void fsm_msgInitialize(Initialize *msg)
{
(void)msg;
recovery_abort();
signing_abort();
RESP_INIT(Features);
resp->has_vendor = true; strlcpy(resp->vendor, "bitcointrezor.com", sizeof(resp->vendor));
resp->has_major_version = true; resp->major_version = VERSION_MAJOR;
resp->has_minor_version = true; resp->minor_version = VERSION_MINOR;
resp->has_patch_version = true; resp->patch_version = VERSION_PATCH;
resp->has_device_id = true; strlcpy(resp->device_id, storage_uuid_str, sizeof(resp->device_id));
resp->has_pin_protection = true; resp->pin_protection = storage.has_pin;
resp->has_passphrase_protection = true; resp->passphrase_protection = storage.has_passphrase_protection && storage.passphrase_protection;
#ifdef SCM_REVISION
int len = sizeof(SCM_REVISION) - 1;
resp->has_revision = true; memcpy(resp->revision.bytes, SCM_REVISION, len); resp->revision.size = len;
#endif
resp->has_bootloader_hash = true; resp->bootloader_hash.size = memory_bootloader_hash(resp->bootloader_hash.bytes);
if (storage.has_language) {
resp->has_language = true;
strlcpy(resp->language, storage.language, sizeof(resp->language));
}
if (storage.has_label) {
resp->has_label = true;
strlcpy(resp->label, storage.label, sizeof(resp->label));
}
resp->coins_count = COINS_COUNT;
memcpy(resp->coins, coins, COINS_COUNT * sizeof(CoinType));
resp->has_initialized = true; resp->initialized = storage_isInitialized();
resp->has_imported = true; resp->imported = storage.has_imported && storage.imported;
msg_write(MessageType_MessageType_Features, resp);
}
void fsm_msgInitialize(Initialize *msg)
{
(void)msg;
recovery_abort();
signing_abort();
session_clear(false); // do not clear PIN
layoutHome();
fsm_msgGetFeatures(0);
}
void fsm_msgInitialize(Initialize *msg)
{
(void)msg;
/* If device is in manufacture mode, turn if off and lock it */
if(is_mfg_mode())
{
set_mfg_mode_off();
go_home_forced();
}
recovery_abort(false);
signing_abort();
session_clear(false); // do not clear PIN
go_home();
fsm_msgGetFeatures(0);
}
void fsm_msgCancel(Cancel *msg)
{
(void)msg;
recovery_abort();
signing_abort();
}
void signing_txack(TransactionType *tx)
{
if (!signing) {
fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Not in Signing mode");
go_home();
return;
}
int co;
memset(&resp, 0, sizeof(TxRequest));
switch (signing_stage) {
case STAGE_REQUEST_1_INPUT:
/* compute multisig fingerprint */
/* (if all input share the same fingerprint, outputs having the same fingerprint will be considered as change outputs) */
if (tx->inputs[0].script_type == InputScriptType_SPENDMULTISIG) {
if (tx->inputs[0].has_multisig && !multisig_fp_mismatch) {
if (multisig_fp_set) {
uint8_t h[32];
if (cryptoMultisigFingerprint(&(tx->inputs[0].multisig), h) == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint");
signing_abort();
return;
}
if (memcmp(multisig_fp, h, 32) != 0) {
multisig_fp_mismatch = true;
}
} else {
if (cryptoMultisigFingerprint(&(tx->inputs[0].multisig), multisig_fp) == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint");
signing_abort();
return;
}
multisig_fp_set = true;
}
}
} else { // InputScriptType_SPENDADDRESS
multisig_fp_mismatch = true;
}
sha256_Update(&tc, (const uint8_t *)tx->inputs, sizeof(TxInputType));
memcpy(&input, tx->inputs, sizeof(TxInputType));
send_req_2_prev_meta();
return;
case STAGE_REQUEST_2_PREV_META:
tx_init(&tp, tx->inputs_cnt, tx->outputs_cnt, tx->version, tx->lock_time, false);
idx2 = 0;
send_req_2_prev_input();
return;
case STAGE_REQUEST_2_PREV_INPUT:
if (!tx_serialize_input_hash(&tp, tx->inputs)) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize input");
signing_abort();
return;
}
if (idx2 < tp.inputs_len - 1) {
idx2++;
send_req_2_prev_input();
} else {
idx2 = 0;
send_req_2_prev_output();
}
return;
case STAGE_REQUEST_2_PREV_OUTPUT:
if (!tx_serialize_output_hash(&tp, tx->bin_outputs)) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize output");
signing_abort();
return;
}
if (idx2 == input.prev_index) {
to_spend += tx->bin_outputs[0].amount;
}
if (idx2 < tp.outputs_len - 1) {
/* Check prevtx of next input */
idx2++;
send_req_2_prev_output();
} else {
/* Check next output */
tx_hash_final(&tp, hash, true);
if (memcmp(hash, input.prev_hash.bytes, 32) != 0) {
fsm_sendFailure(FailureType_Failure_Other, "Encountered invalid prevhash");
signing_abort();
return;
}
if (idx1 < inputs_count - 1) {
idx1++;
send_req_1_input();
} else {
idx1 = 0;
send_req_3_output();
}
}
return;
case STAGE_REQUEST_3_OUTPUT:
{
/* Downloaded output idx1 the first time.
* Add it to transaction check
* Ask for permission.
*/
bool is_change = false;
if (tx->outputs[0].script_type == OutputScriptType_PAYTOMULTISIG &&
tx->outputs[0].has_multisig &&
multisig_fp_set && !multisig_fp_mismatch) {
uint8_t h[32];
if (cryptoMultisigFingerprint(&(tx->outputs[0].multisig), h) == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint");
signing_abort();
return;
}
if (memcmp(multisig_fp, h, 32) == 0) {
is_change = true;
}
} else {
if(tx->outputs[0].has_address_type) {
if(check_valid_output_address(tx->outputs) == false) {
fsm_sendFailure(FailureType_Failure_Other, "Invalid output address type");
signing_abort();
return;
}
if(tx->outputs[0].script_type == OutputScriptType_PAYTOADDRESS &&
tx->outputs[0].address_n_count > 0 &&
tx->outputs[0].address_type == OutputAddressType_CHANGE) {
is_change = true;
}
}
else if(tx->outputs[0].script_type == OutputScriptType_PAYTOADDRESS &&
tx->outputs[0].address_n_count > 0) {
is_change = true;
}
}
if (is_change) {
if (change_spend == 0) { // not set
change_spend = tx->outputs[0].amount;
} else {
fsm_sendFailure(FailureType_Failure_Other, "Only one change output allowed");
signing_abort();
return;
}
}
spending += tx->outputs[0].amount;
co = compile_output(coin, root, tx->outputs, &bin_output, !is_change);
if (co < 0) {
fsm_sendFailure(FailureType_Failure_Other, "Signing cancelled by user");
signing_abort();
return;
} else if (co == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output");
signing_abort();
return;
}
sha256_Update(&tc, (const uint8_t *)&bin_output, sizeof(TxOutputBinType));
if (idx1 < outputs_count - 1) {
idx1++;
send_req_3_output();
} else {
sha256_Final(hash_check, &tc);
// check fees
if (spending > to_spend) {
fsm_sendFailure(FailureType_Failure_NotEnoughFunds, "Not enough funds");
signing_abort();
return;
}
uint64_t fee = to_spend - spending;
uint32_t tx_est_size = transactionEstimateSizeKb(inputs_count, outputs_count);
char total_amount_str[32];
char fee_str[32];
coin_amnt_to_str(coin, fee, fee_str, sizeof(fee_str));
if(fee > (uint64_t)tx_est_size * coin->maxfee_kb) {
if (!confirm(ButtonRequestType_ButtonRequest_FeeOverThreshold,
"Confirm Fee", "%s", fee_str)) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Fee over threshold. Signing cancelled.");
signing_abort();
return;
}
}
// last confirmation
coin_amnt_to_str(coin, to_spend - change_spend, total_amount_str, sizeof(total_amount_str));
if(!confirm_transaction(total_amount_str, fee_str))
{
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Signing cancelled by user");
signing_abort();
return;
}
// Everything was checked, now phase 2 begins and the transaction is signed.
layout_simple_message("Signing Transaction...");
idx1 = 0;
idx2 = 0;
send_req_4_input();
}
return;
}
case STAGE_REQUEST_4_INPUT:
if (idx2 == 0) {
tx_init(&ti, inputs_count, outputs_count, version, lock_time, true);
sha256_Init(&tc);
sha256_Update(&tc, (const uint8_t *)&inputs_count, sizeof(inputs_count));
sha256_Update(&tc, (const uint8_t *)&outputs_count, sizeof(outputs_count));
sha256_Update(&tc, (const uint8_t *)&version, sizeof(version));
sha256_Update(&tc, (const uint8_t *)&lock_time, sizeof(lock_time));
memset(privkey, 0, 32);
memset(pubkey, 0, 33);
}
sha256_Update(&tc, (const uint8_t *)tx->inputs, sizeof(TxInputType));
if (idx2 == idx1) {
memcpy(&input, tx->inputs, sizeof(TxInputType));
memcpy(&node, root, sizeof(HDNode));
if (hdnode_private_ckd_cached(&node, tx->inputs[0].address_n, tx->inputs[0].address_n_count) == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to derive private key");
signing_abort();
return;
}
if (tx->inputs[0].script_type == InputScriptType_SPENDMULTISIG) {
if (!tx->inputs[0].has_multisig) {
fsm_sendFailure(FailureType_Failure_Other, "Multisig info not provided");
signing_abort();
return;
}
tx->inputs[0].script_sig.size = compile_script_multisig(&(tx->inputs[0].multisig), tx->inputs[0].script_sig.bytes);
} else { // SPENDADDRESS
ecdsa_get_pubkeyhash(node.public_key, hash);
tx->inputs[0].script_sig.size = compile_script_sig(coin->address_type, hash, tx->inputs[0].script_sig.bytes);
}
if (tx->inputs[0].script_sig.size == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to compile input");
signing_abort();
return;
}
memcpy(privkey, node.private_key, 32);
memcpy(pubkey, node.public_key, 33);
} else {
tx->inputs[0].script_sig.size = 0;
}
if (!tx_serialize_input_hash(&ti, tx->inputs)) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize input");
signing_abort();
return;
}
if (idx2 < inputs_count - 1) {
idx2++;
send_req_4_input();
} else {
idx2 = 0;
send_req_4_output();
}
return;
case STAGE_REQUEST_4_OUTPUT:
co = compile_output(coin, root, tx->outputs, &bin_output, false);
if (co < 0) {
fsm_sendFailure(FailureType_Failure_Other, "Signing cancelled by user");
signing_abort();
return;
} else if (co == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output");
signing_abort();
return;
}
sha256_Update(&tc, (const uint8_t *)&bin_output, sizeof(TxOutputBinType));
if (!tx_serialize_output_hash(&ti, &bin_output)) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize output");
signing_abort();
return;
}
if (idx2 < outputs_count - 1) {
idx2++;
send_req_4_output();
} else {
sha256_Final(hash, &tc);
if (memcmp(hash, hash_check, 32) != 0) {
fsm_sendFailure(FailureType_Failure_Other, "Transaction has changed during signing");
signing_abort();
return;
}
tx_hash_final(&ti, hash, false);
resp.has_serialized = true;
resp.serialized.has_signature_index = true;
resp.serialized.signature_index = idx1;
resp.serialized.has_signature = true;
resp.serialized.has_serialized_tx = true;
ecdsa_sign_digest(&secp256k1, privkey, hash, sig, 0);
resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes);
if (input.script_type == InputScriptType_SPENDMULTISIG) {
if (!input.has_multisig) {
fsm_sendFailure(FailureType_Failure_Other, "Multisig info not provided");
signing_abort();
return;
}
// fill in the signature
int pubkey_idx = cryptoMultisigPubkeyIndex(&(input.multisig), pubkey);
if (pubkey_idx < 0) {
fsm_sendFailure(FailureType_Failure_Other, "Pubkey not found in multisig script");
signing_abort();
return;
}
memcpy(input.multisig.signatures[pubkey_idx].bytes, resp.serialized.signature.bytes, resp.serialized.signature.size);
input.multisig.signatures[pubkey_idx].size = resp.serialized.signature.size;
input.script_sig.size = serialize_script_multisig(&(input.multisig), input.script_sig.bytes);
if (input.script_sig.size == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize multisig script");
signing_abort();
return;
}
} else { // SPENDADDRESS
input.script_sig.size = serialize_script_sig(resp.serialized.signature.bytes, resp.serialized.signature.size, pubkey, 33, input.script_sig.bytes);
}
resp.serialized.serialized_tx.size = tx_serialize_input(&to, &input, resp.serialized.serialized_tx.bytes);
if (idx1 < inputs_count - 1) {
idx1++;
idx2 = 0;
send_req_4_input();
} else {
idx1 = 0;
send_req_5_output();
}
}
return;
case STAGE_REQUEST_5_OUTPUT:
if (compile_output(coin, root, tx->outputs, &bin_output,false) <= 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output");
signing_abort();
return;
}
resp.has_serialized = true;
resp.serialized.has_serialized_tx = true;
resp.serialized.serialized_tx.size = tx_serialize_output(&to, &bin_output, resp.serialized.serialized_tx.bytes);
if (idx1 < outputs_count - 1) {
idx1++;
send_req_5_output();
} else {
send_req_finished();
signing_abort();
}
return;
}
fsm_sendFailure(FailureType_Failure_Other, "Signing error");
signing_abort();
}
void parse_raw_txack(uint8_t *msg, uint32_t msg_size){
static int32_t state_pos = 0;
static uint8_t *ptr;
static uint8_t var_int_buffer[VAR_INT_BUFFER];
static uint8_t var_int_buffer_index;
static uint32_t seen, script_len;
static uint64_t current_output_val;
for(uint32_t i = 0; i < msg_size; ++i) {
state_pos--;
switch(raw_tx_status) {
case NOT_PARSING:
tx_init(&tp, 0, 0, 0, 0, false);
state_pos = sizeof(uint32_t);
raw_tx_status = PARSING_VERSION;
ptr = (uint8_t *)&tp.version;
case PARSING_VERSION:
*ptr++ = msg[i];
if(state_pos == 1)
{
raw_tx_status = PARSING_INPUT_COUNT;
reset_parsing_buffer(var_int_buffer, &var_int_buffer_index);
}
break;
case PARSING_INPUT_COUNT:
var_int_buffer[var_int_buffer_index++] = msg[i];
if(var_int_buffer_index >= deser_length(var_int_buffer, &tp.inputs_len))
{
raw_tx_status = PARSING_INPUTS;
state_pos = 36;
seen = 0;
reset_parsing_buffer(var_int_buffer, &var_int_buffer_index);
}
break;
case PARSING_INPUTS:
if(state_pos < 0 && seen < tp.inputs_len)
{
var_int_buffer[var_int_buffer_index++] = msg[i];
if(var_int_buffer_index >= deser_length(var_int_buffer, &script_len))
{
seen++;
if(seen < tp.inputs_len)
{
state_pos = script_len + 4 + 36;
}
else
{
state_pos = script_len + 3;
}
script_len = 0;
reset_parsing_buffer(var_int_buffer, &var_int_buffer_index);
}
}
else if(state_pos < 0)
{
raw_tx_status = PARSING_OUTPUT_COUNT;
}
break;
case PARSING_OUTPUT_COUNT:
var_int_buffer[var_int_buffer_index++] = msg[i];
if(var_int_buffer_index >= deser_length(var_int_buffer, &tp.outputs_len))
{
raw_tx_status = PARSING_OUTPUTS_VALUE;
state_pos = 8;
seen = 0;
current_output_val = 0;
ptr = (uint8_t *)¤t_output_val;
reset_parsing_buffer(var_int_buffer, &var_int_buffer_index);
}
break;
case PARSING_OUTPUTS_VALUE:
if(state_pos < 8)
{
*ptr++ = msg[i];
if(state_pos < 1)
{
if (seen == input.prev_index) {
to_spend += current_output_val;
}
raw_tx_status = PARSING_OUTPUTS;
script_len = 0;
reset_parsing_buffer(var_int_buffer, &var_int_buffer_index);
}
}
break;
case PARSING_OUTPUTS:
if(state_pos < 0 && seen < tp.outputs_len)
{
var_int_buffer[var_int_buffer_index++] = msg[i];
if(var_int_buffer_index >= deser_length(var_int_buffer, &script_len))
{
seen++;
if(seen < tp.outputs_len)
{
current_output_val = 0;
ptr = (uint8_t *)¤t_output_val;
raw_tx_status = PARSING_OUTPUTS_VALUE;
state_pos = script_len + 8;
}
else
{
state_pos = script_len - 1;
}
}
}
else if(state_pos < 0)
{
raw_tx_status = PARSING_LOCKTIME;
state_pos = 4;
ptr = (uint8_t *)&tp.lock_time;
reset_parsing_buffer(var_int_buffer, &var_int_buffer_index);
}
break;
case PARSING_LOCKTIME:
if(state_pos >= 0)
{
*ptr++ = msg[i];
}
if(state_pos < 1)
{
raw_tx_status = NOT_PARSING;
memset(&resp, 0, sizeof(TxRequest));
sha256_Update(&(tp.ctx), (const uint8_t*)msg+i, 1);
tx_hash_final(&tp, hash, true);
if (memcmp(hash, input.prev_hash.bytes, 32) != 0) {
fsm_sendFailure(FailureType_Failure_Other, "Encountered invalid prevhash");
signing_abort();
return;
}
if (idx1 < inputs_count - 1) {
idx1++;
send_req_1_input();
} else {
idx1 = 0;
send_req_3_output();
}
return;
}
break;
}
sha256_Update(&(tp.ctx), (const uint8_t*)msg+i, 1);
}
}
