From 67ad0432091fef5282fee25a1145efa9c834edeb Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Sat, 7 Jun 2014 14:21:59 +0200 Subject: [PATCH] adapt to new aes api --- firmware/Makefile | 9 +++++-- firmware/fsm.c | 59 +++++++++++++++++++++++++++++++++++++++++++++ firmware/fsm.h | 1 + firmware/layout2.c | 20 +++++++++++++++ firmware/layout2.h | 1 + firmware/messages.c | 1 + firmware/storage.c | 15 +++++++----- trezor-crypto | 2 +- 8 files changed, 99 insertions(+), 9 deletions(-) diff --git a/firmware/Makefile b/firmware/Makefile index 600cfdfe4..c9247b150 100644 --- a/firmware/Makefile +++ b/firmware/Makefile @@ -22,15 +22,19 @@ OBJS += debug.o OBJS += ../trezor-crypto/bignum.o OBJS += ../trezor-crypto/ecdsa.o OBJS += ../trezor-crypto/secp256k1.o -OBJS += ../trezor-crypto/sha2.o OBJS += ../trezor-crypto/hmac.o OBJS += ../trezor-crypto/bip32.o -OBJS += ../trezor-crypto/ripemd160.o OBJS += ../trezor-crypto/bip39.o OBJS += ../trezor-crypto/pbkdf2.o +OBJS += ../trezor-crypto/base58.o + +OBJS += ../trezor-crypto/ripemd160.o +OBJS += ../trezor-crypto/sha2.o + OBJS += ../trezor-crypto/aescrypt.o OBJS += ../trezor-crypto/aeskey.o OBJS += ../trezor-crypto/aestab.o +OBJS += ../trezor-crypto/aes_modes.o OBJS += protob/pb_decode.o OBJS += protob/pb_encode.o @@ -41,6 +45,7 @@ OBJS += protob/types.pb.o include ../Makefile.include # CFLAGS += -fstack-protector -fstack-protector-all +CFLAGS += -Wno-sequence-point CFLAGS += -Iprotob -DPB_FIELD_16BIT=1 CFLAGS += -DDEBUG_LINK=0 CFLAGS += -DDEBUG_LOG=0 diff --git a/firmware/fsm.c b/firmware/fsm.c index dc3ceeef3..428db6225 100644 --- a/firmware/fsm.c +++ b/firmware/fsm.c @@ -38,6 +38,8 @@ #include "usb.h" #include "util.h" #include "signing.h" +#include "aes.h" +#include "hmac.h" // message methods @@ -360,6 +362,63 @@ void fsm_msgTxAck(TxAck *msg) } } +void fsm_msgCipherKeyValue(CipherKeyValue *msg) +{ + if (!msg->has_key) { + fsm_sendFailure(FailureType_Failure_SyntaxError, "No key provided"); + return; + } + if (!msg->has_value) { + fsm_sendFailure(FailureType_Failure_SyntaxError, "No value provided"); + return; + } + if (msg->value.size % 16) { + fsm_sendFailure(FailureType_Failure_SyntaxError, "Value length must be a multiple of 16"); + return; + } + if (!protectPin(true)) { + layoutHome(); + return; + } + HDNode *node = fsm_getRootNode(); + if (!node) return; + fsm_deriveKey(node, msg->address_n, msg->address_n_count); + + bool encrypt = msg->has_encrypt && msg->encrypt; + bool ask_on_encrypt = msg->has_ask_on_encrypt && msg->ask_on_encrypt; + bool ask_on_decrypt = msg->has_ask_on_decrypt && msg->ask_on_decrypt; + if ((encrypt && ask_on_encrypt) || (!encrypt && ask_on_decrypt)) { + layoutCipherKeyValue(encrypt, msg->key); + if (!protectButton(ButtonRequestType_ButtonRequest_Other, false)) { + fsm_sendFailure(FailureType_Failure_ActionCancelled, "CipherKeyValue cancelled"); + layoutHome(); + return; + } + } + + uint8_t data[256 + 4]; + strlcpy((char *)data, msg->key, sizeof(data)); + strlcat((char *)data, ask_on_encrypt ? "E1" : "E0", sizeof(data)); + strlcat((char *)data, ask_on_decrypt ? "D1" : "D0", sizeof(data)); + + hmac_sha512(node->private_key, 32, data, strlen((char *)data), data); + + RESP_INIT(Success); + if (encrypt) { + aes_encrypt_ctx ctx; + aes_encrypt_key256(data, &ctx); + aes_cbc_encrypt(msg->value.bytes, resp->payload.bytes, msg->value.size, data + 32, &ctx); + } else { + aes_decrypt_ctx ctx; + aes_decrypt_key256(data, &ctx); + aes_cbc_decrypt(msg->value.bytes, resp->payload.bytes, msg->value.size, data + 32, &ctx); + } + resp->has_payload = true; + resp->payload.size = msg->value.size; + msg_write(MessageType_MessageType_Success, resp); + layoutHome(); +} + void fsm_msgApplySettings(ApplySettings *msg) { if (msg->has_label && msg->has_language) { diff --git a/firmware/fsm.h b/firmware/fsm.h index 030d7afdc..59cb2a6b7 100644 --- a/firmware/fsm.h +++ b/firmware/fsm.h @@ -41,6 +41,7 @@ void fsm_msgSignTx(SignTx *msg); //void fsm_msgPinMatrixAck(PinMatrixAck *msg); void fsm_msgCancel(Cancel *msg); void fsm_msgTxAck(TxAck *msg); +void fsm_msgCipherKeyValue(CipherKeyValue *msg); void fsm_msgApplySettings(ApplySettings *msg); //void fsm_msgButtonAck(ButtonAck *msg); void fsm_msgGetAddress(GetAddress *msg); diff --git a/firmware/layout2.c b/firmware/layout2.c index e4813ed75..e090d51f2 100644 --- a/firmware/layout2.c +++ b/firmware/layout2.c @@ -231,3 +231,23 @@ void layoutVerifyMessage(const uint8_t *msg, uint32_t len) ascii ? "Message contents:" : "Bin message contents:", str[0], str[1], str[2], str[3], NULL); } + +void layoutCipherKeyValue(bool encrypt, const char *key) +{ + int len = strlen(key); + char str[4][17]; + memset(str, 0, sizeof(str)); + strlcpy(str[0], (char *)key, 17); + if (len > 16) { + strlcpy(str[1], (char *)key + 16, 17); + } + if (len > 32) { + strlcpy(str[2], (char *)key + 32, 17); + } + if (len > 48) { + strlcpy(str[3], (char *)key + 48, 17); + } + layoutDialogSwipe(DIALOG_ICON_QUESTION, "Cancel", "Confirm", NULL, + encrypt ? "Encrypt?" : "Decrypt?", + str[0], str[1], str[2], str[3], NULL); +} diff --git a/firmware/layout2.h b/firmware/layout2.h index 290b97d48..ffa2f93f2 100644 --- a/firmware/layout2.h +++ b/firmware/layout2.h @@ -32,5 +32,6 @@ void layoutConfirmTx(const CoinType *coin, uint64_t amount_out, uint64_t amount_ void layoutFeeOverThreshold(const CoinType *coin, uint64_t fee, uint32_t kb); void layoutSignMessage(const uint8_t *msg, uint32_t len); void layoutVerifyMessage(const uint8_t *msg, uint32_t len); +void layoutCipherKeyValue(bool encrypt, const char *key); #endif diff --git a/firmware/messages.c b/firmware/messages.c index 5618be39c..4a0bb825e 100644 --- a/firmware/messages.c +++ b/firmware/messages.c @@ -53,6 +53,7 @@ static const struct MessagesMap_t MessagesMap[] = { // {'n', 'i', MessageType_MessageType_PinMatrixAck, PinMatrixAck_fields, (void (*)(void *))fsm_msgPinMatrixAck}, {'n', 'i', MessageType_MessageType_Cancel, Cancel_fields, (void (*)(void *))fsm_msgCancel}, {'n', 'i', MessageType_MessageType_TxAck, TxAck_fields, (void (*)(void *))fsm_msgTxAck}, + {'n', 'i', MessageType_MessageType_CipherKeyValue, CipherKeyValue_fields, (void (*)(void *))fsm_msgCipherKeyValue}, {'n', 'i', MessageType_MessageType_ApplySettings, ApplySettings_fields, (void (*)(void *))fsm_msgApplySettings}, // {'n', 'i', MessageType_MessageType_ButtonAck, ButtonAck_fields, (void (*)(void *))fsm_msgButtonAck}, {'n', 'i', MessageType_MessageType_GetAddress, GetAddress_fields, (void (*)(void *))fsm_msgGetAddress}, diff --git a/firmware/storage.c b/firmware/storage.c index 5a993f5aa..0c99d3611 100644 --- a/firmware/storage.c +++ b/firmware/storage.c @@ -26,7 +26,9 @@ #include "storage.pb.h" #include "trezor.h" +#include "sha2.h" #include "aes.h" +#include "pbkdf2.h" #include "bip32.h" #include "bip39.h" #include "util.h" @@ -217,12 +219,13 @@ bool storage_getRootNode(HDNode *node) hdnode_from_xprv(storage.node.depth, storage.node.fingerprint, storage.node.child_num, storage.node.chain_code.bytes, storage.node.private_key.bytes, &sessionRootNode); if (storage.has_passphrase_protection && storage.passphrase_protection) { // decrypt hd node - aes_ctx ctx; - aes_enc_key((const uint8_t *)sessionPassphrase, strlen(sessionPassphrase), &ctx); - aes_enc_blk(sessionRootNode.chain_code, sessionRootNode.chain_code, &ctx); - aes_enc_blk(sessionRootNode.chain_code + 16, sessionRootNode.chain_code + 16, &ctx); - aes_enc_blk(sessionRootNode.private_key, sessionRootNode.private_key, &ctx); - aes_enc_blk(sessionRootNode.private_key + 16, sessionRootNode.private_key + 16, &ctx); + uint8_t secret[64]; + layoutProgressSwipe("Waking up", 0, 0); + pbkdf2((const uint8_t *)sessionPassphrase, strlen(sessionPassphrase), (uint8_t *)"TREZORHD", 8, BIP39_PBKDF2_ROUNDS, secret, 64, get_root_node_callback); + aes_decrypt_ctx ctx; + aes_decrypt_key256(secret, &ctx); + aes_cbc_decrypt(sessionRootNode.chain_code, sessionRootNode.chain_code, 32, secret + 32, &ctx); + aes_cbc_decrypt(sessionRootNode.private_key, sessionRootNode.private_key, 32, secret + 32, &ctx); } memcpy(node, &sessionRootNode, sizeof(HDNode)); sessionRootNodeCached = true; diff --git a/trezor-crypto b/trezor-crypto index 44116b8a7..e588906f8 160000 --- a/trezor-crypto +++ b/trezor-crypto @@ -1 +1 @@ -Subproject commit 44116b8a7405299be5de8353e9e624538b4dac92 +Subproject commit e588906f811e826c596e631d4dd2500fc38fea60