static void promptRegister(bool request, const U2F_REGISTER_REQ *req) { #if 0 // Users find it confusing when a Ledger and a KeepKey are plugged in // at the same time. To avoid that, we elect not to show a message in // this case. if (0 == memcmp(req->appId, BOGUS_APPID, U2F_APPID_SIZE)) { layoutU2FDialog(request, "U2f Register", "Another U2F device was used to register in this application."); } else { #else { #endif const char *appname = ""; bool readable = getReadableAppId(req->appId, &appname); layoutU2FDialog(request, "U2F Register", readable ? "Do you want to register with %s?" : "Do you want to register with this U2F application?\n\n%s", appname); } } void u2f_register(const APDU *a) { static U2F_REGISTER_REQ last_req; const U2F_REGISTER_REQ *req = (U2F_REGISTER_REQ *)a->data; if (!storage_isInitialized()) { layout_warning_static("Cannot register u2f: not initialized"); send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED); delay_ms(3000); return; } // Validate basic request parameters debugLog(0, "", "u2f register"); if (APDU_LEN(*a) != sizeof(U2F_REGISTER_REQ)) { debugLog(0, "", "u2f register - badlen"); send_u2f_error(U2F_SW_WRONG_LENGTH); return; } // If this request is different from last request, reset state machine if (memcmp(&last_req, req, sizeof(last_req)) != 0) { memcpy(&last_req, req, sizeof(last_req)); last_req_state = INIT; } // First Time request, return not present and display request dialog if (last_req_state == INIT) { // error: testof-user-presence is required //buttonUpdate(); promptRegister(true, req); last_req_state = REG; } // Still awaiting Keypress if (last_req_state == REG) { // error: testof-user-presence is required send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED); dialog_timeout = U2F_TIMEOUT; return; } // Buttons said yes if (last_req_state == REG_PASS) { uint8_t data[sizeof(U2F_REGISTER_RESP) + 2]; U2F_REGISTER_RESP *resp = (U2F_REGISTER_RESP *)&data; memzero(data, sizeof(data)); resp->registerId = U2F_REGISTER_ID; resp->keyHandleLen = KEY_HANDLE_LEN; // Generate keypair for this appId const HDNode *node = generateKeyHandle(req->appId, (uint8_t*)&resp->keyHandleCertSig); if (!node) { debugLog(0, "", "getDerivedNode Fail"); send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle return; } ecdsa_get_public_key65(node->curve->params, node->private_key, (uint8_t *)&resp->pubKey); memcpy(resp->keyHandleCertSig + resp->keyHandleLen, U2F_ATT_CERT, sizeof(U2F_ATT_CERT)); uint8_t sig[64]; U2F_REGISTER_SIG_STR sig_base; sig_base.reserved = 0; memcpy(sig_base.appId, req->appId, U2F_APPID_SIZE); memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE); memcpy(sig_base.keyHandle, &resp->keyHandleCertSig, KEY_HANDLE_LEN); memcpy(sig_base.pubKey, &resp->pubKey, U2F_PUBKEY_LEN); if (ecdsa_sign(&nist256p1, HASHER_SHA2, U2F_ATT_PRIV_KEY, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) { send_u2f_error(U2F_SW_WRONG_DATA); return; } // Where to write the signature in the response uint8_t *resp_sig = resp->keyHandleCertSig + resp->keyHandleLen + sizeof(U2F_ATT_CERT); // Convert to der for the response const uint8_t sig_len = ecdsa_sig_to_der(sig, resp_sig); // Append success bytes memcpy(resp->keyHandleCertSig + resp->keyHandleLen + sizeof(U2F_ATT_CERT) + sig_len, "\x90\x00", 2); int l = 1 /* registerId */ + U2F_PUBKEY_LEN + 1 /* keyhandleLen */ + resp->keyHandleLen + sizeof(U2F_ATT_CERT) + sig_len + 2; last_req_state = INIT; dialog_timeout = 0; send_u2f_msg(data, l); promptRegister(false, req); return; } // Didnt expect to get here dialog_timeout = 0; } static void promptAuthenticate(bool request, const U2F_AUTHENTICATE_REQ *req) { const char *appname = ""; bool readable = getReadableAppId(req->appId, &appname); layoutU2FDialog(request, "U2F Authenticate", readable ? "Log in to %s?" : "Do you want to log in?\n\n%s", appname); } void u2f_authenticate(const APDU *a) { const U2F_AUTHENTICATE_REQ *req = (U2F_AUTHENTICATE_REQ *)a->data; static U2F_AUTHENTICATE_REQ last_req; if (!storage_isInitialized()) { layout_warning_static("Cannot authenticate u2f: not initialized"); send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED); delay_ms(3000); return; } if (APDU_LEN(*a) < 64) { /// FIXME: decent value debugLog(0, "", "u2f authenticate - badlen"); send_u2f_error(U2F_SW_WRONG_LENGTH); return; } if (req->keyHandleLen != KEY_HANDLE_LEN) { debugLog(0, "", "u2f auth - bad keyhandle len"); send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle return; } const HDNode *node = validateKeyHandle(req->appId, req->keyHandle); if (!node) { debugLog(0, "", "u2f auth - bad keyhandle len"); send_u2f_error(U2F_SW_WRONG_DATA); // error:bad key handle return; } if (a->p1 == U2F_AUTH_CHECK_ONLY) { debugLog(0, "", "u2f authenticate check"); // This is a success for a good keyhandle // A failed check would have happened earlier // error: testof-user-presence is required send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED); return; } if (a->p1 != U2F_AUTH_ENFORCE) { debugLog(0, "", "u2f authenticate unknown"); // error:bad key handle send_u2f_error(U2F_SW_WRONG_DATA); return; } debugLog(0, "", "u2f authenticate enforce"); if (memcmp(&last_req, req, sizeof(last_req)) != 0) { memcpy(&last_req, req, sizeof(last_req)); last_req_state = INIT; } if (last_req_state == INIT) { // error: testof-user-presence is required //buttonUpdate(); // Clear button state promptAuthenticate(true, req); last_req_state = AUTH; } // Awaiting Keypress if (last_req_state == AUTH) { // error: testof-user-presence is required send_u2f_error(U2F_SW_CONDITIONS_NOT_SATISFIED); dialog_timeout = U2F_TIMEOUT; return; } // Buttons said yes if (last_req_state == AUTH_PASS) { uint8_t buf[sizeof(U2F_AUTHENTICATE_RESP) + 2]; U2F_AUTHENTICATE_RESP *resp = (U2F_AUTHENTICATE_RESP *)&buf; const uint32_t ctr = storage_nextU2FCounter(); resp->flags = U2F_AUTH_FLAG_TUP; resp->ctr[0] = ctr >> 24 & 0xff; resp->ctr[1] = ctr >> 16 & 0xff; resp->ctr[2] = ctr >> 8 & 0xff; resp->ctr[3] = ctr & 0xff; // Build and sign response U2F_AUTHENTICATE_SIG_STR sig_base; uint8_t sig[64]; memcpy(sig_base.appId, req->appId, U2F_APPID_SIZE); sig_base.flags = resp->flags; memcpy(sig_base.ctr, resp->ctr, 4); memcpy(sig_base.chal, req->chal, U2F_CHAL_SIZE); if (ecdsa_sign(&nist256p1, HASHER_SHA2, node->private_key, (uint8_t *)&sig_base, sizeof(sig_base), sig, NULL, NULL) != 0) { send_u2f_error(U2F_SW_WRONG_DATA); return; } // Copy DER encoded signature into response const uint8_t sig_len = ecdsa_sig_to_der(sig, resp->sig); // Append OK memcpy(buf + sizeof(U2F_AUTHENTICATE_RESP) - U2F_MAX_EC_SIG_SIZE + sig_len, "\x90\x00", 2); last_req_state = INIT; dialog_timeout = 0; send_u2f_msg(buf, sizeof(U2F_AUTHENTICATE_RESP) - U2F_MAX_EC_SIG_SIZE + sig_len + 2); promptAuthenticate(false, req); } }
END_TEST START_TEST(test_ecdsa_der) { uint8_t sig[64], der[72]; int res; memcpy(sig, fromhex("9a0b7be0d4ed3146ee262b42202841834698bb3ee39c24e7437df208b8b70771"), 32); memcpy(sig + 32, fromhex("2b79ab1e7736219387dffe8d615bbdba87e11477104b867ef47afed1a5ede781"), 32); res = ecdsa_sig_to_der(sig, der); ck_assert_int_eq(res, 71); ck_assert_mem_eq(der, fromhex("30450221009a0b7be0d4ed3146ee262b42202841834698bb3ee39c24e7437df208b8b7077102202b79ab1e7736219387dffe8d615bbdba87e11477104b867ef47afed1a5ede781"), 71); memcpy(sig, fromhex("6666666666666666666666666666666666666666666666666666666666666666"), 32); memcpy(sig + 32, fromhex("7777777777777777777777777777777777777777777777777777777777777777"), 32); res = ecdsa_sig_to_der(sig, der); ck_assert_int_eq(res, 70); ck_assert_mem_eq(der, fromhex("30440220666666666666666666666666666666666666666666666666666666666666666602207777777777777777777777777777777777777777777777777777777777777777"), 70); memcpy(sig, fromhex("6666666666666666666666666666666666666666666666666666666666666666"), 32); memcpy(sig + 32, fromhex("eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"), 32); res = ecdsa_sig_to_der(sig, der); ck_assert_int_eq(res, 71); ck_assert_mem_eq(der, fromhex("304502206666666666666666666666666666666666666666666666666666666666666666022100eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"), 71); memcpy(sig, fromhex("eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"), 32); memcpy(sig + 32, fromhex("7777777777777777777777777777777777777777777777777777777777777777"), 32); res = ecdsa_sig_to_der(sig, der); ck_assert_int_eq(res, 71); ck_assert_mem_eq(der, fromhex("3045022100eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee02207777777777777777777777777777777777777777777777777777777777777777"), 71); memcpy(sig, fromhex("eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee"), 32); memcpy(sig + 32, fromhex("ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), 32); res = ecdsa_sig_to_der(sig, der); ck_assert_int_eq(res, 72); ck_assert_mem_eq(der, fromhex("3046022100eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee022100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), 72); memcpy(sig, fromhex("0000000000000000000000000000000000000000000000000000000000000066"), 32); memcpy(sig + 32, fromhex("0000000000000000000000000000000000000000000000000000000000000077"), 32); res = ecdsa_sig_to_der(sig, der); ck_assert_int_eq(res, 8); ck_assert_mem_eq(der, fromhex("3006020166020177"), 8); memcpy(sig, fromhex("0000000000000000000000000000000000000000000000000000000000000066"), 32); memcpy(sig + 32, fromhex("00000000000000000000000000000000000000000000000000000000000000ee"), 32); res = ecdsa_sig_to_der(sig, der); ck_assert_int_eq(res, 9); ck_assert_mem_eq(der, fromhex("3007020166020200ee"), 9); memcpy(sig, fromhex("00000000000000000000000000000000000000000000000000000000000000ee"), 32); memcpy(sig + 32, fromhex("0000000000000000000000000000000000000000000000000000000000000077"), 32); res = ecdsa_sig_to_der(sig, der); ck_assert_int_eq(res, 9); ck_assert_mem_eq(der, fromhex("3007020200ee020177"), 9); memcpy(sig, fromhex("00000000000000000000000000000000000000000000000000000000000000ee"), 32); memcpy(sig + 32, fromhex("00000000000000000000000000000000000000000000000000000000000000ff"), 32); res = ecdsa_sig_to_der(sig, der); ck_assert_int_eq(res, 10); ck_assert_mem_eq(der, fromhex("3008020200ee020200ff"), 10); }
void signing_txack(TransactionType *tx) { if (!signing) { fsm_sendFailure(FailureType_Failure_UnexpectedMessage, "Not in Signing mode"); go_home(); return; } int co; memset(&resp, 0, sizeof(TxRequest)); switch (signing_stage) { case STAGE_REQUEST_1_INPUT: /* compute multisig fingerprint */ /* (if all input share the same fingerprint, outputs having the same fingerprint will be considered as change outputs) */ if (tx->inputs[0].script_type == InputScriptType_SPENDMULTISIG) { if (tx->inputs[0].has_multisig && !multisig_fp_mismatch) { if (multisig_fp_set) { uint8_t h[32]; if (cryptoMultisigFingerprint(&(tx->inputs[0].multisig), h) == 0) { fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint"); signing_abort(); return; } if (memcmp(multisig_fp, h, 32) != 0) { multisig_fp_mismatch = true; } } else { if (cryptoMultisigFingerprint(&(tx->inputs[0].multisig), multisig_fp) == 0) { fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint"); signing_abort(); return; } multisig_fp_set = true; } } } else { // InputScriptType_SPENDADDRESS multisig_fp_mismatch = true; } sha256_Update(&tc, (const uint8_t *)tx->inputs, sizeof(TxInputType)); memcpy(&input, tx->inputs, sizeof(TxInputType)); send_req_2_prev_meta(); return; case STAGE_REQUEST_2_PREV_META: tx_init(&tp, tx->inputs_cnt, tx->outputs_cnt, tx->version, tx->lock_time, false); idx2 = 0; send_req_2_prev_input(); return; case STAGE_REQUEST_2_PREV_INPUT: if (!tx_serialize_input_hash(&tp, tx->inputs)) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize input"); signing_abort(); return; } if (idx2 < tp.inputs_len - 1) { idx2++; send_req_2_prev_input(); } else { idx2 = 0; send_req_2_prev_output(); } return; case STAGE_REQUEST_2_PREV_OUTPUT: if (!tx_serialize_output_hash(&tp, tx->bin_outputs)) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize output"); signing_abort(); return; } if (idx2 == input.prev_index) { to_spend += tx->bin_outputs[0].amount; } if (idx2 < tp.outputs_len - 1) { /* Check prevtx of next input */ idx2++; send_req_2_prev_output(); } else { /* Check next output */ tx_hash_final(&tp, hash, true); if (memcmp(hash, input.prev_hash.bytes, 32) != 0) { fsm_sendFailure(FailureType_Failure_Other, "Encountered invalid prevhash"); signing_abort(); return; } if (idx1 < inputs_count - 1) { idx1++; send_req_1_input(); } else { idx1 = 0; send_req_3_output(); } } return; case STAGE_REQUEST_3_OUTPUT: { /* Downloaded output idx1 the first time. * Add it to transaction check * Ask for permission. */ bool is_change = false; if (tx->outputs[0].script_type == OutputScriptType_PAYTOMULTISIG && tx->outputs[0].has_multisig && multisig_fp_set && !multisig_fp_mismatch) { uint8_t h[32]; if (cryptoMultisigFingerprint(&(tx->outputs[0].multisig), h) == 0) { fsm_sendFailure(FailureType_Failure_Other, "Error computing multisig fingeprint"); signing_abort(); return; } if (memcmp(multisig_fp, h, 32) == 0) { is_change = true; } } else { if(tx->outputs[0].has_address_type) { if(check_valid_output_address(tx->outputs) == false) { fsm_sendFailure(FailureType_Failure_Other, "Invalid output address type"); signing_abort(); return; } if(tx->outputs[0].script_type == OutputScriptType_PAYTOADDRESS && tx->outputs[0].address_n_count > 0 && tx->outputs[0].address_type == OutputAddressType_CHANGE) { is_change = true; } } else if(tx->outputs[0].script_type == OutputScriptType_PAYTOADDRESS && tx->outputs[0].address_n_count > 0) { is_change = true; } } if (is_change) { if (change_spend == 0) { // not set change_spend = tx->outputs[0].amount; } else { fsm_sendFailure(FailureType_Failure_Other, "Only one change output allowed"); signing_abort(); return; } } spending += tx->outputs[0].amount; co = compile_output(coin, root, tx->outputs, &bin_output, !is_change); if (co < 0) { fsm_sendFailure(FailureType_Failure_Other, "Signing cancelled by user"); signing_abort(); return; } else if (co == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output"); signing_abort(); return; } sha256_Update(&tc, (const uint8_t *)&bin_output, sizeof(TxOutputBinType)); if (idx1 < outputs_count - 1) { idx1++; send_req_3_output(); } else { sha256_Final(hash_check, &tc); // check fees if (spending > to_spend) { fsm_sendFailure(FailureType_Failure_NotEnoughFunds, "Not enough funds"); signing_abort(); return; } uint64_t fee = to_spend - spending; uint32_t tx_est_size = transactionEstimateSizeKb(inputs_count, outputs_count); char total_amount_str[32]; char fee_str[32]; coin_amnt_to_str(coin, fee, fee_str, sizeof(fee_str)); if(fee > (uint64_t)tx_est_size * coin->maxfee_kb) { if (!confirm(ButtonRequestType_ButtonRequest_FeeOverThreshold, "Confirm Fee", "%s", fee_str)) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Fee over threshold. Signing cancelled."); signing_abort(); return; } } // last confirmation coin_amnt_to_str(coin, to_spend - change_spend, total_amount_str, sizeof(total_amount_str)); if(!confirm_transaction(total_amount_str, fee_str)) { fsm_sendFailure(FailureType_Failure_ActionCancelled, "Signing cancelled by user"); signing_abort(); return; } // Everything was checked, now phase 2 begins and the transaction is signed. layout_simple_message("Signing Transaction..."); idx1 = 0; idx2 = 0; send_req_4_input(); } return; } case STAGE_REQUEST_4_INPUT: if (idx2 == 0) { tx_init(&ti, inputs_count, outputs_count, version, lock_time, true); sha256_Init(&tc); sha256_Update(&tc, (const uint8_t *)&inputs_count, sizeof(inputs_count)); sha256_Update(&tc, (const uint8_t *)&outputs_count, sizeof(outputs_count)); sha256_Update(&tc, (const uint8_t *)&version, sizeof(version)); sha256_Update(&tc, (const uint8_t *)&lock_time, sizeof(lock_time)); memset(privkey, 0, 32); memset(pubkey, 0, 33); } sha256_Update(&tc, (const uint8_t *)tx->inputs, sizeof(TxInputType)); if (idx2 == idx1) { memcpy(&input, tx->inputs, sizeof(TxInputType)); memcpy(&node, root, sizeof(HDNode)); if (hdnode_private_ckd_cached(&node, tx->inputs[0].address_n, tx->inputs[0].address_n_count) == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to derive private key"); signing_abort(); return; } if (tx->inputs[0].script_type == InputScriptType_SPENDMULTISIG) { if (!tx->inputs[0].has_multisig) { fsm_sendFailure(FailureType_Failure_Other, "Multisig info not provided"); signing_abort(); return; } tx->inputs[0].script_sig.size = compile_script_multisig(&(tx->inputs[0].multisig), tx->inputs[0].script_sig.bytes); } else { // SPENDADDRESS ecdsa_get_pubkeyhash(node.public_key, hash); tx->inputs[0].script_sig.size = compile_script_sig(coin->address_type, hash, tx->inputs[0].script_sig.bytes); } if (tx->inputs[0].script_sig.size == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to compile input"); signing_abort(); return; } memcpy(privkey, node.private_key, 32); memcpy(pubkey, node.public_key, 33); } else { tx->inputs[0].script_sig.size = 0; } if (!tx_serialize_input_hash(&ti, tx->inputs)) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize input"); signing_abort(); return; } if (idx2 < inputs_count - 1) { idx2++; send_req_4_input(); } else { idx2 = 0; send_req_4_output(); } return; case STAGE_REQUEST_4_OUTPUT: co = compile_output(coin, root, tx->outputs, &bin_output, false); if (co < 0) { fsm_sendFailure(FailureType_Failure_Other, "Signing cancelled by user"); signing_abort(); return; } else if (co == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output"); signing_abort(); return; } sha256_Update(&tc, (const uint8_t *)&bin_output, sizeof(TxOutputBinType)); if (!tx_serialize_output_hash(&ti, &bin_output)) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize output"); signing_abort(); return; } if (idx2 < outputs_count - 1) { idx2++; send_req_4_output(); } else { sha256_Final(hash, &tc); if (memcmp(hash, hash_check, 32) != 0) { fsm_sendFailure(FailureType_Failure_Other, "Transaction has changed during signing"); signing_abort(); return; } tx_hash_final(&ti, hash, false); resp.has_serialized = true; resp.serialized.has_signature_index = true; resp.serialized.signature_index = idx1; resp.serialized.has_signature = true; resp.serialized.has_serialized_tx = true; ecdsa_sign_digest(&secp256k1, privkey, hash, sig, 0); resp.serialized.signature.size = ecdsa_sig_to_der(sig, resp.serialized.signature.bytes); if (input.script_type == InputScriptType_SPENDMULTISIG) { if (!input.has_multisig) { fsm_sendFailure(FailureType_Failure_Other, "Multisig info not provided"); signing_abort(); return; } // fill in the signature int pubkey_idx = cryptoMultisigPubkeyIndex(&(input.multisig), pubkey); if (pubkey_idx < 0) { fsm_sendFailure(FailureType_Failure_Other, "Pubkey not found in multisig script"); signing_abort(); return; } memcpy(input.multisig.signatures[pubkey_idx].bytes, resp.serialized.signature.bytes, resp.serialized.signature.size); input.multisig.signatures[pubkey_idx].size = resp.serialized.signature.size; input.script_sig.size = serialize_script_multisig(&(input.multisig), input.script_sig.bytes); if (input.script_sig.size == 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to serialize multisig script"); signing_abort(); return; } } else { // SPENDADDRESS input.script_sig.size = serialize_script_sig(resp.serialized.signature.bytes, resp.serialized.signature.size, pubkey, 33, input.script_sig.bytes); } resp.serialized.serialized_tx.size = tx_serialize_input(&to, &input, resp.serialized.serialized_tx.bytes); if (idx1 < inputs_count - 1) { idx1++; idx2 = 0; send_req_4_input(); } else { idx1 = 0; send_req_5_output(); } } return; case STAGE_REQUEST_5_OUTPUT: if (compile_output(coin, root, tx->outputs, &bin_output,false) <= 0) { fsm_sendFailure(FailureType_Failure_Other, "Failed to compile output"); signing_abort(); return; } resp.has_serialized = true; resp.serialized.has_serialized_tx = true; resp.serialized.serialized_tx.size = tx_serialize_output(&to, &bin_output, resp.serialized.serialized_tx.bytes); if (idx1 < outputs_count - 1) { idx1++; send_req_5_output(); } else { send_req_finished(); signing_abort(); } return; } fsm_sendFailure(FailureType_Failure_Other, "Signing error"); signing_abort(); }