From 934b32707c8f55e566f9adc3d370521e58ee8298 Mon Sep 17 00:00:00 2001 From: Jan Pochyla Date: Tue, 24 Jul 2018 13:06:56 +0200 Subject: [PATCH] fido_u2f: parse and serialize keypath as LE --- src/apps/fido_u2f/__init__.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/apps/fido_u2f/__init__.py b/src/apps/fido_u2f/__init__.py index e481a2914e..ba020cab3b 100644 --- a/src/apps/fido_u2f/__init__.py +++ b/src/apps/fido_u2f/__init__.py @@ -565,7 +565,7 @@ def msg_register_sign(challenge: bytes, app_id: bytes) -> bytes: pubkey = nist256p1.publickey(node.private_key(), False) # first half of keyhandle is keypath - keybuf = ustruct.pack(">8L", *keypath) + keybuf = ustruct.pack("<8L", *keypath) # second half of keyhandle is a hmac of app_id and keypath keybase = hmac.Hmac(node.private_key(), app_id, hashlib.sha256) @@ -626,7 +626,12 @@ def msg_authenticate(req: Msg, state: ConfirmState) -> Cmd: auth = overlay_struct(req.data, req_cmd_authenticate(khlen)) # check the keyHandle and generate the signing key - node = msg_authenticate_genkey(auth.appId, auth.keyHandle) + node = msg_authenticate_genkey(auth.appId, auth.keyHandle, "<8L") + if node is None: + # prior to firmware version 2.0.8, keypath was serialized in a + # big-endian manner, instead of little endian, like in trezor-mcu. + # try to parse it as big-endian now and check the HMAC. + node = msg_authenticate_genkey(auth.appId, auth.keyHandle, ">8L") if node is None: # specific error logged in msg_authenticate_genkey return msg_error(req.cid, _SW_WRONG_DATA) @@ -665,12 +670,12 @@ def msg_authenticate(req: Msg, state: ConfirmState) -> Cmd: return Cmd(req.cid, _CMD_MSG, buf) -def msg_authenticate_genkey(app_id: bytes, keyhandle: bytes): +def msg_authenticate_genkey(app_id: bytes, keyhandle: bytes, pathformat: str): from apps.common import seed # unpack the keypath from the first half of keyhandle keybuf = keyhandle[:32] - keypath = ustruct.unpack(">8L", keybuf) + keypath = ustruct.unpack(pathformat, keybuf) # check high bit for hardened keys for i in keypath: