search

status-im / status-keycard

Our Javacard Implementation for making secure transactions within Status and Ethereum
Apache License 2.0
213 stars 65 forks source link

Sign with derive Wrong Data error #44

Closed antonio-fr closed 5 years ago

antonio-fr commented 5 years ago

When calling the sign command with the "derive" option, I always get an 6A80 WRONG_DATA error. Data sent is : the hash to sign (32 bytes) | 4x32-bit integers I guess this error is thrown by the L1261 in KeycardApplet.java. Still, I can't see what's wrong with the data I send. For example EXPORT KEY is always working fine, even with "derive" option and a path provided.

Here are some logs about the issue I'm facing :

Public Key reading (export) Use Derive 80 c2 01 01 + 4x4 bytes for path (= m/44'/0'/0'/0) --> sending (SCP) 80c20101108000002c800000008000000000000000 <-- received (SCP) : 9000 a1438041049caa9dc12313a0101ca0dfc35d3e87039d070e09e9da4bf2119e40d1a249194a558be3ec5a0e34eeaaef1dfd708d1bb68da1906b450343a69fbb4d750cdaeae0

Sign Use Current 80 c0 00 00 + 32 bytes hash --> sending (SCP) 80c000002096ee85875b737ea6dce2f892516c40af0d296112ad64b6ff1eb0ce7034c2938b <-- received (SCP) : 9000 a08189804104f50167e9f253bbbd7613ac637111d5abda618329108fb142d5c79c82fa286f0066ad9438a37e9224fdd57f68322fbd18f1ce37cf4c51ccc5ed6f6c617dab8f3e304402206ca8cc0881a57c93a71914063bea5c152cfd29766ef6e508bb53864945ceea1f02206353f923168366d6f343aff31c8a479339764ef8f90dd18413fe70a499ccfe00

Sign Use Derive 80 c0 01 00 + 32 bytes hash + 4x4 bytes for path (= m/44'/0'/0'/0) --> sending (SCP) 80c001003096ee85875b737ea6dce2f892516c40af0d296112ad64b6ff1eb0ce7034c2938b8000002c800000008000000000000000 <-- received (SCP) : 6a80

Can you test on your side? What is the data format for SIGN when P1=1 ?

bitgamma commented 5 years ago

can you check that you are using applet version 2.2? Keycard now ships with applet version 2.1 which did not have this functionality. But you can reinstall it using the keycard-cli tools to use the new features.

antonio-fr commented 5 years ago

Great, I'll try. My card is indeed using for now the applet v2.1. I didn't see the update about this point was done recently : https://github.com/status-im/status-keycard/commit/5bc5e23272938c077b3ceadf8367a831f42a9dc8 The cards was ordered 3 weeks after the release of the 2.2, sadly shipped with the 2.1 version.

At least, the doc is very well updated, congrats ;)

antonio-fr commented 5 years ago

I updated my cards applet to v2.2 and I can confirm the sign with derive option is now working.