diff --git a/CHANGELOG.md b/CHANGELOG.md index a52da099d..187358175 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,8 @@ # Changelog 26.03.1 - March 2025 ### Security Fixes -Reject PSBT inputs with non-standard sighash types before signing +- Reject PSBT inputs with non-standard sighash types before signing +- Warn user before signing raw hashes in message signing # Changelog 26.03.0 - March 2025 diff --git a/i18n/translations/de-DE.json b/i18n/translations/de-DE.json index 9efac85e2..f2194616a 100644 --- a/i18n/translations/de-DE.json +++ b/i18n/translations/de-DE.json @@ -276,6 +276,7 @@ "Signature:": "Signatur:", "Signed Message": "Signierte Nachricht", "Signed PSBT": "Signierte PSBT", + "Signing raw hash. Proceed only if you trust the source.": "Signieren von Roh-Hash. Fahren Sie nur fort, wenn Sie der Quelle vertrauen.", "Signing…": "Unterzeichnung…", "Single-sig": "Single-Sig", "Size:": "Größe:", diff --git a/i18n/translations/es-MX.json b/i18n/translations/es-MX.json index ad181ab6a..2784413d1 100644 --- a/i18n/translations/es-MX.json +++ b/i18n/translations/es-MX.json @@ -276,6 +276,7 @@ "Signature:": "Firma:", "Signed Message": "Mensaje Firmado", "Signed PSBT": "PSBT Firmado", + "Signing raw hash. Proceed only if you trust the source.": "Firmar hash sin procesar. Proceda solo si confía en la fuente.", "Signing…": "Firma…", "Single-sig": "Single-sig", "Size:": "Tamaño:", diff --git a/i18n/translations/fr-FR.json b/i18n/translations/fr-FR.json index e9be61249..d761a902f 100644 --- a/i18n/translations/fr-FR.json +++ b/i18n/translations/fr-FR.json @@ -276,6 +276,7 @@ "Signature:": "Signature :", "Signed Message": "Message signé", "Signed PSBT": "PSBT signé", + "Signing raw hash. Proceed only if you trust the source.": "Signature du hachage brut. Procédez uniquement si vous faites confiance à la source.", "Signing…": "Signature…", "Single-sig": "Clé unique", "Size:": "Capacité :", diff --git a/i18n/translations/ja-JP.json b/i18n/translations/ja-JP.json index a2dfc2969..facbd1edc 100644 --- a/i18n/translations/ja-JP.json +++ b/i18n/translations/ja-JP.json @@ -276,6 +276,7 @@ "Signature:": "サイン:", "Signed Message": "サイン付きメッセージ", "Signed PSBT": "サインされたPSBT", + "Signing raw hash. Proceed only if you trust the source.": "生のハッシュに署名します.ソースを信頼している場合にのみ続行します.", "Signing…": "署名…", "Single-sig": "シングルサイン", "Size:": "サイズ:", diff --git a/i18n/translations/ko-KR.json b/i18n/translations/ko-KR.json index 0124099b0..6b197e5b3 100644 --- a/i18n/translations/ko-KR.json +++ b/i18n/translations/ko-KR.json @@ -276,6 +276,7 @@ "Signature:": "서명:", "Signed Message": "서명된 메시지", "Signed PSBT": "서명된 PSBT", + "Signing raw hash. Proceed only if you trust the source.": "원시 해시에 서명합니다. 소스를 신뢰하는 경우에만 진행합니다.", "Signing…": "서명…", "Single-sig": "단일서명", "Size:": "크기:", diff --git a/i18n/translations/nl-NL.json b/i18n/translations/nl-NL.json index 0595c0435..7b9517beb 100644 --- a/i18n/translations/nl-NL.json +++ b/i18n/translations/nl-NL.json @@ -276,6 +276,7 @@ "Signature:": "Handtekening:", "Signed Message": "Bericht ondertekend", "Signed PSBT": "PSBT ondertekend", + "Signing raw hash. Proceed only if you trust the source.": "RAW-hash ondertekenen. Ga alleen verder als je de bron vertrouwt.", "Signing…": "Signing…", "Single-sig": "Enkele sleutel", "Size:": "Grootte:", diff --git a/i18n/translations/pt-BR.json b/i18n/translations/pt-BR.json index e506f1ee2..38c4f3755 100644 --- a/i18n/translations/pt-BR.json +++ b/i18n/translations/pt-BR.json @@ -276,6 +276,7 @@ "Signature:": "Assinatura:", "Signed Message": "Mensagem assinada", "Signed PSBT": "PSBT assinada", + "Signing raw hash. Proceed only if you trust the source.": "Assinando hash bruto. Prossiga somente se você confiar na fonte.", "Signing…": "Assinando…", "Single-sig": "Single-sig", "Size:": "Tamanho:", diff --git a/i18n/translations/ru-RU.json b/i18n/translations/ru-RU.json index 4b47d0dd9..cce43232f 100644 --- a/i18n/translations/ru-RU.json +++ b/i18n/translations/ru-RU.json @@ -276,6 +276,7 @@ "Signature:": "Подпись:", "Signed Message": "Подписанное Сообщение", "Signed PSBT": "Подписанное PSBT", + "Signing raw hash. Proceed only if you trust the source.": "Подписание необработанного хэша. Продолжайте, только если вы доверяете источнику.", "Signing…": "Подпись…", "Single-sig": "Одна подпись", "Size:": "Размер:", diff --git a/i18n/translations/tr-TR.json b/i18n/translations/tr-TR.json index 97747a70a..c573f542b 100644 --- a/i18n/translations/tr-TR.json +++ b/i18n/translations/tr-TR.json @@ -276,6 +276,7 @@ "Signature:": "İmza:", "Signed Message": "İmzalı Mesaj", "Signed PSBT": "İmzalı PSBT", + "Signing raw hash. Proceed only if you trust the source.": "Ham karma imzalanıyor. Yalnızca kaynağa güveniyorsanız devam edin.", "Signing…": "İmzalama…", "Single-sig": "Tek-imza", "Size:": "Boyut:", diff --git a/i18n/translations/vi-VN.json b/i18n/translations/vi-VN.json index d901f57c9..9648090a3 100644 --- a/i18n/translations/vi-VN.json +++ b/i18n/translations/vi-VN.json @@ -276,6 +276,7 @@ "Signature:": "Chữ ký:", "Signed Message": "Tin nhắn đã ký", "Signed PSBT": "Đã ký PSBT", + "Signing raw hash. Proceed only if you trust the source.": "Ký mã băm thô. Chỉ tiến hành nếu bạn tin tưởng nguồn.", "Signing…": "Biển báo…", "Single-sig": "Khóa đơn", "Size:": "Dung lượng:", diff --git a/i18n/translations/zh-CN.json b/i18n/translations/zh-CN.json index e6deb371e..7cad610df 100644 --- a/i18n/translations/zh-CN.json +++ b/i18n/translations/zh-CN.json @@ -276,6 +276,7 @@ "Signature:": "签名:", "Signed Message": "签名消息", "Signed PSBT": "已签名 PSBT", + "Signing raw hash. Proceed only if you trust the source.": "签名原始哈希.仅当您信任源时才继续.", "Signing…": "签名…", "Single-sig": "单签", "Size:": "大小:", diff --git a/src/krux/pages/home_pages/sign_message_ui.py b/src/krux/pages/home_pages/sign_message_ui.py index 28e037402..63c47e5fa 100644 --- a/src/krux/pages/home_pages/sign_message_ui.py +++ b/src/krux/pages/home_pages/sign_message_ui.py @@ -234,10 +234,21 @@ def _sign_at_address_from_sd(self, data): def sign_standard_message(self, data): """Signs a standard message""" - message_hash = self._compute_message_hash(data) + message_hash, is_raw_hash = self._compute_message_hash(data) if message_hash is None: return "" + if is_raw_hash: + self.ctx.display.clear() + self.ctx.display.draw_centered_text( + t("Warning:") + + "\n\n" + + t("Signing raw hash. Proceed only if you trust the source."), + highlight_prefix=":", + ) + if not self.prompt(t("Proceed?"), BOTTOM_PROMPT_LINE): + return "" + self.ctx.display.clear() self.ctx.display.draw_centered_text( "SHA256:\n\n%s" % binascii.hexlify(message_hash).decode(), @@ -251,15 +262,15 @@ def sign_standard_message(self, data): return sig def _compute_message_hash(self, data): - """Computes the hash for the message""" + """Computes the hash for the message, returns (hash, is_raw_hash)""" if len(data) == 32: - return data + return data, True if len(data) == 64: try: - return binascii.unhexlify(data) + return binascii.unhexlify(data), True except: pass - return hashlib.sha256(data).digest() + return hashlib.sha256(data).digest(), False def _export_signature( self, diff --git a/src/krux/translations/__init__.py b/src/krux/translations/__init__.py index 82562adf9..d8f2a711f 100644 --- a/src/krux/translations/__init__.py +++ b/src/krux/translations/__init__.py @@ -310,6 +310,7 @@ 1512492264, 1988416729, 3672006076, + 2420425663, 1100365444, 2281377987, 2019512665, diff --git a/src/krux/translations/de.py b/src/krux/translations/de.py index 61c045592..af68bcfe8 100644 --- a/src/krux/translations/de.py +++ b/src/krux/translations/de.py @@ -298,6 +298,7 @@ "Signatur:", "Signierte Nachricht", "Signierte PSBT", + "Signieren von Roh-Hash. Fahren Sie nur fort, wenn Sie der Quelle vertrauen.", "Unterzeichnung…", "Single-Sig", "Größe:", diff --git a/src/krux/translations/es.py b/src/krux/translations/es.py index 865eb4a2e..6e493038e 100644 --- a/src/krux/translations/es.py +++ b/src/krux/translations/es.py @@ -298,6 +298,7 @@ "Firma:", "Mensaje Firmado", "PSBT Firmado", + "Firmar hash sin procesar. Proceda solo si confía en la fuente.", "Firma…", "Single-sig", "Tamaño:", diff --git a/src/krux/translations/fr.py b/src/krux/translations/fr.py index c5f4b32f9..2a9057091 100644 --- a/src/krux/translations/fr.py +++ b/src/krux/translations/fr.py @@ -298,6 +298,7 @@ "Signature\u2009:", "Message signé", "PSBT signé", + "Signature du hachage brut. Procédez uniquement si vous faites confiance à la source.", "Signature…", "Clé unique", "Capacité\u2009:", diff --git a/src/krux/translations/ja.py b/src/krux/translations/ja.py index c002e687a..c03342041 100644 --- a/src/krux/translations/ja.py +++ b/src/krux/translations/ja.py @@ -298,6 +298,7 @@ "サイン:", "サイン付きメッセージ", "サインされたPSBT", + "生のハッシュに署名します.ソースを信頼している場合にのみ続行します.", "署名…", "シングルサイン", "サイズ:", diff --git a/src/krux/translations/ko.py b/src/krux/translations/ko.py index 4bb8daebb..d9556c94a 100644 --- a/src/krux/translations/ko.py +++ b/src/krux/translations/ko.py @@ -298,6 +298,7 @@ "서명:", "서명된 메시지", "서명된 PSBT", + "원시 해시에 서명합니다. 소스를 신뢰하는 경우에만 진행합니다.", "서명…", "단일서명", "크기:", diff --git a/src/krux/translations/nl.py b/src/krux/translations/nl.py index 968f406f7..c3def0d70 100644 --- a/src/krux/translations/nl.py +++ b/src/krux/translations/nl.py @@ -298,6 +298,7 @@ "Handtekening:", "Bericht ondertekend", "PSBT ondertekend", + "RAW-hash ondertekenen. Ga alleen verder als je de bron vertrouwt.", "Signing…", "Enkele sleutel", "Grootte:", diff --git a/src/krux/translations/pt.py b/src/krux/translations/pt.py index d26a53107..c494f6736 100644 --- a/src/krux/translations/pt.py +++ b/src/krux/translations/pt.py @@ -298,6 +298,7 @@ "Assinatura:", "Mensagem assinada", "PSBT assinada", + "Assinando hash bruto. Prossiga somente se você confiar na fonte.", "Assinando…", "Single-sig", "Tamanho:", diff --git a/src/krux/translations/ru.py b/src/krux/translations/ru.py index 1327eb778..418ea16cb 100644 --- a/src/krux/translations/ru.py +++ b/src/krux/translations/ru.py @@ -298,6 +298,7 @@ "Подпись:", "Подписанное Сообщение", "Подписанное PSBT", + "Подписание необработанного хэша. Продолжайте, только если вы доверяете источнику.", "Подпись…", "Одна подпись", "Размер:", diff --git a/src/krux/translations/tr.py b/src/krux/translations/tr.py index fd1cc298d..f4fd01e59 100644 --- a/src/krux/translations/tr.py +++ b/src/krux/translations/tr.py @@ -298,6 +298,7 @@ "İmza:", "İmzalı Mesaj", "İmzalı PSBT", + "Ham karma imzalanıyor. Yalnızca kaynağa güveniyorsanız devam edin.", "İmzalama…", "Tek-imza", "Boyut:", diff --git a/src/krux/translations/vi.py b/src/krux/translations/vi.py index 28e26bfa8..2da615282 100644 --- a/src/krux/translations/vi.py +++ b/src/krux/translations/vi.py @@ -298,6 +298,7 @@ "Chữ ký:", "Tin nhắn đã ký", "Đã ký PSBT", + "Ký mã băm thô. Chỉ tiến hành nếu bạn tin tưởng nguồn.", "Biển báo…", "Khóa đơn", "Dung lượng:", diff --git a/src/krux/translations/zh.py b/src/krux/translations/zh.py index 24f26a3a0..ae11284bf 100644 --- a/src/krux/translations/zh.py +++ b/src/krux/translations/zh.py @@ -298,6 +298,7 @@ "签名:", "签名消息", "已签名 PSBT", + "签名原始哈希.仅当您信任源时才继续.", "签名…", "单签", "大小:", diff --git a/tests/pages/home_pages/test_sign_message_ui.py b/tests/pages/home_pages/test_sign_message_ui.py index 46822e236..66af15b60 100644 --- a/tests/pages/home_pages/test_sign_message_ui.py +++ b/tests/pages/home_pages/test_sign_message_ui.py @@ -21,6 +21,7 @@ def test_sign_message(mocker, m5stickv, tdata): # 3 btn_seq [ BUTTON_ENTER, # Load from camera + BUTTON_ENTER, # Raw hash warning - Proceed BUTTON_ENTER, # Confirm to Sign SHA BUTTON_ENTER, # Check signature BUTTON_ENTER, # Sign to QR code @@ -41,6 +42,7 @@ def test_sign_message(mocker, m5stickv, tdata): None, [ BUTTON_ENTER, # Load from camera + BUTTON_ENTER, # Raw hash warning - Proceed BUTTON_ENTER, # Confirm to Sign SHA BUTTON_ENTER, # Check signature BUTTON_ENTER, # Sign to QR code @@ -95,6 +97,7 @@ def test_sign_message(mocker, m5stickv, tdata): MockPrinter(), [ BUTTON_ENTER, # Load from camera + BUTTON_ENTER, # Raw hash warning - Proceed BUTTON_ENTER, # Confirm to Sign SHA BUTTON_ENTER, # Check signature BUTTON_ENTER, # Sign to QR code @@ -115,6 +118,7 @@ def test_sign_message(mocker, m5stickv, tdata): MockPrinter(), [ BUTTON_ENTER, # Load from camera + BUTTON_ENTER, # Raw hash warning - Proceed BUTTON_ENTER, # Confirm to Sign SHA BUTTON_ENTER, # Check signature BUTTON_ENTER, # Sign to QR code @@ -128,14 +132,14 @@ def test_sign_message(mocker, m5stickv, tdata): "02707a62fdacc26ea9b63b1c197906f56ee0180d0bcf1966e1a2da34f5f3a09a9b", None, ), - # 6 Hex-encoded hash, Decline to sign + # 6 Hex-encoded hash, Decline at raw hash warning ( "1af9487b14714080ce5556b4455fd06c4e0a5f719d8c0ea2b5a884e5ebfc6de7", FORMAT_NONE, None, [ BUTTON_ENTER, # Load from camera - BUTTON_PAGE, # Decline to sign + BUTTON_PAGE, # Decline raw hash warning ], None, None,