = 72 [(bitcoin_only) = true, (wire_out) = true];
    MessageType_CosiSign = 73 [(bitcoin_only) = true, (wire_in) = true];
--- a/legacy/firmware/.changelog.d/2675.removed
+++ b/legacy/firmware/.changelog.d/2675.removed
@ -0,0 +1 @@
+CoSi functionality
--- a/legacy/firmware/config.c
+++ b/legacy/firmware/config.c
@ -1026,7 +1026,6 @@ void config_wipe(void) {
  storage_set(KEY_VERSION, &CONFIG_VERSION, sizeof(CONFIG_VERSION));
  session_clear(false);
  fsm_abortWorkflows();
-  fsm_clearCosiNonce();

 #if USE_BIP32_CACHE
  bip32_cache_clear();
--- a/legacy/firmware/fsm.h
+++ b/legacy/firmware/fsm.h
@ -95,9 +95,6 @@ void fsm_msgUnlockPath(const UnlockPath *msg);
 void fsm_msgCipherKeyValue(const CipherKeyValue *msg);
 void fsm_msgSignIdentity(const SignIdentity *msg);
 void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg);
-void fsm_msgCosiCommit(const CosiCommit *msg);
-void fsm_msgCosiSign(const CosiSign *msg);
-void fsm_clearCosiNonce(void);

 // debug
 #if DEBUG_LINK
--- a/legacy/firmware/fsm_msg_crypto.h
+++ b/legacy/firmware/fsm_msg_crypto.h
@ -17,10 +17,6 @@
 * along with this library.  If not, see <http://www.gnu.org/licenses/>.
 */

-static uint8_t cosi_nonce[32] = {0};
-static uint8_t cosi_commitment[32] = {0};
-static bool cosi_nonce_is_set = false;
-
 void fsm_msgCipherKeyValue(const CipherKeyValue *msg) {
  CHECK_INITIALIZED

@ -238,103 +234,3 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) {
  }
  layoutHome();
 }
-
-static bool fsm_checkCosiPath(uint32_t address_n_count,
-                              const uint32_t *address_n) {
-  // The path should typically match "m / 10018' / [0-9]'", but we allow
-  // any path from the SLIP-18 domain "m / 10018' / *".
-  if (address_n_count >= 1 && address_n[0] == PATH_HARDENED + 10018) {
-    return true;
-  }
-
-  if (config_getSafetyCheckLevel() == SafetyCheckLevel_Strict) {
-    fsm_sendFailure(FailureType_Failure_DataError, _("Forbidden key path"));
-    return false;
-  }
-
-  return fsm_layoutPathWarning();
-}
-
-void fsm_msgCosiCommit(const CosiCommit *msg) {
-  RESP_INIT(CosiCommitment);
-
-  CHECK_INITIALIZED
-
-  CHECK_PIN
-
-  if (!fsm_checkCosiPath(msg->address_n_count, msg->address_n)) {
-    layoutHome();
-    return;
-  }
-
-  const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
-                                          msg->address_n_count, NULL);
-  if (!node) return;
-
-  if (!cosi_nonce_is_set) {
-    ed25519_cosi_commit(cosi_nonce, cosi_commitment);
-    cosi_nonce_is_set = true;
-  }
-
-  resp->commitment.size = 32;
-  resp->pubkey.size = 32;
-
-  memcpy(resp->commitment.bytes, cosi_commitment, sizeof(cosi_commitment));
-  ed25519_publickey(node->private_key, resp->pubkey.bytes);
-
-  msg_write(MessageType_MessageType_CosiCommitment, resp);
-  layoutHome();
-}
-
-void fsm_msgCosiSign(const CosiSign *msg) {
-  RESP_INIT(CosiSignature);
-
-  CHECK_INITIALIZED
-
-  CHECK_PARAM(msg->global_commitment.size == 32,
-              _("Invalid global commitment"));
-  CHECK_PARAM(msg->global_pubkey.size == 32, _("Invalid global pubkey"));
-
-  if (!cosi_nonce_is_set) {
-    fsm_sendFailure(FailureType_Failure_ProcessError, _("CoSi nonce not set"));
-    layoutHome();
-    return;
-  }
-
-  if (!fsm_checkCosiPath(msg->address_n_count, msg->address_n)) {
-    layoutHome();
-    return;
-  }
-
-  CHECK_PIN
-
-  layoutCosiSign(msg->address_n, msg->address_n_count, msg->data.bytes,
-                 msg->data.size);
-  if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
-    fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);
-    layoutHome();
-    return;
-  }
-
-  const HDNode *node = fsm_getDerivedNode(ED25519_NAME, msg->address_n,
-                                          msg->address_n_count, NULL);
-  if (!node) return;
-
-  resp->signature.size = 32;
-  cosi_nonce_is_set = false;
-
-  if (ed25519_cosi_sign(msg->data.bytes, msg->data.size, node->private_key,
-                        cosi_nonce, msg->global_commitment.bytes,
-                        msg->global_pubkey.bytes, resp->signature.bytes) == 0) {
-    msg_write(MessageType_MessageType_CosiSignature, resp);
-  } else {
-    fsm_sendFailure(FailureType_Failure_FirmwareError, NULL);
-  }
-  fsm_clearCosiNonce();
-  layoutHome();
-}
-
-void fsm_clearCosiNonce(void) {
-  cosi_nonce_is_set = false;
-  memzero(cosi_nonce, sizeof(cosi_nonce));
-}
--- a/legacy/firmware/layout2.c
+++ b/legacy/firmware/layout2.c
@ -1339,39 +1339,6 @@ void layoutNEMLevy(const NEMMosaicDefinition *definition, uint8_t network) {

 #endif

-static inline bool is_slip18(const uint32_t *address_n,
-                             size_t address_n_count) {
-  // m / 10018' / [0-9]'
-  return address_n_count == 2 && address_n[0] == (PATH_HARDENED + 10018) &&
-         (address_n[1] & PATH_HARDENED) &&
-         (address_n[1] & PATH_UNHARDEN_MASK) <= 9;
-}
-
-void layoutCosiSign(const uint32_t *address_n, size_t address_n_count,
-                    const uint8_t *data, uint32_t len) {
-  char *desc = _("CoSi sign message?");
-  char desc_buf[32] = {0};
-  if (is_slip18(address_n, address_n_count)) {
-    strlcpy(desc_buf, _("CoSi sign index #?"), sizeof(desc_buf));
-    desc_buf[16] = '0' + (address_n[1] & PATH_UNHARDEN_MASK);
-    desc = desc_buf;
-  }
-  char str[4][17] = {0};
-  if (len == 32) {
-    data2hex(data, 8, str[0]);
-    data2hex(data + 8, 8, str[1]);
-    data2hex(data + 16, 8, str[2]);
-    data2hex(data + 24, 8, str[3]);
-  } else {
-    strlcpy(str[0], "Data", sizeof(str[0]));
-    strlcpy(str[1], "of", sizeof(str[1]));
-    strlcpy(str[2], "unsupported", sizeof(str[2]));
-    strlcpy(str[3], "length", sizeof(str[3]));
-  }
-  layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), desc, str[0],
-                    str[1], str[2], str[3], NULL, NULL);
-}
-
 void layoutConfirmAutoLockDelay(uint32_t delay_ms) {
  char line[sizeof("after 4294967296 minutes?")] = {0};

--- a/legacy/firmware/layout2.h
+++ b/legacy/firmware/layout2.h
@ -116,9 +116,6 @@ void layoutNEMTransferPayload(const uint8_t *payload, size_t length,
 void layoutNEMMosaicDescription(const char *description);
 void layoutNEMLevy(const NEMMosaicDefinition *definition, uint8_t network);

-void layoutCosiSign(const uint32_t *address_n, size_t address_n_count,
-                    const uint8_t *data, uint32_t len);
-
 void layoutConfirmAutoLockDelay(uint32_t delay_ms);
 void layoutConfirmSafetyChecks(SafetyCheckLevel safety_checks_level);

--- a/legacy/firmware/protob/messages-crypto.options
+++ b/legacy/firmware/protob/messages-crypto.options
@ -5,19 +5,6 @@ CipherKeyValue.iv                       max_size:16

 CipheredKeyValue.value                  max_size:1024

-CosiCommit.address_n                    max_count:8
-CosiCommit.data                         type:FT_IGNORE
-
-CosiCommitment.commitment               max_size:32
-CosiCommitment.pubkey                   max_size:32
-
-CosiSign.address_n                      max_count:8
-CosiSign.data                           max_size:32
-CosiSign.global_commitment              max_size:32
-CosiSign.global_pubkey                  max_size:32
-
-CosiSignature.signature                 max_size:32
-
 SignIdentity.challenge_hidden           max_size:512
 SignIdentity.challenge_visual           max_size:256
 SignIdentity.ecdsa_curve_name           max_size:32
@ -37,3 +24,10 @@ GetECDHSessionKey.ecdsa_curve_name      max_size:32

 ECDHSessionKey.session_key              max_size:65
 ECDHSessionKey.public_key               max_size:33
+
+# Unused messages.
+# TODO might delete as-well?
+CosiCommit                              skip_message:true
+CosiCommitment                          skip_message:true
+CosiSign                                skip_message:true
+CosiSignature                           skip_message:true
--- a/tests/device_tests/misc/test_cosi.py
+++ b/tests/device_tests/misc/test_cosi.py
@ -26,6 +26,7 @@ from trezorlib.tools import H_, Address, parse_path
 DIGEST = sha256(b"this is not a pipe").digest()


+@pytest.mark.skip_t1
 def test_cosi_pubkey(client: Client):
    c0 = cosi.commit(client, parse_path("m/10018h/0h"))
    c1 = cosi.commit(client, parse_path("m/10018h/1h"))
@ -36,6 +37,7 @@ def test_cosi_pubkey(client: Client):
    assert c1.pubkey != c2.pubkey


+@pytest.mark.skip_t1
 def test_cosi_nonce(client: Client):
    # The nonce/commitment must change after each signing.
    c0 = cosi.commit(client, parse_path("m/10018h/0h"))
@ -44,6 +46,7 @@ def test_cosi_nonce(client: Client):
    assert c0.commitment != c1.commitment


+@pytest.mark.skip_t1
 def test_cosi_sign1(client: Client):
    # Single party signature.
    commit = cosi.commit(client, parse_path("m/10018h/0h"))
@ -54,6 +57,7 @@ def test_cosi_sign1(client: Client):
    cosi.verify_combined(signature, DIGEST, commit.pubkey)


+@pytest.mark.skip_t1
 def test_cosi_sign2(client: Client):
    # Two party signature.
    remote_commit = cosi.commit(client, parse_path("m/10018h/1h"))
@ -76,6 +80,7 @@ def test_cosi_sign2(client: Client):
    cosi.verify_combined(signature, DIGEST, global_pk)


+@pytest.mark.skip_t1
 def test_cosi_sign3(client: Client):
    # Three party signature.
    remote_commit = cosi.commit(client, parse_path("m/10018h/2h"))