diff --git a/core/src/apps/bitcoin/get_public_key.py b/core/src/apps/bitcoin/get_public_key.py index 8e7855857..f852b1d13 100644 --- a/core/src/apps/bitcoin/get_public_key.py +++ b/core/src/apps/bitcoin/get_public_key.py @@ -70,6 +70,7 @@ async def get_public_key( raise wire.DataError("Invalid combination of coin and script_type") pubkey = node.public_key() + # For curve25519 and ed25519, the public key has the prefix 0x00, as specified by SLIP-10. However, since this prefix is non-standard, it may be removed in the future. node_type = HDNodeType( depth=node.depth(), child_num=node.child_num(), diff --git a/core/src/apps/misc/get_ecdh_session_key.py b/core/src/apps/misc/get_ecdh_session_key.py index 68b55baed..b4403e261 100644 --- a/core/src/apps/misc/get_ecdh_session_key.py +++ b/core/src/apps/misc/get_ecdh_session_key.py @@ -55,6 +55,7 @@ async def get_ecdh_session_key(msg: GetECDHSessionKey) -> ECDHSessionKey: if peer_public_key[0] != 0x40: raise DataError("Curve25519 public key should start with 0x40") + # The prefix 0x04 doesn't make sense here, and may be changed or removed in the future session_key = b"\x04" + curve25519.multiply( node.private_key(), peer_public_key[1:] ) @@ -62,4 +63,5 @@ async def get_ecdh_session_key(msg: GetECDHSessionKey) -> ECDHSessionKey: raise DataError("Unsupported curve for ECDH: " + curve_name) # END ecdh + # For curve25519, the public key has the prefix 0x00, as specified by SLIP-10. However, since this prefix is non-standard, it may be removed in the future. return ECDHSessionKey(session_key=session_key, public_key=node.public_key()) diff --git a/core/src/apps/misc/sign_identity.py b/core/src/apps/misc/sign_identity.py index 55fd115d0..fd6298a4c 100644 --- a/core/src/apps/misc/sign_identity.py +++ b/core/src/apps/misc/sign_identity.py @@ -61,6 +61,7 @@ async def sign_identity(msg: SignIdentity) -> SignedIdentity: curve_name, ) + # For ed25519, the public key has the prefix 0x00, as specified by SLIP-10. However, since this prefix is non-standard, it may be removed in the future. return SignedIdentity(address=address, public_key=pubkey, signature=signature) diff --git a/crypto/bip32.c b/crypto/bip32.c index b78d31159..ee44c24e3 100644 --- a/crypto/bip32.c +++ b/crypto/bip32.c @@ -701,6 +701,8 @@ int hdnode_get_shared_key(const HDNode *node, const uint8_t *peer_public_key, *result_size = 65; return 0; } else if (node->curve == &curve25519_info) { + // The prefix 0x04 doesn't make sense here, and may be changed or removed in + // the future session_key[0] = 0x04; if (peer_public_key[0] != 0x40) { return 1; // Curve25519 public key should start with 0x40 byte. diff --git a/legacy/firmware/fsm_msg_coin.h b/legacy/firmware/fsm_msg_coin.h index 1640a1949..b767859b7 100644 --- a/legacy/firmware/fsm_msg_coin.h +++ b/legacy/firmware/fsm_msg_coin.h @@ -75,6 +75,9 @@ void fsm_msgGetPublicKey(const GetPublicKey *msg) { memcpy(resp->node.chain_code.bytes, node->chain_code, 32); resp->node.has_private_key = false; resp->node.public_key.size = 33; + // For curve25519 and ed25519, the public key has the prefix 0x00, as + // specified by SLIP-10. However, since this prefix is non-standard, it may be + // removed in the future. memcpy(resp->node.public_key.bytes, node->public_key, 33); if (coin->xpub_magic && (script_type == InputScriptType_SPENDADDRESS || diff --git a/legacy/firmware/fsm_msg_crypto.h b/legacy/firmware/fsm_msg_crypto.h index 7ddaec6c4..ff5c003e9 100644 --- a/legacy/firmware/fsm_msg_crypto.h +++ b/legacy/firmware/fsm_msg_crypto.h @@ -160,6 +160,9 @@ void fsm_msgSignIdentity(const SignIdentity *msg) { } } resp->public_key.size = 33; + // For ed25519, the public key has the prefix 0x00, as specified by SLIP-10. + // However, since this prefix is non-standard, it may be removed in the + // future. memcpy(resp->public_key.bytes, node->public_key, 33); resp->signature.size = 65; msg_write(MessageType_MessageType_SignedIdentity, resp); @@ -220,6 +223,9 @@ void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg) { layoutHome(); return; } + // For curve25519, the public key has the prefix 0x00, as specified by + // SLIP-10. However, since this prefix is non-standard, it may be removed in + // the future. memcpy(resp->public_key.bytes, node->public_key, 33); resp->public_key.size = 33; resp->has_public_key = true;