mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-26 16:18:22 +00:00
crypto/rfc6979: Use the new HMAC DRBG implementation in rfc6979.c. Remove code duplication between rfc6979.c and ecdsa.c.
This commit is contained in:
parent
b915092a44
commit
1d9e125fd4
@ -76,12 +76,14 @@ SOURCE_MOD += [
|
||||
'vendor/trezor-crypto/groestl.c',
|
||||
'vendor/trezor-crypto/hasher.c',
|
||||
'vendor/trezor-crypto/hmac.c',
|
||||
'vendor/trezor-crypto/hmac_drbg.c',
|
||||
'vendor/trezor-crypto/memzero.c',
|
||||
'vendor/trezor-crypto/nem.c',
|
||||
'vendor/trezor-crypto/nist256p1.c',
|
||||
'vendor/trezor-crypto/pbkdf2.c',
|
||||
'vendor/trezor-crypto/rand.c',
|
||||
'vendor/trezor-crypto/ripemd160.c',
|
||||
'vendor/trezor-crypto/rfc6979.c',
|
||||
'vendor/trezor-crypto/secp256k1.c',
|
||||
'vendor/trezor-crypto/sha2.c',
|
||||
'vendor/trezor-crypto/sha3.c',
|
||||
|
@ -74,12 +74,14 @@ SOURCE_MOD += [
|
||||
'vendor/trezor-crypto/groestl.c',
|
||||
'vendor/trezor-crypto/hasher.c',
|
||||
'vendor/trezor-crypto/hmac.c',
|
||||
'vendor/trezor-crypto/hmac_drbg.c',
|
||||
'vendor/trezor-crypto/memzero.c',
|
||||
'vendor/trezor-crypto/nem.c',
|
||||
'vendor/trezor-crypto/nist256p1.c',
|
||||
'vendor/trezor-crypto/pbkdf2.c',
|
||||
'vendor/trezor-crypto/rand.c',
|
||||
'vendor/trezor-crypto/ripemd160.c',
|
||||
'vendor/trezor-crypto/rfc6979.c',
|
||||
'vendor/trezor-crypto/secp256k1.c',
|
||||
'vendor/trezor-crypto/sha2.c',
|
||||
'vendor/trezor-crypto/sha3.c',
|
||||
|
@ -65,6 +65,7 @@ SRCS += segwit_addr.c cash_addr.c
|
||||
SRCS += memzero.c
|
||||
SRCS += shamir.c
|
||||
SRCS += hmac_drbg.c
|
||||
SRCS += rfc6979.c
|
||||
|
||||
OBJS = $(SRCS:.c=.o)
|
||||
|
||||
|
@ -654,55 +654,6 @@ int ecdh_multiply(const ecdsa_curve *curve, const uint8_t *priv_key,
|
||||
return 0;
|
||||
}
|
||||
|
||||
void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash,
|
||||
rfc6979_state *state) {
|
||||
uint8_t bx[2 * 32];
|
||||
uint8_t buf[32 + 1 + 2 * 32];
|
||||
|
||||
memcpy(bx, priv_key, 32);
|
||||
memcpy(bx + 32, hash, 32);
|
||||
|
||||
memset(state->v, 1, sizeof(state->v));
|
||||
memset(state->k, 0, sizeof(state->k));
|
||||
|
||||
memcpy(buf, state->v, sizeof(state->v));
|
||||
buf[sizeof(state->v)] = 0x00;
|
||||
memcpy(buf + sizeof(state->v) + 1, bx, 64);
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
|
||||
memcpy(buf, state->v, sizeof(state->v));
|
||||
buf[sizeof(state->v)] = 0x01;
|
||||
memcpy(buf + sizeof(state->v) + 1, bx, 64);
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
|
||||
memzero(bx, sizeof(bx));
|
||||
memzero(buf, sizeof(buf));
|
||||
}
|
||||
|
||||
// generate next number from deterministic random number generator
|
||||
void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state) {
|
||||
uint8_t buf[32 + 1];
|
||||
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
memcpy(buf, state->v, sizeof(state->v));
|
||||
buf[sizeof(state->v)] = 0x00;
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(state->v) + 1, state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
memcpy(rnd, buf, 32);
|
||||
memzero(buf, sizeof(buf));
|
||||
}
|
||||
|
||||
// generate K in a deterministic way, according to RFC6979
|
||||
// http://tools.ietf.org/html/rfc6979
|
||||
void generate_k_rfc6979(bignum256 *k, rfc6979_state *state) {
|
||||
uint8_t buf[32];
|
||||
generate_rfc6979(buf, state);
|
||||
bn_read_be(buf, k);
|
||||
memzero(buf, sizeof(buf));
|
||||
}
|
||||
|
||||
// msg is a data to be signed
|
||||
// msg_len is the message length
|
||||
int ecdsa_sign(const ecdsa_curve *curve, HasherType hasher_sign,
|
||||
|
@ -13,6 +13,8 @@ SOURCES += ../hmac.c
|
||||
SOURCES += ../rand.c
|
||||
SOURCES += ../bignum.c
|
||||
SOURCES += ../ecdsa.c
|
||||
SOURCES += ../rfc6979.c
|
||||
SOURCES += ../hmac_drbg.c
|
||||
SOURCES += ../ripemd160.c
|
||||
SOURCES += ../base58.c
|
||||
SOURCES += ../secp256k1.c
|
||||
|
@ -23,48 +23,17 @@
|
||||
*/
|
||||
|
||||
#include "rfc6979.h"
|
||||
#include <string.h>
|
||||
#include "hmac.h"
|
||||
#include "hmac_drbg.h"
|
||||
#include "memzero.h"
|
||||
|
||||
void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash,
|
||||
rfc6979_state *state) {
|
||||
uint8_t bx[2 * 32];
|
||||
uint8_t buf[32 + 1 + 2 * 32];
|
||||
|
||||
memcpy(bx, priv_key, 32);
|
||||
memcpy(bx + 32, hash, 32);
|
||||
|
||||
memset(state->v, 1, sizeof(state->v));
|
||||
memset(state->k, 0, sizeof(state->k));
|
||||
|
||||
memcpy(buf, state->v, sizeof(state->v));
|
||||
buf[sizeof(state->v)] = 0x00;
|
||||
memcpy(buf + sizeof(state->v) + 1, bx, 64);
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
|
||||
memcpy(buf, state->v, sizeof(state->v));
|
||||
buf[sizeof(state->v)] = 0x01;
|
||||
memcpy(buf + sizeof(state->v) + 1, bx, 64);
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
|
||||
memzero(bx, sizeof(bx));
|
||||
memzero(buf, sizeof(buf));
|
||||
hmac_drbg_init(state, priv_key, 32, hash, 32);
|
||||
}
|
||||
|
||||
// generate next number from deterministic random number generator
|
||||
void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state) {
|
||||
uint8_t buf[32 + 1];
|
||||
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
memcpy(buf, state->v, sizeof(state->v));
|
||||
buf[sizeof(state->v)] = 0x00;
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(state->v) + 1, state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
memcpy(rnd, buf, 32);
|
||||
memzero(buf, sizeof(buf));
|
||||
hmac_drbg_generate(state, rnd, 32);
|
||||
}
|
||||
|
||||
// generate K in a deterministic way, according to RFC6979
|
||||
|
@ -27,11 +27,10 @@
|
||||
|
||||
#include <stdint.h>
|
||||
#include "bignum.h"
|
||||
#include "hmac_drbg.h"
|
||||
|
||||
// rfc6979 pseudo random number generator state
|
||||
typedef struct {
|
||||
uint8_t v[32], k[32];
|
||||
} rfc6979_state;
|
||||
typedef HMAC_DRBG_CTX rfc6979_state;
|
||||
|
||||
void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash,
|
||||
rfc6979_state *rng);
|
||||
|
Loading…
Reference in New Issue
Block a user