diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h index a09c18e919..fb3fa4c7c8 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h @@ -100,16 +100,16 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_ed25519_sign_obj, 2, #if !BITCOIN_ONLY /// def sign_ext( -/// secret_key: bytes, secret_extension: bytes, message: bytes +/// secret_scalar: bytes, secret_extension: bytes, message: bytes /// ) -> bytes: /// """ -/// Uses secret key to produce the cardano signature of message. +/// Uses extended secret key to produce the cardano signature of message. /// """ -STATIC mp_obj_t mod_trezorcrypto_ed25519_sign_ext(mp_obj_t secret_key, +STATIC mp_obj_t mod_trezorcrypto_ed25519_sign_ext(mp_obj_t secret_scalar, mp_obj_t secret_extension, mp_obj_t message) { mp_buffer_info_t sk = {0}, skext = {0}, msg = {0}; - mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ); + mp_get_buffer_raise(secret_scalar, &sk, MP_BUFFER_READ); mp_get_buffer_raise(secret_extension, &skext, MP_BUFFER_READ); mp_get_buffer_raise(message, &msg, MP_BUFFER_READ); if (sk.len != 32) { diff --git a/core/mocks/generated/trezorcrypto/ed25519.pyi b/core/mocks/generated/trezorcrypto/ed25519.pyi index 451b346821..735c4dce3b 100644 --- a/core/mocks/generated/trezorcrypto/ed25519.pyi +++ b/core/mocks/generated/trezorcrypto/ed25519.pyi @@ -24,10 +24,10 @@ def sign(secret_key: bytes, message: bytes, hasher: str = "") -> bytes: # extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h def sign_ext( - secret_key: bytes, secret_extension: bytes, message: bytes + secret_scalar: bytes, secret_extension: bytes, message: bytes ) -> bytes: """ - Uses secret key to produce the cardano signature of message. + Uses extended secret key to produce the cardano signature of message. """ diff --git a/crypto/ed25519-donna/ed25519.c b/crypto/ed25519-donna/ed25519.c index 6b7413421d..9f7abfb1ae 100644 --- a/crypto/ed25519-donna/ed25519.c +++ b/crypto/ed25519-donna/ed25519.c @@ -101,23 +101,17 @@ ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed2551 } void -ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_signature RS) { +ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key secret_scalar, const ed25519_secret_key skext, ed25519_signature RS) { ed25519_hash_context ctx; bignum256modm r = {0}, S = {0}, a = {0}; ge25519 ALIGN(16) R = {0}; ge25519 ALIGN(16) A = {0}; ed25519_public_key pk = {0}; - hash_512bits extsk = {0}, hashr = {0}, hram = {0}; - - /* we don't stretch the key through hashing first since its already 64 bytes */ - - memcpy(extsk, sk, 32); - memcpy(extsk+32, skext, 32); - + hash_512bits hashr = {0}, hram = {0}; /* r = H(aExt[32..64], m) */ ed25519_hash_init(&ctx); - ed25519_hash_update(&ctx, extsk + 32, 32); + ed25519_hash_update(&ctx, skext, 32); ed25519_hash_update(&ctx, m, mlen); ed25519_hash_final(&ctx, hashr); expand256_modm(r, hashr, 64); @@ -128,8 +122,7 @@ ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519 ge25519_pack(RS, &R); /* a = aExt[0..31] */ - expand256_modm(a, extsk, 32); - memzero(&extsk, sizeof(extsk)); + expand256_modm(a, secret_scalar, 32); /* A = aB */ ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a); diff --git a/crypto/ed25519-donna/ed25519.h b/crypto/ed25519-donna/ed25519.h index 46544dda08..defaf43639 100644 --- a/crypto/ed25519-donna/ed25519.h +++ b/crypto/ed25519-donna/ed25519.h @@ -22,7 +22,7 @@ void ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS); void ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS); -void ed25519_sign_ext(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_signature RS); +void ed25519_sign_ext(const unsigned char *m, size_t mlen, const ed25519_secret_key secret_scalar, const ed25519_secret_key skext, ed25519_signature RS); int ed25519_scalarmult(ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk);