From a7e17f07ee40733c487ab8b05926fc51b9cc9501 Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Sun, 16 Apr 2017 22:21:21 +0200
Subject: [PATCH] tests: finish sign_identity workflow, update
 run_tests_python_trezor.sh to reflect current state

---
 src/apps/common/coins.py         |  2 +-
 src/apps/wallet/sign_identity.py | 57 +++++++++++++++++++++++++++-----
 tests/run_tests_python_trezor.sh | 29 ++++++++++++++--
 3 files changed, 76 insertions(+), 12 deletions(-)

diff --git a/src/apps/common/coins.py b/src/apps/common/coins.py
index 4c6ecd2c78..5b3fd007e0 100644
--- a/src/apps/common/coins.py
+++ b/src/apps/common/coins.py
@@ -7,7 +7,7 @@ COINS = [
         coin_name='Bitcoin',
         coin_shortcut='BTC',
         address_type=0,
-        maxfee_kb=300000,
+        maxfee_kb=100000,
         address_type_p2sh=5,
         address_type_p2wpkh=6,
         address_type_p2wsh=10,
diff --git a/src/apps/wallet/sign_identity.py b/src/apps/wallet/sign_identity.py
index 8debb8881d..a56f8cb243 100644
--- a/src/apps/wallet/sign_identity.py
+++ b/src/apps/wallet/sign_identity.py
@@ -42,15 +42,44 @@ def get_identity_path(identity: str, index: int) -> List[int]:
 def sign_challenge(seckey: bytes,
                    challenge_hidden: bytes,
                    challenge_visual: str,
-                   coin) -> bytes:
+                   sigtype,
+                   curve: str) -> bytes:
     from trezor.crypto.hashlib import sha256
-    from trezor.crypto.curve import secp256k1
+    if curve == 'secp256k1':
+        from trezor.crypto.curve import secp256k1
+    elif curve == 'nist256p1':
+        from trezor.crypto.curve import nist256p1
+    elif curve == 'ed25519':
+        from trezor.crypto.curve import ed25519
     from ..common.signverify import message_digest
 
-    challenge = sha256(challenge_hidden).digest() + \
-        sha256(challenge_visual).digest()
-    digest = message_digest(coin, challenge)
-    signature = secp256k1.sign(seckey, digest)
+
+    if sigtype == 'gpg':
+        data = challenge_hidden
+    elif sigtype == 'ssh':
+        if curve != 'ed25519':
+            data = sha256(challenge_hidden).digest()
+        else:
+            data = challenge_hidden
+    else:
+        # sigtype is coin
+        challenge = sha256(challenge_hidden).digest() + \
+                    sha256(challenge_visual).digest()
+        data = message_digest(sigtype, challenge)
+
+    if curve == 'secp256k1':
+        signature = secp256k1.sign(seckey, data)
+    elif curve == 'nist256p1':
+        signature = nist256p1.sign(seckey, data)
+    elif curve == 'ed25519':
+        signature = ed25519.sign(seckey, data)
+    else:
+        raise ValueError('Unknown curve')
+
+    if curve == 'ed25519':
+        signature = b'\x00' + signature
+    elif sigtype == 'gpg' or sigtype == 'ssh':
+        signature = b'\x00' + signature[1:]
 
     return signature
 
@@ -69,11 +98,21 @@ async def layout_sign_identity(session_id, msg):
     node.derive_path(address_n)
 
     coin = coins.by_name('Bitcoin')
-    address = node.address(coin.address_type)  # hardcoded bitcoin address type
+    if msg.ecdsa_curve_name == 'secp256k1':
+        address = node.address(coin.address_type)  # hardcoded bitcoin address type
+    else:
+        address = None
     pubkey = node.public_key()
     seckey = node.private_key()
 
-    signature = sign_challenge(
-        seckey, msg.challenge_hidden, msg.challenge_visual, coin)
+    if msg.identity.proto == 'gpg':
+        signature = sign_challenge(
+            seckey, msg.challenge_hidden, msg.challenge_visual, 'gpg', msg.ecdsa_curve_name)
+    elif msg.identity.proto == 'ssh':
+        signature = sign_challenge(
+            seckey, msg.challenge_hidden, msg.challenge_visual, 'ssh', msg.ecdsa_curve_name)
+    else:
+        signature = sign_challenge(
+            seckey, msg.challenge_hidden, msg.challenge_visual, coin, msg.ecdsa_curve_name)
 
     return SignedIdentity(address=address, public_key=pubkey, signature=signature)
diff --git a/tests/run_tests_python_trezor.sh b/tests/run_tests_python_trezor.sh
index 7653184bdc..4caea48621 100755
--- a/tests/run_tests_python_trezor.sh
+++ b/tests/run_tests_python_trezor.sh
@@ -21,18 +21,43 @@ error=0
 
 PYTHON="${PYTHON:-python2}"
 
+'''
+not passing:
+
+    test_bip32_speed.py
+    test_debuglink.py
+    test_msg_applysettings.py
+    test_msg_clearsession.py
+    test_msg_changepin.py \
+    test_msg_ethereum_signtx.py
+    test_msg_getaddress_show.py
+    test_msg_getentropy.py
+    test_msg_loaddevice.py
+    test_msg_ping.py
+    test_msg_resetdevice.py
+    test_msg_recoverydevice.py
+    test_msg_signtx_segwit.py
+    test_msg_signtx_zcash.py
+    test_multisig_change.py
+    test_multisig.py
+    test_protect_call.py
+    test_protection_levels.py
+'''
+
 for i in \
+    test_basic.py \
     test_msg_cipherkeyvalue.py \
     test_msg_estimatetxsize.py \
     test_msg_ethereum_getaddress.py \
     test_msg_getaddress.py \
     test_msg_getpublickey.py \
+    test_msg_signidentity.py \
     test_msg_signmessage.py \
     test_msg_signtx.py \
     test_msg_verifymessage.py \
     test_msg_wipedevice.py \
-    test_msg_reset_device.py \
-    test_msg_changepin.py \
+    test_op_return.py \
+    test_zerosig.py \
     ; do
         if ! $PYTHON $i ; then
             error=1