58 CX_ASSERT(cx_sha256_init_no_throw(&hash_ctx->
sha256));
59 CX_ASSERT(cx_sha3_init_no_throw(&hash_ctx->
sha3_256, CX_SHA3_256_SIZE * 8));
60 CX_ASSERT(cx_keccak_init_no_throw(&hash_ctx->
keccak_256, CX_KECCAK_256_SIZE * 8));
61 CX_ASSERT(cx_ripemd160_init_no_throw(&hash_ctx->
ripemd160));
62 CX_ASSERT(cx_sha512_init_no_throw(&hash_ctx->
sha512));
69 CX_ASSERT(cx_hash_update((cx_hash_t *) &hash_ctx->
sha256, data.
ptr, data.
size));
70 CX_ASSERT(cx_hash_update((cx_hash_t *) &hash_ctx->
sha3_256, data.
ptr, data.
size));
71 CX_ASSERT(cx_hash_update((cx_hash_t *) &hash_ctx->
keccak_256, data.
ptr, data.
size));
72 CX_ASSERT(cx_hash_update((cx_hash_t *) &hash_ctx->
ripemd160, data.
ptr, data.
size));
73 CX_ASSERT(cx_hash_update((cx_hash_t *) &hash_ctx->
sha512, data.
ptr, data.
size));
82 switch (signer_algo) {
84 hash = (cx_hash_t *) &hash_ctx->
sha256;
85 multi_hash_finalized->
hash.
size =
sizeof(multi_hash_finalized->
_sha256);
89 hash = (cx_hash_t *) &hash_ctx->
sha3_256;
98 hash = (cx_hash_t *) &hash_ctx->
ripemd160;
102 hash = (cx_hash_t *) &hash_ctx->
sha512;
103 multi_hash_finalized->
hash.
size =
sizeof(multi_hash_finalized->
_sha512);
106 PRINTF(
"Unknown signer_algo %d\n", signer_algo);
111 if (cx_hash_final(hash, &multi_hash_finalized->
_offset_0) != CX_OK) {
112 PRINTF(
"cx_hash_final failed for algo %d\n", signer_algo);
190 if (data->
value.
size !=
sizeof(tlv_extracted->
output->not_valid_after)) {
191 PRINTF(
"Invalid handle_not_valid_after format length %d\n", data->
value.
size);
194 tlv_extracted->
output->not_valid_after.major = data->
value.
ptr[0];
195 tlv_extracted->
output->not_valid_after.minor = data->
value.
ptr[1];
196 tlv_extracted->
output->not_valid_after.patch = U2BE(data->
value.
ptr, 2);
197 PRINTF(
"major = %d minor = %d patch = %d\n",
198 tlv_extracted->
output->not_valid_after.major,
199 tlv_extracted->
output->not_valid_after.minor,
200 tlv_extracted->
output->not_valid_after.patch);
225 X(0x01, TAG_STRUCTURE_TYPE, handle_structure_type, ENFORCE_UNIQUE_TAG) \
226 X(0x02, TAG_VERSION, handle_version, ENFORCE_UNIQUE_TAG) \
227 X(0x70, TAG_TRUSTED_NAME_TYPE, handle_trusted_name_type, ENFORCE_UNIQUE_TAG) \
228 X(0x71, TAG_TRUSTED_NAME_SOURCE, handle_trusted_name_source, ENFORCE_UNIQUE_TAG) \
229 X(0x20, TAG_TRUSTED_NAME, handle_trusted_name, ENFORCE_UNIQUE_TAG) \
230 X(0x23, TAG_CHAIN_ID, handle_chain_id, ENFORCE_UNIQUE_TAG) \
231 X(0x22, TAG_ADDRESS, handle_address, ENFORCE_UNIQUE_TAG) \
232 X(0x72, TAG_NFT_ID, handle_nft_id, ENFORCE_UNIQUE_TAG) \
233 X(0x73, TAG_SOURCE_CONTRACT, handle_source_contract, ENFORCE_UNIQUE_TAG) \
234 X(0x12, TAG_CHALLENGE, handle_challenge, ENFORCE_UNIQUE_TAG) \
235 X(0x10, TAG_NOT_VALID_AFTER, handle_not_valid_after, ENFORCE_UNIQUE_TAG) \
236 X(0x13, TAG_SIGNER_KEY_ID, handle_signer_key_id, ENFORCE_UNIQUE_TAG) \
237 X(0x14, TAG_SIGNER_ALGORITHM, handle_signer_algorithm, ENFORCE_UNIQUE_TAG) \
238 X(0x15, TAG_DER_SIGNATURE, handle_der_signature, ENFORCE_UNIQUE_TAG)
245 if (data->tag != TAG_DER_SIGNATURE) {
253#ifdef TRUSTED_NAME_TEST_KEY
260 PRINTF(
"Error: no struct type specified!\n");
265 PRINTF(
"Error: unexpected struct type %d\n", tlv_extracted->
structure_type);
272 TAG_TRUSTED_NAME_TYPE,
273 TAG_TRUSTED_NAME_SOURCE,
278 TAG_SIGNER_ALGORITHM,
279 TAG_DER_SIGNATURE)) {
280 PRINTF(
"Error: missing required fields in struct version %d\n",
286 tlv_extracted->
output->nft_id_received
288 tlv_extracted->
output->source_contract_received
290 tlv_extracted->
output->challenge_received
292 tlv_extracted->
output->not_valid_after_received
297 PRINTF(
"Error: unsupported struct version %d\n", tlv_extracted->
output->
version);
301 if (tlv_extracted->
output->source_contract_received
303 PRINTF(
"Error: source_contract_received is only supported in v >= %d\n",
309 PRINTF(
"Error: wrong metadata key ID %u\n", tlv_extracted->
signer_key_id);
323 PRINTF(
"finalize_hash_for_algo failed\n");
330 curve = CX_CURVE_Ed25519;
334 curve = CX_CURVE_SECP256K1;
340 uint8_t expected_key_usage = CERTIFICATE_PUBLIC_KEY_USAGE_TRUSTED_NAME;
342 multi_hash_finalized.
hash, &expected_key_usage, &curve, tlv_extracted->
input_sig);
344 PRINTF(
"Failed to verify signature of trusted token info\n");
356 tlv_extracted.
output = out;
363 if (!parse_tlv_trusted_name(payload, &tlv_extracted, &tlv_extracted.
received_tags)) {
364 PRINTF(
"Failed to parse tlv payload\n");
371 PRINTF(
"Failed to verify tlv payload\n");
378 PRINTF(
"Failed to verify trusted name signature\n");
check_signature_with_pki_status_t check_signature_with_pki(const buffer_t hash, const uint8_t *expected_key_usage, const cx_curve_t *expected_curve, const buffer_t signature)
Checks a signature using the PKI certificate.
@ CHECK_SIGNATURE_WITH_PKI_SUCCESS
enum check_signature_with_pki_status_e check_signature_with_pki_status_t
size_t size
Pointer to byte buffer.
uint8_t _keccak_256[CX_KECCAK_256_SIZE]
uint8_t _ripemd160[CX_RIPEMD160_SIZE]
uint8_t _sha3_256[CX_SHA3_256_SIZE]
uint8_t _sha256[CX_SHA256_SIZE]
uint8_t _sha512[CX_SHA512_SIZE]
bool get_uint16_t_from_tlv_data(const tlv_data_t *data, uint16_t *value)
Extract a uint16_t value from TLV data.
bool get_uint64_t_from_tlv_data(const tlv_data_t *data, uint64_t *value)
Extract a uint64_t value from TLV data.
bool get_uint8_t_from_tlv_data(const tlv_data_t *data, uint8_t *value)
Extract a uint8_t value from TLV data.
bool get_buffer_from_tlv_data(const tlv_data_t *data, buffer_t *out, uint16_t min_size, uint16_t max_size)
Extract a sized buffer from TLV data (zero-copy).
bool get_uint32_t_from_tlv_data(const tlv_data_t *data, uint32_t *value)
Extract a uint32_t value from TLV data.
#define DEFINE_TLV_PARSER(TAG_LIST, COMMON_HANDLER, PARSE_FUNCTION_NAME)
Creates a parser function for a given TLV use case.
#define TLV_CHECK_RECEIVED_TAGS(received,...)
#define DER_SIGNATURE_MIN_SIZE
#define DER_SIGNATURE_MAX_SIZE
static tlv_trusted_name_status_t verify_struct(const tlv_extracted_t *tlv_extracted)
tlv_trusted_name_status_t tlv_use_case_trusted_name(const buffer_t *payload, tlv_trusted_name_out_t *out)
Processes a TLV dynamic descriptor use case.
static bool handle_trusted_name_source(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static bool handle_trusted_name_type(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static bool handle_chain_id(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static void update_multi_hash_ctx(multi_hash_ctx_t *hash_ctx, buffer_t data)
struct tlv_extracted_s tlv_extracted_t
static bool handle_address(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static bool handle_signer_key_id(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static tlv_trusted_name_status_t verify_signature(const tlv_extracted_t *tlv_extracted)
static bool handle_nft_id(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static bool handle_signer_algorithm(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static bool handle_version(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static bool handle_source_contract(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static bool handle_not_valid_after(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static bool handle_trusted_name(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
struct multi_hash_finalized_u multi_hash_finalized_t
static bool handle_structure_type(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static void init_multi_hash_ctx(multi_hash_ctx_t *hash_ctx)
struct multi_hash_ctx_s multi_hash_ctx_t
static bool handle_common(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static int finalize_hash_for_algo(const multi_hash_ctx_t *hash_ctx, tlv_trusted_name_signer_algorithm_t signer_algo, multi_hash_finalized_t *multi_hash_finalized)
static bool handle_der_signature(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
static bool handle_challenge(const tlv_data_t *data, tlv_extracted_t *tlv_extracted)
@ TLV_TRUSTED_NAME_SIGNER_KEY_ID_PROD
@ TLV_TRUSTED_NAME_SIGNER_KEY_ID_TEST
#define TRUSTED_NAME_STRINGS_MAX_SIZE
enum tlv_trusted_name_status_e tlv_trusted_name_status_t
#define CURRENT_TRUSTED_NAME_SPEC_VERSION
@ TLV_STRUCTURE_TYPE_TRUSTED_NAME
@ TLV_TRUSTED_NAME_WRONG_KEY_ID
@ TLV_TRUSTED_NAME_SIGNATURE_ERROR
@ TLV_TRUSTED_NAME_PARSING_ERROR
@ TLV_TRUSTED_NAME_UNKNOWN_VERSION
@ TLV_TRUSTED_NAME_SUCCESS
@ TLV_TRUSTED_NAME_MISSING_TAG
@ TLV_TRUSTED_NAME_UNSUPPORTED_TAG
@ TLV_TRUSTED_NAME_MISSING_STRUCTURE_TAG
@ TLV_TRUSTED_NAME_WRONG_TYPE
@ TLV_TRUSTED_NAME_HASH_FAILED
enum tlv_trusted_name_signer_algorithm_e tlv_trusted_name_signer_algorithm_t
@ TLV_TRUSTED_NAME_SIGNER_ALGORITHM_ECDSA_SHA3_256
@ TLV_TRUSTED_NAME_SIGNER_ALGORITHM_EDDSA_KECCAK_256
@ TLV_TRUSTED_NAME_SIGNER_ALGORITHM_ECDSA_SHA256
@ TLV_TRUSTED_NAME_SIGNER_ALGORITHM_ECDSA_KECCAK_256
@ TLV_TRUSTED_NAME_SIGNER_ALGORITHM_EDDSA_SHA3_256
@ TLV_TRUSTED_NAME_SIGNER_ALGORITHM_ECDSA_RIPEMD160
@ TLV_TRUSTED_NAME_SIGNER_ALGORITHM_ECDSA_SHA512
#define SOURCE_CONTRACT_RECEIVED_MIN_VERSION