diff --git a/core/src/apps/bitcoin/common.py b/core/src/apps/bitcoin/common.py index aa8d56059..92f63be59 100644 --- a/core/src/apps/bitcoin/common.py +++ b/core/src/apps/bitcoin/common.py @@ -121,6 +121,10 @@ def bip340_sign(node: bip32.HDNode, digest: bytes) -> bytes: def ecdsa_hash_pubkey(pubkey: bytes, coin: CoinInfo) -> bytes: from trezor.utils import ensure + ensure( + coin.curve_name.startswith("secp256k1") + ) # The following code makes sense only for Weiersrass curves + if pubkey[0] == 0x04: ensure(len(pubkey) == 65) # uncompressed format elif pubkey[0] == 0x00: diff --git a/core/src/apps/bitcoin/get_public_key.py b/core/src/apps/bitcoin/get_public_key.py index 613f80e42..8e7855857 100644 --- a/core/src/apps/bitcoin/get_public_key.py +++ b/core/src/apps/bitcoin/get_public_key.py @@ -70,8 +70,6 @@ async def get_public_key( raise wire.DataError("Invalid combination of coin and script_type") pubkey = node.public_key() - if pubkey[0] == 1: - pubkey = b"\x00" + pubkey[1:] node_type = HDNodeType( depth=node.depth(), child_num=node.child_num(), diff --git a/core/src/apps/misc/get_ecdh_session_key.py b/core/src/apps/misc/get_ecdh_session_key.py index 68b55baed..1aacc1672 100644 --- a/core/src/apps/misc/get_ecdh_session_key.py +++ b/core/src/apps/misc/get_ecdh_session_key.py @@ -46,10 +46,12 @@ async def get_ecdh_session_key(msg: GetECDHSessionKey) -> ECDHSessionKey: from trezor.crypto.curve import secp256k1 session_key = secp256k1.multiply(node.private_key(), peer_public_key) + public_key = node.public_key() elif curve_name == "nist256p1": from trezor.crypto.curve import nist256p1 session_key = nist256p1.multiply(node.private_key(), peer_public_key) + public_key = node.public_key() elif curve_name == "curve25519": from trezor.crypto.curve import curve25519 @@ -58,8 +60,9 @@ async def get_ecdh_session_key(msg: GetECDHSessionKey) -> ECDHSessionKey: session_key = b"\x04" + curve25519.multiply( node.private_key(), peer_public_key[1:] ) + public_key = b"\x01" + node.public_key()[1:] else: raise DataError("Unsupported curve for ECDH: " + curve_name) # END ecdh - return ECDHSessionKey(session_key=session_key, public_key=node.public_key()) + return ECDHSessionKey(session_key=session_key, public_key=public_key) diff --git a/core/src/apps/misc/sign_identity.py b/core/src/apps/misc/sign_identity.py index 90863f7ef..55fd115d0 100644 --- a/core/src/apps/misc/sign_identity.py +++ b/core/src/apps/misc/sign_identity.py @@ -46,8 +46,6 @@ async def sign_identity(msg: SignIdentity) -> SignedIdentity: else: address = None pubkey = node.public_key() - if pubkey[0] == 0x01: - pubkey = b"\x00" + pubkey[1:] seckey = node.private_key() if msg_identity_proto in ("gpg", "signify", "ssh"): diff --git a/crypto/bip32.c b/crypto/bip32.c index 15a7d7add..cb6783476 100644 --- a/crypto/bip32.c +++ b/crypto/bip32.c @@ -186,11 +186,6 @@ uint32_t hdnode_fingerprint(HDNode *node) { uint32_t fingerprint = 0; hdnode_fill_public_key(node); - if (node->public_key[0] == 0x01) { - // The prefix 0x01 indicates curve25519 or ed25519 - // In this case, SLIP-10 uses the prefix 0x00 to calculate the fingerprint - node->public_key[0] = 0x00; - } hasher_Raw(node->curve->hasher_pubkey, node->public_key, 33, digest); fingerprint = ((uint32_t)digest[0] << 24) + (digest[1] << 16) + (digest[2] << 8) + digest[3]; @@ -489,7 +484,8 @@ int hdnode_fill_public_key(HDNode *node) { return 1; } } else { - node->public_key[0] = 1; + // According to SLIP-10, curve25519 and ed25519 use the prefix 0x00 + node->public_key[0] = 0; if (node->curve == &ed25519_info) { ed25519_publickey(node->private_key, node->public_key + 1); } else if (node->curve == &ed25519_sha3_info) { diff --git a/crypto/tests/test_check.c b/crypto/tests/test_check.c index a5b7d287c..e2ab3fc80 100644 --- a/crypto/tests/test_check.c +++ b/crypto/tests/test_check.c @@ -2658,7 +2658,7 @@ START_TEST(test_bip32_ed25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "01a4b2856bfec510abab89753fac1ac0e1112364e7d250545963f135f2a33188ed"), + "00a4b2856bfec510abab89753fac1ac0e1112364e7d250545963f135f2a33188ed"), 33); // [Chain m/0'] @@ -2680,7 +2680,7 @@ START_TEST(test_bip32_ed25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "018c8a13df77a28f3445213a0f432fde644acaa215fc72dcdf300d5efaa85d350c"), + "008c8a13df77a28f3445213a0f432fde644acaa215fc72dcdf300d5efaa85d350c"), 33); // [Chain m/0'/1'] @@ -2702,7 +2702,7 @@ START_TEST(test_bip32_ed25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "011932a5270f335bed617d5b935c80aedb1a35bd9fc1e31acafd5372c30f5c1187"), + "001932a5270f335bed617d5b935c80aedb1a35bd9fc1e31acafd5372c30f5c1187"), 33); // [Chain m/0'/1'/2'] @@ -2724,7 +2724,7 @@ START_TEST(test_bip32_ed25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "01ae98736566d30ed0e9d2f4486a64bc95740d89c7db33f52121f8ea8f76ff0fc1"), + "00ae98736566d30ed0e9d2f4486a64bc95740d89c7db33f52121f8ea8f76ff0fc1"), 33); // [Chain m/0'/1'/2'/2'] @@ -2746,7 +2746,7 @@ START_TEST(test_bip32_ed25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "018abae2d66361c879b900d204ad2cc4984fa2aa344dd7ddc46007329ac76c429c"), + "008abae2d66361c879b900d204ad2cc4984fa2aa344dd7ddc46007329ac76c429c"), 33); // [Chain m/0'/1'/2'/2'/1000000000'] @@ -2768,7 +2768,7 @@ START_TEST(test_bip32_ed25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "013c24da049451555d51a7014a37337aa4e12d41e485abccfa46b47dfb2af54b7a"), + "003c24da049451555d51a7014a37337aa4e12d41e485abccfa46b47dfb2af54b7a"), 33); } END_TEST @@ -2801,7 +2801,7 @@ START_TEST(test_bip32_ed25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "018fe9693f8fa62a4305a140b9764c5ee01e455963744fe18204b4fb948249308a"), + "008fe9693f8fa62a4305a140b9764c5ee01e455963744fe18204b4fb948249308a"), 33); // [Chain m/0'] @@ -2823,7 +2823,7 @@ START_TEST(test_bip32_ed25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "0186fab68dcb57aa196c77c5f264f215a112c22a912c10d123b0d03c3c28ef1037"), + "0086fab68dcb57aa196c77c5f264f215a112c22a912c10d123b0d03c3c28ef1037"), 33); // [Chain m/0'/2147483647'] @@ -2845,7 +2845,7 @@ START_TEST(test_bip32_ed25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "015ba3b9ac6e90e83effcd25ac4e58a1365a9e35a3d3ae5eb07b9e4d90bcf7506d"), + "005ba3b9ac6e90e83effcd25ac4e58a1365a9e35a3d3ae5eb07b9e4d90bcf7506d"), 33); // [Chain m/0'/2147483647'/1'] @@ -2867,7 +2867,7 @@ START_TEST(test_bip32_ed25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "012e66aa57069c86cc18249aecf5cb5a9cebbfd6fadeab056254763874a9352b45"), + "002e66aa57069c86cc18249aecf5cb5a9cebbfd6fadeab056254763874a9352b45"), 33); // [Chain m/0'/2147483647'/1'/2147483646'] @@ -2889,7 +2889,7 @@ START_TEST(test_bip32_ed25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "01e33c0f7d81d843c572275f287498e8d408654fdf0d1e065b84e2e6f157aab09b"), + "00e33c0f7d81d843c572275f287498e8d408654fdf0d1e065b84e2e6f157aab09b"), 33); // [Chain m/0'/2147483647'/1'/2147483646'/2'] @@ -2911,7 +2911,7 @@ START_TEST(test_bip32_ed25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "0147150c75db263559a70d5778bf36abbab30fb061ad69f69ece61a72b0cfa4fc0"), + "0047150c75db263559a70d5778bf36abbab30fb061ad69f69ece61a72b0cfa4fc0"), 33); } END_TEST @@ -2941,7 +2941,7 @@ START_TEST(test_bip32_curve25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "015c7289dc9f7f3ea1c8c2de7323b9fb0781f69c9ecd6de4f095ac89a02dc80577"), + "005c7289dc9f7f3ea1c8c2de7323b9fb0781f69c9ecd6de4f095ac89a02dc80577"), 33); // [Chain m/0'] @@ -2963,7 +2963,7 @@ START_TEST(test_bip32_curve25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "01cb8be6b256ce509008b43ae0dccd69960ad4f7ff2e2868c1fbc9e19ec3ad544b"), + "00cb8be6b256ce509008b43ae0dccd69960ad4f7ff2e2868c1fbc9e19ec3ad544b"), 33); // [Chain m/0'/1'] @@ -2985,7 +2985,7 @@ START_TEST(test_bip32_curve25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "01e9506455dce2526df42e5e4eb5585eaef712e5f9c6a28bf9fb175d96595ea872"), + "00e9506455dce2526df42e5e4eb5585eaef712e5f9c6a28bf9fb175d96595ea872"), 33); // [Chain m/0'/1'/2'] @@ -3007,7 +3007,7 @@ START_TEST(test_bip32_curve25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "0118f008fcbc6d1cd8b4fe7a9eba00f6570a9da02a9b0005028cb2731b12ee4118"), + "0018f008fcbc6d1cd8b4fe7a9eba00f6570a9da02a9b0005028cb2731b12ee4118"), 33); // [Chain m/0'/1'/2'/2'] @@ -3029,7 +3029,7 @@ START_TEST(test_bip32_curve25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "01512e288a8ef4d869620dc4b06bb06ad2524b350dee5a39fcfeb708dbac65c25c"), + "00512e288a8ef4d869620dc4b06bb06ad2524b350dee5a39fcfeb708dbac65c25c"), 33); // [Chain m/0'/1'/2'/2'/1000000000'] @@ -3051,7 +3051,7 @@ START_TEST(test_bip32_curve25519_vector_1) { ck_assert_mem_eq( node.public_key, fromhex( - "01a077fcf5af53d210257d44a86eb2031233ac7237da220434ac01a0bebccc1919"), + "00a077fcf5af53d210257d44a86eb2031233ac7237da220434ac01a0bebccc1919"), 33); } END_TEST @@ -3084,7 +3084,7 @@ START_TEST(test_bip32_curve25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "0160cc3b40567729af08757e1efe62536dc864a57ec582f98b96f484201a260c7a"), + "0060cc3b40567729af08757e1efe62536dc864a57ec582f98b96f484201a260c7a"), 33); // [Chain m/0'] @@ -3106,7 +3106,7 @@ START_TEST(test_bip32_curve25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "017992b3f270ef15f266785fffb73246ad7f40d1fe8679b737fed0970d92cc5f39"), + "007992b3f270ef15f266785fffb73246ad7f40d1fe8679b737fed0970d92cc5f39"), 33); // [Chain m/0'/2147483647'] @@ -3128,7 +3128,7 @@ START_TEST(test_bip32_curve25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "012372feac417c38b833e1aba75f2420278122d698605b995cafc2fed7bb453d41"), + "002372feac417c38b833e1aba75f2420278122d698605b995cafc2fed7bb453d41"), 33); // [Chain m/0'/2147483647'/1'] @@ -3150,7 +3150,7 @@ START_TEST(test_bip32_curve25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "01eca4fd0458d3f729b6218eda871b350fa8870a744caf6d30cd84dad2b9dd9c2d"), + "00eca4fd0458d3f729b6218eda871b350fa8870a744caf6d30cd84dad2b9dd9c2d"), 33); // [Chain m/0'/2147483647'/1'/2147483646'] @@ -3172,7 +3172,7 @@ START_TEST(test_bip32_curve25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "01edaa3d381a2b02f40a80d69b2ce7ba7c3c4a9421744808857cd48c50d29b5868"), + "00edaa3d381a2b02f40a80d69b2ce7ba7c3c4a9421744808857cd48c50d29b5868"), 33); // [Chain m/0'/2147483647'/1'/2147483646'/2'] @@ -3194,7 +3194,7 @@ START_TEST(test_bip32_curve25519_vector_2) { ck_assert_mem_eq( node.public_key, fromhex( - "01aa705de68066e9534a238af35ea77c48016462a8aff358d22eaa6c7d5b034354"), + "00aa705de68066e9534a238af35ea77c48016462a8aff358d22eaa6c7d5b034354"), 33); } END_TEST @@ -8235,7 +8235,7 @@ static void test_bip32_ecdh_init_node(HDNode *node, const char *seed_str, hdnode_from_seed((const uint8_t *)seed_str, strlen(seed_str), curve_name, node); ck_assert_int_eq(hdnode_fill_public_key(node), 0); - if (node->public_key[0] == 1) { + if (node->public_key[0] == 0) { node->public_key[0] = 0x40; // Curve25519 public keys start with 0x40 byte } } diff --git a/legacy/firmware/fsm_msg_coin.h b/legacy/firmware/fsm_msg_coin.h index 692671cf5..1640a1949 100644 --- a/legacy/firmware/fsm_msg_coin.h +++ b/legacy/firmware/fsm_msg_coin.h @@ -76,10 +76,6 @@ void fsm_msgGetPublicKey(const GetPublicKey *msg) { resp->node.has_private_key = false; resp->node.public_key.size = 33; memcpy(resp->node.public_key.bytes, node->public_key, 33); - if (node->public_key[0] == 1) { - /* ed25519 public key */ - resp->node.public_key.bytes[0] = 0; - } if (coin->xpub_magic && (script_type == InputScriptType_SPENDADDRESS || script_type == InputScriptType_SPENDMULTISIG)) { diff --git a/legacy/firmware/fsm_msg_crypto.h b/legacy/firmware/fsm_msg_crypto.h index cb2a42ec1..571237170 100644 --- a/legacy/firmware/fsm_msg_crypto.h +++ b/legacy/firmware/fsm_msg_crypto.h @@ -161,10 +161,6 @@ void fsm_msgSignIdentity(const SignIdentity *msg) { } resp->public_key.size = 33; memcpy(resp->public_key.bytes, node->public_key, 33); - if (node->public_key[0] == 1) { - /* ed25519 public key */ - resp->public_key.bytes[0] = 0; - } resp->signature.size = 65; msg_write(MessageType_MessageType_SignedIdentity, resp); } else { @@ -225,6 +221,9 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) { return; } memcpy(resp->public_key.bytes, node->public_key, 33); + if (strcmp(curve, CURVE25519_NAME) == 0) { + resp->public_key.bytes[0] = 0x01; + } resp->public_key.size = 33; resp->has_public_key = true; msg_write(MessageType_MessageType_ECDHSessionKey, resp); diff --git a/legacy/firmware/layout2.c b/legacy/firmware/layout2.c index 530c438eb..af839b63c 100644 --- a/legacy/firmware/layout2.c +++ b/legacy/firmware/layout2.c @@ -963,14 +963,8 @@ void layoutAddress(const char *address, const char *desc, bool qrcode, } void layoutPublicKey(const uint8_t *pubkey) { - char desc[16] = {0}; - strlcpy(desc, "Public Key: 00", sizeof(desc)); - if (pubkey[0] == 1) { - /* ed25519 public key */ - // pass - leave 00 - } else { - data2hex(pubkey, 1, desc + 12); - } + char desc[] = "Public Key: 00"; + data2hex(pubkey, 1, desc + 12); const char **str = split_message_hex(pubkey + 1, 32 * 2); layoutDialogSwipe(&bmp_icon_question, NULL, _("Continue"), NULL, desc, str[0], str[1], str[2], str[3], NULL);