This repository has been archived by the owner on May 28, 2019. It is now read-only.
TT: 2.0.9, inconsistent ethereumVerifyMessage failure #422
Comments
tsusanka
added a commit
that referenced
this issue
Nov 30, 2018
Ethereum's verify_function takes an actual address as an argument not a derivation path. So any path validation does not make any sense. Also, if the verify_recover function raises an exception, it gets propogated as a DataError (additional fix for #422).
jpochyla
pushed a commit
that referenced
this issue
Nov 30, 2018
Ethereum's verify_function takes an actual address as an argument not a derivation path. So any path validation does not make any sense. Also, if the verify_recover function raises an exception, it gets propogated as a DataError (additional fix for #422).
real-or-random
added a commit
to romanz/trezor-core
that referenced
this issue
Apr 4, 2019
…ature verification fails So far, we either return False (or None for public recovery) or raise a ValueError (e.g., when the length of the signature). This is inconsistent and dangerous because the inputs to signature verification may be attacker-provided and cannot be assumed to be well-formed. This led to issue trezor#422 where a firmware error is raised when an invalid signature is is provided. This has been fixed for the ethereum app but not for the wallet app. This commit addresses the problem at the core of the issue, i.e., at the verification functions in extmod such that all apps are covered.
real-or-random
added a commit
to romanz/trezor-core
that referenced
this issue
Apr 15, 2019
…ature verification fails So far, we either return False (or None for public recovery) or raise a ValueError (e.g., when the length of the signature). This is inconsistent and dangerous because the inputs to signature verification may be attacker-provided and cannot be assumed to be well-formed. This led to issue trezor#422 where a firmware error is raised when an invalid signature is is provided. This has been fixed for the ethereum app but not for the wallet app. This commit addresses the problem at the core of the issue, i.e., at the verification functions in extmod such that all apps are covered.
real-or-random
added a commit
to romanz/trezor-core
that referenced
this issue
Apr 15, 2019
…ature verification fails So far, we either return False (or None for public recovery) or raise a ValueError (e.g., when the length of the signature). This is inconsistent and dangerous because the inputs to signature verification may be attacker-provided and cannot be assumed to be well-formed. This led to issue trezor#422 where a firmware error is raised when an invalid signature is is provided. This has been fixed for the ethereum app but not for the wallet app. This commit addresses the problem at the core of the issue, i.e., at the verification functions in extmod such that all apps are covered.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Trying to verify ethereum message, intentionally with invalid data.
I get: { error:"Firmware error", code:"Failure_FirmwareError" }
Looks like it's not consistent with T1 which in this case returns:
{ error:"Invalid signature", code:"Failure_DataError" }
The text was updated successfully, but these errors were encountered: