void fsm_msgInitialize(Initialize *msg) { (void)msg; recovery_abort(); signing_abort(); RESP_INIT(Features); resp->has_vendor = true; strlcpy(resp->vendor, "bitcointrezor.com", sizeof(resp->vendor)); resp->has_major_version = true; resp->major_version = VERSION_MAJOR; resp->has_minor_version = true; resp->minor_version = VERSION_MINOR; resp->has_patch_version = true; resp->patch_version = VERSION_PATCH; resp->has_device_id = true; strlcpy(resp->device_id, storage_uuid_str, sizeof(resp->device_id)); resp->has_pin_protection = true; resp->pin_protection = storage.has_pin; resp->has_passphrase_protection = true; resp->passphrase_protection = storage.has_passphrase_protection && storage.passphrase_protection; #ifdef SCM_REVISION int len = sizeof(SCM_REVISION) - 1; resp->has_revision = true; memcpy(resp->revision.bytes, SCM_REVISION, len); resp->revision.size = len; #endif resp->has_bootloader_hash = true; resp->bootloader_hash.size = memory_bootloader_hash(resp->bootloader_hash.bytes); if (storage.has_language) { resp->has_language = true; strlcpy(resp->language, storage.language, sizeof(resp->language)); } if (storage.has_label) { resp->has_label = true; strlcpy(resp->label, storage.label, sizeof(resp->label)); } resp->coins_count = COINS_COUNT; memcpy(resp->coins, coins, COINS_COUNT * sizeof(CoinType)); resp->has_initialized = true; resp->initialized = storage_isInitialized(); resp->has_imported = true; resp->imported = storage.has_imported && storage.imported; msg_write(MessageType_MessageType_Features, resp); }
void fsm_msgInitialize(Initialize *msg) { (void)msg; recovery_abort(); signing_abort(); session_clear(false); // do not clear PIN layoutHome(); fsm_msgGetFeatures(0); }
void fsm_msgInitialize(Initialize *msg) { (void)msg; /* If device is in manufacture mode, turn if off and lock it */ if(is_mfg_mode()) { set_mfg_mode_off(); go_home_forced(); } recovery_abort(false); signing_abort(); session_clear(false); // do not clear PIN go_home(); fsm_msgGetFeatures(0); }
void fsm_msgCancel(Cancel *msg) { (void)msg; recovery_abort(); signing_abort(); }
void signing_txack(TransactionType *tx) { if (!signing) { fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Not in Signing mode"); go_home(); return; } int co; memset(&resp, 0, sizeof(TxRequest)); switch (signing_stage) { case STAGE_REQUEST_1_INPUT: /* compute multisig fingerprint */ /* (if all input share the same fingerprint, outputs having the same fingerprint will be considered as change outputs) */ if (tx->inputs[0].script_type == InputScriptType_SPENDMULTISIG) { if (tx->inputs[0].has_multisig && !multisig_fp_mismatch) { if (multisig_fp_set) { uint8_t h[32]; if (cryptoMultisigFingerprint(&(tx->inputs[0].multisig), h) == 0) { fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint"); signing_abort(); return; } if (memcmp(multisig_fp, h, 32) != 0) { multisig_fp_mismatch = true; } } else { if (cryptoMultisigFingerprint(&(tx->inputs[0].multisig), multisig_fp) == 0) { fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint"); signing_abort(); return; } multisig_fp_set = true; } } } else { // InputScriptType_SPENDADDRESS multisig_fp_mismatch = true; } sha256_Update(&tc, (const uint8_t *)tx->inputs, sizeof(TxInputType)); memcpy(&input, tx->inputs, sizeof(TxInputType)); send_req_2_prev_meta(); return; case STAGE_REQUEST_2_PREV_META: tx_init(&tp, tx->inputs_cnt, tx->outputs_cnt, tx->version, tx->lock_time, false); idx2 = 0; send_req_2_prev_input(); return; case STAGE_REQUEST_2_PREV_INPUT: if (!tx_serialize_input_hash(&tp, tx->inputs)) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize input"); signing_abort(); return; } if (idx2 < tp.inputs_len - 1) { idx2++; send_req_2_prev_input(); } else { idx2 = 0; send_req_2_prev_output(); } return; case STAGE_REQUEST_2_PREV_OUTPUT: if (!tx_serialize_output_hash(&tp, tx->bin_outputs)) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize output"); signing_abort(); return; } if (idx2 == input.prev_index) { to_spend += tx->bin_outputs[0].amount; } if (idx2 < tp.outputs_len - 1) { /* Check prevtx of next input */ idx2++; send_req_2_prev_output(); } else { /* Check next output */ tx_hash_final(&tp, hash, true); if (memcmp(hash, input.prev_hash.bytes, 32) != 0) { fsm_sendFailure(FailureType_Failure_Other, "Encountered invalid prevhash"); signing_abort(); return; } if (idx1 < inputs_count - 1) { idx1++; send_req_1_input(); } else { idx1 = 0; send_req_3_output(); } } return; case STAGE_REQUEST_3_OUTPUT: { /* Downloaded output idx1 the first time. * Add it to transaction check * Ask for permission. */ bool is_change = false; if (tx->outputs[0].script_type == OutputScriptType_PAYTOMULTISIG && tx->outputs[0].has_multisig && multisig_fp_set && !multisig_fp_mismatch) { uint8_t h[32]; if (cryptoMultisigFingerprint(&(tx->outputs[0].multisig), h) == 0) { fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint"); signing_abort(); return; } if (memcmp(multisig_fp, h, 32) == 0) { is_change = true; } } else { if(tx->outputs[0].has_address_type) { if(check_valid_output_address(tx->outputs) == false) { fsm_sendFailure(FailureType_Failure_Other, "Invalid output address type"); signing_abort(); return; } if(tx->outputs[0].script_type == OutputScriptType_PAYTOADDRESS && tx->outputs[0].address_n_count > 0 && tx->outputs[0].address_type == OutputAddressType_CHANGE) { is_change = true; } } else if(tx->outputs[0].script_type == OutputScriptType_PAYTOADDRESS && tx->outputs[0].address_n_count > 0) { is_change = true; } } if (is_change) { if (change_spend == 0) { // not set change_spend = tx->outputs[0].amount; } else { fsm_sendFailure(FailureType_Failure_Other, "Only one change output allowed"); signing_abort(); return; } } spending += tx->outputs[0].amount; co = compile_output(coin, root, tx->outputs, &bin_output, !is_change); if (co < 0) { fsm_sendFailure(FailureType_Failure_Other, "Signing cancelled by user"); signing_abort(); return; } else if (co == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output"); signing_abort(); return; } sha256_Update(&tc, (const uint8_t *)&bin_output, sizeof(TxOutputBinType)); if (idx1 < outputs_count - 1) { idx1++; send_req_3_output(); } else { sha256_Final(hash_check, &tc); // check fees if (spending > to_spend) { fsm_sendFailure(FailureType_Failure_NotEnoughFunds, "Not enough funds"); signing_abort(); return; } uint64_t fee = to_spend - spending; uint32_t tx_est_size = transactionEstimateSizeKb(inputs_count, outputs_count); char total_amount_str[32]; char fee_str[32]; coin_amnt_to_str(coin, fee, fee_str, sizeof(fee_str)); if(fee > (uint64_t)tx_est_size * coin->maxfee_kb) { if (!confirm(ButtonRequestType_ButtonRequest_FeeOverThreshold, "Confirm Fee", "%s", fee_str)) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Fee over threshold. Signing cancelled."); signing_abort(); return; } } // last confirmation coin_amnt_to_str(coin, to_spend - change_spend, total_amount_str, sizeof(total_amount_str)); if(!confirm_transaction(total_amount_str, fee_str)) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Signing cancelled by user"); signing_abort(); return; } // Everything was checked, now phase 2 begins and the transaction is signed. layout_simple_message("Signing Transaction..."); idx1 = 0; idx2 = 0; send_req_4_input(); } return; } case STAGE_REQUEST_4_INPUT: if (idx2 == 0) { tx_init(&ti, inputs_count, outputs_count, version, lock_time, true); sha256_Init(&tc); sha256_Update(&tc, (const uint8_t *)&inputs_count, sizeof(inputs_count)); sha256_Update(&tc, (const uint8_t *)&outputs_count, sizeof(outputs_count)); sha256_Update(&tc, (const uint8_t *)&version, sizeof(version)); sha256_Update(&tc, (const uint8_t *)&lock_time, sizeof(lock_time)); memset(privkey, 0, 32); memset(pubkey, 0, 33); } sha256_Update(&tc, (const uint8_t *)tx->inputs, sizeof(TxInputType)); if (idx2 == idx1) { memcpy(&input, tx->inputs, sizeof(TxInputType)); memcpy(&node, root, sizeof(HDNode)); if (hdnode_private_ckd_cached(&node, tx->inputs[0].address_n, tx->inputs[0].address_n_count) == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to derive private key"); signing_abort(); return; } if (tx->inputs[0].script_type == InputScriptType_SPENDMULTISIG) { if (!tx->inputs[0].has_multisig) { fsm_sendFailure(FailureType_Failure_Other, "Multisig info not provided"); signing_abort(); return; } tx->inputs[0].script_sig.size = compile_script_multisig(&(tx->inputs[0].multisig), tx->inputs[0].script_sig.bytes); } else { // SPENDADDRESS ecdsa_get_pubkeyhash(node.public_key, hash); tx->inputs[0].script_sig.size = compile_script_sig(coin->address_type, hash, tx->inputs[0].script_sig.bytes); } if (tx->inputs[0].script_sig.size == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to compile input"); signing_abort(); return; } memcpy(privkey, node.private_key, 32); memcpy(pubkey, node.public_key, 33); } else { tx->inputs[0].script_sig.size = 0; } if (!tx_serialize_input_hash(&ti, tx->inputs)) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize input"); signing_abort(); return; } if (idx2 < inputs_count - 1) { idx2++; send_req_4_input(); } else { idx2 = 0; send_req_4_output(); } return; case STAGE_REQUEST_4_OUTPUT: co = compile_output(coin, root, tx->outputs, &bin_output, false); if (co < 0) { fsm_sendFailure(FailureType_Failure_Other, "Signing cancelled by user"); signing_abort(); return; } else if (co == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output"); signing_abort(); return; } sha256_Update(&tc, (const uint8_t *)&bin_output, sizeof(TxOutputBinType)); if (!tx_serialize_output_hash(&ti, &bin_output)) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize output"); signing_abort(); return; } if (idx2 < outputs_count - 1) { idx2++; send_req_4_output(); } else { sha256_Final(hash, &tc); if (memcmp(hash, hash_check, 32) != 0) { fsm_sendFailure(FailureType_Failure_Other, "Transaction has changed during signing"); signing_abort(); return; } tx_hash_final(&ti, hash, false); resp.has_serialized = true; resp.serialized.has_signature_index = true; resp.serialized.signature_index = idx1; resp.serialized.has_signature = true; resp.serialized.has_serialized_tx = true; ecdsa_sign_digest(&secp256k1, privkey, hash, sig, 0); resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes); if (input.script_type == InputScriptType_SPENDMULTISIG) { if (!input.has_multisig) { fsm_sendFailure(FailureType_Failure_Other, "Multisig info not provided"); signing_abort(); return; } // fill in the signature int pubkey_idx = cryptoMultisigPubkeyIndex(&(input.multisig), pubkey); if (pubkey_idx < 0) { fsm_sendFailure(FailureType_Failure_Other, "Pubkey not found in multisig script"); signing_abort(); return; } memcpy(input.multisig.signatures[pubkey_idx].bytes, resp.serialized.signature.bytes, resp.serialized.signature.size); input.multisig.signatures[pubkey_idx].size = resp.serialized.signature.size; input.script_sig.size = serialize_script_multisig(&(input.multisig), input.script_sig.bytes); if (input.script_sig.size == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize multisig script"); signing_abort(); return; } } else { // SPENDADDRESS input.script_sig.size = serialize_script_sig(resp.serialized.signature.bytes, resp.serialized.signature.size, pubkey, 33, input.script_sig.bytes); } resp.serialized.serialized_tx.size = tx_serialize_input(&to, &input, resp.serialized.serialized_tx.bytes); if (idx1 < inputs_count - 1) { idx1++; idx2 = 0; send_req_4_input(); } else { idx1 = 0; send_req_5_output(); } } return; case STAGE_REQUEST_5_OUTPUT: if (compile_output(coin, root, tx->outputs, &bin_output,false) <= 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output"); signing_abort(); return; } resp.has_serialized = true; resp.serialized.has_serialized_tx = true; resp.serialized.serialized_tx.size = tx_serialize_output(&to, &bin_output, resp.serialized.serialized_tx.bytes); if (idx1 < outputs_count - 1) { idx1++; send_req_5_output(); } else { send_req_finished(); signing_abort(); } return; } fsm_sendFailure(FailureType_Failure_Other, "Signing error"); signing_abort(); }
void parse_raw_txack(uint8_t *msg, uint32_t msg_size){ static int32_t state_pos = 0; static uint8_t *ptr; static uint8_t var_int_buffer[VAR_INT_BUFFER]; static uint8_t var_int_buffer_index; static uint32_t seen, script_len; static uint64_t current_output_val; for(uint32_t i = 0; i < msg_size; ++i) { state_pos--; switch(raw_tx_status) { case NOT_PARSING: tx_init(&tp, 0, 0, 0, 0, false); state_pos = sizeof(uint32_t); raw_tx_status = PARSING_VERSION; ptr = (uint8_t *)&tp.version; case PARSING_VERSION: *ptr++ = msg[i]; if(state_pos == 1) { raw_tx_status = PARSING_INPUT_COUNT; reset_parsing_buffer(var_int_buffer, &var_int_buffer_index); } break; case PARSING_INPUT_COUNT: var_int_buffer[var_int_buffer_index++] = msg[i]; if(var_int_buffer_index >= deser_length(var_int_buffer, &tp.inputs_len)) { raw_tx_status = PARSING_INPUTS; state_pos = 36; seen = 0; reset_parsing_buffer(var_int_buffer, &var_int_buffer_index); } break; case PARSING_INPUTS: if(state_pos < 0 && seen < tp.inputs_len) { var_int_buffer[var_int_buffer_index++] = msg[i]; if(var_int_buffer_index >= deser_length(var_int_buffer, &script_len)) { seen++; if(seen < tp.inputs_len) { state_pos = script_len + 4 + 36; } else { state_pos = script_len + 3; } script_len = 0; reset_parsing_buffer(var_int_buffer, &var_int_buffer_index); } } else if(state_pos < 0) { raw_tx_status = PARSING_OUTPUT_COUNT; } break; case PARSING_OUTPUT_COUNT: var_int_buffer[var_int_buffer_index++] = msg[i]; if(var_int_buffer_index >= deser_length(var_int_buffer, &tp.outputs_len)) { raw_tx_status = PARSING_OUTPUTS_VALUE; state_pos = 8; seen = 0; current_output_val = 0; ptr = (uint8_t *)¤t_output_val; reset_parsing_buffer(var_int_buffer, &var_int_buffer_index); } break; case PARSING_OUTPUTS_VALUE: if(state_pos < 8) { *ptr++ = msg[i]; if(state_pos < 1) { if (seen == input.prev_index) { to_spend += current_output_val; } raw_tx_status = PARSING_OUTPUTS; script_len = 0; reset_parsing_buffer(var_int_buffer, &var_int_buffer_index); } } break; case PARSING_OUTPUTS: if(state_pos < 0 && seen < tp.outputs_len) { var_int_buffer[var_int_buffer_index++] = msg[i]; if(var_int_buffer_index >= deser_length(var_int_buffer, &script_len)) { seen++; if(seen < tp.outputs_len) { current_output_val = 0; ptr = (uint8_t *)¤t_output_val; raw_tx_status = PARSING_OUTPUTS_VALUE; state_pos = script_len + 8; } else { state_pos = script_len - 1; } } } else if(state_pos < 0) { raw_tx_status = PARSING_LOCKTIME; state_pos = 4; ptr = (uint8_t *)&tp.lock_time; reset_parsing_buffer(var_int_buffer, &var_int_buffer_index); } break; case PARSING_LOCKTIME: if(state_pos >= 0) { *ptr++ = msg[i]; } if(state_pos < 1) { raw_tx_status = NOT_PARSING; memset(&resp, 0, sizeof(TxRequest)); sha256_Update(&(tp.ctx), (const uint8_t*)msg+i, 1); tx_hash_final(&tp, hash, true); if (memcmp(hash, input.prev_hash.bytes, 32) != 0) { fsm_sendFailure(FailureType_Failure_Other, "Encountered invalid prevhash"); signing_abort(); return; } if (idx1 < inputs_count - 1) { idx1++; send_req_1_input(); } else { idx1 = 0; send_req_3_output(); } return; } break; } sha256_Update(&(tp.ctx), (const uint8_t*)msg+i, 1); } }