feat(cardano): Message signing

Author: jaskp

common/protob/messages-cardano.proto

@@ -500,3 +500,48 @@ message CardanoTxBodyHash {
  */
 message CardanoSignTxFinished {
 }
+
+/**
+ * Request: Ask device to sign a message containing arbitrary data
+ * @start
+ * @next CardanoMessageItemAck
+ */
+message CardanoSignMessageInit {
+    optional uint32 protocol_magic = 1;                           // network's protocol magic
+    optional uint32 network_id = 2;                               // network id - mainnet or testnet
+    repeated uint32 signing_path = 3;                             // BIP-32-style path to derive the signing key from master node
+    required uint32 payload_size = 4;                             // size of the payload to be signed
+    required bool hash_payload = 5;                               // whether to hash the payload before signing
+    required bool display_ascii = 6;                              // decode payload as ASCII
+    optional CardanoAddressParametersType address_parameters = 7;
+    required CardanoDerivationType derivation_type = 8;
+}
+
+/**
+ * @next CardanoMessagePayloadChunk
+ * @next CardanoMessageItemHostAck
+ */
+message CardanoMessageItemAck {
+}
+
+/**
+ * @next CardanoMessageItemAck
+ */
+message CardanoMessagePayloadChunk {
+    required bytes data = 1;  // expected maximum chunk size is 1024 bytes
+}
+
+/**
+ * @next CardanoSignMessageFinished
+ */
+message CardanoMessageItemHostAck {
+}
+
+/**
+ * Response: Contains signature for message and address used in signed headers
+ * @end
+ */
+message CardanoSignMessageFinished {
+    required bytes signature = 1;
+    required bytes address = 2;
+}

common/protob/messages.proto

@@ -294,6 +294,11 @@ enum MessageType {
     MessageType_CardanoTxInlineDatumChunk = 335 [(wire_in) = true];
     MessageType_CardanoTxReferenceScriptChunk = 336 [(wire_in) = true];
     MessageType_CardanoTxReferenceInput = 337 [(wire_in) = true];
+    MessageType_CardanoSignMessageInit = 338 [(wire_in) = true];
+    MessageType_CardanoMessagePayloadChunk = 339 [(wire_in) = true];
+    MessageType_CardanoMessageItemAck = 340 [(wire_out) = true];
+    MessageType_CardanoMessageItemHostAck = 341 [(wire_in) = true];
+    MessageType_CardanoSignMessageFinished = 342 [(wire_out) = true];
 
     // Ripple
     MessageType_RippleGetAddress = 400 [(wire_in) = true];

common/tests/fixtures/cardano/sign_message.failed.json

@@ -0,0 +1,50 @@
+{
+  "setup": {
+    "mnemonic": "all all all all all all all all all all all all",
+    "passphrase": ""
+  },
+  "tests": [
+    {
+      "description": "Unhashed payload too long",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765",
+        "hash_payload": false,
+        "display_ascii": false
+      },
+      "result": {
+        "error_message": "Payload too long to sign without hashing"
+      }
+    },
+    {
+      "description": "Payload cannot be decoded to ASCII",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "ff",
+        "hash_payload": false,
+        "display_ascii": true
+      },
+      "result": {
+        "error_message": "Payload cannot be decoded as ASCII or its decoding leads to a visually ambiguous string"
+      }
+    },
+    {
+      "description": "Payload is ambiguous when decoded as ASCII",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "20",
+        "hash_payload": false,
+        "display_ascii": true
+      },
+      "result": {
+        "error_message": "Payload cannot be decoded as ASCII or its decoding leads to a visually ambiguous string"
+      }
+    }
+  ]
+}

common/tests/fixtures/cardano/sign_message.json

@@ -0,0 +1,133 @@
+{
+  "setup": {
+    "mnemonic": "all all all all all all all all all all all all",
+    "passphrase": ""
+  },
+  "tests": [
+    {
+      "description": "Sign short non-ASCII payload",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "ff00",
+        "hash_payload": false,
+        "display_ascii": false
+      },
+      "result": {
+        "signature": "5ad6ba670e65353b2c1ad4053a1ed4a9348a73fe965ffa0afafa24bad06e3eb3e325d49029604c09bf665c3c43a750ec81a43b1f8b746b07e999b913b980d006",
+        "address": "d9553a4de9c7ad8532abdb1d0a7f425b8007d25c9f1edcf0b5f5c3ba"
+      }
+    },
+    {
+      "description": "Sign short non-ASCII payload with address parameters",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "ff00",
+        "hash_payload": false,
+        "address_parameters": {
+          "addressType": 0,
+          "path": "m/1852'/1815'/0'/0/0",
+          "stakingPath": "m/1852'/1815'/0'/2/0"
+        },
+        "display_ascii": false
+      },
+      "result": {
+        "signature": "9efaff0b74c0beb2cadd727d8bafe13b31107235c5fc46c6c33e596e024d391c9fbe37072e43965add6ee0a4788562382031486b74fd59d636aa1ca3b1ddfe06",
+        "address": "0180f9e2c88e6c817008f3a812ed889b4a4da8e0bd103f86e7335422aa122a946b9ad3d2ddf029d3a828f0468aece76895f15c9efbd69b4277"
+      }
+    },
+    {
+      "description": "Sign short non-ASCII payload hash",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "ff00",
+        "hash_payload": true,
+        "display_ascii": false
+      },
+      "result": {
+        "signature": "2c325e542fa78d76d916e50f50b85e770354a44e071f08fdb8ec5d0bcbf844cf70dcf5c87b7a51cd7f0269a59eec8d438c3c27eb42b971e7ccb7f864714c4b06",
+        "address": "d9553a4de9c7ad8532abdb1d0a7f425b8007d25c9f1edcf0b5f5c3ba"
+      }
+    },
+        {
+      "description": "Sign short ASCII payload",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "54657374",
+        "hash_payload": false,
+        "display_ascii": true
+      },
+      "result": {
+        "signature": "2201b8e7fa9ea919935e06ecc3e845433855066acaaf61cb8e624a2eb7139b73a9d126e7ee04548fff06ac933bd5419fc78c5aebee9b536cbee1481b52ec3e03",
+        "address": "d9553a4de9c7ad8532abdb1d0a7f425b8007d25c9f1edcf0b5f5c3ba"
+      }
+    },
+            {
+      "description": "Sign short ASCII payload rendered as hex",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "54657374",
+        "hash_payload": false,
+        "display_ascii": false
+      },
+      "result": {
+        "signature": "2201b8e7fa9ea919935e06ecc3e845433855066acaaf61cb8e624a2eb7139b73a9d126e7ee04548fff06ac933bd5419fc78c5aebee9b536cbee1481b52ec3e03",
+        "address": "d9553a4de9c7ad8532abdb1d0a7f425b8007d25c9f1edcf0b5f5c3ba"
+      }
+    },
+    {
+      "description": "Sign empty payload",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "",
+        "hash_payload": false,
+        "display_ascii": false
+      },
+      "result": {
+        "signature": "b09177a06cb2deba7ada89fec96fc4380e746f67c6b16a9ef9ae6b7cbbe941fdad8a8a573b809cd88db296b91b476c436033a29d86a63959e270047e47cd5d0d",
+        "address": "d9553a4de9c7ad8532abdb1d0a7f425b8007d25c9f1edcf0b5f5c3ba"
+      }
+    },
+    {
+      "description": "Sign empty payload hash",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "",
+        "hash_payload": true,
+        "display_ascii": false
+      },
+      "result": {
+        "signature": "a2503039a8ec620e05d9e4345339d61cd11480fbfcc75ea1a10789751a7c5f46ba06786eb1719da62db76c20313ad3445839b8117abac206cc4bd63ea623fc07",
+        "address": "d9553a4de9c7ad8532abdb1d0a7f425b8007d25c9f1edcf0b5f5c3ba"
+      }
+    },
+    {
+      "description": "Sign long ASCII payload hash",
+      "parameters": {
+        "signing_path": "m/1852'/1815'/4'/0/0",
+        "network_id": 1,
+        "protocol_magic": 764824073,
+        "payload": "566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765566572794c6f6e674d657373616765",
+        "hash_payload": true,
+        "display_ascii": true
+      },
+      "result": {
+        "signature": "92331e75bb4c3208317ac422f2fc9d8b9b09d3f81cc487edaa7028d262553e5691532fb166a40e45eb2e4addd4280ff7e07bd4249e964d969e91555317b05f08",
+        "address": "d9553a4de9c7ad8532abdb1d0a7f425b8007d25c9f1edcf0b5f5c3ba"
+      }
+    }
+  ]
+}

core/.changelog.d/noissue.added

@@ -0,0 +1 @@
+Cardano: Add support for signing arbitrary messages

core/src/all_modules.py

@@ -459,6 +459,8 @@
     import apps.cardano.helpers.account_path_check
     apps.cardano.helpers.bech32
     import apps.cardano.helpers.bech32
+    apps.cardano.helpers.chunks
+    import apps.cardano.helpers.chunks
     apps.cardano.helpers.credential
     import apps.cardano.helpers.credential
     apps.cardano.helpers.hash_builder_collection
@@ -477,6 +479,8 @@
     import apps.cardano.native_script
     apps.cardano.seed
     import apps.cardano.seed
+    apps.cardano.sign_message
+    import apps.cardano.sign_message
     apps.cardano.sign_tx
     import apps.cardano.sign_tx
     apps.cardano.sign_tx.multisig_signer

core/src/apps/cardano/addresses.py

@@ -46,6 +46,13 @@
     CardanoAddressType.ENTERPRISE_SCRIPT,
 )
 
+ADDRESS_TYPES_MESSAGE = (
+    CardanoAddressType.BASE,
+    CardanoAddressType.BASE_KEY_SCRIPT,
+    CardanoAddressType.ENTERPRISE,
+    CardanoAddressType.REWARD,
+)
+
 ADDRESS_TYPES_PAYMENT = ADDRESS_TYPES_PAYMENT_KEY + ADDRESS_TYPES_PAYMENT_SCRIPT
 
 _MIN_ADDRESS_BYTES_LENGTH = const(29)
@@ -242,6 +249,13 @@ def validate_cvote_payment_address_parameters(
     assert_params_cond(parameters.address_type in ADDRESS_TYPES_SHELLEY)
 
 
+def validate_message_address_parameters(
+    parameters: messages.CardanoAddressParametersType,
+) -> None:
+    validate_address_parameters(parameters)
+    assert_params_cond(parameters.address_type in ADDRESS_TYPES_MESSAGE)
+
+
 def assert_cond(condition: bool) -> None:
     if not condition:
         raise ProcessError("Invalid address")

core/src/apps/cardano/helpers/chunks.py

@@ -0,0 +1,79 @@
+from micropython import const
+from typing import TYPE_CHECKING
+
+from trezor import messages, protobuf
+from trezor.wire import ProcessError
+from trezor.wire.context import call as ctx_call
+
+if TYPE_CHECKING:
+    from typing import Generic, TypeVar, Union
+
+    Chunk = Union[
+        messages.CardanoTxInlineDatumChunk,
+        messages.CardanoTxReferenceScriptChunk,
+        messages.CardanoMessagePayloadChunk,
+    ]
+
+    C = TypeVar("C", bound=Chunk)
+else:
+    # typechecker cheat
+    Generic = (object,)
+    C = Chunk = 0
+
+MAX_CHUNK_SIZE = const(1024)
+
+
+def _get_chunks_count(size: int) -> int:
+    """Integer-only version of `ceil(size / MAX_CHUNK_SIZE)`."""
+    assert size >= 0
+    return 0 if size == 0 else (size - 1) // MAX_CHUNK_SIZE + 1
+
+
+def _validate_chunk(
+    chunk: Chunk,
+    chunk_index: int,
+    total_size: int,
+) -> None:
+    chunks_count = _get_chunks_count(total_size)
+    assert chunk_index < chunks_count
+
+    if len(chunk.data) > MAX_CHUNK_SIZE:
+        raise ProcessError("Invalid chunk: Too large")
+
+    is_last_chunk = chunk_index == chunks_count - 1
+
+    if not is_last_chunk and len(chunk.data) < MAX_CHUNK_SIZE:
+        raise ProcessError("Invalid intermediate chunk: Too small")
+
+    if (
+        is_last_chunk
+        # check whether this chunk and preceding chunks add up to the supposed size
+        and len(chunk.data) + MAX_CHUNK_SIZE * (chunks_count - 1) != total_size
+    ):
+        raise ProcessError("Invalid last chunk: Size inconsistent with total bytes")
+
+
+class ChunkIterator(Generic[C]):
+    def __init__(
+        self,
+        total_size: int,
+        ack_msg: protobuf.MessageType,
+        chunk_type: type[C],
+    ) -> None:
+        self.ack_msg = ack_msg
+        self.chunk_type = chunk_type
+        self.chunk_index = 0
+        self.chunks_count = _get_chunks_count(total_size)
+        self.total_size = total_size
+
+    def __aiter__(self) -> "ChunkIterator":
+        return self
+
+    async def __anext__(self) -> tuple[int, C]:
+        if self.chunk_index >= self.chunks_count:
+            raise StopAsyncIteration
+        chunk: C = await ctx_call(self.ack_msg, self.chunk_type)
+        _validate_chunk(chunk, chunk_index=self.chunk_index, total_size=self.total_size)
+        result = (self.chunk_index, chunk)
+        self.chunk_index += 1
+        return result