static void promptRegister(bool request, const U2F_REGISTER_REQ *req)
{
#if 0
// Users find it confusing when a Ledger and a KeepKey are plugged in
// at the same time. To avoid that, we elect not to show a message in
// this case.
if (0 == memcmp(req->appId, BOGUS_APPID, U2F_APPID_SIZE)) {
layoutU2FDialog(request, "U2f Register",
"Another U2F device was used to register in this application.");
} else {
#else
{
#endif
const char *appname = "";
bool readable = getReadableAppId(req->appId, &appname);
layoutU2FDialog(request, "U2F Register",
readable
? "Do you want to register with %s?"
: "Do you want to register with this U2F application?\n\n%s",
appname);
}
}
void u2f_register(const APDU *a)
{
static U2F_REGISTER_REQ last_req;
const U2F_REGISTER_REQ *req = (U2F_REGISTER_REQ *)a->data;
if (!storage_isInitialized()) {
layout_warning_static("Cannot register u2f: not initialized");
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
delay_ms(3000);
return;
}
// Validate basic request parameters
debugLog(0, "", "u2f register");
if (APDU_LEN(*a) != sizeof(U2F_REGISTER_REQ)) {
debugLog(0, "", "u2f register - badlen");
send_u2f_error(U2F_SW_WRONG_LENGTH);
return;
}
// If this request is different from last request, reset state machine
if (memcmp(&last_req, req, sizeof(last_req)) != 0) {
memcpy(&last_req, req, sizeof(last_req));
last_req_state = INIT;
}
// First Time request, return not present and display request dialog
if (last_req_state == INIT) {
// error: testof-user-presence is required
//buttonUpdate();
promptRegister(true, req);
last_req_state = REG;
}
// Still awaiting Keypress
if (last_req_state == REG) {
// error: testof-user-presence is required
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
dialog_timeout = U2F_TIMEOUT;
return;
}
// Buttons said yes
if (last_req_state == REG_PASS) {
uint8_t data[sizeof(U2F_REGISTER_RESP) + 2];
U2F_REGISTER_RESP *resp = (U2F_REGISTER_RESP *)&data;
memzero(data, sizeof(data));
resp->registerId = U2F_REGISTER_ID;
resp->keyHandleLen = KEY_HANDLE_LEN;
// Generate keypair for this appId
const HDNode *node =
generateKeyHandle(req->appId, (uint8_t*)&resp->keyHandleCertSig);
if (!node) {
debugLog(0, "", "getDerivedNode Fail");
send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
ecdsa_get_public_key65(node->curve->params, node->private_key,
(uint8_t *)&resp->pubKey);
memcpy(resp->keyHandleCertSig + resp->keyHandleLen,
U2F_ATT_CERT, sizeof(U2F_ATT_CERT));
uint8_t sig[64];
U2F_REGISTER_SIG_STR sig_base;
sig_base.reserved = 0;
memcpy(sig_base.appId, req->appId, U2F_APPID_SIZE);
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
memcpy(sig_base.keyHandle, &resp->keyHandleCertSig, KEY_HANDLE_LEN);
memcpy(sig_base.pubKey, &resp->pubKey, U2F_PUBKEY_LEN);
if (ecdsa_sign(&nist256p1, HASHER_SHA2, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
send_u2f_error(U2F_SW_WRONG_DATA);
return;
}
// Where to write the signature in the response
uint8_t *resp_sig = resp->keyHandleCertSig +
resp->keyHandleLen + sizeof(U2F_ATT_CERT);
// Convert to der for the response
const uint8_t sig_len = ecdsa_sig_to_der(sig, resp_sig);
// Append success bytes
memcpy(resp->keyHandleCertSig + resp->keyHandleLen +
sizeof(U2F_ATT_CERT) + sig_len,
"\x90\x00", 2);
int l = 1 /* registerId */ + U2F_PUBKEY_LEN +
1 /* keyhandleLen */ + resp->keyHandleLen +
sizeof(U2F_ATT_CERT) + sig_len + 2;
last_req_state = INIT;
dialog_timeout = 0;
send_u2f_msg(data, l);
promptRegister(false, req);
return;
}
// Didnt expect to get here
dialog_timeout = 0;
}
static void promptAuthenticate(bool request, const U2F_AUTHENTICATE_REQ *req)
{
const char *appname = "";
bool readable = getReadableAppId(req->appId, &appname);
layoutU2FDialog(request,
"U2F Authenticate",
readable
? "Log in to %s?"
: "Do you want to log in?\n\n%s",
appname);
}
void u2f_authenticate(const APDU *a)
{
const U2F_AUTHENTICATE_REQ *req = (U2F_AUTHENTICATE_REQ *)a->data;
static U2F_AUTHENTICATE_REQ last_req;
if (!storage_isInitialized()) {
layout_warning_static("Cannot authenticate u2f: not initialized");
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
delay_ms(3000);
return;
}
if (APDU_LEN(*a) < 64) { /// FIXME: decent value
debugLog(0, "", "u2f authenticate - badlen");
send_u2f_error(U2F_SW_WRONG_LENGTH);
return;
}
if (req->keyHandleLen != KEY_HANDLE_LEN) {
debugLog(0, "", "u2f auth - bad keyhandle len");
send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
const HDNode *node =
validateKeyHandle(req->appId, req->keyHandle);
if (!node) {
debugLog(0, "", "u2f auth - bad keyhandle len");
send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle
return;
}
if (a->p1 == U2F_AUTH_CHECK_ONLY) {
debugLog(0, "", "u2f authenticate check");
// This is a success for a good keyhandle
// A failed check would have happened earlier
// error: testof-user-presence is required
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
return;
}
if (a->p1 != U2F_AUTH_ENFORCE) {
debugLog(0, "", "u2f authenticate unknown");
// error:bad key handle
send_u2f_error(U2F_SW_WRONG_DATA);
return;
}
debugLog(0, "", "u2f authenticate enforce");
if (memcmp(&last_req, req, sizeof(last_req)) != 0) {
memcpy(&last_req, req, sizeof(last_req));
last_req_state = INIT;
}
if (last_req_state == INIT) {
// error: testof-user-presence is required
//buttonUpdate(); // Clear button state
promptAuthenticate(true, req);
last_req_state = AUTH;
}
// Awaiting Keypress
if (last_req_state == AUTH) {
// error: testof-user-presence is required
send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED);
dialog_timeout = U2F_TIMEOUT;
return;
}
// Buttons said yes
if (last_req_state == AUTH_PASS) {
uint8_t buf[sizeof(U2F_AUTHENTICATE_RESP) + 2];
U2F_AUTHENTICATE_RESP *resp =
(U2F_AUTHENTICATE_RESP *)&buf;
const uint32_t ctr = storage_nextU2FCounter();
resp->flags = U2F_AUTH_FLAG_TUP;
resp->ctr[0] = ctr >> 24 & 0xff;
resp->ctr[1] = ctr >> 16 & 0xff;
resp->ctr[2] = ctr >> 8 & 0xff;
resp->ctr[3] = ctr & 0xff;
// Build and sign response
U2F_AUTHENTICATE_SIG_STR sig_base;
uint8_t sig[64];
memcpy(sig_base.appId, req->appId, U2F_APPID_SIZE);
sig_base.flags = resp->flags;
memcpy(sig_base.ctr, resp->ctr, 4);
memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE);
if (ecdsa_sign(&nist256p1, HASHER_SHA2, node->private_key, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) {
send_u2f_error(U2F_SW_WRONG_DATA);
return;
}
// Copy DER encoded signature into response
const uint8_t sig_len = ecdsa_sig_to_der(sig, resp->sig);
// Append OK
memcpy(buf + sizeof(U2F_AUTHENTICATE_RESP) -
U2F_MAX_EC_SIG_SIZE + sig_len,
"\x90\x00", 2);
last_req_state = INIT;
dialog_timeout = 0;
send_u2f_msg(buf, sizeof(U2F_AUTHENTICATE_RESP) -
U2F_MAX_EC_SIG_SIZE + sig_len +
2);
promptAuthenticate(false, req);
}
}
END_TEST
START_TEST(test_ecdsa_der)
{
uint8_t sig[64], der[72];
int res;
memcpy(sig, fromhex("9a0b7be0d4ed3146ee262b42202841834698bb3ee39c24e7437df208b8b70771"), 32);
memcpy(sig + 32, fromhex("2b79ab1e7736219387dffe8d615bbdba87e11477104b867ef47afed1a5ede781"), 32);
res = ecdsa_sig_to_der(sig, der);
ck_assert_int_eq(res, 71);
ck_assert_mem_eq(der, fromhex("30450221009a0b7be0d4ed3146ee262b42202841834698bb3ee39c24e7437df208b8b7077102202b79ab1e7736219387dffe8d615bbdba87e11477104b867ef47afed1a5ede781"), 71);
memcpy(sig, fromhex("6666666666666666666666666666666666666666666666666666666666666666"), 32);
memcpy(sig + 32, fromhex("7777777777777777777777777777777777777777777777777777777777777777"), 32);
res = ecdsa_sig_to_der(sig, der);
ck_assert_int_eq(res, 70);
ck_assert_mem_eq(der, fromhex("30440220666666666666666666666666666666666666666666666666666666666666666602207777777777777777777777777777777777777777777777777777777777777777"), 70);
memcpy(sig, fromhex("6666666666666666666666666666666666666666666666666666666666666666"), 32);
memcpy(sig + 32, fromhex("eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"), 32);
res = ecdsa_sig_to_der(sig, der);
ck_assert_int_eq(res, 71);
ck_assert_mem_eq(der, fromhex("304502206666666666666666666666666666666666666666666666666666666666666666022100eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"), 71);
memcpy(sig, fromhex("eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"), 32);
memcpy(sig + 32, fromhex("7777777777777777777777777777777777777777777777777777777777777777"), 32);
res = ecdsa_sig_to_der(sig, der);
ck_assert_int_eq(res, 71);
ck_assert_mem_eq(der, fromhex("3045022100eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee02207777777777777777777777777777777777777777777777777777777777777777"), 71);
memcpy(sig, fromhex("eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"), 32);
memcpy(sig + 32, fromhex("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), 32);
res = ecdsa_sig_to_der(sig, der);
ck_assert_int_eq(res, 72);
ck_assert_mem_eq(der, fromhex("3046022100eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee022100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), 72);
memcpy(sig, fromhex("0000000000000000000000000000000000000000000000000000000000000066"), 32);
memcpy(sig + 32, fromhex("0000000000000000000000000000000000000000000000000000000000000077"), 32);
res = ecdsa_sig_to_der(sig, der);
ck_assert_int_eq(res, 8);
ck_assert_mem_eq(der, fromhex("3006020166020177"), 8);
memcpy(sig, fromhex("0000000000000000000000000000000000000000000000000000000000000066"), 32);
memcpy(sig + 32, fromhex("00000000000000000000000000000000000000000000000000000000000000ee"), 32);
res = ecdsa_sig_to_der(sig, der);
ck_assert_int_eq(res, 9);
ck_assert_mem_eq(der, fromhex("3007020166020200ee"), 9);
memcpy(sig, fromhex("00000000000000000000000000000000000000000000000000000000000000ee"), 32);
memcpy(sig + 32, fromhex("0000000000000000000000000000000000000000000000000000000000000077"), 32);
res = ecdsa_sig_to_der(sig, der);
ck_assert_int_eq(res, 9);
ck_assert_mem_eq(der, fromhex("3007020200ee020177"), 9);
memcpy(sig, fromhex("00000000000000000000000000000000000000000000000000000000000000ee"), 32);
memcpy(sig + 32, fromhex("00000000000000000000000000000000000000000000000000000000000000ff"), 32);
res = ecdsa_sig_to_der(sig, der);
ck_assert_int_eq(res, 10);
ck_assert_mem_eq(der, fromhex("3008020200ee020200ff"), 10);
}
void signing_txack(TransactionType *tx)
{
if (!signing) {
fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Not in Signing mode");
go_home();
return;
}
int co;
memset(&resp, 0, sizeof(TxRequest));
switch (signing_stage) {
case STAGE_REQUEST_1_INPUT:
/* compute multisig fingerprint */
/* (if all input share the same fingerprint, outputs having the same fingerprint will be considered as change outputs) */
if (tx->inputs[0].script_type == InputScriptType_SPENDMULTISIG) {
if (tx->inputs[0].has_multisig && !multisig_fp_mismatch) {
if (multisig_fp_set) {
uint8_t h[32];
if (cryptoMultisigFingerprint(&(tx->inputs[0].multisig), h) == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint");
signing_abort();
return;
}
if (memcmp(multisig_fp, h, 32) != 0) {
multisig_fp_mismatch = true;
}
} else {
if (cryptoMultisigFingerprint(&(tx->inputs[0].multisig), multisig_fp) == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint");
signing_abort();
return;
}
multisig_fp_set = true;
}
}
} else { // InputScriptType_SPENDADDRESS
multisig_fp_mismatch = true;
}
sha256_Update(&tc, (const uint8_t *)tx->inputs, sizeof(TxInputType));
memcpy(&input, tx->inputs, sizeof(TxInputType));
send_req_2_prev_meta();
return;
case STAGE_REQUEST_2_PREV_META:
tx_init(&tp, tx->inputs_cnt, tx->outputs_cnt, tx->version, tx->lock_time, false);
idx2 = 0;
send_req_2_prev_input();
return;
case STAGE_REQUEST_2_PREV_INPUT:
if (!tx_serialize_input_hash(&tp, tx->inputs)) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize input");
signing_abort();
return;
}
if (idx2 < tp.inputs_len - 1) {
idx2++;
send_req_2_prev_input();
} else {
idx2 = 0;
send_req_2_prev_output();
}
return;
case STAGE_REQUEST_2_PREV_OUTPUT:
if (!tx_serialize_output_hash(&tp, tx->bin_outputs)) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize output");
signing_abort();
return;
}
if (idx2 == input.prev_index) {
to_spend += tx->bin_outputs[0].amount;
}
if (idx2 < tp.outputs_len - 1) {
/* Check prevtx of next input */
idx2++;
send_req_2_prev_output();
} else {
/* Check next output */
tx_hash_final(&tp, hash, true);
if (memcmp(hash, input.prev_hash.bytes, 32) != 0) {
fsm_sendFailure(FailureType_Failure_Other, "Encountered invalid prevhash");
signing_abort();
return;
}
if (idx1 < inputs_count - 1) {
idx1++;
send_req_1_input();
} else {
idx1 = 0;
send_req_3_output();
}
}
return;
case STAGE_REQUEST_3_OUTPUT:
{
/* Downloaded output idx1 the first time.
* Add it to transaction check
* Ask for permission.
*/
bool is_change = false;
if (tx->outputs[0].script_type == OutputScriptType_PAYTOMULTISIG &&
tx->outputs[0].has_multisig &&
multisig_fp_set && !multisig_fp_mismatch) {
uint8_t h[32];
if (cryptoMultisigFingerprint(&(tx->outputs[0].multisig), h) == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint");
signing_abort();
return;
}
if (memcmp(multisig_fp, h, 32) == 0) {
is_change = true;
}
} else {
if(tx->outputs[0].has_address_type) {
if(check_valid_output_address(tx->outputs) == false) {
fsm_sendFailure(FailureType_Failure_Other, "Invalid output address type");
signing_abort();
return;
}
if(tx->outputs[0].script_type == OutputScriptType_PAYTOADDRESS &&
tx->outputs[0].address_n_count > 0 &&
tx->outputs[0].address_type == OutputAddressType_CHANGE) {
is_change = true;
}
}
else if(tx->outputs[0].script_type == OutputScriptType_PAYTOADDRESS &&
tx->outputs[0].address_n_count > 0) {
is_change = true;
}
}
if (is_change) {
if (change_spend == 0) { // not set
change_spend = tx->outputs[0].amount;
} else {
fsm_sendFailure(FailureType_Failure_Other, "Only one change output allowed");
signing_abort();
return;
}
}
spending += tx->outputs[0].amount;
co = compile_output(coin, root, tx->outputs, &bin_output, !is_change);
if (co < 0) {
fsm_sendFailure(FailureType_Failure_Other, "Signing cancelled by user");
signing_abort();
return;
} else if (co == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output");
signing_abort();
return;
}
sha256_Update(&tc, (const uint8_t *)&bin_output, sizeof(TxOutputBinType));
if (idx1 < outputs_count - 1) {
idx1++;
send_req_3_output();
} else {
sha256_Final(hash_check, &tc);
// check fees
if (spending > to_spend) {
fsm_sendFailure(FailureType_Failure_NotEnoughFunds, "Not enough funds");
signing_abort();
return;
}
uint64_t fee = to_spend - spending;
uint32_t tx_est_size = transactionEstimateSizeKb(inputs_count, outputs_count);
char total_amount_str[32];
char fee_str[32];
coin_amnt_to_str(coin, fee, fee_str, sizeof(fee_str));
if(fee > (uint64_t)tx_est_size * coin->maxfee_kb) {
if (!confirm(ButtonRequestType_ButtonRequest_FeeOverThreshold,
"Confirm Fee", "%s", fee_str)) {
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Fee over threshold. Signing cancelled.");
signing_abort();
return;
}
}
// last confirmation
coin_amnt_to_str(coin, to_spend - change_spend, total_amount_str, sizeof(total_amount_str));
if(!confirm_transaction(total_amount_str, fee_str))
{
fsm_sendFailure(FailureType_Failure_ActionCancelled, "Signing cancelled by user");
signing_abort();
return;
}
// Everything was checked, now phase 2 begins and the transaction is signed.
layout_simple_message("Signing Transaction...");
idx1 = 0;
idx2 = 0;
send_req_4_input();
}
return;
}
case STAGE_REQUEST_4_INPUT:
if (idx2 == 0) {
tx_init(&ti, inputs_count, outputs_count, version, lock_time, true);
sha256_Init(&tc);
sha256_Update(&tc, (const uint8_t *)&inputs_count, sizeof(inputs_count));
sha256_Update(&tc, (const uint8_t *)&outputs_count, sizeof(outputs_count));
sha256_Update(&tc, (const uint8_t *)&version, sizeof(version));
sha256_Update(&tc, (const uint8_t *)&lock_time, sizeof(lock_time));
memset(privkey, 0, 32);
memset(pubkey, 0, 33);
}
sha256_Update(&tc, (const uint8_t *)tx->inputs, sizeof(TxInputType));
if (idx2 == idx1) {
memcpy(&input, tx->inputs, sizeof(TxInputType));
memcpy(&node, root, sizeof(HDNode));
if (hdnode_private_ckd_cached(&node, tx->inputs[0].address_n, tx->inputs[0].address_n_count) == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to derive private key");
signing_abort();
return;
}
if (tx->inputs[0].script_type == InputScriptType_SPENDMULTISIG) {
if (!tx->inputs[0].has_multisig) {
fsm_sendFailure(FailureType_Failure_Other, "Multisig info not provided");
signing_abort();
return;
}
tx->inputs[0].script_sig.size = compile_script_multisig(&(tx->inputs[0].multisig), tx->inputs[0].script_sig.bytes);
} else { // SPENDADDRESS
ecdsa_get_pubkeyhash(node.public_key, hash);
tx->inputs[0].script_sig.size = compile_script_sig(coin->address_type, hash, tx->inputs[0].script_sig.bytes);
}
if (tx->inputs[0].script_sig.size == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to compile input");
signing_abort();
return;
}
memcpy(privkey, node.private_key, 32);
memcpy(pubkey, node.public_key, 33);
} else {
tx->inputs[0].script_sig.size = 0;
}
if (!tx_serialize_input_hash(&ti, tx->inputs)) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize input");
signing_abort();
return;
}
if (idx2 < inputs_count - 1) {
idx2++;
send_req_4_input();
} else {
idx2 = 0;
send_req_4_output();
}
return;
case STAGE_REQUEST_4_OUTPUT:
co = compile_output(coin, root, tx->outputs, &bin_output, false);
if (co < 0) {
fsm_sendFailure(FailureType_Failure_Other, "Signing cancelled by user");
signing_abort();
return;
} else if (co == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output");
signing_abort();
return;
}
sha256_Update(&tc, (const uint8_t *)&bin_output, sizeof(TxOutputBinType));
if (!tx_serialize_output_hash(&ti, &bin_output)) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize output");
signing_abort();
return;
}
if (idx2 < outputs_count - 1) {
idx2++;
send_req_4_output();
} else {
sha256_Final(hash, &tc);
if (memcmp(hash, hash_check, 32) != 0) {
fsm_sendFailure(FailureType_Failure_Other, "Transaction has changed during signing");
signing_abort();
return;
}
tx_hash_final(&ti, hash, false);
resp.has_serialized = true;
resp.serialized.has_signature_index = true;
resp.serialized.signature_index = idx1;
resp.serialized.has_signature = true;
resp.serialized.has_serialized_tx = true;
ecdsa_sign_digest(&secp256k1, privkey, hash, sig, 0);
resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes);
if (input.script_type == InputScriptType_SPENDMULTISIG) {
if (!input.has_multisig) {
fsm_sendFailure(FailureType_Failure_Other, "Multisig info not provided");
signing_abort();
return;
}
// fill in the signature
int pubkey_idx = cryptoMultisigPubkeyIndex(&(input.multisig), pubkey);
if (pubkey_idx < 0) {
fsm_sendFailure(FailureType_Failure_Other, "Pubkey not found in multisig script");
signing_abort();
return;
}
memcpy(input.multisig.signatures[pubkey_idx].bytes, resp.serialized.signature.bytes, resp.serialized.signature.size);
input.multisig.signatures[pubkey_idx].size = resp.serialized.signature.size;
input.script_sig.size = serialize_script_multisig(&(input.multisig), input.script_sig.bytes);
if (input.script_sig.size == 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize multisig script");
signing_abort();
return;
}
} else { // SPENDADDRESS
input.script_sig.size = serialize_script_sig(resp.serialized.signature.bytes, resp.serialized.signature.size, pubkey, 33, input.script_sig.bytes);
}
resp.serialized.serialized_tx.size = tx_serialize_input(&to, &input, resp.serialized.serialized_tx.bytes);
if (idx1 < inputs_count - 1) {
idx1++;
idx2 = 0;
send_req_4_input();
} else {
idx1 = 0;
send_req_5_output();
}
}
return;
case STAGE_REQUEST_5_OUTPUT:
if (compile_output(coin, root, tx->outputs, &bin_output,false) <= 0) {
fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output");
signing_abort();
return;
}
resp.has_serialized = true;
resp.serialized.has_serialized_tx = true;
resp.serialized.serialized_tx.size = tx_serialize_output(&to, &bin_output, resp.serialized.serialized_tx.bytes);
if (idx1 < outputs_count - 1) {
idx1++;
send_req_5_output();
} else {
send_req_finished();
signing_abort();
}
return;
}
fsm_sendFailure(FailureType_Failure_Other, "Signing error");
signing_abort();
}
