Public key in login response does not match key used for signing? about connect HOT 9 CLOSED

Are you using the same TREZOR with the same seed? Didn't you change the domain by any chance?

It would be best to see what arguments were used during the registration and during the login (verification). They NEED to be the same (protocol, username, host, port, etc.)

from connect.

Hmm, interesting. I might have re-seeded my Trezor at some point after testing this the first time.
I'm developing on my local machine so the URL is just http://localhost
Could the Trezor be signing internally with an old private key derived from http://localhost with the old seed but returning a response containing a new (and thus non-matching) public key generated from the new seed? It's a bit far-fetched, I know - but that would explain the weird behavior.

from connect.

I just tried changing the port of my web server and capturing the values returned in the js result object:

result.public_key = 036912ed761b60d27921cd27f3e18be90d46e1e9173fa42503ab020ac4f7531bf5
result.signature = 202095dd2575f61af5b1944df159ba7e337939a82c6cf5bec286af5ce3f0694cc81d14f79ea30787b6a74537b5e8c1b4e135917aba9b5a30060235a01f7c17334a

The message being signed is: 995da3cf545787d65f9ced52674e92ee8171c87c7a4008aa4349ec47d21609a78d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92

With the new port I now get this new public key in the result object, and a different signature from before (the message is the same since I'm testing with static hidden and visual challenges to minimize moving parts). But when I run the two through coinig.com I still get

"Failure: ('vmB', 'Bad address. Signing: 1EMCEBxuYgzHH1D2e7rwjgyVwSsgvkhBNQ, received: 1LzgJgDAdvnLA1HuhtznDPxskq2qb6amy7')"

So the signing key and returned public key still don't match for some reason.

from connect.

Ok one more try. Set up my hosts file so that aaaaa.com points to 127.0.0.1.

So the web site is at http://aaaaa.com/
Visual Challenge   : 123456
Hidden Challenge   : abcdef
Message            : 995da3cf545787d65f9ced52674e92ee8171c87c7a4008aa4349ec47d21609a78d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92
result.public_key  : 02cb59433aebebc5898761093ea087e5efc726dae2a6842e36a434c7c4be892923 
result.signature   : 1fa0927f5c3016d078c7aae20a7b4e6c1ea3a2dbbbde151fe24d40f3eff2169e7c211058ec282dc197a2d851d9765ef23190c64d44fee420c07ffeb92812bbed9e

Still the same result, it looks like result.public_key doesn't correspond to the private key used to sign the message.
coinig.com gives me:
Failure: ('vmB', 'Bad address. Signing: 1PjBbhR1HpmsVojjmRHM7zyZLiJ6mEZqms, received: 19YriNx1vV4TnAHgiGRFQakJKGMAjwTspU')

And just to be clear, what I'm doing on my side is:

• Click TREZOR login
• Enter PIN if required
• Verify the visual challenge on the Trezor
• Click "Confirm" button on Trezor to sign in
• Trezor returns with above info in the result object

from connect.

I guess you need to convert the message from hex to ascii first, before trying the coinig.com verifier thingie.

from connect.

Isn't the message just the concatenated digests of the visual and hidden challenges? That's what I gather from the example code in the repo here?

I tested with the example Python code and my C# code generates the exact same message as that, before passing it to the bitcoin signature verification method.

from connect.

Here's pretty much all the code I'm using, just so we're on the same page.

Server-side:

if (Request.HttpMethod == "GET" && Request.QueryString["trezor"] == "login")
    {
        string visual_challenge = Session["visualChallenge"].ToString();
        string hidden_challenge = Session["hiddenChallenge"].ToString();
        string publicKey = Request.QueryString["public_key"];
        string signature = Request.QueryString["signature"];

        SHA256 sha = SHA256Managed.Create();
        var hiddenChallenge_Sha = BitConverter.ToString((sha.ComputeHash(TrezorUtils.HexStringToByteArray(hidden_challenge)))).Replace("-", "").ToLower();
        var visualChallenge_Sha = BitConverter.ToString((sha.ComputeHash(new ASCIIEncoding().GetBytes(visual_challenge)))).Replace("-", "").ToLower();

        string message = hiddenChallenge_Sha + visualChallenge_Sha;
        PubKey pubKey = new PubKey(ConfigurationManager.AppSettings["TrezorPublicKey"]);
        bool verified = pubKey.VerifyMessage(message, TrezorUtils.HexStringToBase64(signature));

        if (verified)
        {
            // do stuff
        }
    }

And the two static methods from my TrezorUtils class:

    public static byte[] HexStringToByteArray(String hex)
    {
        int NumberChars = hex.Length;
        byte[] bytes = new byte[NumberChars / 2];
        for (int i = 0; i < NumberChars; i += 2)
            bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
        return bytes;
    }

    public static string HexStringToBase64(string hexString)
    {
        byte[] buffer = new byte[hexString.Length / 2];
        for (int i = 0; i < hexString.Length; i++)
        {
            buffer[i / 2] = Convert.ToByte(Convert.ToInt32(hexString.Substring(i, 2), 16));
            i += 1;
        }
        string res = Convert.ToBase64String(buffer);
        return res;
    }

The public key stored in the configuration is the same as what's returned in the login result object.
The hidden and visual challenges are hard-coded and stored in session variables as stated previously.
The login button is defined as follows:

    <trezor:login callback="trezorLoginCallback"
                  challenge_hidden="@Session["hiddenChallenge"]"
                  challenge_visual="@Session["visualChallenge"]"
                  text="Sign in with TREZOR">
    </trezor:login>

The trezorLoginCallback function is here:

    function trezorLoginCallback(result) {
        if (result.success) {
            var url = '?trezor=login'
                + '&public_key=' + encodeURIComponent(result.public_key)
                + '&signature=' + encodeURIComponent(result.signature)
                + '&version=' + encodeURIComponent(result.version);
            window.location.href = url;

        } else {
            console.error('Error:', result.error);
        }
    }

from connect.

    string message = hiddenChallenge_Sha + visualChallenge_Sha;

This should be raw bytes (e.g. "\x42\xef"), not hexa "42ef", like I said in the comment above. Are you doing this correctly?

So I guess you should be using this instead:

byte[] message = TrezorUtils.HexStringToByteArray(hiddenChallenge_Sha + visualChallenge_Sha);

from connect.

I just updated the NBitcoin library locally to support verifying raw byte messages instead of just text and it works. Thanks for the pointer!

from connect.