mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-10 15:30:55 +00:00
Reworked rfc6979 signing. (#116)
New parameter is_canonical that allows for generating signatures that have additional requirements.
This commit is contained in:
parent
d7ff70caf6
commit
a0ade6343e
@ -88,7 +88,7 @@ uint32_t deser_length(const uint8_t *in, uint32_t *out)
|
||||
int sshMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature)
|
||||
{
|
||||
signature[0] = 0; // prefix: pad with zero, so all signatures are 65 bytes
|
||||
return hdnode_sign(node, message, message_len, signature + 1, NULL);
|
||||
return hdnode_sign(node, message, message_len, signature + 1, NULL, NULL);
|
||||
}
|
||||
|
||||
int gpgMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature)
|
||||
@ -98,7 +98,7 @@ int gpgMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uin
|
||||
return 1;
|
||||
}
|
||||
signature[0] = 0; // prefix: pad with zero, so all signatures are 65 bytes
|
||||
return hdnode_sign_digest(node, message, signature + 1, NULL);
|
||||
return hdnode_sign_digest(node, message, signature + 1, NULL, NULL);
|
||||
}
|
||||
|
||||
int cryptoGetECDHSessionKey(const HDNode *node, const uint8_t *peer_public_key, uint8_t *session_key)
|
||||
@ -133,7 +133,7 @@ int cryptoMessageSign(const CoinType *coin, HDNode *node, const uint8_t *message
|
||||
sha256_Final(&ctx, hash);
|
||||
sha256_Raw(hash, 32, hash);
|
||||
uint8_t pby;
|
||||
int result = hdnode_sign_digest(node, hash, signature + 1, &pby);
|
||||
int result = hdnode_sign_digest(node, hash, signature + 1, &pby, NULL);
|
||||
if (result == 0) {
|
||||
signature[0] = 27 + pby + 4;
|
||||
}
|
||||
|
@ -34,7 +34,7 @@
|
||||
static bool ethereum_signing = false;
|
||||
static uint32_t data_total, data_left;
|
||||
static EthereumTxRequest resp;
|
||||
static uint8_t hash[32], sig[64], privkey[32];
|
||||
static uint8_t privkey[32];
|
||||
struct SHA3_CTX keccak_ctx;
|
||||
|
||||
static inline void hash_data(const uint8_t *buf, size_t size)
|
||||
@ -139,12 +139,19 @@ static void send_request_chunk(void)
|
||||
msg_write(MessageType_MessageType_EthereumTxRequest, &resp);
|
||||
}
|
||||
|
||||
static int ethereum_is_canonic(uint8_t v, uint8_t signature[64])
|
||||
{
|
||||
(void) signature;
|
||||
return (v & 2) == 0;
|
||||
}
|
||||
|
||||
static void send_signature(void)
|
||||
{
|
||||
uint8_t hash[32], sig[64];
|
||||
uint8_t v;
|
||||
layoutProgress("Signing", 1000);
|
||||
keccak_Final(&keccak_ctx, hash);
|
||||
uint8_t v;
|
||||
if (ecdsa_sign_digest(&secp256k1, privkey, hash, sig, &v) != 0) {
|
||||
if (ecdsa_sign_digest(&secp256k1, privkey, hash, sig, &v, ethereum_is_canonic) != 0) {
|
||||
fsm_sendFailure(FailureType_Failure_Other, "Signing failed");
|
||||
ethereum_signing_abort();
|
||||
return;
|
||||
|
@ -540,7 +540,7 @@ void signing_txack(TransactionType *tx)
|
||||
resp.serialized.signature_index = idx1;
|
||||
resp.serialized.has_signature = true;
|
||||
resp.serialized.has_serialized_tx = true;
|
||||
ecdsa_sign_digest(&secp256k1, privkey, hash, sig, 0);
|
||||
ecdsa_sign_digest(&secp256k1, privkey, hash, sig, NULL, NULL);
|
||||
resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes);
|
||||
if (input.script_type == InputScriptType_SPENDMULTISIG) {
|
||||
if (!input.has_multisig) {
|
||||
|
@ -617,7 +617,7 @@ void u2f_register(const APDU *a)
|
||||
memcpy(sig_base.keyHandle, &resp->keyHandleCertSig, KEY_HANDLE_LEN);
|
||||
memcpy(sig_base.pubKey, &resp->pubKey, U2F_PUBKEY_LEN);
|
||||
ecdsa_sign(&nist256p1, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base,
|
||||
sizeof(sig_base), sig, NULL);
|
||||
sizeof(sig_base), sig, NULL, NULL);
|
||||
|
||||
// Where to write the signature in the response
|
||||
uint8_t *resp_sig = resp->keyHandleCertSig +
|
||||
@ -738,7 +738,7 @@ void u2f_authenticate(const APDU *a)
|
||||
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
|
||||
ecdsa_sign(&nist256p1, node->private_key,
|
||||
(uint8_t *)&sig_base, sizeof(sig_base), sig,
|
||||
NULL);
|
||||
NULL, NULL);
|
||||
|
||||
// Copy DER encoded signature into response
|
||||
const uint8_t sig_len = ecdsa_sig_to_der(sig, resp->sig);
|
||||
|
Loading…
Reference in New Issue
Block a user