Skip to content

Commit

Permalink
src: Rework crypto handling using SDK helpers
Browse files Browse the repository at this point in the history
  • Loading branch information
Xavier Chapron committed Nov 28, 2023
1 parent d974bdc commit 58af5e4
Show file tree
Hide file tree
Showing 7 changed files with 54 additions and 73 deletions.
3 changes: 3 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,9 @@ ifeq ($(TARGET_NAME),$(filter $(TARGET_NAME),TARGET_NANOX TARGET_STAX))
SDK_SOURCE_PATH += lib_blewbxx lib_blewbxx_impl
endif

# Allow usage of function from lib_standard_app/crypto_helpers.c
APP_SOURCE_FILES += ${BOLOS_SDK}/lib_standard_app/crypto_helpers.c

include vendor/nanopb/extra/nanopb.mk

DEFINES += PB_NO_ERRMSG=1
Expand Down
14 changes: 10 additions & 4 deletions src/get_public_key.c
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,20 @@

get_public_key_context_t gpk_ctx;

static void get_pk() {
static bool get_pk() {
// Derive Key
hedera_derive_keypair(gpk_ctx.key_index, NULL, &gpk_ctx.public);
if (!hedera_get_pubkey(gpk_ctx.key_index, gpk_ctx.raw_pubkey)) {
return false;
}

// Put Key bytes in APDU buffer
public_key_to_bytes(G_io_apdu_buffer, &gpk_ctx.public);
public_key_to_bytes(G_io_apdu_buffer, gpk_ctx.raw_pubkey);

// Populate Key Hex String
bin2hex(gpk_ctx.full_key, G_io_apdu_buffer, KEY_SIZE);
gpk_ctx.full_key[ KEY_SIZE ] = '\0';

return true;
}

void handle_get_public_key(uint8_t p1, uint8_t p2, uint8_t* buffer,
Expand Down Expand Up @@ -40,7 +44,9 @@ void handle_get_public_key(uint8_t p1, uint8_t p2, uint8_t* buffer,
}

// Populate context with PK
get_pk();
if (!get_pk()) {
io_exchange_with_code(EXCEPTION_INTERNAL, 0);
}

if (p1 == 0) {
ui_get_public_key();
Expand Down
2 changes: 1 addition & 1 deletion src/get_public_key.h
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ typedef struct get_public_key_context_s {
// Lines on the UI Screen
char ui_approve_l2[ DISPLAY_SIZE + 1 ];

cx_ecfp_public_key_t public;
uint8_t raw_pubkey[65];

// Public Key Compare
uint8_t display_index;
Expand Down
92 changes: 35 additions & 57 deletions src/hedera.c
Original file line number Diff line number Diff line change
Expand Up @@ -4,84 +4,62 @@
#include <os.h>
#include <string.h>

#include "lib_standard_app/crypto_helpers.h"

#include "globals.h"
#include "utils.h"

bool hedera_derive_keypair(uint32_t index,
/* out */ cx_ecfp_private_key_t* secret,
/* out */ cx_ecfp_public_key_t* public) {
static uint8_t seed[ 32 ];
static uint32_t path[ 5 ];
static cx_ecfp_private_key_t pk;

static void hedera_set_path(uint32_t index, uint32_t path[static 5]) {
path[ 0 ] = 44 | 0x80000000;
path[ 1 ] = 3030 | 0x80000000;
path[ 2 ] = 0x80000000;
path[ 3 ] = 0x80000000;
path[ 4 ] = index | 0x80000000;
}

os_perso_derive_node_bip32_seed_key(HDW_ED25519_SLIP10, CX_CURVE_Ed25519,
path, 5, seed, NULL, NULL, 0);

if (CX_OK != cx_ecfp_init_private_key_no_throw(CX_CURVE_Ed25519, seed,
sizeof(seed), &pk)) {
MEMCLEAR(seed);
return false;
}

if (public) {
if (CX_OK != cx_ecfp_init_public_key_no_throw(CX_CURVE_Ed25519, NULL, 0,
public)) {
MEMCLEAR(seed);
MEMCLEAR(pk);
return false;
}

if (CX_OK !=
cx_ecfp_generate_pair_no_throw(CX_CURVE_Ed25519, public, &pk, 1)) {
MEMCLEAR(seed);
MEMCLEAR(pk);
return false;
}
}
bool hedera_get_pubkey(uint32_t index, uint8_t raw_pubkey[static 65]) {
static uint32_t path[ 5 ];

if (secret) {
*secret = pk;
hedera_set_path(index, path);

if (CX_OK != bip32_derive_with_seed_get_pubkey_256(HDW_ED25519_SLIP10,
CX_CURVE_Ed25519,
path,
5,
raw_pubkey,
NULL,
CX_SHA512,
NULL,
0)) {
return false;
}

MEMCLEAR(seed);
MEMCLEAR(pk);

return true;
}

bool hedera_sign(uint32_t index, const uint8_t* tx, uint8_t tx_len,
/* out */ uint8_t* result) {
static cx_ecfp_private_key_t pk;

// Get Keys
if (!hedera_derive_keypair(index, &pk, NULL)) {
return false;
}

// Sign Transaction
// <cx.h> 2283
// Claims to want Hashes, but other apps use the message itself
// and complain that the documentation is wrong
if (CX_OK != cx_eddsa_sign_no_throw(
&pk, // private key
CX_SHA512, // hashID
tx, // hash (really message)
tx_len, // hash length (really message length)
result, // signature
64 // signature length
)) {
MEMCLEAR(pk);
static uint32_t path[ 5 ];
size_t sig_len = 64;

hedera_set_path(index, path);


if (CX_OK != bip32_derive_with_seed_eddsa_sign_hash_256(HDW_ED25519_SLIP10,
CX_CURVE_Ed25519,
path,
5,
CX_SHA512,
tx, // hash (really message)
tx_len, // hash length (really message length)
result, // signature
&sig_len,
NULL,
0)) {
return false;
}

// Clear private key
MEMCLEAR(pk);

return true;
}
8 changes: 1 addition & 7 deletions src/hedera.h
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,7 @@
#include <stdbool.h>
#include <stdint.h>

// Forward declare to avoid including os.h in a header file
struct cx_ecfp_256_public_key_s;
struct cx_ecfp_256_private_key_s;

bool hedera_derive_keypair(uint32_t index,
/* out */ struct cx_ecfp_256_private_key_s* secret,
/* out */ struct cx_ecfp_256_public_key_s* public);
bool hedera_get_pubkey(uint32_t index, uint8_t raw_pubkey[static 65]);

bool hedera_sign(uint32_t index, const uint8_t* tx, uint8_t tx_len,
/* out */ uint8_t* result);
6 changes: 3 additions & 3 deletions src/utils.c
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
#include "utils.h"

void public_key_to_bytes(unsigned char *dst, cx_ecfp_public_key_t *public) {
void public_key_to_bytes(unsigned char *dst, uint8_t raw_pubkey[static 65]) {
for (int i = 0; i < 32; i++) {
dst[ i ] = public->W[ 64 - i ];
dst[ i ] = raw_pubkey[ 64 - i ];
}

if (public->W[ 32 ] & 1) {
if (raw_pubkey[ 32 ] & 1) {
dst[ 31 ] |= 0x80;
}
}
Expand Down
2 changes: 1 addition & 1 deletion src/utils.h
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,6 @@

#define ARRAY_COUNT(array) (sizeof(array) / sizeof(array[0]))

void public_key_to_bytes(uint8_t *dst, cx_ecfp_public_key_t *public);
void public_key_to_bytes(unsigned char *dst, uint8_t raw_pubkey[static 65]);

void bin2hex(uint8_t *dst, uint8_t *data, uint64_t inlen);

0 comments on commit 58af5e4

Please sign in to comment.