arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 20:38:10 +00:00
Code Issues Releases Wiki Activity

apps/wallet/ecdh: support decryption (for GnuPG)

Browse Source
This commit is contained in:
Roman Zeyde 2018-03-09 12:17:46 +02:00 committed by Pavol Rusnak
parent de217f75df
commit e925baaf08
2 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/apps/wallet/__init__.py
View File

@ -6,6 +6,7 @@ from trezor.messages.wire_types import \
SignTx, \ SignTx, \
SignMessage, VerifyMessage, \ SignMessage, VerifyMessage, \
SignIdentity, \ SignIdentity, \
GetECDHSessionKey, \
CipherKeyValue CipherKeyValue
@ -51,6 +52,12 @@ def dispatch_SignIdentity(*args, **kwargs):
return sign_identity(*args, **kwargs) return sign_identity(*args, **kwargs)
@unimport
def dispatch_GetECDHSessionKey(*args, **kwargs):
from .ecdh import get_ecdh_session_key
return get_ecdh_session_key(*args, **kwargs)
@unimport @unimport
def dispatch_CipherKeyValue(*args, **kwargs): def dispatch_CipherKeyValue(*args, **kwargs):
from .cipher_key_value import cipher_key_value from .cipher_key_value import cipher_key_value
@ -65,4 +72,5 @@ def boot():
register(SignMessage, protobuf_workflow, dispatch_SignMessage) register(SignMessage, protobuf_workflow, dispatch_SignMessage)
register(VerifyMessage, protobuf_workflow, dispatch_VerifyMessage) register(VerifyMessage, protobuf_workflow, dispatch_VerifyMessage)
register(SignIdentity, protobuf_workflow, dispatch_SignIdentity) register(SignIdentity, protobuf_workflow, dispatch_SignIdentity)
register(GetECDHSessionKey, protobuf_workflow, dispatch_GetECDHSessionKey)
register(CipherKeyValue, protobuf_workflow, dispatch_CipherKeyValue) register(CipherKeyValue, protobuf_workflow, dispatch_CipherKeyValue)

58
src/apps/wallet/ecdh.py Normal file
View File

@ -0,0 +1,58 @@
from trezor import ui
from trezor.crypto.hashlib import sha256
from trezor.messages.ECDHSessionKey import ECDHSessionKey
from ustruct import pack, unpack
from trezor.utils import chunks, serialize_identity
from apps.common.confirm import require_confirm
from trezor.ui.text import Text
from ..common import seed
async def get_ecdh_session_key(ctx, msg):
if msg.ecdsa_curve_name is None:
msg.ecdsa_curve_name = 'secp256k1'
identity = serialize_identity(msg.identity)
await require_confirm_ecdh_session_key(ctx, identity)
address_n = get_ecdh_path(identity, msg.identity.index or 0)
node = await seed.derive_node(ctx, address_n, msg.ecdsa_curve_name)
session_key = ecdh(seckey=node.private_key(),
peer_public_key=msg.peer_public_key,
curve=msg.ecdsa_curve_name)
return ECDHSessionKey(session_key=session_key)
async def require_confirm_ecdh_session_key(ctx, identity):
lines = chunks(identity, 18)
content = Text('Decrypt', ui.ICON_DEFAULT, ui.MONO, *lines, max_lines=5)
await require_confirm(ctx, content)
def get_ecdh_path(identity: str, index: int):
identity_hash = sha256(pack('<I', index) + identity).digest()
address_n = (17, ) + unpack('<IIII', identity_hash[:16])
address_n = [0x80000000 | x for x in address_n]
return address_n
def ecdh(seckey: bytes, peer_public_key: bytes, curve: str) -> bytes:
if curve == 'secp256k1':
from trezor.crypto.curve import secp256k1
session_key = secp256k1.multiply(seckey, peer_public_key)
elif curve == 'nist256p1':
from trezor.crypto.curve import nist256p1
session_key = nist256p1.multiply(seckey, peer_public_key)
elif curve == 'curve25519':
from trezor.crypto.curve import curve25519
if peer_public_key[0] != 0x40:
raise ValueError('Curve25519 public key should start with 0x40')
session_key = b'\x04' + curve25519.multiply(seckey, peer_public_key[1:])
else:
raise ValueError('Unsupported curve for ECDH: ' + curve)
return session_key