arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-03-28 14:05:43 +00:00
Code Issues Releases Wiki Activity

fixup! refactor(legacy): check size of integers when hashing

Browse Source
This commit is contained in:
Martin Milata 2025-03-10 14:56:14 +01:00
parent ba96a4268a
commit aa16e91ac1
6 changed files with 48 additions and 36 deletions

10
crypto/hasher.h
View File

@ -84,8 +84,16 @@ void hasher_Raw(HasherType type, const uint8_t *data, size_t length,
// expected size.
#define HASHER_UPDATE_INT(ctx, val, expected_type) \
do { \
hasher_Update(ctx, (const uint8_t *)&(val), sizeof(val)); \
hasher_Update((ctx), (const uint8_t *)&(val), sizeof(val)); \
_Static_assert(sizeof(val) == sizeof(expected_type), "invalid int size"); \
} while (0)
// Byte array version of the macro above.
#define HASHER_UPDATE_BYTES(ctx, val, expected_size) \
do { \
hasher_Update((ctx), (val), sizeof(val)); \
_Static_assert(sizeof(val) == expected_size, "invalid value size"); \
_Static_assert(sizeof((val)[0]) == 1, "not a byte array"); \
} while (0)
#endif

10
crypto/sha2.h
View File

@ -86,10 +86,18 @@ char* sha256_Data(const uint8_t*, size_t, char[SHA256_DIGEST_STRING_LENGTH]);
// expected size.
#define SHA256_UPDATE_INT(ctx, val, expected_type) \
do { \
sha256_Update(ctx, (const uint8_t *)&(val), sizeof(val)); \
sha256_Update((ctx), (const uint8_t *)&(val), sizeof(val)); \
_Static_assert(sizeof(val) == sizeof(expected_type), "invalid int size"); \
} while (0)
// Byte array version of the macro above.
#define SHA256_UPDATE_BYTES(ctx, val, expected_size) \
do { \
sha256_Update((ctx), (val), sizeof(val)); \
_Static_assert(sizeof(val) == expected_size, "invalid value size"); \
_Static_assert(sizeof((val)[0]) == 1, "not a byte array"); \
} while (0)
void sha384_Raw(const uint8_t*, size_t, uint8_t[SHA384_DIGEST_LENGTH]);
void sha512_Transform(const uint64_t* state_in, const uint64_t* data, uint64_t* state_out);

4
legacy/firmware/crypto.c
View File

@ -477,8 +477,8 @@ int cryptoMultisigFingerprint(const MultisigRedeemScriptType *multisig,
SHA256_UPDATE_INT(&ctx, pubnodes[i]->depth, uint32_t);
SHA256_UPDATE_INT(&ctx, pubnodes[i]->fingerprint, uint32_t);
SHA256_UPDATE_INT(&ctx, pubnodes[i]->child_num, uint32_t);
sha256_Update(&ctx, pubnodes[i]->chain_code.bytes, 32);
sha256_Update(&ctx, pubnodes[i]->public_key.bytes, 33);
SHA256_UPDATE_BYTES(&ctx, pubnodes[i]->chain_code.bytes, 32);
SHA256_UPDATE_BYTES(&ctx, pubnodes[i]->public_key.bytes, 33);
}
SHA256_UPDATE_INT(&ctx, n, uint32_t);
sha256_Final(&ctx, hash);

2
legacy/firmware/reset.c
View File

@ -84,7 +84,7 @@ void reset_entropy(const uint8_t *ext_entropy, uint32_t len) {
SHA256_CTX ctx = {0};
sha256_Init(&ctx);
sha256_Update(&ctx, int_entropy, 32);
SHA256_UPDATE_BYTES(&ctx, int_entropy, 32);
sha256_Update(&ctx, ext_entropy, len);
sha256_Final(&ctx, int_entropy);
const char *mnemonic = mnemonic_from_data(int_entropy, strength / 8);

50
legacy/firmware/signing.c
View File

@ -2668,9 +2668,9 @@ static void signing_hash_bip143(const TxInfo *tx_info,
// nVersion
HASHER_UPDATE_INT(&hasher_preimage, tx_info->version, uint32_t);
// hashPrevouts
hasher_Update(&hasher_preimage, tx_info->hash_prevouts143, 32);
HASHER_UPDATE_BYTES(&hasher_preimage, tx_info->hash_prevouts143, 32);
// hashSequence
hasher_Update(&hasher_preimage, tx_info->hash_sequence143, 32);
HASHER_UPDATE_BYTES(&hasher_preimage, tx_info->hash_sequence143, 32);
// outpoint
tx_prevout_hash(&hasher_preimage, txinput);
// scriptCode
@ -2681,7 +2681,7 @@ static void signing_hash_bip143(const TxInfo *tx_info,
// nSequence
tx_sequence_hash(&hasher_preimage, txinput);
// hashOutputs
hasher_Update(&hasher_preimage, tx_info->hash_outputs143, 32);
HASHER_UPDATE_BYTES(&hasher_preimage, tx_info->hash_outputs143, 32);
// nLockTime
HASHER_UPDATE_INT(&hasher_preimage, tx_info->lock_time, uint32_t);
// nHashType
@ -2704,15 +2704,15 @@ static void signing_hash_bip341(const TxInfo *tx_info, uint32_t i,
// nLockTime
HASHER_UPDATE_INT(&sigmsg_hasher, tx_info->lock_time, uint32_t);
// sha_prevouts
hasher_Update(&sigmsg_hasher, tx_info->hash_prevouts, 32);
HASHER_UPDATE_BYTES(&sigmsg_hasher, tx_info->hash_prevouts, 32);
// sha_amounts
hasher_Update(&sigmsg_hasher, tx_info->hash_amounts, 32);
HASHER_UPDATE_BYTES(&sigmsg_hasher, tx_info->hash_amounts, 32);
// sha_scriptpubkeys
hasher_Update(&sigmsg_hasher, tx_info->hash_scriptpubkeys, 32);
HASHER_UPDATE_BYTES(&sigmsg_hasher, tx_info->hash_scriptpubkeys, 32);
// sha_sequences
hasher_Update(&sigmsg_hasher, tx_info->hash_sequences, 32);
HASHER_UPDATE_BYTES(&sigmsg_hasher, tx_info->hash_sequences, 32);
// sha_outputs
hasher_Update(&sigmsg_hasher, tx_info->hash_outputs, 32);
HASHER_UPDATE_BYTES(&sigmsg_hasher, tx_info->hash_outputs, 32);
// spend_type 0 (no tapscript message extension, no annex)
hasher_Update(&sigmsg_hasher, &zero, 1);
// input_index
@ -2739,11 +2739,11 @@ static void signing_hash_zip243(const TxInfo *tx_info,
// 2. nVersionGroupId
HASHER_UPDATE_INT(&hasher_preimage, tx_info->version_group_id, uint32_t);
// 3. hashPrevouts
hasher_Update(&hasher_preimage, tx_info->hash_prevouts, 32);
HASHER_UPDATE_BYTES(&hasher_preimage, tx_info->hash_prevouts, 32);
// 4. hashSequence
hasher_Update(&hasher_preimage, tx_info->hash_sequences, 32);
HASHER_UPDATE_BYTES(&hasher_preimage, tx_info->hash_sequences, 32);
// 5. hashOutputs
hasher_Update(&hasher_preimage, tx_info->hash_outputs, 32);
HASHER_UPDATE_BYTES(&hasher_preimage, tx_info->hash_outputs, 32);
// 6. hashJoinSplits
hasher_Update(&hasher_preimage, null_bytes, 32);
// 7. hashShieldedSpends
@ -2800,20 +2800,17 @@ static void signing_hash_zip244(const TxInfo *tx_info,
// S.2a: hash_type (1 byte)
hasher_Update(&hasher, (const uint8_t *)&hash_type, 1);
// S.2b: prevouts_sig_digest (32-byte hash)
hasher_Update(&hasher, tx_info->hash_prevouts,
sizeof(tx_info->hash_prevouts));
HASHER_UPDATE_BYTES(&hasher, tx_info->hash_prevouts, 32);
// S.2c: amounts_sig_digest (32-byte hash)
hasher_Update(&hasher, tx_info->hash_amounts, sizeof(tx_info->hash_amounts));
HASHER_UPDATE_BYTES(&hasher, tx_info->hash_amounts, 32);
// S.2d: scriptpubkeys_sig_digest (32-byte hash)
hasher_Update(&hasher, tx_info->hash_scriptpubkeys,
sizeof(tx_info->hash_scriptpubkeys));
HASHER_UPDATE_BYTES(&hasher, tx_info->hash_scriptpubkeys, 32);
// S.2e: sequence_sig_digest (32-byte hash)
hasher_Update(&hasher, tx_info->hash_sequences,
sizeof(tx_info->hash_sequences));
HASHER_UPDATE_BYTES(&hasher, tx_info->hash_sequences, 32);
// S.2f: outputs_sig_digest (32-byte hash)
hasher_Update(&hasher, tx_info->hash_outputs, sizeof(tx_info->hash_outputs));
HASHER_UPDATE_BYTES(&hasher, tx_info->hash_outputs, 32);
// S.2g: txin_sig_digest (32-byte hash)
hasher_Update(&hasher, txin_sig_digest, sizeof(txin_sig_digest));
HASHER_UPDATE_BYTES(&hasher, txin_sig_digest, 32);
hasher_Final(&hasher, transparent_sig_digest);
// `S.3: sapling_digest` field. Empty Sapling bundle.
@ -2834,14 +2831,13 @@ static void signing_hash_zip244(const TxInfo *tx_info,
hasher_InitParam(&hasher, HASHER_BLAKE2B_PERSONAL, personal,
sizeof(personal));
// S.1: header_digest (32-byte hash output)
hasher_Update(&hasher, tx_info->hash_header, sizeof(tx_info->hash_header));
HASHER_UPDATE_BYTES(&hasher, tx_info->hash_header, 32);
// S.2: transparent_sig_digest (32-byte hash output)
hasher_Update(&hasher, transparent_sig_digest,
sizeof(transparent_sig_digest));
HASHER_UPDATE_BYTES(&hasher, transparent_sig_digest, 32);
// S.3: sapling_digest (32-byte hash output)
hasher_Update(&hasher, sapling_digest, sizeof(sapling_digest));
HASHER_UPDATE_BYTES(&hasher, sapling_digest, 32);
// S.4: orchard_digest (32-byte hash output)
hasher_Update(&hasher, orchard_digest, sizeof(orchard_digest));
HASHER_UPDATE_BYTES(&hasher, orchard_digest, 32);
hasher_Final(&hasher, hash);
}
#endif
@ -3130,12 +3126,12 @@ static void phase1_request_orig_output(void) {
#if !BITCOIN_ONLY
static void signing_hash_decred(const TxInputType *txinput,
const uint8_t *hash_witness, uint8_t *hash) {
const uint8_t hash_witness[32], uint8_t *hash) {
uint32_t hash_type = signing_hash_type(txinput);
Hasher hasher_preimage = {0};
hasher_Init(&hasher_preimage, coin->curve->hasher_sign);
HASHER_UPDATE_INT(&hasher_preimage, hash_type, uint32_t);
hasher_Update(&hasher_preimage, decred_hash_prefix, 32);
HASHER_UPDATE_BYTES(&hasher_preimage, decred_hash_prefix, 32);
hasher_Update(&hasher_preimage, hash_witness, 32);
hasher_Final(&hasher_preimage, hash);
}

8
legacy/firmware/transaction.c
View File

@ -548,7 +548,7 @@ bool tx_input_check_hash(Hasher *hasher, const TxInputType *input) {
for (int i = 0; i < input->address_n_count; ++i) {
HASHER_UPDATE_INT(hasher, input->address_n[i], uint32_t);
}
hasher_Update(hasher, input->prev_hash.bytes, sizeof(input->prev_hash.bytes));
HASHER_UPDATE_BYTES(hasher, input->prev_hash.bytes, 32);
HASHER_UPDATE_INT(hasher, input->prev_index, uint32_t);
tx_script_hash(hasher, input->script_sig.size, input->script_sig.bytes);
HASHER_UPDATE_INT(hasher, input->sequence, uint32_t);
@ -561,11 +561,11 @@ bool tx_input_check_hash(Hasher *hasher, const TxInputType *input) {
return false;
}
}
hasher_Update(hasher, multisig_fp, sizeof(multisig_fp));
HASHER_UPDATE_BYTES(hasher, multisig_fp, 32);
HASHER_UPDATE_INT(hasher, input->amount, uint64_t);
tx_script_hash(hasher, input->witness.size, input->witness.bytes);
HASHER_UPDATE_INT(hasher, input->has_orig_hash, uint8_t);
hasher_Update(hasher, input->orig_hash.bytes, sizeof(input->orig_hash.bytes));
HASHER_UPDATE_BYTES(hasher, input->orig_hash.bytes, 32);
HASHER_UPDATE_INT(hasher, input->orig_index, uint32_t);
tx_script_hash(hasher, input->script_pubkey.size, input->script_pubkey.bytes);
return true;
@ -670,7 +670,7 @@ uint32_t tx_serialize_header_hash(TxStruct *tx) {
}
#endif
if (tx->is_segwit) {
hasher_Update(&(tx->hasher), segwit_header, 2);
HASHER_UPDATE_BYTES(&(tx->hasher), segwit_header, 2);
r += 2;
}
}