void fsm_msgEncryptMessage(EncryptMessage *msg) { if (!msg->has_pubkey) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No public key provided"); return; } if (!msg->has_message) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No message provided"); return; } curve_point pubkey; if (msg->pubkey.size != 33 || ecdsa_read_pubkey(&secp256k1, msg->pubkey.bytes, &pubkey) == 0) { fsm_sendFailure(FailureType_Failure_SyntaxError, "Invalid public key provided"); return; } bool display_only = msg->has_display_only && msg->display_only; bool signing = msg->address_n_count > 0; RESP_INIT(EncryptedMessage); const CoinType *coin = 0; const HDNode *node = 0; uint8_t address_raw[21]; if (signing) { coin = coinByName(msg->coin_name); if (!coin) { fsm_sendFailure(FailureType_Failure_Other, "Invalid coin name"); return; } if (!protectPin(true)) { layoutHome(); return; } node = fsm_getDerivedNode(msg->address_n, msg->address_n_count); if (!node) return; uint8_t public_key[33]; ecdsa_get_public_key33(&secp256k1, node->private_key, public_key); ecdsa_get_address_raw(public_key, coin->address_type, address_raw); } layoutEncryptMessage(msg->message.bytes, msg->message.size, signing); if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Encrypt message cancelled"); layoutHome(); return; } layoutProgressSwipe("Encrypting", 0); if (cryptoMessageEncrypt(&pubkey, msg->message.bytes, msg->message.size, display_only, resp->nonce.bytes, &(resp->nonce.size), resp->message.bytes, &(resp->message.size), resp->hmac.bytes, &(resp->hmac.size), signing ? node->private_key : 0, signing ? address_raw : 0) != 0) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Error encrypting message"); layoutHome(); return; } resp->has_nonce = true; resp->has_message = true; resp->has_hmac = true; msg_write(MessageType_MessageType_EncryptedMessage, resp); layoutHome(); }
void fsm_msgDecryptMessage(DecryptMessage *msg) { if (!msg->has_nonce) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No nonce provided"); return; } if (!msg->has_message) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No message provided"); return; } if (!msg->has_hmac) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No message hmac provided"); return; } curve_point nonce_pubkey; if (msg->nonce.size != 33 || ecdsa_read_pubkey(&secp256k1, msg->nonce.bytes, &nonce_pubkey) == 0) { fsm_sendFailure(FailureType_Failure_SyntaxError, "Invalid nonce provided"); return; } if (!protectPin(true)) { layoutHome(); return; } const HDNode *node = fsm_getDerivedNode(msg->address_n, msg->address_n_count); if (!node) return; layoutProgressSwipe("Decrypting", 0); RESP_INIT(DecryptedMessage); bool display_only = false; bool signing = false; uint8_t address_raw[21]; if (cryptoMessageDecrypt(&nonce_pubkey, msg->message.bytes, msg->message.size, msg->hmac.bytes, msg->hmac.size, node->private_key, resp->message.bytes, &(resp->message.size), &display_only, &signing, address_raw) != 0) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Error decrypting message"); layoutHome(); return; } if (signing) { base58_encode_check(address_raw, 21, resp->address, sizeof(resp->address)); } layoutDecryptMessage(resp->message.bytes, resp->message.size, signing ? resp->address : 0); protectButton(ButtonRequestType_ButtonRequest_Other, true); if (display_only) { resp->has_address = false; resp->has_message = false; memset(resp->address, 0, sizeof(resp->address)); memset(&(resp->message), 0, sizeof(resp->message)); } else { resp->has_address = signing; resp->has_message = true; } msg_write(MessageType_MessageType_DecryptedMessage, resp); layoutHome(); }
int hdnode_public_ckd(HDNode *inout, uint32_t i) { uint8_t data[1 + 32 + 4]; uint8_t I[32 + 32]; uint8_t fingerprint[32]; curve_point a, b; bignum256 c; if (i & 0x80000000) { // private derivation return 0; } else { // public derivation memcpy(data, inout->public_key, 33); } write_be(data + 33, i); sha256_Raw(inout->public_key, 33, fingerprint); ripemd160(fingerprint, 32, fingerprint); inout->fingerprint = (fingerprint[0] << 24) + (fingerprint[1] << 16) + (fingerprint[2] << 8) + fingerprint[3]; memset(inout->private_key, 0, 32); if (!ecdsa_read_pubkey(inout->public_key, &a)) { return 0; } hmac_sha512(inout->chain_code, 32, data, sizeof(data), I); memcpy(inout->chain_code, I + 32, 32); bn_read_be(I, &c); if (!bn_is_less(&c, &order256k1)) { // >= order return 0; } scalar_multiply(&c, &b); // b = c * G point_add(&a, &b); // b = a + b #if USE_PUBKEY_VALIDATE if (!ecdsa_validate_pubkey(&b)) { return 0; } #endif inout->public_key[0] = 0x02 | (b.y.val[0] & 0x01); bn_write_be(&b.x, inout->public_key + 1); inout->depth++; inout->child_num = i; return 1; }
void fsm_msgDecryptMessage(DecryptMessage *msg) { if (!storage_is_initialized()) { fsm_sendFailure(FailureType_Failure_NotInitialized, "Device not initialized"); return; } if(!msg->has_nonce) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No nonce provided"); return; } if(!msg->has_message) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No message provided"); return; } if(!msg->has_hmac) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No message hmac provided"); return; } curve_point nonce_pubkey; if(msg->nonce.size != 33 || ecdsa_read_pubkey(&secp256k1, msg->nonce.bytes, &nonce_pubkey) == 0) { fsm_sendFailure(FailureType_Failure_SyntaxError, "Invalid nonce provided"); return; } if(!pin_protect_cached()) { go_home(); return; } const HDNode *node = fsm_getDerivedNode(msg->address_n, msg->address_n_count); if(!node) { return; } layout_simple_message("Decrypting Message..."); RESP_INIT(DecryptedMessage); bool display_only = false; bool signing = false; uint8_t address_raw[21]; if(cryptoMessageDecrypt(&nonce_pubkey, msg->message.bytes, msg->message.size, msg->hmac.bytes, msg->hmac.size, node->private_key, resp->message.bytes, &(resp->message.size), &display_only, &signing, address_raw) != 0) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Error decrypting message"); go_home(); return; } if(signing) { base58_encode_check(address_raw, 21, resp->address, sizeof(resp->address)); } if(!confirm_decrypt_msg((char *)resp->message.bytes, signing ? resp->address : 0)) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Decrypt message cancelled"); go_home(); return; } if(display_only) { resp->has_address = false; resp->has_message = false; memset(resp->address, 0, sizeof(resp->address)); memset(&(resp->message), 0, sizeof(resp->message)); } else { resp->has_address = signing; resp->has_message = true; } msg_write(MessageType_MessageType_DecryptedMessage, resp); go_home(); }
void fsm_msgEncryptMessage(EncryptMessage *msg) { if (!storage_is_initialized()) { fsm_sendFailure(FailureType_Failure_NotInitialized, "Device not initialized"); return; } if(!msg->has_pubkey) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No public key provided"); return; } if(!msg->has_message) { fsm_sendFailure(FailureType_Failure_SyntaxError, "No message provided"); return; } curve_point pubkey; if(msg->pubkey.size != 33 || ecdsa_read_pubkey(&secp256k1, msg->pubkey.bytes, &pubkey) == 0) { fsm_sendFailure(FailureType_Failure_SyntaxError, "Invalid public key provided"); return; } bool display_only = msg->has_display_only && msg->display_only; bool signing = msg->address_n_count > 0; RESP_INIT(EncryptedMessage); const CoinType *coin = 0; const HDNode *node = 0; uint8_t address_raw[21]; if(signing) { coin = coinByName(msg->coin_name); if(!coin) { fsm_sendFailure(FailureType_Failure_Other, "Invalid coin name"); return; } if(!pin_protect_cached()) { go_home(); return; } node = fsm_getDerivedNode(msg->address_n, msg->address_n_count); if(!node) { return; } uint8_t public_key[33]; ecdsa_get_public_key33(&secp256k1, node->private_key, public_key); ecdsa_get_address_raw(public_key, coin->address_type, address_raw); } if(!confirm_encrypt_msg((char *)msg->message.bytes, signing)) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Encrypt message cancelled"); go_home(); return; } layout_simple_message("Encrypting Message..."); if(cryptoMessageEncrypt(&pubkey, msg->message.bytes, msg->message.size, display_only, resp->nonce.bytes, &(resp->nonce.size), resp->message.bytes, &(resp->message.size), resp->hmac.bytes, &(resp->hmac.size), signing ? node->private_key : 0, signing ? address_raw : 0) != 0) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Error encrypting message"); go_home(); return; } resp->has_nonce = true; resp->has_message = true; resp->has_hmac = true; msg_write(MessageType_MessageType_EncryptedMessage, resp); go_home(); }