void fsm_msgEncryptMessage(EncryptMessage *msg)
{
if (!msg->has_pubkey) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "No public key provided");
return;
}
if (!msg->has_message) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "No message provided");
return;
}
curve_point pubkey;
if (msg->pubkey.size != 33 || ecdsa_read_pubkey(&secp256k1, msg->pubkey.bytes, &pubkey) == 0) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "Invalid public key provided");
return;
}
bool display_only = msg->has_display_only && msg->display_only;
bool signing = msg->address_n_count > 0;
RESP_INIT(EncryptedMessage);
const CoinType *coin = 0;
const HDNode *node = 0;
uint8_t address_raw[21];
if (signing) {
coin = coinByName(msg->coin_name);
if (!coin) {
fsm_sendFailure(FailureType_Failure_Other, "Invalid coin name");
return;
}
if (!protectPin(true)) {
layoutHome();
return;
}
node = fsm_getDerivedNode(msg->address_n, msg->address_n_count);
if (!node) return;
uint8_t public_key[33];
ecdsa_get_public_key33(&secp256k1, node->private_key, public_key);
ecdsa_get_address_raw(public_key, coin->address_type, address_raw);
}
layoutEncryptMessage(msg->message.bytes, msg->message.size, signing);
if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Encrypt message cancelled");
layoutHome();
return;
}
layoutProgressSwipe("Encrypting", 0);
if (cryptoMessageEncrypt(&pubkey, msg->message.bytes, msg->message.size, display_only, resp->nonce.bytes, &(resp->nonce.size), resp->message.bytes, &(resp->message.size), resp->hmac.bytes, &(resp->hmac.size), signing ? node->private_key : 0, signing ? address_raw : 0) != 0) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Error encrypting message");
layoutHome();
return;
}
resp->has_nonce = true;
resp->has_message = true;
resp->has_hmac = true;
msg_write(MessageType_MessageType_EncryptedMessage, resp);
layoutHome();
}
void fsm_msgDecryptMessage(DecryptMessage *msg)
{
if (!msg->has_nonce) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "No nonce provided");
return;
}
if (!msg->has_message) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "No message provided");
return;
}
if (!msg->has_hmac) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "No message hmac provided");
return;
}
curve_point nonce_pubkey;
if (msg->nonce.size != 33 || ecdsa_read_pubkey(&secp256k1, msg->nonce.bytes, &nonce_pubkey) == 0) {
fsm_sendFailure(FailureType_Failure_SyntaxError, "Invalid nonce provided");
return;
}
if (!protectPin(true)) {
layoutHome();
return;
}
const HDNode *node = fsm_getDerivedNode(msg->address_n, msg->address_n_count);
if (!node) return;
layoutProgressSwipe("Decrypting", 0);
RESP_INIT(DecryptedMessage);
bool display_only = false;
bool signing = false;
uint8_t address_raw[21];
if (cryptoMessageDecrypt(&nonce_pubkey, msg->message.bytes, msg->message.size, msg->hmac.bytes, msg->hmac.size, node->private_key, resp->message.bytes, &(resp->message.size), &display_only, &signing, address_raw) != 0) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Error decrypting message");
layoutHome();
return;
}
if (signing) {
base58_encode_check(address_raw, 21, resp->address, sizeof(resp->address));
}
layoutDecryptMessage(resp->message.bytes, resp->message.size, signing ? resp->address : 0);
protectButton(ButtonRequestType_ButtonRequest_Other, true);
if (display_only) {
resp->has_address = false;
resp->has_message = false;
memset(resp->address, 0, sizeof(resp->address));
memset(&(resp->message), 0, sizeof(resp->message));
} else {
resp->has_address = signing;
resp->has_message = true;
}
msg_write(MessageType_MessageType_DecryptedMessage, resp);
layoutHome();
}
int hdnode_public_ckd(HDNode *inout, uint32_t i)
{
uint8_t data[1 + 32 + 4];
uint8_t I[32 + 32];
uint8_t fingerprint[32];
curve_point a, b;
bignum256 c;
if (i & 0x80000000) { // private derivation
return 0;
} else { // public derivation
memcpy(data, inout->public_key, 33);
}
write_be(data + 33, i);
sha256_Raw(inout->public_key, 33, fingerprint);
ripemd160(fingerprint, 32, fingerprint);
inout->fingerprint = (fingerprint[0] << 24) + (fingerprint[1] << 16) + (fingerprint[2] << 8) + fingerprint[3];
memset(inout->private_key, 0, 32);
if (!ecdsa_read_pubkey(inout->public_key, &a)) {
return 0;
}
hmac_sha512(inout->chain_code, 32, data, sizeof(data), I);
memcpy(inout->chain_code, I + 32, 32);
bn_read_be(I, &c);
if (!bn_is_less(&c, &order256k1)) { // >= order
return 0;
}
scalar_multiply(&c, &b); // b = c * G
point_add(&a, &b); // b = a + b
#if USE_PUBKEY_VALIDATE
if (!ecdsa_validate_pubkey(&b)) {
return 0;
}
#endif
inout->public_key[0] = 0x02 | (b.y.val[0] & 0x01);
bn_write_be(&b.x, inout->public_key + 1);
inout->depth++;
inout->child_num = i;
return 1;
}
void fsm_msgDecryptMessage(DecryptMessage *msg)
{
if (!storage_is_initialized())
{
fsm_sendFailure(FailureType_Failure_NotInitialized, "Device not initialized");
return;
}
if(!msg->has_nonce)
{
fsm_sendFailure(FailureType_Failure_SyntaxError, "No nonce provided");
return;
}
if(!msg->has_message)
{
fsm_sendFailure(FailureType_Failure_SyntaxError, "No message provided");
return;
}
if(!msg->has_hmac)
{
fsm_sendFailure(FailureType_Failure_SyntaxError, "No message hmac provided");
return;
}
curve_point nonce_pubkey;
if(msg->nonce.size != 33 ||
ecdsa_read_pubkey(&secp256k1, msg->nonce.bytes, &nonce_pubkey) == 0)
{
fsm_sendFailure(FailureType_Failure_SyntaxError, "Invalid nonce provided");
return;
}
if(!pin_protect_cached())
{
go_home();
return;
}
const HDNode *node = fsm_getDerivedNode(msg->address_n, msg->address_n_count);
if(!node) { return; }
layout_simple_message("Decrypting Message...");
RESP_INIT(DecryptedMessage);
bool display_only = false;
bool signing = false;
uint8_t address_raw[21];
if(cryptoMessageDecrypt(&nonce_pubkey, msg->message.bytes, msg->message.size,
msg->hmac.bytes, msg->hmac.size, node->private_key, resp->message.bytes,
&(resp->message.size), &display_only, &signing, address_raw) != 0)
{
fsm_sendFailure(FailureType_Failure_ActionCancelled,
"Error decrypting message");
go_home();
return;
}
if(signing)
{
base58_encode_check(address_raw, 21, resp->address, sizeof(resp->address));
}
if(!confirm_decrypt_msg((char *)resp->message.bytes,
signing ? resp->address : 0))
{
fsm_sendFailure(FailureType_Failure_ActionCancelled,
"Decrypt message cancelled");
go_home();
return;
}
if(display_only)
{
resp->has_address = false;
resp->has_message = false;
memset(resp->address, 0, sizeof(resp->address));
memset(&(resp->message), 0, sizeof(resp->message));
}
else
{
resp->has_address = signing;
resp->has_message = true;
}
msg_write(MessageType_MessageType_DecryptedMessage, resp);
go_home();
}
void fsm_msgEncryptMessage(EncryptMessage *msg)
{
if (!storage_is_initialized())
{
fsm_sendFailure(FailureType_Failure_NotInitialized, "Device not initialized");
return;
}
if(!msg->has_pubkey)
{
fsm_sendFailure(FailureType_Failure_SyntaxError, "No public key provided");
return;
}
if(!msg->has_message)
{
fsm_sendFailure(FailureType_Failure_SyntaxError, "No message provided");
return;
}
curve_point pubkey;
if(msg->pubkey.size != 33 ||
ecdsa_read_pubkey(&secp256k1, msg->pubkey.bytes, &pubkey) == 0)
{
fsm_sendFailure(FailureType_Failure_SyntaxError, "Invalid public key provided");
return;
}
bool display_only = msg->has_display_only && msg->display_only;
bool signing = msg->address_n_count > 0;
RESP_INIT(EncryptedMessage);
const CoinType *coin = 0;
const HDNode *node = 0;
uint8_t address_raw[21];
if(signing)
{
coin = coinByName(msg->coin_name);
if(!coin)
{
fsm_sendFailure(FailureType_Failure_Other, "Invalid coin name");
return;
}
if(!pin_protect_cached())
{
go_home();
return;
}
node = fsm_getDerivedNode(msg->address_n, msg->address_n_count);
if(!node) { return; }
uint8_t public_key[33];
ecdsa_get_public_key33(&secp256k1, node->private_key, public_key);
ecdsa_get_address_raw(public_key, coin->address_type, address_raw);
}
if(!confirm_encrypt_msg((char *)msg->message.bytes, signing))
{
fsm_sendFailure(FailureType_Failure_ActionCancelled,
"Encrypt message cancelled");
go_home();
return;
}
layout_simple_message("Encrypting Message...");
if(cryptoMessageEncrypt(&pubkey, msg->message.bytes, msg->message.size,
display_only,
resp->nonce.bytes, &(resp->nonce.size), resp->message.bytes,
&(resp->message.size),
resp->hmac.bytes, &(resp->hmac.size), signing ? node->private_key : 0,
signing ? address_raw : 0) != 0)
{
fsm_sendFailure(FailureType_Failure_ActionCancelled,
"Error encrypting message");
go_home();
return;
}
resp->has_nonce = true;
resp->has_message = true;
resp->has_hmac = true;
msg_write(MessageType_MessageType_EncryptedMessage, resp);
go_home();
}
