1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 22:38:08 +00:00

Reworked rfc6979 signing. (#116)

New parameter is_canonical that allows for generating signatures that
have additional requirements.
This commit is contained in:
Jochen Hoenicke 2016-10-06 16:58:05 +02:00 committed by Pavol Rusnak
parent d7ff70caf6
commit a0ade6343e
4 changed files with 16 additions and 9 deletions

View File

@ -88,7 +88,7 @@ uint32_t deser_length(const uint8_t *in, uint32_t *out)
int sshMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature)
{
signature[0] = 0; // prefix: pad with zero, so all signatures are 65 bytes
return hdnode_sign(node, message, message_len, signature + 1, NULL);
return hdnode_sign(node, message, message_len, signature + 1, NULL, NULL);
}
int gpgMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature)
@ -98,7 +98,7 @@ int gpgMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uin
return 1;
}
signature[0] = 0; // prefix: pad with zero, so all signatures are 65 bytes
return hdnode_sign_digest(node, message, signature + 1, NULL);
return hdnode_sign_digest(node, message, signature + 1, NULL, NULL);
}
int cryptoGetECDHSessionKey(const HDNode *node, const uint8_t *peer_public_key, uint8_t *session_key)
@ -133,7 +133,7 @@ int cryptoMessageSign(const CoinType *coin, HDNode *node, const uint8_t *message
sha256_Final(&ctx, hash);
sha256_Raw(hash, 32, hash);
uint8_t pby;
int result = hdnode_sign_digest(node, hash, signature + 1, &pby);
int result = hdnode_sign_digest(node, hash, signature + 1, &pby, NULL);
if (result == 0) {
signature[0] = 27 + pby + 4;
}

View File

@ -34,7 +34,7 @@
static bool ethereum_signing = false;
static uint32_t data_total, data_left;
static EthereumTxRequest resp;
static uint8_t hash[32], sig[64], privkey[32];
static uint8_t privkey[32];
struct SHA3_CTX keccak_ctx;
static inline void hash_data(const uint8_t *buf, size_t size)
@ -139,12 +139,19 @@ static void send_request_chunk(void)
msg_write(MessageType_MessageType_EthereumTxRequest, &resp);
}
static int ethereum_is_canonic(uint8_t v, uint8_t signature[64])
{
(void) signature;
return (v & 2) == 0;
}
static void send_signature(void)
{
uint8_t hash[32], sig[64];
uint8_t v;
layoutProgress("Signing", 1000);
keccak_Final(&keccak_ctx, hash);
uint8_t v;
if (ecdsa_sign_digest(&secp256k1, privkey, hash, sig, &v) != 0) {
if (ecdsa_sign_digest(&secp256k1, privkey, hash, sig, &v, ethereum_is_canonic) != 0) {
fsm_sendFailure(FailureType_Failure_Other, "Signing failed");
ethereum_signing_abort();
return;

View File

@ -540,7 +540,7 @@ void signing_txack(TransactionType *tx)
resp.serialized.signature_index = idx1;
resp.serialized.has_signature = true;
resp.serialized.has_serialized_tx = true;
ecdsa_sign_digest(&secp256k1, privkey, hash, sig, 0);
ecdsa_sign_digest(&secp256k1, privkey, hash, sig, NULL, NULL);
resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes);
if (input.script_type == InputScriptType_SPENDMULTISIG) {
if (!input.has_multisig) {

View File

@ -617,7 +617,7 @@ void u2f_register(const APDU *a)
memcpy(sig_base.keyHandle, &resp->keyHandleCertSig, KEY_HANDLE_LEN);
memcpy(sig_base.pubKey, &resp->pubKey, U2F_PUBKEY_LEN);
ecdsa_sign(&nist256p1, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base,
sizeof(sig_base), sig, NULL);
sizeof(sig_base), sig, NULL, NULL);
// Where to write the signature in the response
uint8_t *resp_sig = resp->keyHandleCertSig +
@ -738,7 +738,7 @@ void u2f_authenticate(const APDU *a)
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
ecdsa_sign(&nist256p1, node->private_key,
(uint8_t *)&sig_base, sizeof(sig_base), sig,
NULL);
NULL, NULL);
// Copy DER encoded signature into response
const uint8_t sig_len = ecdsa_sig_to_der(sig, resp->sig);