From 0b73d1063f9da3446276e9832a1190d7adde249e Mon Sep 17 00:00:00 2001 From: Xavier Chapron Date: Tue, 12 Dec 2023 12:23:58 +0100 Subject: [PATCH 1/3] src: Improve crypto code using SDK crypto_helpers and LEDGER_ASSERT --- Makefile | 3 ++ src/utils.c | 148 ++++++++++++++-------------------------------------- src/utils.h | 14 ++--- 3 files changed, 46 insertions(+), 119 deletions(-) diff --git a/Makefile b/Makefile index 9a910bff..8e0f9f3b 100644 --- a/Makefile +++ b/Makefile @@ -131,6 +131,9 @@ include $(BOLOS_SDK)/Makefile.glyphs APP_SOURCE_PATH += src SDK_SOURCE_PATH += lib_stusb lib_stusb_impl +# Allow usage of function from lib_standard_app/crypto_helpers.c +APP_SOURCE_FILES += ${BOLOS_SDK}/lib_standard_app/crypto_helpers.c + ifneq ($(TARGET_NAME),TARGET_STAX) SDK_SOURCE_PATH += lib_ux endif diff --git a/src/utils.c b/src/utils.c index a1696bdf..234bcd04 100644 --- a/src/utils.c +++ b/src/utils.c @@ -2,99 +2,39 @@ #include "cx.h" #include #include + +#include "lib_standard_app/crypto_helpers.h" + #include "utils.h" -void get_public_key(uint8_t *publicKeyArray, const uint32_t *derivationPath, size_t pathLength) { - cx_ecfp_private_key_t privateKey; - cx_ecfp_public_key_t publicKey; +void get_public_key(uint8_t publicKeyArray[static PUBKEY_LENGTH], + const uint32_t *derivationPath, + size_t pathLength) { + uint8_t rawPubkey[65]; + cx_err_t cx_err; - get_private_key(&privateKey, derivationPath, pathLength); - BEGIN_TRY { - TRY { - cx_ecfp_generate_pair(CX_CURVE_Ed25519, &publicKey, &privateKey, 1); - } - CATCH_OTHER(e) { - MEMCLEAR(privateKey); - THROW(e); - } - FINALLY { - MEMCLEAR(privateKey); - } + cx_err = bip32_derive_with_seed_get_pubkey_256(HDW_ED25519_SLIP10, + CX_CURVE_Ed25519, + derivationPath, + pathLength, + rawPubkey, + NULL, + CX_SHA512, + NULL, + 0); + + if (CX_OK != cx_err) { + THROW(cx_err); } - END_TRY; for (int i = 0; i < PUBKEY_LENGTH; i++) { - publicKeyArray[i] = publicKey.W[PUBKEY_LENGTH + PRIVATEKEY_LENGTH - i]; + publicKeyArray[i] = rawPubkey[PUBKEY_LENGTH + PRIVATEKEY_LENGTH - i]; } - if ((publicKey.W[PUBKEY_LENGTH] & 1) != 0) { + if ((rawPubkey[PUBKEY_LENGTH] & 1) != 0) { publicKeyArray[PUBKEY_LENGTH - 1] |= 0x80; } } -uint32_t readUint32BE(uint8_t *buffer) { - return ((buffer[0] << 24) | (buffer[1] << 16) | (buffer[2] << 8) | (buffer[3])); -} - -void get_private_key(cx_ecfp_private_key_t *privateKey, - const uint32_t *derivationPath, - size_t pathLength) { - uint8_t privateKeyData[PRIVATEKEY_LENGTH]; - BEGIN_TRY { - TRY { - os_perso_derive_node_bip32_seed_key(HDW_ED25519_SLIP10, - CX_CURVE_Ed25519, - derivationPath, - pathLength, - privateKeyData, - NULL, - NULL, - 0); - cx_ecfp_init_private_key(CX_CURVE_Ed25519, - privateKeyData, - PRIVATEKEY_LENGTH, - privateKey); - } - CATCH_OTHER(e) { - MEMCLEAR(privateKeyData); - THROW(e); - } - FINALLY { - MEMCLEAR(privateKeyData); - } - } - END_TRY; -} - -void get_private_key_with_seed(cx_ecfp_private_key_t *privateKey, - const uint32_t *derivationPath, - uint8_t pathLength) { - uint8_t privateKeyData[PRIVATEKEY_LENGTH]; - BEGIN_TRY { - TRY { - os_perso_derive_node_bip32_seed_key(HDW_ED25519_SLIP10, - CX_CURVE_Ed25519, - derivationPath, - pathLength, - privateKeyData, - NULL, - (unsigned char *) "ed25519 seed", - 12); - cx_ecfp_init_private_key(CX_CURVE_Ed25519, - privateKeyData, - PRIVATEKEY_LENGTH, - privateKey); - } - CATCH_OTHER(e) { - MEMCLEAR(privateKeyData); - THROW(e); - } - FINALLY { - MEMCLEAR(privateKeyData); - } - } - END_TRY; -} - int read_derivation_path(const uint8_t *data_buffer, size_t data_size, uint32_t *derivation_path, @@ -126,32 +66,24 @@ int read_derivation_path(const uint8_t *data_buffer, } uint8_t set_result_sign_message(void) { - uint8_t signature[SIGNATURE_LENGTH]; - cx_ecfp_private_key_t privateKey; - BEGIN_TRY { - TRY { - get_private_key_with_seed(&privateKey, - G_command.derivation_path, - G_command.derivation_path_length); - cx_eddsa_sign(&privateKey, - CX_LAST, - CX_SHA512, - G_command.message, - G_command.message_length, - NULL, - 0, - signature, - SIGNATURE_LENGTH, - NULL); - memcpy(G_io_apdu_buffer, signature, SIGNATURE_LENGTH); - } - CATCH_OTHER(e) { - THROW(e); - } - FINALLY { - MEMCLEAR(privateKey); - } + size_t sigLen = SIGNATURE_LENGTH; + cx_err_t cx_err; + + cx_err = bip32_derive_with_seed_eddsa_sign_hash_256(HDW_ED25519_SLIP10, + CX_CURVE_Ed25519, + G_command.derivation_path, + G_command.derivation_path_length, + CX_SHA512, + G_command.message, + G_command.message_length, + G_io_apdu_buffer, + &sigLen, + NULL, + 0); + + if (CX_OK != cx_err) { + THROW(cx_err); } - END_TRY; + return SIGNATURE_LENGTH; } diff --git a/src/utils.h b/src/utils.h index 6961b711..ad0981c8 100644 --- a/src/utils.h +++ b/src/utils.h @@ -21,17 +21,9 @@ typedef enum rlpTxType { TX_FEE } rlpTxType; -void get_public_key(uint8_t *publicKeyArray, const uint32_t *derivationPath, size_t pathLength); - -uint32_t readUint32BE(uint8_t *buffer); - -void get_private_key(cx_ecfp_private_key_t *privateKey, - const uint32_t *derivationPath, - size_t pathLength); - -void get_private_key_with_seed(cx_ecfp_private_key_t *privateKey, - const uint32_t *derivationPath, - uint8_t pathLength); +void get_public_key(uint8_t publicKeyArray[static PUBKEY_LENGTH], + const uint32_t *derivationPath, + size_t pathLength); /** * Deserialize derivation path from raw bytes. From ad37ff9e090df5c2d1c7253ad84b5653022e419a Mon Sep 17 00:00:00 2001 From: Xavier Chapron Date: Tue, 12 Dec 2023 12:24:48 +0100 Subject: [PATCH 2/3] src: Cleanup unused parameter from BLE_power() --- src/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main.c b/src/main.c index 3717d8d8..c3ed0755 100644 --- a/src/main.c +++ b/src/main.c @@ -210,7 +210,7 @@ void coin_main(void) { #ifdef HAVE_BLE BLE_power(0, NULL); - BLE_power(1, "Nano X"); + BLE_power(1, NULL); #endif // HAVE_BLE app_main(); @@ -247,7 +247,7 @@ static void start_app_from_lib(void) { // grab the current plane mode setting G_io_app.plane_mode = os_setting_get(OS_SETTING_PLANEMODE, NULL, 0); BLE_power(0, NULL); - BLE_power(1, "Nano X"); + BLE_power(1, NULL); #endif // HAVE_BLE app_main(); } From 81983453c81aa49d4d70431cc9f125ad390e0a0d Mon Sep 17 00:00:00 2001 From: Xavier Chapron Date: Tue, 12 Dec 2023 12:25:05 +0100 Subject: [PATCH 3/3] src: Drop deprectaed check_api_level() --- src/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main.c b/src/main.c index c3ed0755..ba88e23f 100644 --- a/src/main.c +++ b/src/main.c @@ -253,7 +253,6 @@ static void start_app_from_lib(void) { } static void library_main_helper(libargs_t *args) { - check_api_level(CX_COMPAT_APILEVEL); switch (args->command) { case CHECK_ADDRESS: // ensure result is zero if an exception is thrown