mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-22 15:38:11 +00:00
core/extmod: return False or None consistently when a signature verification fails
from https://github.com/trezor/trezor-core/pull/535 by @real-or-random
This commit is contained in:
parent
23bfb31ad2
commit
5dc0a1ee0a
@ -147,13 +147,13 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_verify(mp_obj_t public_key,
|
||||
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(message, &msg, MP_BUFFER_READ);
|
||||
if (pk.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of public key");
|
||||
return mp_const_false;
|
||||
}
|
||||
if (sig.len != 64) {
|
||||
mp_raise_ValueError("Invalid length of signature");
|
||||
return mp_const_false;
|
||||
}
|
||||
if (msg.len == 0) {
|
||||
mp_raise_ValueError("Empty data to verify");
|
||||
return mp_const_false;
|
||||
}
|
||||
return (0 == ed25519_sign_open(msg.buf, msg.len,
|
||||
*(const ed25519_public_key *)pk.buf,
|
||||
|
@ -122,14 +122,14 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_verify(mp_obj_t public_key,
|
||||
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
|
||||
if (pk.len != 33 && pk.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of public key");
|
||||
return mp_const_false;
|
||||
}
|
||||
if (sig.len != 64 && sig.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of signature");
|
||||
return mp_const_false;
|
||||
}
|
||||
int offset = sig.len - 64;
|
||||
if (dig.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of digest");
|
||||
return mp_const_false;
|
||||
}
|
||||
return mp_obj_new_bool(
|
||||
0 == ecdsa_verify_digest(&nist256p1, (const uint8_t *)pk.buf,
|
||||
@ -142,7 +142,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_nist256p1_verify_obj,
|
||||
/// def verify_recover(signature: bytes, digest: bytes) -> bytes:
|
||||
/// '''
|
||||
/// Uses signature of the digest to verify the digest and recover the public
|
||||
/// key. Returns public key on success, None on failure.
|
||||
/// key. Returns public key on success, None if the signature is invalid.
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_trezorcrypto_nist256p1_verify_recover(mp_obj_t signature,
|
||||
mp_obj_t digest) {
|
||||
@ -150,14 +150,14 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_verify_recover(mp_obj_t signature,
|
||||
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
|
||||
if (sig.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of signature");
|
||||
return mp_const_none;
|
||||
}
|
||||
if (dig.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of digest");
|
||||
return mp_const_none;
|
||||
}
|
||||
uint8_t recid = ((const uint8_t *)sig.buf)[0] - 27;
|
||||
if (recid >= 8) {
|
||||
mp_raise_ValueError("Invalid recid in signature");
|
||||
return mp_const_none;
|
||||
}
|
||||
bool compressed = (recid >= 4);
|
||||
recid &= 3;
|
||||
|
@ -139,14 +139,14 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_verify(mp_obj_t public_key,
|
||||
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
|
||||
if (pk.len != 33 && pk.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of public key");
|
||||
return mp_const_false;
|
||||
}
|
||||
if (sig.len != 64 && sig.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of signature");
|
||||
return mp_const_false;
|
||||
}
|
||||
int offset = sig.len - 64;
|
||||
if (dig.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of digest");
|
||||
return mp_const_false;
|
||||
}
|
||||
return mp_obj_new_bool(
|
||||
0 == ecdsa_verify_digest(&secp256k1, (const uint8_t *)pk.buf,
|
||||
@ -159,7 +159,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_secp256k1_verify_obj,
|
||||
/// def verify_recover(signature: bytes, digest: bytes) -> bytes:
|
||||
/// '''
|
||||
/// Uses signature of the digest to verify the digest and recover the public
|
||||
/// key. Returns public key on success, None on failure.
|
||||
/// key. Returns public key on success, None if the signature is invalid.
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_trezorcrypto_secp256k1_verify_recover(mp_obj_t signature,
|
||||
mp_obj_t digest) {
|
||||
@ -167,14 +167,14 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_verify_recover(mp_obj_t signature,
|
||||
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
|
||||
if (sig.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of signature");
|
||||
return mp_const_none;
|
||||
}
|
||||
if (dig.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of digest");
|
||||
return mp_const_none;
|
||||
}
|
||||
uint8_t recid = ((const uint8_t *)sig.buf)[0] - 27;
|
||||
if (recid >= 8) {
|
||||
mp_raise_ValueError("Invalid recid in signature");
|
||||
return mp_const_none;
|
||||
}
|
||||
bool compressed = (recid >= 4);
|
||||
recid &= 3;
|
||||
|
@ -170,24 +170,24 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify(mp_obj_t public_key,
|
||||
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
|
||||
if (pk.len != 33 && pk.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of public key");
|
||||
return mp_const_false;
|
||||
}
|
||||
if (sig.len != 64 && sig.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of signature");
|
||||
return mp_const_false;
|
||||
}
|
||||
int offset = sig.len - 64;
|
||||
if (dig.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of digest");
|
||||
return mp_const_false;
|
||||
}
|
||||
secp256k1_ecdsa_signature ec_sig;
|
||||
if (!secp256k1_ecdsa_signature_parse_compact(
|
||||
ctx, &ec_sig, (const uint8_t *)sig.buf + offset)) {
|
||||
mp_raise_ValueError("Invalid signature");
|
||||
return mp_const_false;
|
||||
}
|
||||
secp256k1_pubkey ec_pk;
|
||||
if (!secp256k1_ec_pubkey_parse(ctx, &ec_pk, (const uint8_t *)pk.buf,
|
||||
pk.len)) {
|
||||
mp_raise_ValueError("Invalid public key");
|
||||
return mp_const_false;
|
||||
}
|
||||
return mp_obj_new_bool(1 == secp256k1_ecdsa_verify(ctx, &ec_sig,
|
||||
(const uint8_t *)dig.buf,
|
||||
@ -199,7 +199,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_secp256k1_zkp_verify_obj,
|
||||
/// def verify_recover(signature: bytes, digest: bytes) -> bytes:
|
||||
/// '''
|
||||
/// Uses signature of the digest to verify the digest and recover the public
|
||||
/// key. Returns public key on success, None on failure.
|
||||
/// key. Returns public key on success, None if the signature is invalid.
|
||||
/// '''
|
||||
STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify_recover(
|
||||
mp_obj_t signature, mp_obj_t digest) {
|
||||
@ -208,14 +208,14 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify_recover(
|
||||
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
|
||||
if (sig.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of signature");
|
||||
return mp_const_none;
|
||||
}
|
||||
if (dig.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of digest");
|
||||
return mp_const_none;
|
||||
}
|
||||
int recid = ((const uint8_t *)sig.buf)[0] - 27;
|
||||
if (recid >= 8) {
|
||||
mp_raise_ValueError("Invalid recid in signature");
|
||||
return mp_const_none;
|
||||
}
|
||||
bool compressed = (recid >= 4);
|
||||
recid &= 3;
|
||||
@ -223,7 +223,7 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify_recover(
|
||||
secp256k1_ecdsa_recoverable_signature ec_sig;
|
||||
if (!secp256k1_ecdsa_recoverable_signature_parse_compact(
|
||||
ctx, &ec_sig, (const uint8_t *)sig.buf + 1, recid)) {
|
||||
mp_raise_ValueError("Invalid signature");
|
||||
return mp_const_none;
|
||||
}
|
||||
secp256k1_pubkey pk;
|
||||
if (!secp256k1_ecdsa_recover(ctx, &pk, &ec_sig, (const uint8_t *)dig.buf)) {
|
||||
|
@ -17,10 +17,7 @@ async def verify_message(ctx, msg):
|
||||
raise wire.DataError("Invalid signature")
|
||||
sig = bytearray([msg.signature[64]]) + msg.signature[:64]
|
||||
|
||||
try:
|
||||
pubkey = secp256k1.verify_recover(sig, digest)
|
||||
except ValueError:
|
||||
raise wire.DataError("Invalid signature")
|
||||
pubkey = secp256k1.verify_recover(sig, digest)
|
||||
|
||||
if not pubkey:
|
||||
raise wire.DataError("Invalid signature")
|
||||
|
Loading…
Reference in New Issue
Block a user