2022-01-11 08:56:57 +01:00
|
|
|
#include "shared_context.h"
|
|
|
|
|
#include "apdu_constants.h"
|
|
|
|
|
|
|
|
|
|
#include "feature_performPrivacyOperation.h"
|
2022-08-24 09:25:01 +02:00
|
|
|
#include "common_ui.h"
|
2024-04-12 16:40:05 +02:00
|
|
|
#include "uint_common.h"
|
2022-01-11 08:56:57 +01:00
|
|
|
|
|
|
|
|
#define P2_PUBLIC_ENCRYPTION_KEY 0x00
|
2022-03-22 08:40:36 +01:00
|
|
|
#define P2_SHARED_SECRET 0x01
|
2022-01-11 08:56:57 +01:00
|
|
|
|
|
|
|
|
void decodeScalar(const uint8_t *scalarIn, uint8_t *scalarOut) {
|
2022-03-22 08:40:36 +01:00
|
|
|
for (uint8_t i = 0; i < 32; i++) {
|
|
|
|
|
switch (i) {
|
2022-01-11 08:56:57 +01:00
|
|
|
case 0:
|
|
|
|
|
scalarOut[0] = (scalarIn[31] & 0x7f) | 0x40;
|
|
|
|
|
break;
|
|
|
|
|
case 31:
|
|
|
|
|
scalarOut[31] = scalarIn[0] & 0xf8;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
scalarOut[i] = scalarIn[31 - i];
|
2022-03-22 08:40:36 +01:00
|
|
|
}
|
2022-01-11 08:56:57 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void handlePerformPrivacyOperation(uint8_t p1,
|
2022-03-22 08:40:36 +01:00
|
|
|
uint8_t p2,
|
2022-07-15 12:33:19 +02:00
|
|
|
const uint8_t *dataBuffer,
|
2022-07-19 11:42:25 +02:00
|
|
|
uint8_t dataLength,
|
2022-03-22 08:40:36 +01:00
|
|
|
unsigned int *flags,
|
|
|
|
|
unsigned int *tx) {
|
2024-03-18 08:58:05 +01:00
|
|
|
uint8_t privateKeyData[64];
|
2022-01-11 08:56:57 +01:00
|
|
|
uint8_t privateKeyDataSwapped[INT256_LENGTH];
|
2022-07-08 11:12:50 +02:00
|
|
|
bip32_path_t bip32;
|
2022-01-11 08:56:57 +01:00
|
|
|
cx_err_t status = CX_OK;
|
2022-07-08 11:12:50 +02:00
|
|
|
|
|
|
|
|
if ((p1 != P1_CONFIRM) && (p1 != P1_NON_CONFIRM)) {
|
2022-01-11 08:56:57 +01:00
|
|
|
THROW(0x6B00);
|
|
|
|
|
}
|
2022-07-08 11:12:50 +02:00
|
|
|
|
|
|
|
|
if ((p2 != P2_PUBLIC_ENCRYPTION_KEY) && (p2 != P2_SHARED_SECRET)) {
|
|
|
|
|
THROW(0x6700);
|
2022-01-11 08:56:57 +01:00
|
|
|
}
|
2022-07-08 11:12:50 +02:00
|
|
|
|
|
|
|
|
dataBuffer = parseBip32(dataBuffer, &dataLength, &bip32);
|
|
|
|
|
|
|
|
|
|
if (dataBuffer == NULL) {
|
|
|
|
|
THROW(0x6a80);
|
2022-01-11 08:56:57 +01:00
|
|
|
}
|
2022-07-08 11:12:50 +02:00
|
|
|
|
|
|
|
|
if ((p2 == P2_SHARED_SECRET) && (dataLength < 32)) {
|
|
|
|
|
THROW(0x6700);
|
2022-03-22 08:40:36 +01:00
|
|
|
}
|
2022-07-08 11:12:50 +02:00
|
|
|
|
|
|
|
|
cx_ecfp_private_key_t privateKey;
|
|
|
|
|
|
2024-03-18 08:58:05 +01:00
|
|
|
CX_ASSERT(os_derive_bip32_no_throw(
|
2022-01-11 08:56:57 +01:00
|
|
|
CX_CURVE_256K1,
|
2022-07-08 11:12:50 +02:00
|
|
|
bip32.path,
|
|
|
|
|
bip32.length,
|
2022-01-11 08:56:57 +01:00
|
|
|
privateKeyData,
|
2024-03-18 08:58:05 +01:00
|
|
|
(tmpCtx.publicKeyContext.getChaincode ? tmpCtx.publicKeyContext.chainCode : NULL)));
|
|
|
|
|
CX_ASSERT(cx_ecfp_init_private_key_no_throw(CX_CURVE_256K1, privateKeyData, 32, &privateKey));
|
|
|
|
|
CX_ASSERT(cx_ecfp_generate_pair_no_throw(CX_CURVE_256K1,
|
|
|
|
|
&tmpCtx.publicKeyContext.publicKey,
|
|
|
|
|
&privateKey,
|
|
|
|
|
1));
|
|
|
|
|
getEthAddressStringFromRawKey((const uint8_t *) &tmpCtx.publicKeyContext.publicKey.W,
|
|
|
|
|
tmpCtx.publicKeyContext.address,
|
|
|
|
|
chainConfig->chainId);
|
2022-01-11 08:56:57 +01:00
|
|
|
if (p2 == P2_PUBLIC_ENCRYPTION_KEY) {
|
|
|
|
|
decodeScalar(privateKeyData, privateKeyDataSwapped);
|
2024-03-18 08:58:05 +01:00
|
|
|
CX_ASSERT(cx_ecfp_init_private_key_no_throw(CX_CURVE_Curve25519,
|
|
|
|
|
privateKeyDataSwapped,
|
|
|
|
|
32,
|
|
|
|
|
&privateKey));
|
|
|
|
|
CX_ASSERT(cx_ecfp_generate_pair_no_throw(CX_CURVE_Curve25519,
|
|
|
|
|
&tmpCtx.publicKeyContext.publicKey,
|
|
|
|
|
&privateKey,
|
|
|
|
|
1));
|
2022-01-11 08:56:57 +01:00
|
|
|
explicit_bzero(privateKeyDataSwapped, sizeof(privateKeyDataSwapped));
|
2022-03-22 08:40:36 +01:00
|
|
|
} else {
|
2022-01-11 08:56:57 +01:00
|
|
|
memmove(tmpCtx.publicKeyContext.publicKey.W + 1, dataBuffer, 32);
|
|
|
|
|
status = cx_x25519(tmpCtx.publicKeyContext.publicKey.W + 1, privateKeyData, 32);
|
|
|
|
|
}
|
|
|
|
|
explicit_bzero(&privateKey, sizeof(privateKey));
|
2022-03-22 08:40:36 +01:00
|
|
|
explicit_bzero(privateKeyData, sizeof(privateKeyData));
|
2022-01-11 08:56:57 +01:00
|
|
|
|
|
|
|
|
if (status != CX_OK) {
|
|
|
|
|
THROW(0x6A80);
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-29 18:22:22 +02:00
|
|
|
if (p1 == P1_NON_CONFIRM) {
|
2022-01-11 08:56:57 +01:00
|
|
|
*tx = set_result_perform_privacy_operation();
|
|
|
|
|
THROW(0x9000);
|
2024-04-29 18:22:22 +02:00
|
|
|
} else {
|
2024-03-11 16:14:31 +01:00
|
|
|
snprintf(strings.common.toAddress,
|
|
|
|
|
sizeof(strings.common.toAddress),
|
2022-01-11 08:56:57 +01:00
|
|
|
"0x%.*s",
|
|
|
|
|
40,
|
|
|
|
|
tmpCtx.publicKeyContext.address);
|
2022-03-22 08:40:36 +01:00
|
|
|
for (uint8_t i = 0; i < 32; i++) {
|
2022-01-11 08:56:57 +01:00
|
|
|
privateKeyData[i] = tmpCtx.publicKeyContext.publicKey.W[32 - i];
|
|
|
|
|
}
|
2024-04-12 16:40:05 +02:00
|
|
|
format_hex(privateKeyData,
|
|
|
|
|
32,
|
|
|
|
|
strings.common.fullAmount,
|
|
|
|
|
sizeof(strings.common.fullAmount) - 1);
|
|
|
|
|
|
2022-01-11 08:56:57 +01:00
|
|
|
if (p2 == P2_PUBLIC_ENCRYPTION_KEY) {
|
2022-08-24 09:25:01 +02:00
|
|
|
ui_display_privacy_public_key();
|
2022-03-22 08:40:36 +01:00
|
|
|
} else {
|
2022-08-24 09:25:01 +02:00
|
|
|
ui_display_privacy_shared_secret();
|
2022-01-11 08:56:57 +01:00
|
|
|
}
|
|
|
|
|
|
2022-03-22 08:40:36 +01:00
|
|
|
*flags |= IO_ASYNCH_REPLY;
|
2022-01-11 08:56:57 +01:00
|
|
|
}
|
|
|
|
|
}
|
