1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-26 16:18:22 +00:00

crypto/rfc6979: Use the new HMAC DRBG implementation in rfc6979.c. Remove code duplication between rfc6979.c and ecdsa.c.

This commit is contained in:
Andrew Kozlik 2019-06-07 12:16:24 +02:00
parent b915092a44
commit 1d9e125fd4
7 changed files with 12 additions and 86 deletions

View File

@ -76,12 +76,14 @@ SOURCE_MOD += [
'vendor/trezor-crypto/groestl.c',
'vendor/trezor-crypto/hasher.c',
'vendor/trezor-crypto/hmac.c',
'vendor/trezor-crypto/hmac_drbg.c',
'vendor/trezor-crypto/memzero.c',
'vendor/trezor-crypto/nem.c',
'vendor/trezor-crypto/nist256p1.c',
'vendor/trezor-crypto/pbkdf2.c',
'vendor/trezor-crypto/rand.c',
'vendor/trezor-crypto/ripemd160.c',
'vendor/trezor-crypto/rfc6979.c',
'vendor/trezor-crypto/secp256k1.c',
'vendor/trezor-crypto/sha2.c',
'vendor/trezor-crypto/sha3.c',

View File

@ -74,12 +74,14 @@ SOURCE_MOD += [
'vendor/trezor-crypto/groestl.c',
'vendor/trezor-crypto/hasher.c',
'vendor/trezor-crypto/hmac.c',
'vendor/trezor-crypto/hmac_drbg.c',
'vendor/trezor-crypto/memzero.c',
'vendor/trezor-crypto/nem.c',
'vendor/trezor-crypto/nist256p1.c',
'vendor/trezor-crypto/pbkdf2.c',
'vendor/trezor-crypto/rand.c',
'vendor/trezor-crypto/ripemd160.c',
'vendor/trezor-crypto/rfc6979.c',
'vendor/trezor-crypto/secp256k1.c',
'vendor/trezor-crypto/sha2.c',
'vendor/trezor-crypto/sha3.c',

View File

@ -65,6 +65,7 @@ SRCS += segwit_addr.c cash_addr.c
SRCS += memzero.c
SRCS += shamir.c
SRCS += hmac_drbg.c
SRCS += rfc6979.c
OBJS = $(SRCS:.c=.o)

View File

@ -654,55 +654,6 @@ int ecdh_multiply(const ecdsa_curve *curve, const uint8_t *priv_key,
return 0;
}
void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash,
rfc6979_state *state) {
uint8_t bx[2 * 32];
uint8_t buf[32 + 1 + 2 * 32];
memcpy(bx, priv_key, 32);
memcpy(bx + 32, hash, 32);
memset(state->v, 1, sizeof(state->v));
memset(state->k, 0, sizeof(state->k));
memcpy(buf, state->v, sizeof(state->v));
buf[sizeof(state->v)] = 0x00;
memcpy(buf + sizeof(state->v) + 1, bx, 64);
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
memcpy(buf, state->v, sizeof(state->v));
buf[sizeof(state->v)] = 0x01;
memcpy(buf + sizeof(state->v) + 1, bx, 64);
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
memzero(bx, sizeof(bx));
memzero(buf, sizeof(buf));
}
// generate next number from deterministic random number generator
void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state) {
uint8_t buf[32 + 1];
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
memcpy(buf, state->v, sizeof(state->v));
buf[sizeof(state->v)] = 0x00;
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(state->v) + 1, state->k);
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
memcpy(rnd, buf, 32);
memzero(buf, sizeof(buf));
}
// generate K in a deterministic way, according to RFC6979
// http://tools.ietf.org/html/rfc6979
void generate_k_rfc6979(bignum256 *k, rfc6979_state *state) {
uint8_t buf[32];
generate_rfc6979(buf, state);
bn_read_be(buf, k);
memzero(buf, sizeof(buf));
}
// msg is a data to be signed
// msg_len is the message length
int ecdsa_sign(const ecdsa_curve *curve, HasherType hasher_sign,

View File

@ -13,6 +13,8 @@ SOURCES += ../hmac.c
SOURCES += ../rand.c
SOURCES += ../bignum.c
SOURCES += ../ecdsa.c
SOURCES += ../rfc6979.c
SOURCES += ../hmac_drbg.c
SOURCES += ../ripemd160.c
SOURCES += ../base58.c
SOURCES += ../secp256k1.c

View File

@ -23,48 +23,17 @@
*/
#include "rfc6979.h"
#include <string.h>
#include "hmac.h"
#include "hmac_drbg.h"
#include "memzero.h"
void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash,
rfc6979_state *state) {
uint8_t bx[2 * 32];
uint8_t buf[32 + 1 + 2 * 32];
memcpy(bx, priv_key, 32);
memcpy(bx + 32, hash, 32);
memset(state->v, 1, sizeof(state->v));
memset(state->k, 0, sizeof(state->k));
memcpy(buf, state->v, sizeof(state->v));
buf[sizeof(state->v)] = 0x00;
memcpy(buf + sizeof(state->v) + 1, bx, 64);
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
memcpy(buf, state->v, sizeof(state->v));
buf[sizeof(state->v)] = 0x01;
memcpy(buf + sizeof(state->v) + 1, bx, 64);
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
memzero(bx, sizeof(bx));
memzero(buf, sizeof(buf));
hmac_drbg_init(state, priv_key, 32, hash, 32);
}
// generate next number from deterministic random number generator
void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state) {
uint8_t buf[32 + 1];
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
memcpy(buf, state->v, sizeof(state->v));
buf[sizeof(state->v)] = 0x00;
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(state->v) + 1, state->k);
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
memcpy(rnd, buf, 32);
memzero(buf, sizeof(buf));
hmac_drbg_generate(state, rnd, 32);
}
// generate K in a deterministic way, according to RFC6979

View File

@ -27,11 +27,10 @@
#include <stdint.h>
#include "bignum.h"
#include "hmac_drbg.h"
// rfc6979 pseudo random number generator state
typedef struct {
uint8_t v[32], k[32];
} rfc6979_state;
typedef HMAC_DRBG_CTX rfc6979_state;
void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash,
rfc6979_state *rng);