mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-06-28 02:42:34 +00:00
refactor(core): remove compressed from sign_recoverable()
[no changelog]
This commit is contained in:
Ondřej Vejpustek
parent
6f2130f1ee
commit
4d0edf50d7
@ -88,18 +88,17 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
|||||||
mod_trezorcrypto_nist256p1_publickey);
|
mod_trezorcrypto_nist256p1_publickey);
|
||||||
|
|
||||||
/// def sign_recoverable(
|
/// def sign_recoverable(
|
||||||
/// secret_key: bytes, digest: bytes, compressed: bool = True
|
/// secret_key: bytes, digest: bytes
|
||||||
/// ) -> bytes:
|
/// ) -> bytes:
|
||||||
/// """
|
/// """
|
||||||
/// Uses secret key to produce the signature of the digest.
|
/// Uses secret key to produce the signature of the digest.
|
||||||
/// """
|
/// """
|
||||||
STATIC mp_obj_t mod_trezorcrypto_nist256p1_sign_recoverable(
|
STATIC mp_obj_t mod_trezorcrypto_nist256p1_sign_recoverable(
|
||||||
size_t n_args, const mp_obj_t *args) {
|
const mp_obj_t secret_key, const mp_obj_t digest) {
|
||||||
mp_buffer_info_t sk = {0};
|
mp_buffer_info_t sk = {0};
|
||||||
mp_buffer_info_t dig = {0};
|
mp_buffer_info_t dig = {0};
|
||||||
mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ);
|
mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
|
||||||
mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ);
|
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
|
||||||
bool compressed = n_args < 3 || args[2] == mp_const_true;
|
|
||||||
if (sk.len != 32) {
|
if (sk.len != 32) {
|
||||||
mp_raise_ValueError("Invalid length of secret key");
|
mp_raise_ValueError("Invalid length of secret key");
|
||||||
}
|
}
|
||||||
@ -115,11 +114,11 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_sign_recoverable(
|
|||||||
vstr_clear(&sig);
|
vstr_clear(&sig);
|
||||||
mp_raise_ValueError("Signing failed");
|
mp_raise_ValueError("Signing failed");
|
||||||
}
|
}
|
||||||
sig.buf[0] = 27 + pby + compressed * 4;
|
sig.buf[0] = 27 + pby;
|
||||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
||||||
}
|
}
|
||||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
STATIC MP_DEFINE_CONST_FUN_OBJ_2(
|
||||||
mod_trezorcrypto_nist256p1_sign_recoverable_obj, 2, 3,
|
mod_trezorcrypto_nist256p1_sign_recoverable_obj,
|
||||||
mod_trezorcrypto_nist256p1_sign_recoverable);
|
mod_trezorcrypto_nist256p1_sign_recoverable);
|
||||||
|
|
||||||
/// def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
|
/// def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
|
||||||
@ -151,8 +150,7 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_verify(mp_obj_t public_key,
|
|||||||
}
|
}
|
||||||
STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_nist256p1_verify_obj,
|
STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_nist256p1_verify_obj,
|
||||||
mod_trezorcrypto_nist256p1_verify);
|
mod_trezorcrypto_nist256p1_verify);
|
||||||
/// def verify_recover(signature: bytes, digest: bytes, compressed: bool = True)
|
/// def verify_recover(signature: bytes, digest: bytes) -> bytes:
|
||||||
/// -> bytes:
|
|
||||||
/// """
|
/// """
|
||||||
/// Uses signature of the digest to verify the digest and recover the public
|
/// Uses signature of the digest to verify the digest and recover the public
|
||||||
/// key. Returns public key on success, None if the signature is invalid.
|
/// key. Returns public key on success, None if the signature is invalid.
|
||||||
|
|||||||
@ -117,7 +117,6 @@ enum {
|
|||||||
/// def sign_recoverable(
|
/// def sign_recoverable(
|
||||||
/// secret_key: bytes,
|
/// secret_key: bytes,
|
||||||
/// digest: bytes,
|
/// digest: bytes,
|
||||||
/// compressed: bool = True,
|
|
||||||
/// canonical: int | None = None,
|
/// canonical: int | None = None,
|
||||||
/// ) -> bytes:
|
/// ) -> bytes:
|
||||||
/// """
|
/// """
|
||||||
@ -129,10 +128,9 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_sign_recoverable(
|
|||||||
mp_buffer_info_t dig = {0};
|
mp_buffer_info_t dig = {0};
|
||||||
mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ);
|
mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ);
|
||||||
mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ);
|
mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ);
|
||||||
bool compressed = (n_args < 3) || (args[2] == mp_const_true);
|
|
||||||
int (*is_canonical)(uint8_t by, uint8_t sig[64]) = NULL;
|
int (*is_canonical)(uint8_t by, uint8_t sig[64]) = NULL;
|
||||||
#if !BITCOIN_ONLY
|
#if !BITCOIN_ONLY
|
||||||
mp_int_t canonical = (n_args > 3) ? mp_obj_get_int(args[3]) : 0;
|
mp_int_t canonical = (n_args > 2) ? mp_obj_get_int(args[2]) : 0;
|
||||||
switch (canonical) {
|
switch (canonical) {
|
||||||
case CANONICAL_SIG_ETHEREUM:
|
case CANONICAL_SIG_ETHEREUM:
|
||||||
is_canonical = ethereum_is_canonical;
|
is_canonical = ethereum_is_canonical;
|
||||||
@ -157,11 +155,11 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_sign_recoverable(
|
|||||||
vstr_clear(&sig);
|
vstr_clear(&sig);
|
||||||
mp_raise_ValueError("Signing failed");
|
mp_raise_ValueError("Signing failed");
|
||||||
}
|
}
|
||||||
sig.buf[0] = 27 + pby + compressed * 4;
|
sig.buf[0] = 27 + pby;
|
||||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
||||||
}
|
}
|
||||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||||
mod_trezorcrypto_secp256k1_sign_recoverable_obj, 2, 4,
|
mod_trezorcrypto_secp256k1_sign_recoverable_obj, 2, 3,
|
||||||
mod_trezorcrypto_secp256k1_sign_recoverable);
|
mod_trezorcrypto_secp256k1_sign_recoverable);
|
||||||
|
|
||||||
/// def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
|
/// def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
|
||||||
|
|||||||
@ -17,7 +17,7 @@ def publickey(secret_key: bytes, compressed: bool = True) -> bytes:
|
|||||||
|
|
||||||
# upymod/modtrezorcrypto/modtrezorcrypto-nist256p1.h
|
# upymod/modtrezorcrypto/modtrezorcrypto-nist256p1.h
|
||||||
def sign_recoverable(
|
def sign_recoverable(
|
||||||
secret_key: bytes, digest: bytes, compressed: bool = True
|
secret_key: bytes, digest: bytes
|
||||||
) -> bytes:
|
) -> bytes:
|
||||||
"""
|
"""
|
||||||
Uses secret key to produce the signature of the digest.
|
Uses secret key to produce the signature of the digest.
|
||||||
@ -33,8 +33,7 @@ def verify(public_key: bytes, signature: bytes, digest: bytes) -> bool:
|
|||||||
|
|
||||||
|
|
||||||
# upymod/modtrezorcrypto/modtrezorcrypto-nist256p1.h
|
# upymod/modtrezorcrypto/modtrezorcrypto-nist256p1.h
|
||||||
def verify_recover(signature: bytes, digest: bytes, compressed: bool = True)
|
def verify_recover(signature: bytes, digest: bytes) -> bytes:
|
||||||
-> bytes:
|
|
||||||
"""
|
"""
|
||||||
Uses signature of the digest to verify the digest and recover the public
|
Uses signature of the digest to verify the digest and recover the public
|
||||||
key. Returns public key on success, None if the signature is invalid.
|
key. Returns public key on success, None if the signature is invalid.
|
||||||
|
|||||||
@ -21,7 +21,6 @@ CANONICAL_SIG_EOS: int = 2
|
|||||||
def sign_recoverable(
|
def sign_recoverable(
|
||||||
secret_key: bytes,
|
secret_key: bytes,
|
||||||
digest: bytes,
|
digest: bytes,
|
||||||
compressed: bool = True,
|
|
||||||
canonical: int | None = None,
|
canonical: int | None = None,
|
||||||
) -> bytes:
|
) -> bytes:
|
||||||
"""
|
"""
|
||||||
|
|||||||
@ -52,7 +52,7 @@ async def sign_tx(msg: EosSignTx, keychain: Keychain) -> EosSignedTx:
|
|||||||
|
|
||||||
digest = sha.get_digest()
|
digest = sha.get_digest()
|
||||||
signature = secp256k1.sign_recoverable(
|
signature = secp256k1.sign_recoverable(
|
||||||
node.private_key(), digest, False, secp256k1.CANONICAL_SIG_EOS
|
node.private_key(), digest, secp256k1.CANONICAL_SIG_EOS
|
||||||
)
|
)
|
||||||
|
|
||||||
return EosSignedTx(signature=encode_signature(signature))
|
return EosSignedTx(signature=encode_signature(signature))
|
||||||
|
|||||||
@ -49,7 +49,6 @@ async def sign_message(
|
|||||||
signature = secp256k1.sign_recoverable(
|
signature = secp256k1.sign_recoverable(
|
||||||
node.private_key(),
|
node.private_key(),
|
||||||
message_digest(msg.message),
|
message_digest(msg.message),
|
||||||
False,
|
|
||||||
secp256k1.CANONICAL_SIG_ETHEREUM,
|
secp256k1.CANONICAL_SIG_ETHEREUM,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|||||||
@ -263,7 +263,7 @@ def _sign_digest(
|
|||||||
|
|
||||||
node = keychain.derive(msg.address_n)
|
node = keychain.derive(msg.address_n)
|
||||||
signature = secp256k1.sign_recoverable(
|
signature = secp256k1.sign_recoverable(
|
||||||
node.private_key(), digest, False, secp256k1.CANONICAL_SIG_ETHEREUM
|
node.private_key(), digest, secp256k1.CANONICAL_SIG_ETHEREUM
|
||||||
)
|
)
|
||||||
|
|
||||||
req = EthereumTxRequest()
|
req = EthereumTxRequest()
|
||||||
|
|||||||
@ -159,7 +159,7 @@ def _sign_digest(
|
|||||||
|
|
||||||
node = keychain.derive(msg.address_n)
|
node = keychain.derive(msg.address_n)
|
||||||
signature = secp256k1.sign_recoverable(
|
signature = secp256k1.sign_recoverable(
|
||||||
node.private_key(), digest, False, secp256k1.CANONICAL_SIG_ETHEREUM
|
node.private_key(), digest, secp256k1.CANONICAL_SIG_ETHEREUM
|
||||||
)
|
)
|
||||||
|
|
||||||
req = EthereumTxRequest()
|
req = EthereumTxRequest()
|
||||||
|
|||||||
@ -49,7 +49,7 @@ async def sign_typed_data(
|
|||||||
)
|
)
|
||||||
|
|
||||||
signature = secp256k1.sign_recoverable(
|
signature = secp256k1.sign_recoverable(
|
||||||
node.private_key(), data_hash, False, secp256k1.CANONICAL_SIG_ETHEREUM
|
node.private_key(), data_hash, secp256k1.CANONICAL_SIG_ETHEREUM
|
||||||
)
|
)
|
||||||
|
|
||||||
return EthereumTypedDataSignature(
|
return EthereumTypedDataSignature(
|
||||||
|
|||||||
@ -105,6 +105,8 @@ def sign_challenge(
|
|||||||
sigtype: str | coininfo.CoinInfo,
|
sigtype: str | coininfo.CoinInfo,
|
||||||
curve: str,
|
curve: str,
|
||||||
) -> bytes:
|
) -> bytes:
|
||||||
|
from trezor.crypto.signature import encode_bip137_signature
|
||||||
|
from trezor.enums import InputScriptType
|
||||||
from trezor.wire import DataError
|
from trezor.wire import DataError
|
||||||
|
|
||||||
from apps.common.signverify import message_digest
|
from apps.common.signverify import message_digest
|
||||||
@ -149,5 +151,7 @@ def sign_challenge(
|
|||||||
signature = b"\x00" + signature
|
signature = b"\x00" + signature
|
||||||
elif sigtype in ("gpg", "ssh"):
|
elif sigtype in ("gpg", "ssh"):
|
||||||
signature = b"\x00" + signature[1:]
|
signature = b"\x00" + signature[1:]
|
||||||
|
else:
|
||||||
|
signature = encode_bip137_signature(signature, InputScriptType.SPENDADDRESS)
|
||||||
|
|
||||||
return signature
|
return signature
|
||||||
|
|||||||
@ -95,7 +95,7 @@ class Credential:
|
|||||||
dig = hashlib.sha256()
|
dig = hashlib.sha256()
|
||||||
for segment in data:
|
for segment in data:
|
||||||
dig.update(segment)
|
dig.update(segment)
|
||||||
sig = nist256p1.sign_recoverable(self._private_key(), dig.digest(), False)
|
sig = nist256p1.sign_recoverable(self._private_key(), dig.digest())
|
||||||
return encode_der_signature(sig)
|
return encode_der_signature(sig)
|
||||||
|
|
||||||
def bogus_signature(self) -> bytes:
|
def bogus_signature(self) -> bytes:
|
||||||
|
|||||||
@ -1309,7 +1309,7 @@ def basic_attestation_sign(data: Iterable[bytes]) -> bytes:
|
|||||||
dig = hashlib.sha256()
|
dig = hashlib.sha256()
|
||||||
for segment in data:
|
for segment in data:
|
||||||
dig.update(segment)
|
dig.update(segment)
|
||||||
sig = nist256p1.sign_recoverable(_FIDO_ATT_PRIV_KEY, dig.digest(), False)
|
sig = nist256p1.sign_recoverable(_FIDO_ATT_PRIV_KEY, dig.digest())
|
||||||
return encode_der_signature(sig)
|
return encode_der_signature(sig)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user