Comments (6)
romanz
commented on July 19, 2024
from multibit-hardware.
romanz
commented on July 19, 2024
Currently, the TREZOR firmware is using max_size=256 for SignIdentity.challenge_hidden:
https://github.com/trezor/trezor-mcu/blob/master/firmware/protob/messages.options#L91
For NIST256P1 elliptic curve, I have seen 209 byte-long blobs passed to ssh-agent for signature:
2016-02-27 19:45:41,998 DEBUG calling sign_message() [protocol.py:53]
2016-02-27 19:45:41,998 DEBUG key type: ecdsa-sha2-nistp256 [formats.py:51]
2016-02-27 19:45:41,998 DEBUG curve name: nistp256 [formats.py:58]
2016-02-27 19:45:41,998 DEBUG looking for 58:77:de:fe:62:b0:98:2b:fd:4f:ac:03:7a:dc:5f:47 [protocol.py:87]
2016-02-27 19:45:41,998 DEBUG using key 'ssh://localhost' (58:77:de:fe:62:b0:98:2b:fd:4f:ac:03:7a:dc:5f:47) [protocol.py:94]
2016-02-27 19:45:41,998 DEBUG signing 209-byte blob [protocol.py:100]
2016-02-27 19:45:41,998 DEBUG parsed identity: {'path': None, 'host': u'localhost', 'proto': u'ssh', 'port': None, 'user': None} [client.py:104]
2016-02-27 19:45:41,999 DEBUG key type: ecdsa-sha2-nistp256 [formats.py:51]
2016-02-27 19:45:41,999 DEBUG curve name: nistp256 [formats.py:58]
2016-02-27 19:45:41,999 DEBUG ssh-connection: user 'roman' via 'publickey' ('ecdsa-sha2-nistp256') [client.py:66]
2016-02-27 19:45:41,999 DEBUG nonce: 56320455f525293be340cf9be4a713432033cba710c32b6aebb70c877b3c3444 [client.py:67]
2016-02-27 19:45:41,999 DEBUG fingerprint: 58:77:de:fe:62:b0:98:2b:fd:4f:ac:03:7a:dc:5f:47 [client.py:68]
2016-02-27 19:45:41,999 INFO please confirm user "roman" login to "ssh://localhost" using Trezor... [client.py:71]
2016-02-27 19:45:52,200 DEBUG signature: 6a905c9842d5128af926649edf89b15d0842c206f17e30ce69e11f79116771856b1a2e8afe14808aa1bdb900697ffefcfe93f3caecd47fd08b64a92c116d06e6 [protocol.py:103]
2016-02-27 19:45:52,394 INFO signature status: OK [protocol.py:107]
2016-02-27 19:45:52,394 DEBUG signature size: 74 bytes [protocol.py:112]
2016-02-27 19:45:52,394 DEBUG reply: 110 bytes [protocol.py:56]
https://github.com/romanz/trezor-agent/blob/master/trezor_agent/protocol.py#L100
from multibit-hardware.
martin-lizner
commented on July 19, 2024
Ok, 256 bytes will do. Please fix :-) Yeah 209 is about right... M.
from multibit-hardware.
gary-rowe
commented on July 19, 2024
I've increased the sizes and pushed the code against develop.
Ready for review and close.
from multibit-hardware.
gary-rowe
commented on July 19, 2024
Thanks for the additional help @romanz - much appreciated.
from multibit-hardware.
martin-lizner
commented on July 19, 2024
Fixed. Thank you guys.
from multibit-hardware.
Related Issues (20)
- Improve shutdown process when no Trezor is attached HOT 2
- Simplify staging repository configuration HOT 2
- Support Trezor 1.3.3 (breaking change) HOT 6
- Support for P2SH is missing HOT 2
- Add support for MultiBit Commons HOT 2
- Add support for Ping HOT 2
- Add support for Bitcoinj 0.13.2 Alice 0.1.3 HOT 1
- Getting `Device not attached` error HOT 4
- Trezor API - SignIdentity msg support HOT 9
- Trezor API - Add support for Encrypt/Decrypt Message
- Trezor API - Add support for seed phrase recovery
- Trezor API - Add support for passphrase HOT 2
- Trezor API - Identity URI bug HOT 1
- Trezor API - Multisession Operation HOT 1
- Trezor API - USB attach takes long time HOT 15
- Include a proper license header in source files
- TREZOR 1.4.0 fails on Windows HOT 3
- Trezor Examples only work intermittenly
- For more security spongycastle -> bouncycastle
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from multibit-hardware.