diff --git a/signer/.gitignore b/signer/.gitignore deleted file mode 100644 index a97789d61..000000000 --- a/signer/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -config_pb2.py -config_pb2.pyc -config_signed.bin -*.pem diff --git a/signer/config.json b/signer/config.json deleted file mode 100644 index 1a3186b39..000000000 --- a/signer/config.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "whitelist_urls": [ - "https?://localhost(:\\d+)?(/.*)?", - "https?://localhost\\.mytrezor\\.com(:\\d+)?(/.*)?", - "https://mytrezor\\.com(/.*)?", - "https://[\\w\\.-]+\\.mytrezor\\.com(/.*)?", - "https://trezor\\.io(/.*)?", - "https://[\\w\\.-]+\\.trezor\\.io(/.*)?", - "https://trezor\\.github\\.io(/.*)?", - "https://greenaddress\\.it(/.*)?", - "https://[\\w\\.-]+\\.greenaddress\\.it(/.*)?", - "https://coinprism\\.com(/.*)?", - "https://[\\w\\.-]+\\.coinprism\\.com(/.*)?", - "https://bitex\\.la(/.*)?", - "https://[\\w\\.-]+\\.bitex\\.la(/.*)?", - "https://dash\\.run(/.*)?", - "https://[\\w\\.-]+\\.dash\\.run(/.*)?", - "https://0xproject\\.com(/.*)?", - "https://[\\w\\.-]+\\.unchained-capital\\.com(/.*)?", - "chrome-extension://jcjjhjgimijdkoamemaghajlhegmoclj(/.*)?" - ], - "blacklist_urls": [ - ], - "known_devices": [ - ["0x534c", "0x0001", "Trezor"], - ["0x1209", "0x53c0", "Trezor2 Bootloader"], - ["0x1209", "0x53c1", "Trezor2"] - ] -} diff --git a/signer/config.proto b/signer/config.proto deleted file mode 100644 index fe44a0dc3..000000000 --- a/signer/config.proto +++ /dev/null @@ -1,32 +0,0 @@ -syntax = "proto2"; - -/** - * Configuration format for TREZOR plugin - */ - -// Sugar for easier handling in Java -option java_package = "com.satoshilabs.trezor.lib.protobuf"; -option java_outer_classname = "TrezorConfig"; - -import "google/protobuf/descriptor.proto"; - -/** - * Device Descriptor used in Configuration - */ -message DeviceDescriptor { - optional uint32 vendor_id = 1; // USB vendor ID - optional uint32 product_id = 2; // USB product ID - optional string serial_number = 3; // USB serial number - optional string path = 4; // USB device path -} - -/** - * Plugin Configuration - */ -message Configuration { - repeated string whitelist_urls = 1; // allowed URLs for plugin - repeated string blacklist_urls = 2; // forbidden URLs for plugin - required google.protobuf.FileDescriptorSet wire_protocol = 3; // compiled specification of write protocol (serialized using "protoc -o") - repeated DeviceDescriptor known_devices = 4; // descriptors of allowed devices - optional uint32 valid_until = 5; // expiration timestamp -} diff --git a/signer/sample.key b/signer/sample.key deleted file mode 100644 index 6369d96a2..000000000 --- a/signer/sample.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHQCAQEEIMS7yx++yZ1lv1nYXIy2LuLblj8P4Qb0g9mvpzvU45qKoAcGBSuBBAAK -oUQDQgAEeNQwJ0+MXsEyEzgVHp8n9MZ2oAi9+GONB8C2vpqzXHGhUYBjJDrNTf6W -tm4/LsgBPI4HLNCbODShn4H2Wcw0VQ== ------END EC PRIVATE KEY----- diff --git a/signer/sign.py b/signer/sign.py deleted file mode 100755 index 31bf26e6d..000000000 --- a/signer/sign.py +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/python -import subprocess -import os -import json -import time -import ecdsa -import hashlib -import binascii -from google.protobuf.descriptor_pb2 import FileDescriptorSet - -PROTOBUF_PROTO_DIR=os.environ.get('PROTOBUF_PROTO_DIR', '/usr/include/') -TREZOR_PROTO_DIR=os.environ.get('TREZOR_PROTO_DIR', '../protob/') - -def compile_config(): - cmd = "protoc --python_out=../signer/ -I" + PROTOBUF_PROTO_DIR + " -I./ config.proto" - subprocess.check_call(cmd.split(), cwd=TREZOR_PROTO_DIR) - -def parse_json(): - return json.loads(open('config.json', 'r').read()) - - -def get_compiled_proto(): - # Compile trezor.proto to binary format - pdir = os.path.abspath(TREZOR_PROTO_DIR) - pfile = os.path.join(pdir, "messages.proto") - cmd = "protoc --include_imports -I" + PROTOBUF_PROTO_DIR + " -I" + pdir + " " + pfile + " -otrezor.bin" - - subprocess.check_call(cmd.split()) - - # Load compiled protocol description to string - proto = open('trezor.bin', 'r').read() - os.unlink('trezor.bin') - - # Parse it into FileDescriptorSet structure - compiled = FileDescriptorSet() - compiled.ParseFromString(proto) - return compiled - -def compose_message(json, proto): - import config_pb2 - - cfg = config_pb2.Configuration() - cfg.valid_until = 2147483647 # maxint - cfg.wire_protocol.MergeFrom(proto) - - for url in json['whitelist_urls']: - cfg.whitelist_urls.append(str(url)) - - for url in json['blacklist_urls']: - cfg.blacklist_urls.append(str(url)) - - for dev in json['known_devices']: - desc = cfg.known_devices.add() - desc.vendor_id = int(dev[0], 16) - desc.product_id = int(dev[1], 16) - - return cfg.SerializeToString() - -def sign_message(data, key): - if key.startswith('-----BEGIN'): - key = ecdsa.keys.SigningKey.from_pem(key) - else: - key = ecdsa.keys.SigningKey.from_secret_exponent(secexp = int(key, 16), curve=ecdsa.curves.SECP256k1, hashfunc=hashlib.sha256) - - verify = key.get_verifying_key() - print "Verifying key:" - print verify.to_pem() - - return key.sign_deterministic(data, hashfunc=hashlib.sha256) - -def pack_datafile(filename, signature, data): - if len(signature) != 64: - raise Exception("Signature must be 64 bytes long") - - fp = open(filename, 'w') - fp.write(binascii.hexlify(signature)) - fp.write(binascii.hexlify(data)) - fp.close() - - print "Signature and data stored to", filename - -if __name__ == '__main__': - key = '' - print "Paste ECDSA private key (in PEM format or SECEXP format) and press Enter:" - while True: - inp = raw_input() - if inp == '': - break - - key += inp + "\n" - - # key = open('sample.key', 'r').read() - - compile_config() - json = parse_json() - proto = get_compiled_proto() - - data = compose_message(json, proto) - signature = sign_message(data, key) - - pack_datafile('config_signed.bin', signature, data)