mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-11 07:50:57 +00:00
check return values of ecdsa_sign calls
This commit is contained in:
parent
71890e4edf
commit
810d478f4c
@ -592,7 +592,11 @@ void signing_txack(TransactionType *tx)
|
|||||||
resp.serialized.signature_index = idx1;
|
resp.serialized.signature_index = idx1;
|
||||||
resp.serialized.has_signature = true;
|
resp.serialized.has_signature = true;
|
||||||
resp.serialized.has_serialized_tx = true;
|
resp.serialized.has_serialized_tx = true;
|
||||||
ecdsa_sign_digest(&secp256k1, privkey, hash, sig, NULL, NULL);
|
if (ecdsa_sign_digest(&secp256k1, privkey, hash, sig, NULL, NULL) != 0) {
|
||||||
|
fsm_sendFailure(FailureType_Failure_Other, "Signing failed");
|
||||||
|
signing_abort();
|
||||||
|
return;
|
||||||
|
}
|
||||||
resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes);
|
resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes);
|
||||||
if (input.script_type == InputScriptType_SPENDMULTISIG) {
|
if (input.script_type == InputScriptType_SPENDMULTISIG) {
|
||||||
if (!input.has_multisig) {
|
if (!input.has_multisig) {
|
||||||
|
@ -624,8 +624,10 @@ void u2f_register(const APDU *a)
|
|||||||
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
|
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
|
||||||
memcpy(sig_base.keyHandle, &resp->keyHandleCertSig, KEY_HANDLE_LEN);
|
memcpy(sig_base.keyHandle, &resp->keyHandleCertSig, KEY_HANDLE_LEN);
|
||||||
memcpy(sig_base.pubKey, &resp->pubKey, U2F_PUBKEY_LEN);
|
memcpy(sig_base.pubKey, &resp->pubKey, U2F_PUBKEY_LEN);
|
||||||
ecdsa_sign(&nist256p1, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base,
|
if (ecdsa_sign(&nist256p1, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
|
||||||
sizeof(sig_base), sig, NULL, NULL);
|
send_u2f_error(U2F_SW_WRONG_DATA);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Where to write the signature in the response
|
// Where to write the signature in the response
|
||||||
uint8_t *resp_sig = resp->keyHandleCertSig +
|
uint8_t *resp_sig = resp->keyHandleCertSig +
|
||||||
@ -744,9 +746,10 @@ void u2f_authenticate(const APDU *a)
|
|||||||
sig_base.flags = resp->flags;
|
sig_base.flags = resp->flags;
|
||||||
memcpy(sig_base.ctr, resp->ctr, 4);
|
memcpy(sig_base.ctr, resp->ctr, 4);
|
||||||
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
|
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
|
||||||
ecdsa_sign(&nist256p1, node->private_key,
|
if (ecdsa_sign(&nist256p1, node->private_key, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
|
||||||
(uint8_t *)&sig_base, sizeof(sig_base), sig,
|
send_u2f_error(U2F_SW_WRONG_DATA);
|
||||||
NULL, NULL);
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Copy DER encoded signature into response
|
// Copy DER encoded signature into response
|
||||||
const uint8_t sig_len = ecdsa_sig_to_der(sig, resp->sig);
|
const uint8_t sig_len = ecdsa_sig_to_der(sig, resp->sig);
|
||||||
|
Loading…
Reference in New Issue
Block a user