Skip to content

Commit

Permalink
refactor crypto helpers.
Browse files Browse the repository at this point in the history
  • Loading branch information
@overcat
overcat committed May 11, 2024
1 parent a568429 commit 57242f9
Show file tree
Hide file tree
Showing 8 changed files with 66 additions and 128 deletions.
45 changes: 25 additions & 20 deletions src/crypto.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@

#define STELLAR_SEED_KEY "ed25519 seed"

cx_err_t crypto_derive_private_key(cx_ecfp_private_key_t *private_key,
const uint32_t *bip32_path,
uint8_t bip32_path_len) {
static cx_err_t crypto_derive_private_key(cx_ecfp_private_key_t *private_key,
const uint32_t *bip32_path,
uint8_t bip32_path_len) {
uint8_t raw_private_key[64] = {0};
cx_err_t error = CX_OK;

Expand All @@ -48,9 +48,9 @@ cx_err_t crypto_derive_private_key(cx_ecfp_private_key_t *private_key,
explicit_bzero(&raw_private_key, sizeof(raw_private_key));
if (error != CX_OK) {
explicit_bzero(private_key, sizeof(*private_key));
return error;
PRINTF("In crypto_derive_private_key: ERROR %x \n", error);
}
return CX_OK;
return error;
}

// converts little endian 32 byte public key to big endian 32 byte public key
Expand All @@ -66,34 +66,40 @@ void raw_public_key_le_to_be(cx_ecfp_public_key_t *public_key,
}
}

cx_err_t crypto_init_public_key(cx_ecfp_private_key_t *private_key,
cx_ecfp_public_key_t *public_key,
uint8_t raw_public_key[static RAW_ED25519_PUBLIC_KEY_SIZE]) {
cx_err_t crypto_derive_public_key(uint8_t raw_public_key[static RAW_ED25519_PUBLIC_KEY_SIZE],
const uint32_t *bip32_path,
uint8_t bip32_path_len) {
cx_err_t error = CX_OK;
cx_ecfp_private_key_t private_key = {0};
cx_ecfp_public_key_t public_key = {0};

// derive private key according to BIP32 path
CX_CHECK(crypto_derive_private_key(&private_key, bip32_path, bip32_path_len));

// generate corresponding public key
CX_CHECK(cx_ecfp_generate_pair_no_throw(CX_CURVE_Ed25519, public_key, private_key, 1));
CX_CHECK(cx_ecfp_generate_pair_no_throw(CX_CURVE_Ed25519, &public_key, &private_key, 1));

raw_public_key_le_to_be(&public_key, raw_public_key);

end:
explicit_bzero(&private_key, sizeof(private_key));
if (error != CX_OK) {
return error;
PRINTF("In crypto_init_public_key: ERROR %x \n", error);
}
raw_public_key_le_to_be(public_key, raw_public_key);
return CX_OK;
return error;
}

cx_err_t crypto_sign_message(const uint8_t *message,
uint8_t message_len,
const uint8_t *signature,
uint8_t signature_len) {
cx_ecfp_private_key_t private_key = {0};
uint8_t signature_len,
const uint32_t *bip32_path,
uint8_t bip32_path_len) {
cx_err_t error = CX_OK;
cx_ecfp_private_key_t private_key = {0};

// derive private key according to BIP32 path
error = crypto_derive_private_key(&private_key, G_context.bip32_path, G_context.bip32_path_len);
if (error != CX_OK) {
return error;
}
CX_CHECK(crypto_derive_private_key(&private_key, bip32_path, bip32_path_len));

CX_CHECK(cx_eddsa_sign_no_throw(&private_key,
CX_SHA512,
Expand All @@ -107,7 +113,6 @@ cx_err_t crypto_sign_message(const uint8_t *message,
explicit_bzero(&private_key, sizeof(private_key));
if (error != CX_OK) {
PRINTF("In crypto_sign_message: ERROR %x \n", error);
return error;
}
return CX_OK;
return error;
}
47 changes: 22 additions & 25 deletions src/crypto.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,45 +8,42 @@
#include "stellar/types.h"

/**
* Derive private key given BIP32 path.
* Derive public key given BIP32 path.
*
* @param[out] private_key
* Pointer to private key.
* @param[in] bip32_path
* Pointer to buffer with BIP32 path.
* @param[in] bip32_path_len
* Number of path in BIP32 path.
*
* @return CX_OK on success, error number otherwise.
*
*/
cx_err_t crypto_derive_private_key(cx_ecfp_private_key_t *private_key,
const uint32_t *bip32_path,
uint8_t bip32_path_len);
/**
* Initialize public key given private key.
*
* @param[in] private_key
* Pointer to private key.
* @param[out] public_key
* Pointer to public key.
* @param[out] raw_public_key
* Pointer to raw public key.
* @param[in] bip32_path
* Pointer to buffer with BIP32 path.
* @param[in] bip32_path_len
* Length of BIP32 path.
*
* @return CX_OK on success, error number otherwise.
*
*/
cx_err_t crypto_init_public_key(cx_ecfp_private_key_t *private_key,
cx_ecfp_public_key_t *public_key,
uint8_t raw_public_key[static RAW_ED25519_PUBLIC_KEY_SIZE]);
cx_err_t crypto_derive_public_key(uint8_t raw_public_key[static RAW_ED25519_PUBLIC_KEY_SIZE],
const uint32_t *bip32_path,
uint8_t bip32_path_len);

/**
* Sign message.
*
* @param[in] message
* Pointer to message.
* @param[in] message_len
* Length of message.
* @param[in] signature
* Pointer to signature.
* @param[in] signature_len
* Length of signature.
* @param[in] bip32_path
* Pointer to buffer with BIP32 path.
*
* @return CX_OK on success, error number otherwise.
*
*/
cx_err_t crypto_sign_message(const uint8_t *message,
uint8_t message_len,
const uint8_t *signature,
uint8_t signature_len);
uint8_t signature_len,
const uint32_t *bip32_path,
uint8_t bip32_path_len);
17 changes: 3 additions & 14 deletions src/handler/get_public_key.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,25 +39,14 @@ int handler_get_public_key(buffer_t *cdata, bool display) {
return io_send_sw(SW_WRONG_DATA_LENGTH);
}

cx_err_t error = CX_OK;
cx_ecfp_private_key_t private_key = {0};
cx_ecfp_public_key_t public_key = {0};
cx_err_t error = crypto_derive_public_key(G_context.raw_public_key,
G_context.bip32_path,
G_context.bip32_path_len);

// derive private key according to BIP32 path
error = crypto_derive_private_key(&private_key, G_context.bip32_path, G_context.bip32_path_len);
if (error != CX_OK) {
return io_send_sw(error);
}

// generate corresponding public key
error = crypto_init_public_key(&private_key, &public_key, G_context.raw_public_key);
if (error != CX_OK) {
return io_send_sw(error);
}

// reset private key
explicit_bzero(&private_key, sizeof(private_key));

if (display) {
return ui_display_address();
}
Expand Down
21 changes: 3 additions & 18 deletions src/handler/sign_auth.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,29 +79,14 @@ int handler_sign_auth(buffer_t *cdata, bool is_first_chunk, bool more) {
G_context.state = STATE_PARSED;
PRINTF("soroban auth parsed.\n");

// Normal (not-swap) mode, derive the public_key and display the validation UI
cx_ecfp_private_key_t private_key = {0};
cx_ecfp_public_key_t public_key = {0};
cx_err_t error = crypto_derive_public_key(G_context.raw_public_key,
G_context.bip32_path,
G_context.bip32_path_len);

cx_err_t error = CX_OK;

// derive private key according to BIP32 path
error = crypto_derive_private_key(&private_key, G_context.bip32_path, G_context.bip32_path_len);
if (error != CX_OK) {
explicit_bzero(&private_key, sizeof(private_key));
return io_send_sw(error);
}

// generate corresponding public key
error = crypto_init_public_key(&private_key, &public_key, G_context.raw_public_key);
if (error != CX_OK) {
explicit_bzero(&private_key, sizeof(private_key));
return io_send_sw(error);
}

// reset private key
explicit_bzero(&private_key, sizeof(private_key));

if (cx_hash_sha256(G_context.raw, G_context.raw_size, G_context.hash, HASH_SIZE) != HASH_SIZE) {
return io_send_sw(SW_TX_HASH_FAIL);
}
Expand Down
21 changes: 3 additions & 18 deletions src/handler/sign_hash.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,27 +55,12 @@ int handler_sign_hash(buffer_t *cdata) {
memcpy(G_context.hash, cdata->ptr + cdata->offset, HASH_SIZE);

// Generate public key
cx_ecfp_private_key_t private_key = {0};
cx_ecfp_public_key_t public_key = {0};

cx_err_t error = CX_OK;

// derive private key according to BIP32 path
error = crypto_derive_private_key(&private_key, G_context.bip32_path, G_context.bip32_path_len);
cx_err_t error = crypto_derive_public_key(G_context.raw_public_key,
G_context.bip32_path,
G_context.bip32_path_len);
if (error != CX_OK) {
explicit_bzero(&private_key, sizeof(private_key));
return io_send_sw(error);
}

// generate corresponding public key
error = crypto_init_public_key(&private_key, &public_key, G_context.raw_public_key);
if (error != CX_OK) {
explicit_bzero(&private_key, sizeof(private_key));
return io_send_sw(error);
}

// reset private key
explicit_bzero(&private_key, sizeof(private_key));

return ui_display_hash();
}
26 changes: 6 additions & 20 deletions src/handler/sign_tx.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,9 @@ int handler_sign_tx(buffer_t *cdata, bool is_first_chunk, bool more) {
if (crypto_sign_message(G_context.hash,
sizeof(G_context.hash),
signature,
SIGNATURE_SIZE) != CX_OK) {
SIGNATURE_SIZE,
G_context.bip32_path,
G_context.bip32_path_len) != CX_OK) {
G_context.state = STATE_NONE;
return io_send_sw(SW_SIGNATURE_FAIL);
} else {
Expand All @@ -111,34 +113,18 @@ int handler_sign_tx(buffer_t *cdata, bool is_first_chunk, bool more) {

} else {
// Normal (not-swap) mode, derive the public_key and display the validation UI
cx_ecfp_private_key_t private_key = {0};
cx_ecfp_public_key_t public_key = {0};
cx_err_t error = crypto_derive_public_key(G_context.raw_public_key,
G_context.bip32_path,
G_context.bip32_path_len);

cx_err_t error = CX_OK;

// derive private key according to BIP32 path
error =
crypto_derive_private_key(&private_key, G_context.bip32_path, G_context.bip32_path_len);
if (error != CX_OK) {
explicit_bzero(&private_key, sizeof(private_key));
return io_send_sw(error);
}

// generate corresponding public key
error = crypto_init_public_key(&private_key, &public_key, G_context.raw_public_key);
if (error != CX_OK) {
explicit_bzero(&private_key, sizeof(private_key));
return io_send_sw(error);
}

// reset private key
explicit_bzero(&private_key, sizeof(private_key));

if (cx_hash_sha256(G_context.raw, G_context.raw_size, G_context.hash, HASH_SIZE) !=
HASH_SIZE) {
return io_send_sw(SW_TX_HASH_FAIL);
}

return ui_display_transaction();
}
};
13 changes: 1 addition & 12 deletions src/swap/handle_check_address.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,24 +31,13 @@ void swap_handle_check_address(check_address_parameters_t* params) {
return;
}

cx_ecfp_private_key_t privateKey;
cx_ecfp_public_key_t publicKey;
uint8_t stellar_publicKey[RAW_ED25519_PUBLIC_KEY_SIZE];

if (crypto_derive_private_key(&privateKey, bip32_path, bip32_path_length) != CX_OK) {
explicit_bzero(&privateKey, sizeof(privateKey));
PRINTF("derive_private_key failed\n");
return;
}

if (crypto_init_public_key(&privateKey, &publicKey, stellar_publicKey) != CX_OK) {
explicit_bzero(&privateKey, sizeof(privateKey));
if (crypto_derive_public_key(stellar_publicKey, bip32_path, bip32_path_length) != CX_OK) {
PRINTF("crypto_init_public_key failed\n");
return;
}

explicit_bzero(&privateKey, sizeof(privateKey));

char address[57];
if (!print_account_id(stellar_publicKey, address, sizeof(address), 0, 0)) {
PRINTF("public key encode failed\n");
Expand Down
4 changes: 3 additions & 1 deletion src/ui/action/validate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,9 @@ void validate_transaction(bool choice) {
if (crypto_sign_message(G_context.hash,
sizeof(G_context.hash),
signature,
SIGNATURE_SIZE) != CX_OK) {
SIGNATURE_SIZE,
G_context.bip32_path,
G_context.bip32_path_len) != CX_OK) {
G_context.state = STATE_NONE;
io_send_sw(SW_SIGNATURE_FAIL);
} else {
Expand Down

0 comments on commit 57242f9

Please sign in to comment.