trezor · andrewkozlik · Nov 10, 2021 · Nov 5, 2021 · Nov 5, 2021 · Nov 5, 2021
diff --git a/common/protob/messages-bitcoin.proto b/common/protob/messages-bitcoin.proto
@@ -152,6 +152,7 @@ message SignMessage {
     required bytes message = 2;                                         // message to be signed
     optional string coin_name = 3 [default='Bitcoin'];                  // coin to use for signing
     optional InputScriptType script_type = 4 [default=SPENDADDRESS];    // used to distinguish between various address formats (non-segwit, segwit, etc.)
+    optional bool no_script_type = 5;                                   // don't include script type information in the recovery byte of the signature, same as in Bitcoin Core
 }
 
 /**

diff --git a/core/.changelog.d/1586.added b/core/.changelog.d/1586.added
@@ -0,0 +1 @@
+Support no_script_type option in SignMessage.
diff --git a/core/.changelog.d/1586.added.1 b/core/.changelog.d/1586.added.1
@@ -0,0 +1 @@
+Show address confirmation in SignMessage.
diff --git a/core/src/apps/bitcoin/sign_message.py b/core/src/apps/bitcoin/sign_message.py
@@ -7,7 +7,7 @@
 from apps.common.paths import validate_path
 from apps.common.signverify import decode_message, message_digest
 
-from .addresses import get_address
+from .addresses import address_short, get_address
 from .keychain import with_keychain
 
 if False:
@@ -26,22 +26,33 @@ async def sign_message(
     script_type = msg.script_type or InputScriptType.SPENDADDRESS
 
     await validate_path(ctx, keychain, address_n)
-    await confirm_signverify(ctx, coin.coin_shortcut, decode_message(message))
 
     node = keychain.derive(address_n)
+    address = get_address(script_type, coin, node)
+    await confirm_signverify(
+        ctx,
+        coin.coin_shortcut,
+        decode_message(message),
+        address_short(coin, address),
+        verify=False,
+    )
+
     seckey = node.private_key()
 
-    address = get_address(script_type, coin, node)
     digest = message_digest(coin, message)
     signature = secp256k1.sign(seckey, digest)
 
     if script_type == InputScriptType.SPENDADDRESS:
-        pass
+        script_type_info = 0
     elif script_type == InputScriptType.SPENDP2SHWITNESS:
-        signature = bytes([signature[0] + 4]) + signature[1:]
+        script_type_info = 4
     elif script_type == InputScriptType.SPENDWITNESS:
-        signature = bytes([signature[0] + 8]) + signature[1:]
+        script_type_info = 8
     else:
         raise wire.ProcessError("Unsupported script type")
 
+    # Add script type information to the recovery byte.
+    if script_type_info != 0 and not msg.no_script_type:
+        signature = bytes([signature[0] + script_type_info]) + signature[1:]
+
     return MessageSignature(address=address, signature=signature)
diff --git a/core/src/apps/bitcoin/verify_message.py b/core/src/apps/bitcoin/verify_message.py
@@ -67,6 +67,7 @@ async def verify_message(ctx: wire.Context, msg: VerifyMessage) -> Success:
         coin.coin_shortcut,
         decode_message(message),
         address=address_short(coin, address),
+        verify=True,
     )
 
     return Success(message="Message verified")
diff --git a/core/src/apps/ethereum/sign_message.py b/core/src/apps/ethereum/sign_message.py
@@ -31,9 +31,13 @@ async def sign_message(
     ctx: Context, msg: EthereumSignMessage, keychain: Keychain
 ) -> EthereumMessageSignature:
     await paths.validate_path(ctx, keychain, msg.address_n)
-    await confirm_signverify(ctx, "ETH", decode_message(msg.message))
 
     node = keychain.derive(msg.address_n)
+    address = address_from_bytes(node.ethereum_pubkeyhash())
+    await confirm_signverify(
+        ctx, "ETH", decode_message(msg.message), address, verify=False
+    )
+
     signature = secp256k1.sign(
         node.private_key(),
         message_digest(msg.message),
@@ -42,6 +46,6 @@ async def sign_message(
     )
 
     return EthereumMessageSignature(
-        address=address_from_bytes(node.ethereum_pubkeyhash()),
+        address=address,
         signature=signature[1:] + bytearray([signature[0]]),
     )
diff --git a/core/src/apps/ethereum/verify_message.py b/core/src/apps/ethereum/verify_message.py
@@ -33,6 +33,8 @@ async def verify_message(ctx: Context, msg: EthereumVerifyMessage) -> Success:
 
     address = address_from_bytes(address_bytes)
 
-    await confirm_signverify(ctx, "ETH", decode_message(msg.message), address=address)
+    await confirm_signverify(
+        ctx, "ETH", decode_message(msg.message), address=address, verify=True
+    )
 
     return Success(message="Message verified")
diff --git a/core/src/trezor/messages.py b/core/src/trezor/messages.py
@@ -526,6 +526,7 @@ class SignMessage(protobuf.MessageType):
         message: "bytes"
         coin_name: "str"
         script_type: "InputScriptType"
+        no_script_type: "bool | None"
 
         def __init__(
             self,
@@ -534,6 +535,7 @@ def __init__(
             address_n: "list[int] | None" = None,
             coin_name: "str | None" = None,
             script_type: "InputScriptType | None" = None,
+            no_script_type: "bool | None" = None,
         ) -> None:
             pass
 

diff --git a/core/src/trezor/ui/layouts/tt/__init__.py b/core/src/trezor/ui/layouts/tt/__init__.py
@@ -25,7 +25,6 @@
     AskPaginated,
     Paginated,
     paginate_paragraphs,
-    paginate_text,
 )
 from ...components.tt.text import LINE_WIDTH_PAGINATED, Span, Text
 from ...constants.tt import (
@@ -983,33 +982,26 @@ async def confirm_sign_identity(
 
 
 async def confirm_signverify(
-    ctx: wire.GenericContext, coin: str, message: str, address: str | None = None
+    ctx: wire.GenericContext, coin: str, message: str, address: str, verify: bool
 ) -> None:
-    if address:
+    if verify:
         header = f"Verify {coin} message"
-        font = ui.MONO
         br_type = "verify_message"
-
-        text = Text(header, new_lines=False)
-        text.bold("Confirm address:\n")
-        text.mono(*chunks_intersperse(address, MONO_ADDR_PER_LINE))
-        await raise_if_cancelled(
-            interact(ctx, Confirm(text), br_type, ButtonRequestType.Other)
-        )
     else:
         header = f"Sign {coin} message"
-        font = ui.NORMAL
         br_type = "sign_message"
 
+    text = Text(header, new_lines=False)
+    text.bold("Confirm address:\n")
+    text.mono(*chunks_intersperse(address, MONO_ADDR_PER_LINE))
     await raise_if_cancelled(
-        interact(
-            ctx,
-            paginate_text(message, header, font=font),
-            br_type,
-            ButtonRequestType.Other,
-        )
+        interact(ctx, Confirm(text), br_type, ButtonRequestType.Other)
     )
 
+    para = [(ui.BOLD, "Confirm message:"), (ui.MONO, message)]
+    content = paginate_paragraphs(para, header)
+    await raise_if_cancelled(interact(ctx, content, br_type, ButtonRequestType.Other))
+
 
 async def show_popup(
     title: str,

diff --git a/legacy/firmware/.changelog.d/1586.added b/legacy/firmware/.changelog.d/1586.added
@@ -0,0 +1 @@
+Support no_script_type option in SignMessage.
diff --git a/legacy/firmware/.changelog.d/1586.added.1 b/legacy/firmware/.changelog.d/1586.added.1
@@ -0,0 +1 @@
+Show address confirmation in SignMessage.
diff --git a/legacy/firmware/.changelog.d/1586.added.2 b/legacy/firmware/.changelog.d/1586.added.2
@@ -0,0 +1 @@
+Implement pagination in SignMessage and VerifyMessage.
diff --git a/legacy/firmware/crypto.c b/legacy/firmware/crypto.c
@@ -146,28 +146,33 @@ static void cryptoMessageHash(const CoinInfo *coin, const uint8_t *message,
 }
 
 int cryptoMessageSign(const CoinInfo *coin, HDNode *node,
-                      InputScriptType script_type, const uint8_t *message,
-                      size_t message_len, uint8_t *signature) {
+                      InputScriptType script_type, bool no_script_type,
+                      const uint8_t *message, size_t message_len,
+                      uint8_t *signature) {
   uint8_t hash[HASHER_DIGEST_LENGTH] = {0};
   cryptoMessageHash(coin, message, message_len, hash);
 
   uint8_t pby = 0;
   int result = hdnode_sign_digest(node, hash, signature + 1, &pby, NULL);
   if (result == 0) {
-    switch (script_type) {
-      case InputScriptType_SPENDP2SHWITNESS:
-        // segwit-in-p2sh
-        signature[0] = 35 + pby;
-        break;
-      case InputScriptType_SPENDWITNESS:
-        // segwit
-        signature[0] = 39 + pby;
-        break;
-      default:
-        // p2pkh
-        signature[0] = 31 + pby;
-        break;
+    uint8_t script_type_info = 0;
+    if (!no_script_type) {
+      switch (script_type) {
+        case InputScriptType_SPENDP2SHWITNESS:
+          // segwit-in-p2sh
+          script_type_info = 4;
+          break;
+        case InputScriptType_SPENDWITNESS:
+          // segwit
+          script_type_info = 8;
+          break;
+        default:
+          // p2pkh
+          script_type_info = 0;
+          break;
+      }
     }
+    signature[0] = 31 + pby + script_type_info;
   }
   return result;
 }

diff --git a/legacy/firmware/crypto.h b/legacy/firmware/crypto.h
@@ -54,8 +54,9 @@ int signifyMessageSign(HDNode *node, const uint8_t *message, size_t message_len,
                        uint8_t *signature);
 
 int cryptoMessageSign(const CoinInfo *coin, HDNode *node,
-                      InputScriptType script_type, const uint8_t *message,
-                      size_t message_len, uint8_t *signature);
+                      InputScriptType script_type, bool no_script_type,
+                      const uint8_t *message, size_t message_len,
+                      uint8_t *signature);
 
 int cryptoMessageVerify(const CoinInfo *coin, const uint8_t *message,
                         size_t message_len, const char *address,

diff --git a/legacy/firmware/ethereum.c b/legacy/firmware/ethereum.c
@@ -905,16 +905,6 @@ static void ethereum_message_hash(const uint8_t *message, size_t message_len,
 
 void ethereum_message_sign(const EthereumSignMessage *msg, const HDNode *node,
                            EthereumMessageSignature *resp) {
-  uint8_t pubkeyhash[20] = {0};
-  if (!hdnode_get_ethereum_pubkeyhash(node, pubkeyhash)) {
-    return;
-  }
-
-  resp->address[0] = '0';
-  resp->address[1] = 'x';
-  ethereum_address_checksum(pubkeyhash, resp->address + 2, false, 0);
-  // ethereum_address_checksum adds trailing zero
-
   uint8_t hash[32] = {0};
   ethereum_message_hash(msg->message.bytes, msg->message.size, hash);
 

diff --git a/legacy/firmware/fsm.c b/legacy/firmware/fsm.c
@@ -304,6 +304,49 @@ static bool fsm_layoutAddress(const char *address, const char *desc,
   }
 }
 
+static bool fsm_layoutPaginated(const char *description, const uint8_t *msg,
+                                uint32_t len, bool is_ascii) {
+  const char **str = NULL;
+  const uint32_t row_len = is_ascii ? 18 : 8;
+  do {
+    const uint32_t show_len = MIN(len, row_len * 4);
+    if (is_ascii) {
+      str = split_message(msg, show_len, row_len);
+    } else {
+      str = split_message_hex(msg, show_len);
+    }
+
+    msg += show_len;
+    len -= show_len;
+
+    const char *label = len > 0 ? _("Next") : _("Confirm");
+    layoutDialogSwipeEx(&bmp_icon_question, _("Cancel"), label, description,
+                        str[0], str[1], str[2], str[3], NULL, NULL, FONT_FIXED);
+
+    if (!protectButton(ButtonRequestType_ButtonRequest_Other, false)) {
+      return false;
+    }
+  } while (len > 0);
+
+  return true;
+}
+
+bool fsm_layoutSignMessage(const uint8_t *msg, uint32_t len) {
+  if (is_valid_ascii(msg, len)) {
+    return fsm_layoutPaginated(_("Sign message?"), msg, len, true);
+  } else {
+    return fsm_layoutPaginated(_("Sign binary message?"), msg, len, false);
+  }
+}
+
+bool fsm_layoutVerifyMessage(const uint8_t *msg, uint32_t len) {
+  if (is_valid_ascii(msg, len)) {
+    return fsm_layoutPaginated(_("Verified message?"), msg, len, true);
+  } else {
+    return fsm_layoutPaginated(_("Verified binary message?"), msg, len, false);
+  }
+}
+
 void fsm_msgRebootToBootloader(void) {
   layoutDialogSwipe(&bmp_icon_question, _("Cancel"), _("Confirm"), NULL,
                     _("Do you want to"), _("restart device in"),

diff --git a/legacy/firmware/fsm.h b/legacy/firmware/fsm.h
@@ -135,4 +135,7 @@ void fsm_msgStellarBumpSequenceOp(const StellarBumpSequenceOp *msg);
 
 void fsm_msgRebootToBootloader(void);
 
+bool fsm_layoutSignMessage(const uint8_t *msg, uint32_t len);
+bool fsm_layoutVerifyMessage(const uint8_t *msg, uint32_t len);
+
 #endif
diff --git a/legacy/firmware/fsm_msg_coin.h b/legacy/firmware/fsm_msg_coin.h
@@ -256,13 +256,6 @@ void fsm_msgSignMessage(const SignMessage *msg) {
 
   CHECK_INITIALIZED
 
-  layoutSignMessage(msg->message.bytes, msg->message.size);
-  if (!protectButton(ButtonRequestType_ButtonRequest_ProtectCall, false)) {
-    fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);
-    layoutHome();
-    return;
-  }
-
   CHECK_PIN
 
   const CoinInfo *coin = fsm_getCoin(msg->has_coin_name, msg->coin_name);
@@ -271,23 +264,38 @@ void fsm_msgSignMessage(const SignMessage *msg) {
                                     msg->address_n_count, NULL);
   if (!node) return;
 
-  layoutProgressSwipe(_("Signing"), 0);
-  if (cryptoMessageSign(coin, node, msg->script_type, msg->message.bytes,
-                        msg->message.size, resp->signature.bytes) == 0) {
-    if (hdnode_fill_public_key(node) != 0) {
-      fsm_sendFailure(FailureType_Failure_ProcessError,
-                      _("Failed to derive public key"));
-      layoutHome();
-      return;
-    }
+  if (hdnode_fill_public_key(node) != 0) {
+    fsm_sendFailure(FailureType_Failure_ProcessError,
+                    _("Failed to derive public key"));
+    layoutHome();
+    return;
+  }
 
-    if (!compute_address(coin, msg->script_type, node, false, NULL,
-                         resp->address)) {
-      fsm_sendFailure(FailureType_Failure_ProcessError,
-                      _("Error computing address"));
-      layoutHome();
-      return;
-    }
+  if (!compute_address(coin, msg->script_type, node, false, NULL,
+                       resp->address)) {
+    fsm_sendFailure(FailureType_Failure_ProcessError,
+                    _("Error computing address"));
+    layoutHome();
+    return;
+  }
+
+  layoutVerifyAddress(coin, resp->address);
+  if (!protectButton(ButtonRequestType_ButtonRequest_Other, false)) {
+    fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);
+    layoutHome();
+    return;
+  }
+
+  if (!fsm_layoutSignMessage(msg->message.bytes, msg->message.size)) {
+    fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);
+    layoutHome();
+    return;
+  }
+
+  layoutProgressSwipe(_("Signing"), 0);
+  if (cryptoMessageSign(coin, node, msg->script_type, msg->no_script_type,
+                        msg->message.bytes, msg->message.size,
+                        resp->signature.bytes) == 0) {
     resp->signature.size = 65;
     msg_write(MessageType_MessageType_MessageSignature, resp);
   } else {
@@ -310,12 +318,13 @@ void fsm_msgVerifyMessage(const VerifyMessage *msg) {
       layoutHome();
       return;
     }
-    layoutVerifyMessage(msg->message.bytes, msg->message.size);
-    if (!protectButton(ButtonRequestType_ButtonRequest_Other, false)) {
+
+    if (!fsm_layoutVerifyMessage(msg->message.bytes, msg->message.size)) {
       fsm_sendFailure(FailureType_Failure_ActionCancelled, NULL);
       layoutHome();
       return;
     }
+
     fsm_sendSuccess(_("Message verified"));
   } else {
     fsm_sendFailure(FailureType_Failure_DataError, _("Invalid signature"));
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Implement pagination in SignMessage and VerifyMessage.