From caffef2e0a393d46581f5f5903b21c0a48aee998 Mon Sep 17 00:00:00 2001 From: Aleksey Popov Date: Wed, 6 Jun 2018 23:53:15 +0300 Subject: [PATCH 1/4] app.lisk: restore sign and verify functions with correct message digest (with prefix) --- src/apps/lisk/__init__.py | 14 ++++++++- src/apps/lisk/sign_message.py | 35 +++++++++++++++++++++ src/apps/lisk/verify_message.py | 20 ++++++++++++ src/trezor/messages/LiskMessageSignature.py | 18 +++++++++++ src/trezor/messages/LiskSignMessage.py | 23 ++++++++++++++ src/trezor/messages/LiskVerifyMessage.py | 21 +++++++++++++ src/trezor/messages/MessageType.py | 3 ++ src/trezor/messages/wire_types.py | 3 ++ 8 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 src/apps/lisk/sign_message.py create mode 100644 src/apps/lisk/verify_message.py create mode 100644 src/trezor/messages/LiskMessageSignature.py create mode 100644 src/trezor/messages/LiskSignMessage.py create mode 100644 src/trezor/messages/LiskVerifyMessage.py diff --git a/src/apps/lisk/__init__.py b/src/apps/lisk/__init__.py index c82515e268..ae7e94332d 100644 --- a/src/apps/lisk/__init__.py +++ b/src/apps/lisk/__init__.py @@ -1,6 +1,6 @@ from trezor.wire import register, protobuf_workflow from trezor.messages.wire_types import \ - LiskGetAddress, LiskSignTx, LiskGetPublicKey + LiskGetAddress, LiskSignTx, LiskGetPublicKey, LiskSignMessage, LiskVerifyMessage def dispatch_LiskGetAddress(*args, **kwargs): @@ -18,7 +18,19 @@ def dispatch_LiskSignTx(*args, **kwargs): return lisk_sign_tx(*args, **kwargs) +def dispatch_LiskSignMessage(*args, **kwargs): + from .sign_message import lisk_sign_message + return lisk_sign_message(*args, **kwargs) + + +def dispatch_LiskVerifyMessage(*args, **kwargs): + from .verify_message import lisk_verify_message + return lisk_verify_message(*args, **kwargs) + + def boot(): register(LiskGetPublicKey, protobuf_workflow, dispatch_LiskGetPublicKey) register(LiskGetAddress, protobuf_workflow, dispatch_LiskGetAddress) + register(LiskSignMessage, protobuf_workflow, dispatch_LiskSignMessage) + register(LiskVerifyMessage, protobuf_workflow, dispatch_LiskVerifyMessage) register(LiskSignTx, protobuf_workflow, dispatch_LiskSignTx) diff --git a/src/apps/lisk/sign_message.py b/src/apps/lisk/sign_message.py new file mode 100644 index 0000000000..5d837d4b60 --- /dev/null +++ b/src/apps/lisk/sign_message.py @@ -0,0 +1,35 @@ +from .helpers import LISK_CURVE, get_address_from_public_key +from apps.wallet.sign_message import require_confirm_sign_message +from trezor.crypto.hashlib import sha256 +from trezor.utils import HashWriter +from apps.wallet.sign_tx.signing import write_varint + +def message_digest(message): + h = HashWriter(sha256) + signed_message_header = 'Lisk Signed Message:\n' + write_varint(h, len(signed_message_header)) + h.extend(signed_message_header) + write_varint(h, len(message)) + h.extend(message) + return sha256(h.get_digest()).digest() + + +async def lisk_sign_message(ctx, msg): + from trezor.messages.LiskMessageSignature import LiskMessageSignature + from trezor.crypto.curve import ed25519 + from ..common import seed + + message = msg.message + + await require_confirm_sign_message(ctx, message) + + address_n = msg.address_n or () + + node = await seed.derive_node(ctx, address_n, LISK_CURVE) + seckey = node.private_key() + pubkey = node.public_key() + pubkey = pubkey[1:] # skip ed25519 pubkey marker + + signature = ed25519.sign(seckey, message_digest(message)) + + return LiskMessageSignature(public_key=pubkey, signature=signature) diff --git a/src/apps/lisk/verify_message.py b/src/apps/lisk/verify_message.py new file mode 100644 index 0000000000..c50c95fd4f --- /dev/null +++ b/src/apps/lisk/verify_message.py @@ -0,0 +1,20 @@ + +async def lisk_verify_message(ctx, msg): + from trezor.crypto.curve import ed25519 + from .helpers import get_address_from_public_key + from .sign_message import message_digest + from trezor import wire + from trezor.messages.Success import Success + from trezor.messages.FailureType import ProcessError + from apps.wallet.verify_message import require_confirm_verify_message + + verify = ed25519.verify(msg.public_key, msg.signature, message_digest(msg.message)) + + if not verify: + raise wire.ProcessError('Invalid signature') + + address = get_address_from_public_key(msg.public_key) + + await require_confirm_verify_message(ctx, address, msg.message) + + return Success(message='Message verified') \ No newline at end of file diff --git a/src/trezor/messages/LiskMessageSignature.py b/src/trezor/messages/LiskMessageSignature.py new file mode 100644 index 0000000000..c6b98bc6a8 --- /dev/null +++ b/src/trezor/messages/LiskMessageSignature.py @@ -0,0 +1,18 @@ +# Automatically generated by pb2py +import protobuf as p + + +class LiskMessageSignature(p.MessageType): + MESSAGE_WIRE_TYPE = 119 + FIELDS = { + 1: ('public_key', p.BytesType, 0), + 2: ('signature', p.BytesType, 0), + } + + def __init__( + self, + public_key: bytes = None, + signature: bytes = None + ) -> None: + self.public_key = public_key + self.signature = signature diff --git a/src/trezor/messages/LiskSignMessage.py b/src/trezor/messages/LiskSignMessage.py new file mode 100644 index 0000000000..0f1ff67840 --- /dev/null +++ b/src/trezor/messages/LiskSignMessage.py @@ -0,0 +1,23 @@ +# Automatically generated by pb2py +import protobuf as p +if __debug__: + try: + from typing import List + except ImportError: + List = None + + +class LiskSignMessage(p.MessageType): + MESSAGE_WIRE_TYPE = 118 + FIELDS = { + 1: ('address_n', p.UVarintType, p.FLAG_REPEATED), + 2: ('message', p.BytesType, 0), + } + + def __init__( + self, + address_n: List[int] = None, + message: bytes = None + ) -> None: + self.address_n = address_n if address_n is not None else [] + self.message = message diff --git a/src/trezor/messages/LiskVerifyMessage.py b/src/trezor/messages/LiskVerifyMessage.py new file mode 100644 index 0000000000..d769a7138d --- /dev/null +++ b/src/trezor/messages/LiskVerifyMessage.py @@ -0,0 +1,21 @@ +# Automatically generated by pb2py +import protobuf as p + + +class LiskVerifyMessage(p.MessageType): + MESSAGE_WIRE_TYPE = 120 + FIELDS = { + 1: ('signature', p.BytesType, 0), + 2: ('public_key', p.BytesType, 0), + 3: ('message', p.BytesType, 0), + } + + def __init__( + self, + signature: bytes = None, + public_key: bytes = None, + message: bytes = None + ) -> None: + self.signature = signature + self.public_key = public_key + self.message = message diff --git a/src/trezor/messages/MessageType.py b/src/trezor/messages/MessageType.py index 66b2787581..bed0c35415 100644 --- a/src/trezor/messages/MessageType.py +++ b/src/trezor/messages/MessageType.py @@ -88,6 +88,9 @@ LiskGetAddress = 114 LiskAddress = 115 LiskSignTx = 116 LiskSignedTx = 117 +LiskSignMessage = 118 +LiskMessageSignature = 119 +LiskVerifyMessage = 120 LiskGetPublicKey = 121 LiskPublicKey = 122 StellarGetPublicKey = 200 diff --git a/src/trezor/messages/wire_types.py b/src/trezor/messages/wire_types.py index 66b2787581..bed0c35415 100644 --- a/src/trezor/messages/wire_types.py +++ b/src/trezor/messages/wire_types.py @@ -88,6 +88,9 @@ LiskGetAddress = 114 LiskAddress = 115 LiskSignTx = 116 LiskSignedTx = 117 +LiskSignMessage = 118 +LiskMessageSignature = 119 +LiskVerifyMessage = 120 LiskGetPublicKey = 121 LiskPublicKey = 122 StellarGetPublicKey = 200 From c0f71d3d032fbb41ffe08c0c10a2705c7d95659d Mon Sep 17 00:00:00 2001 From: Aleksey Popov Date: Thu, 7 Jun 2018 15:26:00 +0300 Subject: [PATCH 2/4] vendor: update trezor-common --- vendor/trezor-common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/trezor-common b/vendor/trezor-common index 018eebac7e..babc60a48e 160000 --- a/vendor/trezor-common +++ b/vendor/trezor-common @@ -1 +1 @@ -Subproject commit 018eebac7e64ed082486d746d78d279fe815c65d +Subproject commit babc60a48ec95df8de0ddd11b9d7e24b0e7e1d46 From de552b19f5efb9c60a421ec5910b22929fd60c8b Mon Sep 17 00:00:00 2001 From: Aleksey Popov Date: Thu, 7 Jun 2018 15:26:59 +0300 Subject: [PATCH 3/4] app.lisk: update LiskVerifyMessage message --- src/trezor/messages/LiskVerifyMessage.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/trezor/messages/LiskVerifyMessage.py b/src/trezor/messages/LiskVerifyMessage.py index d769a7138d..7a83fc7de0 100644 --- a/src/trezor/messages/LiskVerifyMessage.py +++ b/src/trezor/messages/LiskVerifyMessage.py @@ -5,17 +5,17 @@ import protobuf as p class LiskVerifyMessage(p.MessageType): MESSAGE_WIRE_TYPE = 120 FIELDS = { - 1: ('signature', p.BytesType, 0), - 2: ('public_key', p.BytesType, 0), + 1: ('public_key', p.BytesType, 0), + 2: ('signature', p.BytesType, 0), 3: ('message', p.BytesType, 0), } def __init__( self, - signature: bytes = None, public_key: bytes = None, + signature: bytes = None, message: bytes = None ) -> None: - self.signature = signature self.public_key = public_key + self.signature = signature self.message = message From 1513578737421b717e3c98b13c60869524686ab0 Mon Sep 17 00:00:00 2001 From: Jan Pochyla Date: Thu, 7 Jun 2018 15:48:47 +0200 Subject: [PATCH 4/4] app.lisk: fix code style --- src/apps/lisk/sign_message.py | 29 +++++++++++++++++++---------- src/apps/lisk/verify_message.py | 25 ++++++++++++------------- 2 files changed, 31 insertions(+), 23 deletions(-) diff --git a/src/apps/lisk/sign_message.py b/src/apps/lisk/sign_message.py index 5d837d4b60..65dfaf29cc 100644 --- a/src/apps/lisk/sign_message.py +++ b/src/apps/lisk/sign_message.py @@ -1,8 +1,16 @@ -from .helpers import LISK_CURVE, get_address_from_public_key -from apps.wallet.sign_message import require_confirm_sign_message -from trezor.crypto.hashlib import sha256 -from trezor.utils import HashWriter +from apps.common import seed +from apps.common.confirm import require_confirm +from apps.common.signverify import split_message from apps.wallet.sign_tx.signing import write_varint +from trezor import ui +from trezor.crypto.curve import ed25519 +from trezor.crypto.hashlib import sha256 +from trezor.messages.LiskMessageSignature import LiskMessageSignature +from trezor.ui.text import Text +from trezor.utils import HashWriter + +from .helpers import LISK_CURVE + def message_digest(message): h = HashWriter(sha256) @@ -15,16 +23,11 @@ def message_digest(message): async def lisk_sign_message(ctx, msg): - from trezor.messages.LiskMessageSignature import LiskMessageSignature - from trezor.crypto.curve import ed25519 - from ..common import seed - message = msg.message + address_n = msg.address_n or () await require_confirm_sign_message(ctx, message) - address_n = msg.address_n or () - node = await seed.derive_node(ctx, address_n, LISK_CURVE) seckey = node.private_key() pubkey = node.public_key() @@ -33,3 +36,9 @@ async def lisk_sign_message(ctx, msg): signature = ed25519.sign(seckey, message_digest(message)) return LiskMessageSignature(public_key=pubkey, signature=signature) + + +async def require_confirm_sign_message(ctx, message): + message = split_message(message) + content = Text('Sign Lisk message', ui.ICON_DEFAULT, max_lines=5, *message) + await require_confirm(ctx, content) diff --git a/src/apps/lisk/verify_message.py b/src/apps/lisk/verify_message.py index c50c95fd4f..53632f0898 100644 --- a/src/apps/lisk/verify_message.py +++ b/src/apps/lisk/verify_message.py @@ -1,20 +1,19 @@ +from apps.wallet.verify_message import require_confirm_verify_message +from trezor import wire +from trezor.crypto.curve import ed25519 +from trezor.messages.Success import Success + +from .helpers import get_address_from_public_key +from .sign_message import message_digest + async def lisk_verify_message(ctx, msg): - from trezor.crypto.curve import ed25519 - from .helpers import get_address_from_public_key - from .sign_message import message_digest - from trezor import wire - from trezor.messages.Success import Success - from trezor.messages.FailureType import ProcessError - from apps.wallet.verify_message import require_confirm_verify_message - - verify = ed25519.verify(msg.public_key, msg.signature, message_digest(msg.message)) - - if not verify: + digest = message_digest(msg.message) + verified = ed25519.verify(msg.public_key, msg.signature, digest) + if not verified: raise wire.ProcessError('Invalid signature') address = get_address_from_public_key(msg.public_key) - await require_confirm_verify_message(ctx, address, msg.message) - return Success(message='Message verified') \ No newline at end of file + return Success(message='Message verified')