mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-29 16:51:30 +00:00
feat(legacy): update Ethereum definitions to verify using CoSi
This commit is contained in:
matejcik
matejcik
parent
f4425a3ac1
commit
abbe5535ad
@ -37,6 +37,29 @@
|
|||||||
|
|
||||||
typedef pb_byte_t proof_entry[SHA256_DIGEST_LENGTH];
|
typedef pb_byte_t proof_entry[SHA256_DIGEST_LENGTH];
|
||||||
|
|
||||||
|
#define SIGNATURE_THRESHOLD 2
|
||||||
|
#define DEFS_PUBLIC_KEYS_COUNT 3
|
||||||
|
|
||||||
|
const ed25519_public_key DEFS_PUBLIC_KEYS[DEFS_PUBLIC_KEYS_COUNT] = {
|
||||||
|
"\x43\x34\x99\x63\x43\x62\x3e\x46\x2f\x0f\xc9\x33\x11\xfe\xf1\x48\x4c\xa2"
|
||||||
|
"\x3d\x2f\xf1\xee\xc6\xdf\x1f\xa8\xeb\x7e\x35\x73\xb3\xdb",
|
||||||
|
"\xa9\xa2\x2c\xc2\x65\xa0\xcb\x1d\x6c\xb3\x29\xbc\x0e\x60\xbc\x45\xdf\x76"
|
||||||
|
"\xb9\xab\x28\xfb\x87\xb6\x11\x36\xfe\xaf\x8d\x8f\xdc\x96",
|
||||||
|
"\xb8\xd2\xb2\x1d\xe2\x71\x24\xf0\x51\x1f\x90\x3a\xe7\xe6\x0e\x07\x96\x18"
|
||||||
|
"\x10\xa0\xb8\xf2\x8e\xa7\x55\xfa\x50\x36\x7a\x8a\x2b\x8b",
|
||||||
|
};
|
||||||
|
|
||||||
|
#if DEBUG_LINK
|
||||||
|
const ed25519_public_key DEFS_PUBLIC_KEYS_DEV[DEFS_PUBLIC_KEYS_COUNT] = {
|
||||||
|
"\x68\x46\x0e\xbe\xf3\xb1\x38\x16\x4e\xc7\xfd\x86\x10\xe9\x58\x00\xdf"
|
||||||
|
"\x75\x98\xf7\x0f\x2f\x2e\xa7\xdb\x51\x72\xac\x74\xeb\xc1\x44",
|
||||||
|
"\x8d\x4a\xbe\x07\x4f\xef\x92\x29\xd3\xb4\x41\xdf\xea\x4f\x98\xf8\x05"
|
||||||
|
"\xb1\xa2\xb3\xa0\x6a\xe6\x45\x81\x0e\xfe\xce\x77\xfd\x50\x44",
|
||||||
|
"\x97\xf7\x13\x5a\x9a\x26\x90\xe7\x3b\xeb\x26\x55\x6f\x1c\xb1\x63\xbe"
|
||||||
|
"\xa2\x53\x2a\xff\xa1\xe7\x78\x24\x30\xbe\x98\xc0\xe5\x68\x12",
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
struct EncodedDefinition {
|
struct EncodedDefinition {
|
||||||
// prefix
|
// prefix
|
||||||
pb_byte_t format_version[FORMAT_VERSION_LENGTH];
|
pb_byte_t format_version[FORMAT_VERSION_LENGTH];
|
||||||
@ -51,16 +74,17 @@ struct EncodedDefinition {
|
|||||||
uint8_t proof_length;
|
uint8_t proof_length;
|
||||||
const proof_entry *proof;
|
const proof_entry *proof;
|
||||||
|
|
||||||
const ed25519_signature *signed_root_hash;
|
uint8_t sigmask;
|
||||||
|
const uint8_t *signature;
|
||||||
};
|
};
|
||||||
|
|
||||||
static bool parse_encoded_definition(struct EncodedDefinition *const result,
|
static bool parse_encoded_definition(struct EncodedDefinition *const result,
|
||||||
const pb_size_t size,
|
const pb_size_t size,
|
||||||
const pb_byte_t *bytes) {
|
const pb_byte_t *bytes) {
|
||||||
// format version + definition type + data version + payload length + payload
|
// format version + definition type + data version + payload length + payload
|
||||||
// (at least 1B) + proof length + signed Merkle tree root hash
|
// (at least 1B) + proof length + sigmask + signature
|
||||||
if (size < (FORMAT_VERSION_LENGTH + 1 + 4 + 2 + 1 + 1 +
|
if (size < (FORMAT_VERSION_LENGTH + 1 + 4 + 2 + 1 + 1 + 1 +
|
||||||
MERKLE_TREE_SIGNED_ROOT_SIZE)) {
|
sizeof(ed25519_signature))) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -88,13 +112,15 @@ static bool parse_encoded_definition(struct EncodedDefinition *const result,
|
|||||||
|
|
||||||
// check the whole size of incoming bytes array
|
// check the whole size of incoming bytes array
|
||||||
if (size != (cursor - bytes) + result->proof_length * sizeof(proof_entry) +
|
if (size != (cursor - bytes) + result->proof_length * sizeof(proof_entry) +
|
||||||
MERKLE_TREE_SIGNED_ROOT_SIZE) {
|
1 + sizeof(ed25519_signature)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
result->proof = (proof_entry *)cursor;
|
result->proof = (proof_entry *)cursor;
|
||||||
cursor += result->proof_length * sizeof(proof_entry);
|
cursor += result->proof_length * sizeof(proof_entry);
|
||||||
|
|
||||||
result->signed_root_hash = (ed25519_signature *)cursor;
|
result->sigmask = *cursor;
|
||||||
|
cursor += 1;
|
||||||
|
result->signature = cursor;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
@ -160,12 +186,13 @@ static bool decode_definition(const pb_size_t size, const pb_byte_t *bytes,
|
|||||||
}
|
}
|
||||||
|
|
||||||
// and verify its signature
|
// and verify its signature
|
||||||
if (ed25519_sign_open(hash, SHA256_DIGEST_LENGTH, DEFINITIONS_PUBLIC_KEY,
|
if (!cryptoCosiVerify(parsed_def.signature, hash, sizeof(hash),
|
||||||
*(parsed_def.signed_root_hash)) != 0
|
SIGNATURE_THRESHOLD, DEFS_PUBLIC_KEYS,
|
||||||
|
DEFS_PUBLIC_KEYS_COUNT, parsed_def.sigmask)
|
||||||
#if DEBUG_LINK
|
#if DEBUG_LINK
|
||||||
&&
|
&& !cryptoCosiVerify(parsed_def.signature, hash, sizeof(hash),
|
||||||
ed25519_sign_open(hash, SHA256_DIGEST_LENGTH, DEFINITIONS_DEV_PUBLIC_KEY,
|
SIGNATURE_THRESHOLD, DEFS_PUBLIC_KEYS_DEV,
|
||||||
*(parsed_def.signed_root_hash)) != 0
|
DEFS_PUBLIC_KEYS_COUNT, parsed_def.sigmask)
|
||||||
#endif
|
#endif
|
||||||
) {
|
) {
|
||||||
// invalid signature
|
// invalid signature
|
||||||
|
|||||||
@ -10,17 +10,8 @@
|
|||||||
#include "messages-ethereum-definitions.pb.h"
|
#include "messages-ethereum-definitions.pb.h"
|
||||||
#include "pb.h"
|
#include "pb.h"
|
||||||
|
|
||||||
static const uint8_t DEFINITIONS_PUBLIC_KEY[] =
|
|
||||||
" "; // TODO: update
|
|
||||||
#if DEBUG_LINK
|
|
||||||
static const uint8_t DEFINITIONS_DEV_PUBLIC_KEY[] =
|
|
||||||
"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e"
|
|
||||||
"\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d";
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define MIN_DATA_VERSION ${ethereum_defs_timestamp}
|
#define MIN_DATA_VERSION ${ethereum_defs_timestamp}
|
||||||
#define FORMAT_VERSION_LENGTH 5
|
#define FORMAT_VERSION_LENGTH 5
|
||||||
#define FORMAT_VERSION (const pb_byte_t *)"trzd1"
|
#define FORMAT_VERSION (const pb_byte_t *)"trzd1"
|
||||||
#define MERKLE_TREE_SIGNED_ROOT_SIZE sizeof(ed25519_signature)
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user