[pkh] use the stored pk to derive the pkh

trilitech · Oct 31, 2024 · 9c7ee14 · 9c7ee14
1 parent 31d4c45
commit 9c7ee14
Show file tree

Hide file tree

Showing 15 changed files with 72 additions and 100 deletions.
diff --git a/src/apdu_sign.c b/src/apdu_sign.c
@@ -219,7 +219,9 @@ int handle_sign(buffer_t *cdata, const bool last, const bool with_hash) {
             break;
         case MAGIC_BYTE_UNSAFE_OP:
             // Parse the operation. It will be verified in `baking_sign_complete`.
-            TZ_CHECK(parse_operations(cdata, &G.maybe_ops.v, &global.path_with_curve));
+            TZ_CHECK(parse_operations(cdata,
+                                      &G.maybe_ops.v,
+                                      (cx_ecfp_public_key_t *) &global.public_key));
             break;
         default:
             TZ_FAIL(EXC_PARSE_ERROR);

diff --git a/src/keys.c b/src/keys.c
@@ -100,24 +100,10 @@ cx_err_t generate_public_key(cx_ecfp_public_key_t *public_key,
     return error;
 }
 
-/**
- * @brief Extract the public key hash from a public key and a curve
- *
- *        Is non-reentrant
- *
- * @param hash_out: public key hash output
- * @param hash_out_size: output size
- * @param compressed_out: compressed public key output
- *                        pass NULL if this value is not desired
- * @param derivation_type: curve
- * @param param public_key: public key
- * @return cx_err_t: error, CX_OK if none
- */
-static cx_err_t public_key_hash(uint8_t *const hash_out,
-                                size_t const hash_out_size,
-                                cx_ecfp_compressed_public_key_t *compressed_out,
-                                derivation_type_t const derivation_type,
-                                cx_ecfp_public_key_t const *const public_key) {
+cx_err_t public_key_hash(uint8_t *const hash_out,
+                         size_t const hash_out_size,
+                         cx_ecfp_compressed_public_key_t *compressed_out,
+                         cx_ecfp_public_key_t const *const public_key) {
     if ((hash_out == NULL) || (public_key == NULL)) {
         return CX_INVALID_PARAMETER;
     }
@@ -129,24 +115,23 @@ static cx_err_t public_key_hash(uint8_t *const hash_out,
     cx_ecfp_compressed_public_key_t *compressed =
         (cx_ecfp_compressed_public_key_t *) &(tz_ecfp_compressed_public_key_t){0};
 
-    switch (derivation_type) {
-        case DERIVATION_TYPE_ED25519:
-        case DERIVATION_TYPE_BIP32_ED25519: {
+    switch (public_key->curve) {
+        case CX_CURVE_Ed25519: {
             compressed->curve = public_key->curve;
             compressed->W_len = TZ_EDPK_LEN;
             memcpy(compressed->W, public_key->W + 1, compressed->W_len);
             break;
         }
-        case DERIVATION_TYPE_SECP256K1:
-        case DERIVATION_TYPE_SECP256R1: {
+        case CX_CURVE_SECP256K1:
+        case CX_CURVE_SECP256R1: {
             compressed->curve = public_key->curve;
             compressed->W_len = COMPRESSED_PK_LEN;
             memcpy(compressed->W, public_key->W, compressed->W_len);
             compressed->W[0] = 0x02 + (public_key->W[64] & 0x01);
             break;
         }
 #ifndef TARGET_NANOS
-        case DERIVATION_TYPE_BLS12_381: {
+        case CX_CURVE_BLS12_381_G1: {
             compressed->curve = public_key->curve;
             compressed->W_len = BLS_COMPRESSED_PK_LEN;
             memcpy(compressed->W, public_key->W + 1, compressed->W_len);
@@ -177,29 +162,6 @@ static cx_err_t public_key_hash(uint8_t *const hash_out,
     return error;
 }
 
-cx_err_t generate_public_key_hash(uint8_t *const hash_out,
-                                  size_t const hash_out_size,
-                                  cx_ecfp_compressed_public_key_t *compressed_out,
-                                  bip32_path_with_curve_t const *const path_with_curve) {
-    if ((hash_out == NULL) || (path_with_curve == NULL)) {
-        return CX_INVALID_PARAMETER;
-    }
-
-    cx_ecfp_public_key_t *pubkey = (cx_ecfp_public_key_t *) &(tz_ecfp_public_key_t){0};
-    cx_err_t error = CX_OK;
-
-    CX_CHECK(generate_public_key(pubkey, path_with_curve));
-
-    CX_CHECK(public_key_hash(hash_out,
-                             hash_out_size,
-                             compressed_out,
-                             path_with_curve->derivation_type,
-                             pubkey));
-
-end:
-    return error;
-}
-
 cx_err_t sign(uint8_t *const out,
               size_t *out_size,
               bip32_path_with_curve_t const *const path_with_curve,

diff --git a/src/keys.h b/src/keys.h
@@ -76,23 +76,22 @@ typedef enum {
     (((signature_type_t) 0 <= type) && (type < SIGNATURE_TYPE_UNSET))
 
 /**
- * @brief Converts `derivation_type` to `signature_type`
+ * @brief Gets the signature_type of a public_key
  *
- * @param derivation_type: derivation_type
+ * @param public_key: public key
  * @return signature_type_t: signature_type result
  */
-static inline signature_type_t derivation_type_to_signature_type(
-    derivation_type_t const derivation_type) {
-    switch (derivation_type) {
-        case DERIVATION_TYPE_SECP256K1:
+static inline signature_type_t signature_type_of_public_key(
+    cx_ecfp_public_key_t const *const public_key) {
+    switch (public_key->curve) {
+        case CX_CURVE_SECP256K1:
             return SIGNATURE_TYPE_SECP256K1;
-        case DERIVATION_TYPE_SECP256R1:
+        case CX_CURVE_SECP256R1:
             return SIGNATURE_TYPE_SECP256R1;
-        case DERIVATION_TYPE_ED25519:
-        case DERIVATION_TYPE_BIP32_ED25519:
+        case CX_CURVE_Ed25519:
             return SIGNATURE_TYPE_ED25519;
 #ifndef TARGET_NANOS
-        case DERIVATION_TYPE_BLS12_381:
+        case CX_CURVE_BLS12_381_G1:
             return SIGNATURE_TYPE_BLS12_381;
 #endif
         default:
@@ -266,19 +265,21 @@ cx_err_t generate_public_key(cx_ecfp_public_key_t *public_key,
                              bip32_path_with_curve_t const *const path_with_curve);
 
 /**
- * @brief Generates a public key hash from a bip32 path and a curve
+ * @brief Extract the public key hash from a public key and a curve
+ *
+ *        Is non-reentrant
  *
  * @param hash_out: public key hash output
  * @param hash_out_size: output size
  * @param compressed_out: compressed public key output
  *                        pass NULL if this value is not desired
- * @param path_with_curve: bip32 path and curve
+ * @param public_key: public key
  * @return cx_err_t: error, CX_OK if none
  */
-cx_err_t generate_public_key_hash(uint8_t *const hash_out,
-                                  size_t const hash_out_size,
-                                  cx_ecfp_compressed_public_key_t *const compressed_out,
-                                  bip32_path_with_curve_t const *const path_with_curve);
+cx_err_t public_key_hash(uint8_t *const hash_out,
+                         size_t const hash_out_size,
+                         cx_ecfp_compressed_public_key_t *compressed_out,
+                         cx_ecfp_public_key_t const *const public_key);
 
 /**
  * @brief Signs a message with a key

diff --git a/src/operations.c b/src/operations.c
@@ -93,26 +93,25 @@ static tz_parser_result parse_raw_tezos_header_signature_type(
  *
  * @param compressed_pubkey_out: compressed_pubkey output
  * @param contract_out: contract output
- * @param path_with_curve: bip32 path and curve of the key
+ * @param public_key: public key
  * @return tz_exc: exception, SW_OK if none
  */
 static inline tz_exc compute_pkh(cx_ecfp_compressed_public_key_t *const compressed_pubkey_out,
                                  parsed_contract_t *const contract_out,
-                                 bip32_path_with_curve_t const *const path_with_curve) {
+                                 cx_ecfp_public_key_t const *const public_key) {
     tz_exc exc = SW_OK;
     cx_err_t error = CX_OK;
 
-    TZ_ASSERT_NOT_NULL(path_with_curve);
+    TZ_ASSERT_NOT_NULL(public_key);
     TZ_ASSERT_NOT_NULL(compressed_pubkey_out);
     TZ_ASSERT_NOT_NULL(contract_out);
 
-    CX_CHECK(generate_public_key_hash(contract_out->hash,
-                                      sizeof(contract_out->hash),
-                                      compressed_pubkey_out,
-                                      path_with_curve));
+    CX_CHECK(public_key_hash(contract_out->hash,
+                             sizeof(contract_out->hash),
+                             compressed_pubkey_out,
+                             public_key));
 
-    contract_out->signature_type =
-        derivation_type_to_signature_type(path_with_curve->derivation_type);
+    contract_out->signature_type = signature_type_of_public_key(public_key);
     TZ_ASSERT(contract_out->signature_type != SIGNATURE_TYPE_UNSET, EXC_MEMORY_ERROR);
 
     contract_out->originated = 0;
@@ -251,25 +250,25 @@ static tz_parser_result parse_next_type(uint8_t current_byte,
  * @brief Initialize the operation parser
  *
  * @param out: parsing output
- * @param path_with_curve: bip32 path and curve of the key
+ * @param public_key: public key
  * @param state: parsing state
  * @return tz_exc: exception, SW_OK if none
  */
 static tz_exc parse_operations_init(struct parsed_operation_group *const out,
-                                    bip32_path_with_curve_t const *const path_with_curve,
+                                    cx_ecfp_public_key_t const *const public_key,
                                     struct parse_state *const state) {
     tz_exc exc = SW_OK;
 
     TZ_ASSERT_NOT_NULL(out);
-    TZ_ASSERT_NOT_NULL(path_with_curve);
+    TZ_ASSERT_NOT_NULL(public_key);
 
     memset(out, 0, sizeof(*out));
 
     out->operation.tag = OPERATION_TAG_NONE;
 
     TZ_CHECK(compute_pkh((cx_ecfp_compressed_public_key_t *) &out->public_key,
                          &out->signing,
-                         path_with_curve));
+                         public_key));
 
     // Start out with source = signing, for reveals
     memcpy(&out->operation.source, &out->signing, sizeof(out->signing));
@@ -490,11 +489,11 @@ static inline tz_parser_result parse_byte(uint8_t byte,
 
 tz_exc parse_operations(buffer_t *buf,
                         struct parsed_operation_group *const out,
-                        bip32_path_with_curve_t const *const path_with_curve) {
+                        cx_ecfp_public_key_t const *const public_key) {
     tz_exc exc = SW_OK;
     uint8_t byte;
 
-    TZ_CHECK(parse_operations_init(out, path_with_curve, &G.parse_state));
+    TZ_CHECK(parse_operations_init(out, public_key, &G.parse_state));
 
     while (buffer_read_u8(buf, &byte) == true) {
         TZ_ASSERT(parse_byte(byte, &G.parse_state, out) != PARSER_ERROR, EXC_PARSE_ERROR);

diff --git a/src/operations.h b/src/operations.h
@@ -145,17 +145,16 @@ struct parse_state {
  *        operation of any other type, which is the one it puts into
  *        the group.
  *
- *        Some checks are carried out during the parsing using a key using a key
+ *        Some checks are carried out during the parsing using a key
  *
  * @param buf: input operation
  * @param out: parsing output
- * @param curve: curve of the key
- * @param path_with_curve: bip32 path and curve of the key
+ * @param public_key: public key
  * @return tz_exc: exception, SW_OK if none
  */
 tz_exc parse_operations(buffer_t *buf,
                         struct parsed_operation_group *const out,
-                        bip32_path_with_curve_t const *const path_with_curve);
+                        cx_ecfp_public_key_t const *const public_key);
 
 /**
  * @brief Checks parsing has been completed successfully

diff --git a/src/to_string.c b/src/to_string.c
@@ -38,20 +38,17 @@ static int pkh_to_string(char *const dest,
 
 tz_exc bip32_path_with_curve_to_pkh_string(char *const out,
                                            size_t const out_size,
-                                           bip32_path_with_curve_t const *const key) {
+                                           cx_ecfp_public_key_t const *const public_key) {
     tz_exc exc = SW_OK;
     cx_err_t error = CX_OK;
     uint8_t hash[KEY_HASH_SIZE];
 
     TZ_ASSERT_NOT_NULL(out);
-    TZ_ASSERT_NOT_NULL(key);
+    TZ_ASSERT_NOT_NULL(public_key);
 
-    CX_CHECK(generate_public_key_hash(hash, sizeof(hash), NULL, key));
+    CX_CHECK(public_key_hash(hash, sizeof(hash), NULL, public_key));
 
-    TZ_ASSERT(pkh_to_string(out,
-                            out_size,
-                            derivation_type_to_signature_type(key->derivation_type),
-                            hash) >= 0,
+    TZ_ASSERT(pkh_to_string(out, out_size, signature_type_of_public_key(public_key), hash) >= 0,
               EXC_WRONG_LENGTH);
 
 end:

diff --git a/src/to_string.h b/src/to_string.h
@@ -37,12 +37,12 @@
  *
  * @param out: result output
  * @param out_size: output size
- * @param key: bip32 path and curve of the key
+ * @param public_key: public key
  * @return tz_exc: exception, SW_OK if none
  */
 tz_exc bip32_path_with_curve_to_pkh_string(char *const out,
                                            size_t const out_size,
-                                           bip32_path_with_curve_t const *const key);
+                                           cx_ecfp_public_key_t const *const public_key);
 
 /**
  * @brief Converts a chain id to string

diff --git a/src/ui_bagl.c b/src/ui_bagl.c
@@ -212,6 +212,9 @@ tz_exc calculate_idle_screen_chain_id(void) {
 
 tz_exc calculate_idle_screen_authorized_key(void) {
     tz_exc exc = SW_OK;
+    cx_err_t error = CX_OK;
+
+    cx_ecfp_public_key_t *authorized_pk = (cx_ecfp_public_key_t *) &(tz_ecfp_public_key_t){0};
 
     memset(&home_context.authorized_key, 0, sizeof(home_context.authorized_key));
 
@@ -221,12 +224,15 @@ tz_exc calculate_idle_screen_authorized_key(void) {
                               "No Key Authorized"),
                   EXC_WRONG_LENGTH);
     } else {
+        CX_CHECK(generate_public_key(authorized_pk, &g_hwm.baking_key));
+
         TZ_CHECK(bip32_path_with_curve_to_pkh_string(home_context.authorized_key,
                                                      sizeof(home_context.authorized_key),
-                                                     &g_hwm.baking_key));
+                                                     authorized_pk));
     }
 
 end:
+    TZ_CONVERT_CX();
     return exc;
 }
 

diff --git a/src/ui_delegation_bagl.c b/src/ui_delegation_bagl.c
@@ -63,7 +63,7 @@ int prompt_delegation(ui_callback_t const ok_cb, ui_callback_t const cxl_cb) {
 
     TZ_CHECK(bip32_path_with_curve_to_pkh_string(delegation_context.address,
                                                  sizeof(delegation_context.address),
-                                                 &global.path_with_curve));
+                                                 (cx_ecfp_public_key_t *) &global.public_key));
 
     TZ_ASSERT(microtez_to_string(delegation_context.fee,
                                  sizeof(delegation_context.fee),

diff --git a/src/ui_delegation_nbgl.c b/src/ui_delegation_nbgl.c
@@ -87,7 +87,7 @@ int prompt_delegation(ui_callback_t const ok_cb, ui_callback_t const cxl_cb) {
 
     TZ_CHECK(bip32_path_with_curve_to_pkh_string(delegation_context.tagValueRef[ADDRESS_IDX],
                                                  MAX_LENGTH,
-                                                 &global.path_with_curve));
+                                                 (cx_ecfp_public_key_t *) &global.public_key));
 
     TZ_ASSERT(microtez_to_string(delegation_context.tagValueRef[FEE_IDX],
                                  MAX_LENGTH,

diff --git a/src/ui_nbgl.c b/src/ui_nbgl.c
@@ -68,6 +68,9 @@ static const nbgl_contentInfoList_t infoList = {.nbInfos = INFO_NB,
  */
 static void initInfo(void) {
     tz_exc exc = SW_OK;
+    cx_err_t error = CX_OK;
+
+    cx_ecfp_public_key_t* authorized_pk = (cx_ecfp_public_key_t*) &(tz_ecfp_public_key_t){0};
 
     for (tz_infoIndex_t idx = 0; idx < INFO_NB; idx++) {
         infoContents[idx] = infoContentsBridge[idx];
@@ -82,9 +85,11 @@ static void initInfo(void) {
         TZ_ASSERT(copy_string(infoContentsBridge[PKH_IDX], MAX_LENGTH, "No Key Authorized"),
                   EXC_WRONG_LENGTH);
     } else {
+        CX_CHECK(generate_public_key(authorized_pk, &g_hwm.baking_key));
+
         TZ_CHECK(bip32_path_with_curve_to_pkh_string(infoContentsBridge[PKH_IDX],
                                                      MAX_LENGTH,
-                                                     &g_hwm.baking_key));
+                                                     authorized_pk));
     }
 
     TZ_ASSERT(hwm_to_string(infoContentsBridge[HWM_IDX], MAX_LENGTH, &g_hwm.hwm.main) >= 0,
@@ -105,6 +110,7 @@ static void initInfo(void) {
         EXC_WRONG_LENGTH);
 
 end:
+    TZ_CONVERT_CX();
     TZ_EXC_PRINT(exc);
 }
 

diff --git a/src/ui_pubkey_bagl.c b/src/ui_pubkey_bagl.c
@@ -60,7 +60,7 @@ int prompt_pubkey(bool authorize, ui_callback_t ok_cb, ui_callback_t cxl_cb) {
 
     TZ_CHECK(bip32_path_with_curve_to_pkh_string(address_context.public_key_hash,
                                                  sizeof(address_context.public_key_hash),
-                                                 &global.path_with_curve));
+                                                 (cx_ecfp_public_key_t *) &global.public_key));
 
     ux_prepare_confirm_callbacks(ok_cb, cxl_cb);
     if (authorize) {

diff --git a/src/ui_pubkey_nbgl.c b/src/ui_pubkey_nbgl.c
@@ -71,7 +71,7 @@ int prompt_pubkey(bool authorize, ui_callback_t ok_cb, ui_callback_t cxl_cb) {
 
     TZ_CHECK(bip32_path_with_curve_to_pkh_string(address_context.buffer,
                                                  sizeof(address_context.buffer),
-                                                 &global.path_with_curve));
+                                                 (cx_ecfp_public_key_t*) &global.public_key));
 
     const char* text;
     if (authorize) {