mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-18 04:18:10 +00:00
eth/verify: path is not validated; improve invalid signature handling
Ethereum's verify_function takes an actual address as an argument not a derivation path. So any path validation does not make any sense. Also, if the verify_recover function raises an exception, it gets propogated as a DataError (additional fix for #422).
This commit is contained in:
parent
47790634ae
commit
d5fb2a477a
@ -6,9 +6,6 @@ from trezor.crypto.hashlib import sha3_256
|
||||
from trezor.messages.Success import Success
|
||||
from trezor.ui.text import Text
|
||||
|
||||
from .address import validate_full_path
|
||||
|
||||
from apps.common import paths
|
||||
from apps.common.confirm import require_confirm
|
||||
from apps.common.layout import split_address
|
||||
from apps.common.signverify import split_message
|
||||
@ -16,11 +13,15 @@ from apps.ethereum.sign_message import message_digest
|
||||
|
||||
|
||||
async def verify_message(ctx, msg):
|
||||
await paths.validate_path(ctx, validate_full_path, path=msg.address)
|
||||
|
||||
digest = message_digest(msg.message)
|
||||
if len(msg.signature) != 65:
|
||||
raise wire.DataError("Invalid signature")
|
||||
sig = bytearray([msg.signature[64]]) + msg.signature[:64]
|
||||
|
||||
try:
|
||||
pubkey = secp256k1.verify_recover(sig, digest)
|
||||
except ValueError:
|
||||
raise wire.DataError("Invalid signature")
|
||||
|
||||
if not pubkey:
|
||||
raise wire.DataError("Invalid signature")
|
||||
|
Loading…
Reference in New Issue
Block a user