/* * This file is part of the Trezor project, https://trezor.io/ * * Copyright (C) 2014 Pavol Rusnak <stick@satoshilabs.com> * * This library is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this library. If not, see <http://www.gnu.org/licenses/>. */ #ifndef __CRYPTO_H__ #define __CRYPTO_H__ #include <bip32.h> #include <ecdsa.h> #include <pb.h> #include <sha2.h> #include <stdbool.h> #include <stdint.h> #include <stdlib.h> #include "coins.h" #include "hasher.h" #include "messages-bitcoin.pb.h" #include "messages-crypto.pb.h" #define PATH_HARDENED 0x80000000 #define PATH_UNHARDEN_MASK 0x7fffffff #define PATH_MAX_ACCOUNT 100 #define PATH_MAX_CHANGE 1 // The maximum allowed change address. This should be large enough for normal // use and still allow to quickly brute-force the correct bip32 path. #define PATH_MAX_ADDRESS_INDEX 1000000 #define PATH_SLIP25_PURPOSE (PATH_HARDENED | 10025) // The number of bip32 levels used in a wallet (chain and address) #define BIP32_WALLET_DEPTH 2 #define ser_length_size(len) ((len) < 253 ? 1 : (len) < 0x10000 ? 3 : 5) typedef enum { SCHEMA_NONE, SCHEMA_SLIP25_TAPROOT, SCHEMA_SLIP25_TAPROOT_EXTERNAL } PathSchema; typedef struct { uint8_t data[64]; } Slip21Node; uint32_t ser_length(uint32_t len, uint8_t *out); uint32_t ser_length_hash(Hasher *hasher, uint32_t len); int sshMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature); int gpgMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature); int signifyMessageSign(HDNode *node, const uint8_t *message, size_t message_len, uint8_t *signature); int cryptoMessageSign(const CoinInfo *coin, HDNode *node, InputScriptType script_type, bool no_script_type, const uint8_t *message, size_t message_len, uint8_t *signature); int cryptoMessageVerify(const CoinInfo *coin, const uint8_t *message, size_t message_len, const char *address, const uint8_t *signature); const HDNode *cryptoMultisigPubkey(const CoinInfo *coin, const MultisigRedeemScriptType *multisig, uint32_t index); uint32_t cryptoMultisigPubkeyCount(const MultisigRedeemScriptType *multisig); int cryptoMultisigPubkeyIndex(const CoinInfo *coin, const MultisigRedeemScriptType *multisig, const uint8_t *pubkey); int cryptoMultisigFingerprint(const MultisigRedeemScriptType *multisig, uint8_t *hash); int cryptoIdentityFingerprint(const IdentityType *identity, uint8_t *hash); bool coin_path_check(const CoinInfo *coin, InputScriptType script_type, uint32_t address_n_count, const uint32_t *address_n, bool has_multisig, PathSchema unlock, bool full_check); bool is_multisig_input_script_type(InputScriptType script_type); bool is_multisig_output_script_type(OutputScriptType script_type); bool is_internal_input_script_type(InputScriptType script_type); bool is_change_output_script_type(OutputScriptType script_type); bool is_segwit_input_script_type(InputScriptType script_type); bool is_segwit_output_script_type(OutputScriptType script_type); bool change_output_to_input_script_type(OutputScriptType output_script_type, InputScriptType *input_script_type); void slip21_from_seed(const uint8_t *seed, int seed_len, Slip21Node *out); void slip21_derive_path(Slip21Node *inout, const uint8_t *label, size_t label_len); const uint8_t *slip21_key(const Slip21Node *node); #endif