1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-23 06:48:16 +00:00

Implemented VerifyMessage for bech32

This commit is contained in:
Jochen Hoenicke 2017-11-01 22:18:29 +01:00 committed by Pavol Rusnak
parent 0f50b816e6
commit bbf6b1b097
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
3 changed files with 27 additions and 20 deletions

View File

@ -31,6 +31,8 @@
#include "address.h" #include "address.h"
#include "macros.h" #include "macros.h"
#include "coins.h" #include "coins.h"
#include "base58.h"
#include "segwit_addr.h"
uint32_t ser_length(uint32_t len, uint8_t *out) uint32_t ser_length(uint32_t len, uint8_t *out)
{ {
@ -143,7 +145,7 @@ int cryptoMessageSign(const CoinInfo *coin, HDNode *node, InputScriptType script
return result; return result;
} }
int cryptoMessageVerify(const CoinInfo *coin, const uint8_t *message, size_t message_len, uint32_t address_type, const uint8_t *address_raw, const uint8_t *signature) int cryptoMessageVerify(const CoinInfo *coin, const uint8_t *message, size_t message_len, const char *address, const uint8_t *signature)
{ {
// check for invalid signature prefix // check for invalid signature prefix
if (signature[0] < 27 || signature[0] > 43) { if (signature[0] < 27 || signature[0] > 43) {
@ -177,30 +179,41 @@ int cryptoMessageVerify(const CoinInfo *coin, const uint8_t *message, size_t mes
// check if the address is correct // check if the address is correct
uint8_t addr_raw[MAX_ADDR_RAW_SIZE]; uint8_t addr_raw[MAX_ADDR_RAW_SIZE];
uint8_t recovered_raw[MAX_ADDR_RAW_SIZE];
// p2pkh // p2pkh
if (signature[0] >= 27 && signature[0] <= 34) { if (signature[0] >= 27 && signature[0] <= 34) {
if (address_type != coin->address_type) { size_t len = base58_decode_check(address, addr_raw, MAX_ADDR_RAW_SIZE);
return 4; ecdsa_get_address_raw(pubkey, coin->address_type, recovered_raw);
} if (memcmp(recovered_raw, addr_raw, len) != 0
ecdsa_get_address_raw(pubkey, address_type, addr_raw); || len != address_prefix_bytes_len(coin->address_type) + 20) {
if (memcmp(addr_raw, address_raw, address_prefix_bytes_len(address_type) + 20) != 0) {
return 2; return 2;
} }
} else } else
// segwit-in-p2sh // segwit-in-p2sh
if (signature[0] >= 35 && signature[0] <= 38) { if (signature[0] >= 35 && signature[0] <= 38) {
if (address_type != coin->address_type_p2sh) { size_t len = base58_decode_check(address, addr_raw, MAX_ADDR_RAW_SIZE);
return 4; ecdsa_get_address_segwit_p2sh_raw(pubkey, coin->address_type_p2sh, recovered_raw);
} if (memcmp(recovered_raw, addr_raw, len) != 0
ecdsa_get_address_segwit_p2sh_raw(pubkey, address_type, addr_raw); || len != address_prefix_bytes_len(coin->address_type_p2sh) + 20) {
if (memcmp(addr_raw, address_raw, address_prefix_bytes_len(address_type) + 20) != 0) {
return 2; return 2;
} }
} else } else
// segwit // segwit
if (signature[0] >= 39 && signature[0] <= 42) { if (signature[0] >= 39 && signature[0] <= 42) {
return 2; // not supported yet int witver;
size_t len;
if (!coin->bech32_prefix
|| !segwit_addr_decode(&witver, recovered_raw, &len, coin->bech32_prefix, address)) {
return 4;
}
ecdsa_get_pubkeyhash(pubkey, addr_raw);
if (memcmp(recovered_raw, addr_raw, len) != 0
|| witver != 0 || len != 20) {
return 2;
}
} else {
return 4;
} }
return 0; return 0;

View File

@ -40,7 +40,7 @@ int gpgMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uin
int cryptoMessageSign(const CoinInfo *coin, HDNode *node, InputScriptType script_type, const uint8_t *message, size_t message_len, uint8_t *signature); int cryptoMessageSign(const CoinInfo *coin, HDNode *node, InputScriptType script_type, const uint8_t *message, size_t message_len, uint8_t *signature);
int cryptoMessageVerify(const CoinInfo *coin, const uint8_t *message, size_t message_len, uint32_t address_type, const uint8_t *address_raw, const uint8_t *signature); int cryptoMessageVerify(const CoinInfo *coin, const uint8_t *message, size_t message_len, const char *address, const uint8_t *signature);
/* ECIES disabled /* ECIES disabled
int cryptoMessageEncrypt(curve_point *pubkey, const uint8_t *msg, size_t msg_size, bool display_only, uint8_t *nonce, size_t *nonce_len, uint8_t *payload, size_t *payload_len, uint8_t *hmac, size_t *hmac_len, const uint8_t *privkey, const uint8_t *address_raw); int cryptoMessageEncrypt(curve_point *pubkey, const uint8_t *msg, size_t msg_size, bool display_only, uint8_t *nonce, size_t *nonce_len, uint8_t *payload, size_t *payload_len, uint8_t *hmac, size_t *hmac_len, const uint8_t *privkey, const uint8_t *address_raw);

View File

@ -849,14 +849,8 @@ void fsm_msgVerifyMessage(VerifyMessage *msg)
const CoinInfo *coin = fsm_getCoin(msg->has_coin_name, msg->coin_name); const CoinInfo *coin = fsm_getCoin(msg->has_coin_name, msg->coin_name);
if (!coin) return; if (!coin) return;
uint8_t addr_raw[MAX_ADDR_RAW_SIZE];
uint32_t address_type;
if (!coinExtractAddressType(coin, msg->address, &address_type) || !ecdsa_address_decode(msg->address, address_type, addr_raw)) {
fsm_sendFailure(FailureType_Failure_DataError, _("Invalid address"));
return;
}
layoutProgressSwipe(_("Verifying"), 0); layoutProgressSwipe(_("Verifying"), 0);
if (msg->signature.size == 65 && cryptoMessageVerify(coin, msg->message.bytes, msg->message.size, address_type, addr_raw, msg->signature.bytes) == 0) { if (msg->signature.size == 65 && cryptoMessageVerify(coin, msg->message.bytes, msg->message.size, msg->address, msg->signature.bytes) == 0) {
layoutVerifyAddress(msg->address); layoutVerifyAddress(msg->address);
if (!protectButton(ButtonRequestType_ButtonRequest_Other, false)) { if (!protectButton(ButtonRequestType_ButtonRequest_Other, false)) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL); fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);