refactor(core): remove compressed from sign_recoverable()

[no changelog]

core/embed/upymod/modtrezorcrypto/modtrezorcrypto-nist256p1.h

@@ -88,18 +88,17 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
     mod_trezorcrypto_nist256p1_publickey);
 
 /// def sign_recoverable(
-///     secret_key: bytes, digest: bytes, compressed: bool = True
+///     secret_key: bytes, digest: bytes
 /// ) -> bytes:
 ///     """
 ///     Uses secret key to produce the signature of the digest.
 ///     """
 STATIC mp_obj_t mod_trezorcrypto_nist256p1_sign_recoverable(
-    size_t n_args, const mp_obj_t *args) {
+    const mp_obj_t secret_key, const mp_obj_t digest) {
   mp_buffer_info_t sk = {0};
   mp_buffer_info_t dig = {0};
-  mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ);
-  mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ);
-  bool compressed = n_args < 3 || args[2] == mp_const_true;
+  mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
+  mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
   if (sk.len != 32) {
     mp_raise_ValueError("Invalid length of secret key");
   }
@@ -115,11 +114,11 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_sign_recoverable(
     vstr_clear(&sig);
     mp_raise_ValueError("Signing failed");
   }
-  sig.buf[0] = 27 + pby + compressed * 4;
+  sig.buf[0] = 27 + pby;
   return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
 }
-STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
-    mod_trezorcrypto_nist256p1_sign_recoverable_obj, 2, 3,
+STATIC MP_DEFINE_CONST_FUN_OBJ_2(
+    mod_trezorcrypto_nist256p1_sign_recoverable_obj,
     mod_trezorcrypto_nist256p1_sign_recoverable);
 
 /// def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
@@ -151,8 +150,7 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_verify(mp_obj_t public_key,
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_nist256p1_verify_obj,
                                  mod_trezorcrypto_nist256p1_verify);
-/// def verify_recover(signature: bytes, digest: bytes, compressed: bool = True)
-/// -> bytes:
+/// def verify_recover(signature: bytes, digest: bytes) -> bytes:
 ///     """
 ///     Uses signature of the digest to verify the digest and recover the public
 ///     key. Returns public key on success, None if the signature is invalid.

core/embed/upymod/modtrezorcrypto/modtrezorcrypto-secp256k1.h

@@ -117,7 +117,6 @@ enum {
 /// def sign_recoverable(
 ///     secret_key: bytes,
 ///     digest: bytes,
-///     compressed: bool = True,
 ///     canonical: int | None = None,
 /// ) -> bytes:
 ///     """
@@ -129,10 +128,9 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_sign_recoverable(
   mp_buffer_info_t dig = {0};
   mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ);
   mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ);
-  bool compressed = (n_args < 3) || (args[2] == mp_const_true);
   int (*is_canonical)(uint8_t by, uint8_t sig[64]) = NULL;
 #if !BITCOIN_ONLY
-  mp_int_t canonical = (n_args > 3) ? mp_obj_get_int(args[3]) : 0;
+  mp_int_t canonical = (n_args > 2) ? mp_obj_get_int(args[2]) : 0;
   switch (canonical) {
     case CANONICAL_SIG_ETHEREUM:
       is_canonical = ethereum_is_canonical;
@@ -157,11 +155,11 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_sign_recoverable(
     vstr_clear(&sig);
     mp_raise_ValueError("Signing failed");
   }
-  sig.buf[0] = 27 + pby + compressed * 4;
+  sig.buf[0] = 27 + pby;
   return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
-    mod_trezorcrypto_secp256k1_sign_recoverable_obj, 2, 4,
+    mod_trezorcrypto_secp256k1_sign_recoverable_obj, 2, 3,
     mod_trezorcrypto_secp256k1_sign_recoverable);
 
 /// def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:

core/mocks/generated/trezorcrypto/nist256p1.pyi

@@ -17,7 +17,7 @@ def publickey(secret_key: bytes, compressed: bool = True) -> bytes:
 
 # upymod/modtrezorcrypto/modtrezorcrypto-nist256p1.h
 def sign_recoverable(
-    secret_key: bytes, digest: bytes, compressed: bool = True
+    secret_key: bytes, digest: bytes
 ) -> bytes:
     """
     Uses secret key to produce the signature of the digest.
@@ -33,8 +33,7 @@ def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
 
 
 # upymod/modtrezorcrypto/modtrezorcrypto-nist256p1.h
-def verify_recover(signature: bytes, digest: bytes, compressed: bool = True)
--> bytes:
+def verify_recover(signature: bytes, digest: bytes) -> bytes:
     """
     Uses signature of the digest to verify the digest and recover the public
     key. Returns public key on success, None if the signature is invalid.

core/mocks/generated/trezorcrypto/secp256k1.pyi

@@ -21,7 +21,6 @@ CANONICAL_SIG_EOS: int = 2
 def sign_recoverable(
     secret_key: bytes,
     digest: bytes,
-    compressed: bool = True,
     canonical: int | None = None,
 ) -> bytes:
     """

core/src/apps/eos/sign_tx.py

@@ -52,7 +52,7 @@ async def sign_tx(msg: EosSignTx, keychain: Keychain) -> EosSignedTx:
 
     digest = sha.get_digest()
     signature = secp256k1.sign_recoverable(
-        node.private_key(), digest, False, secp256k1.CANONICAL_SIG_EOS
+        node.private_key(), digest, secp256k1.CANONICAL_SIG_EOS
     )
 
     return EosSignedTx(signature=encode_signature(signature))

core/src/apps/ethereum/sign_message.py

@@ -49,7 +49,6 @@ async def sign_message(
     signature = secp256k1.sign_recoverable(
         node.private_key(),
         message_digest(msg.message),
-        False,
         secp256k1.CANONICAL_SIG_ETHEREUM,
     )
 

core/src/apps/ethereum/sign_tx.py

@@ -263,7 +263,7 @@ def _sign_digest(
 
     node = keychain.derive(msg.address_n)
     signature = secp256k1.sign_recoverable(
-        node.private_key(), digest, False, secp256k1.CANONICAL_SIG_ETHEREUM
+        node.private_key(), digest, secp256k1.CANONICAL_SIG_ETHEREUM
     )
 
     req = EthereumTxRequest()

core/src/apps/ethereum/sign_tx_eip1559.py

@@ -159,7 +159,7 @@ def _sign_digest(
 
     node = keychain.derive(msg.address_n)
     signature = secp256k1.sign_recoverable(
-        node.private_key(), digest, False, secp256k1.CANONICAL_SIG_ETHEREUM
+        node.private_key(), digest, secp256k1.CANONICAL_SIG_ETHEREUM
     )
 
     req = EthereumTxRequest()

core/src/apps/ethereum/sign_typed_data.py

@@ -49,7 +49,7 @@ async def sign_typed_data(
     )
 
     signature = secp256k1.sign_recoverable(
-        node.private_key(), data_hash, False, secp256k1.CANONICAL_SIG_ETHEREUM
+        node.private_key(), data_hash, secp256k1.CANONICAL_SIG_ETHEREUM
     )
 
     return EthereumTypedDataSignature(

core/src/apps/misc/sign_identity.py

@@ -105,6 +105,8 @@ def sign_challenge(
     sigtype: str | coininfo.CoinInfo,
     curve: str,
 ) -> bytes:
+    from trezor.crypto.signature import encode_bip137_signature
+    from trezor.enums import InputScriptType
     from trezor.wire import DataError
 
     from apps.common.signverify import message_digest
@@ -149,5 +151,7 @@ def sign_challenge(
         signature = b"\x00" + signature
     elif sigtype in ("gpg", "ssh"):
         signature = b"\x00" + signature[1:]
+    else:
+        signature = encode_bip137_signature(signature, InputScriptType.SPENDADDRESS)
 
     return signature

core/src/apps/webauthn/credential.py

@@ -95,7 +95,7 @@ class Credential:
         dig = hashlib.sha256()
         for segment in data:
             dig.update(segment)
-        sig = nist256p1.sign_recoverable(self._private_key(), dig.digest(), False)
+        sig = nist256p1.sign_recoverable(self._private_key(), dig.digest())
         return encode_der_signature(sig)
 
     def bogus_signature(self) -> bytes:

core/src/apps/webauthn/fido2.py

@@ -1309,7 +1309,7 @@ def basic_attestation_sign(data: Iterable[bytes]) -> bytes:
     dig = hashlib.sha256()
     for segment in data:
         dig.update(segment)
-    sig = nist256p1.sign_recoverable(_FIDO_ATT_PRIV_KEY, dig.digest(), False)
+    sig = nist256p1.sign_recoverable(_FIDO_ATT_PRIV_KEY, dig.digest())
     return encode_der_signature(sig)