mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-29 10:58:21 +00:00
cleanup coding style
This commit is contained in:
parent
6ec585fcee
commit
21d0bb437a
9
base58.c
9
base58.c
@ -26,7 +26,7 @@
|
|||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include "base58.h"
|
#include "base58.h"
|
||||||
#include "sha2.h"
|
#include "sha2.h"
|
||||||
#include "macro_utils.h"
|
#include "macros.h"
|
||||||
|
|
||||||
static const int8_t b58digits_map[] = {
|
static const int8_t b58digits_map[] = {
|
||||||
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
|
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
|
||||||
@ -184,8 +184,6 @@ bool b58enc(char *b58, size_t *b58sz, const void *data, size_t binsz)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
|
|
||||||
int base58_encode_check(const uint8_t *data, int datalen, char *str, int strsize)
|
int base58_encode_check(const uint8_t *data, int datalen, char *str, int strsize)
|
||||||
{
|
{
|
||||||
if (datalen > 128) {
|
if (datalen > 128) {
|
||||||
@ -197,10 +195,9 @@ int base58_encode_check(const uint8_t *data, int datalen, char *str, int strsize
|
|||||||
sha256_Raw(data, datalen, hash);
|
sha256_Raw(data, datalen, hash);
|
||||||
sha256_Raw(hash, 32, hash);
|
sha256_Raw(hash, 32, hash);
|
||||||
size_t res = strsize;
|
size_t res = strsize;
|
||||||
bool fSuccess = b58enc(str, &res, buf, datalen + 4);
|
bool success = b58enc(str, &res, buf, datalen + 4);
|
||||||
|
|
||||||
MEMSET_BZERO(buf, sizeof(buf));
|
MEMSET_BZERO(buf, sizeof(buf));
|
||||||
return fSuccess ? res : 0;
|
return success ? res : 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int base58_decode_check(const char *str, uint8_t *data, int datalen)
|
int base58_decode_check(const char *str, uint8_t *data, int datalen)
|
||||||
|
25
bignum.c
25
bignum.c
@ -26,7 +26,7 @@
|
|||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include "bignum.h"
|
#include "bignum.h"
|
||||||
#include "secp256k1.h"
|
#include "secp256k1.h"
|
||||||
#include "macro_utils.h"
|
#include "macros.h"
|
||||||
|
|
||||||
inline uint32_t read_be(const uint8_t *data)
|
inline uint32_t read_be(const uint8_t *data)
|
||||||
{
|
{
|
||||||
@ -226,7 +226,7 @@ void bn_multiply(const bignum256 *k, bignum256 *x, const bignum256 *prime)
|
|||||||
// 0 <= res < 2^(30k + 256) * (2^30 + 1)
|
// 0 <= res < 2^(30k + 256) * (2^30 + 1)
|
||||||
// estimate (res / prime)
|
// estimate (res / prime)
|
||||||
coef = (res[i] >> 16) + (res[i + 1] << 14);
|
coef = (res[i] >> 16) + (res[i + 1] << 14);
|
||||||
|
|
||||||
// coef = res / 2^(30k + 256) rounded down
|
// coef = res / 2^(30k + 256) rounded down
|
||||||
// 0 <= coef <= 2^30
|
// 0 <= coef <= 2^30
|
||||||
// subtract (coef * 2^(30k) * prime) from res
|
// subtract (coef * 2^(30k) * prime) from res
|
||||||
@ -239,7 +239,7 @@ void bn_multiply(const bignum256 *k, bignum256 *x, const bignum256 *prime)
|
|||||||
res[i - 8 + j] = temp & 0x3FFFFFFF;
|
res[i - 8 + j] = temp & 0x3FFFFFFF;
|
||||||
}
|
}
|
||||||
// we don't clear res[i+1] but we never read it again.
|
// we don't clear res[i+1] but we never read it again.
|
||||||
|
|
||||||
// we rely on the fact that prime > 2^256 - 2^196
|
// we rely on the fact that prime > 2^256 - 2^196
|
||||||
// res = oldres - coef*2^(30k) * prime;
|
// res = oldres - coef*2^(30k) * prime;
|
||||||
// and
|
// and
|
||||||
@ -253,8 +253,7 @@ void bn_multiply(const bignum256 *k, bignum256 *x, const bignum256 *prime)
|
|||||||
for (i = 0; i < 9; i++) {
|
for (i = 0; i < 9; i++) {
|
||||||
x->val[i] = res[i];
|
x->val[i] = res[i];
|
||||||
}
|
}
|
||||||
|
MEMSET_BZERO(res, sizeof(res));
|
||||||
MEMSET_BZERO(res,sizeof(res));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// input x can be any normalized number that fits (0 <= x < 2^270).
|
// input x can be any normalized number that fits (0 <= x < 2^270).
|
||||||
@ -312,10 +311,8 @@ void bn_sqrt(bignum256 *x, const bignum256 *prime)
|
|||||||
}
|
}
|
||||||
bn_mod(&res, prime);
|
bn_mod(&res, prime);
|
||||||
memcpy(x, &res, sizeof(bignum256));
|
memcpy(x, &res, sizeof(bignum256));
|
||||||
|
|
||||||
MEMSET_BZERO(&res, sizeof(res));
|
MEMSET_BZERO(&res, sizeof(res));
|
||||||
MEMSET_BZERO(&p, sizeof(p));
|
MEMSET_BZERO(&p, sizeof(p));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if ! USE_INVERSE_FAST
|
#if ! USE_INVERSE_FAST
|
||||||
@ -408,14 +405,14 @@ void bn_inverse(bignum256 *x, const bignum256 *prime)
|
|||||||
odd = &us;
|
odd = &us;
|
||||||
even = &vr;
|
even = &vr;
|
||||||
|
|
||||||
// u = prime, v = x
|
// u = prime, v = x
|
||||||
// r = 0 , s = 1
|
// r = 0 , s = 1
|
||||||
// k = 0
|
// k = 0
|
||||||
for (;;) {
|
for (;;) {
|
||||||
// invariants:
|
// invariants:
|
||||||
// let u = limbs us.a[0..u.len1-1] in little endian,
|
// let u = limbs us.a[0..u.len1-1] in little endian,
|
||||||
// let s = limbs us.a[u.len..8] in big endian,
|
// let s = limbs us.a[u.len..8] in big endian,
|
||||||
// let v = limbs vr.a[0..u.len1-1] in little endian,
|
// let v = limbs vr.a[0..u.len1-1] in little endian,
|
||||||
// let r = limbs vr.a[u.len..8] in big endian,
|
// let r = limbs vr.a[u.len..8] in big endian,
|
||||||
// r,s >= 0 ; u,v >= 1
|
// r,s >= 0 ; u,v >= 1
|
||||||
// x*-r = u*2^k mod prime
|
// x*-r = u*2^k mod prime
|
||||||
@ -425,7 +422,7 @@ void bn_inverse(bignum256 *x, const bignum256 *prime)
|
|||||||
// max(u,v) <= 2^k (*) see comment at end of loop
|
// max(u,v) <= 2^k (*) see comment at end of loop
|
||||||
// gcd(u,v) = 1
|
// gcd(u,v) = 1
|
||||||
// {odd,even} = {&us, &vr}
|
// {odd,even} = {&us, &vr}
|
||||||
// odd->a[0] and odd->a[8] are odd
|
// odd->a[0] and odd->a[8] are odd
|
||||||
// even->a[0] or even->a[8] is even
|
// even->a[0] or even->a[8] is even
|
||||||
//
|
//
|
||||||
// first u/v are large and r/s small
|
// first u/v are large and r/s small
|
||||||
@ -486,7 +483,7 @@ void bn_inverse(bignum256 *x, const bignum256 *prime)
|
|||||||
assert(even->a[0] & 1);
|
assert(even->a[0] & 1);
|
||||||
assert((even->a[8] & 1) == 0);
|
assert((even->a[8] & 1) == 0);
|
||||||
|
|
||||||
// cmp > 0 if us.a[0..len1-1] > vr.a[0..len1-1],
|
// cmp > 0 if us.a[0..len1-1] > vr.a[0..len1-1],
|
||||||
// cmp = 0 if equal, < 0 if less.
|
// cmp = 0 if equal, < 0 if less.
|
||||||
cmp = us.len1 - vr.len1;
|
cmp = us.len1 - vr.len1;
|
||||||
if (cmp == 0) {
|
if (cmp == 0) {
|
||||||
@ -567,7 +564,7 @@ void bn_inverse(bignum256 *x, const bignum256 *prime)
|
|||||||
// We use the Explicit Quadratic Modular inverse algorithm.
|
// We use the Explicit Quadratic Modular inverse algorithm.
|
||||||
// http://arxiv.org/pdf/1209.6626.pdf
|
// http://arxiv.org/pdf/1209.6626.pdf
|
||||||
// a^-1 = (2-a) * PROD_i (1 + (a - 1)^(2^i)) mod 2^32
|
// a^-1 = (2-a) * PROD_i (1 + (a - 1)^(2^i)) mod 2^32
|
||||||
// the product will converge quickly, because (a-1)^(2^i) will be
|
// the product will converge quickly, because (a-1)^(2^i) will be
|
||||||
// zero mod 2^32 after at most five iterations.
|
// zero mod 2^32 after at most five iterations.
|
||||||
// We want to compute -prime^-1 so we start with (pp[0]-2).
|
// We want to compute -prime^-1 so we start with (pp[0]-2).
|
||||||
assert(pp[0] & 1);
|
assert(pp[0] & 1);
|
||||||
@ -622,7 +619,7 @@ void bn_inverse(bignum256 *x, const bignum256 *prime)
|
|||||||
}
|
}
|
||||||
x->val[i] = temp32;
|
x->val[i] = temp32;
|
||||||
|
|
||||||
// Let's wipe all temp buffers.
|
// let's wipe all temp buffers
|
||||||
MEMSET_BZERO(pp, sizeof(pp));
|
MEMSET_BZERO(pp, sizeof(pp));
|
||||||
MEMSET_BZERO(&us, sizeof(us));
|
MEMSET_BZERO(&us, sizeof(us));
|
||||||
MEMSET_BZERO(&vr, sizeof(vr));
|
MEMSET_BZERO(&vr, sizeof(vr));
|
||||||
|
76
bip32.c
76
bip32.c
@ -31,7 +31,7 @@
|
|||||||
#include "sha2.h"
|
#include "sha2.h"
|
||||||
#include "ripemd160.h"
|
#include "ripemd160.h"
|
||||||
#include "base58.h"
|
#include "base58.h"
|
||||||
#include "macro_utils.h"
|
#include "macros.h"
|
||||||
|
|
||||||
int hdnode_from_xpub(uint32_t depth, uint32_t fingerprint, uint32_t child_num, const uint8_t *chain_code, const uint8_t *public_key, HDNode *out)
|
int hdnode_from_xpub(uint32_t depth, uint32_t fingerprint, uint32_t child_num, const uint8_t *chain_code, const uint8_t *public_key, HDNode *out)
|
||||||
{
|
{
|
||||||
@ -53,15 +53,16 @@ int hdnode_from_xprv(uint32_t depth, uint32_t fingerprint, uint32_t child_num, c
|
|||||||
bn_read_be(private_key, &a);
|
bn_read_be(private_key, &a);
|
||||||
|
|
||||||
bool failed = false;
|
bool failed = false;
|
||||||
if (bn_is_zero(&a)) {
|
if (bn_is_zero(&a)) { // == 0
|
||||||
failed = true;
|
|
||||||
}
|
|
||||||
else if( !bn_is_less(&a, &order256k1)) { // == 0 or >= order
|
|
||||||
MEMSET_BZERO(&a,sizeof(a));
|
|
||||||
failed = true;
|
failed = true;
|
||||||
|
} else {
|
||||||
|
if (!bn_is_less(&a, &order256k1)) { // >= order
|
||||||
|
failed = true;
|
||||||
|
}
|
||||||
|
MEMSET_BZERO(&a, sizeof(a));
|
||||||
}
|
}
|
||||||
|
|
||||||
if(failed) {
|
if (failed) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -87,25 +88,21 @@ int hdnode_from_seed(const uint8_t *seed, int seed_len, HDNode *out)
|
|||||||
bn_read_be(out->private_key, &a);
|
bn_read_be(out->private_key, &a);
|
||||||
|
|
||||||
bool failed = false;
|
bool failed = false;
|
||||||
if (bn_is_zero(&a)) {
|
if (bn_is_zero(&a)) { // == 0
|
||||||
failed = true;
|
failed = true;
|
||||||
}
|
} else {
|
||||||
else
|
if (!bn_is_less(&a, &order256k1)) { // >= order
|
||||||
{
|
|
||||||
if( !bn_is_less(&a, &order256k1)) { // == 0 or >= order
|
|
||||||
failed = true;
|
failed = true;
|
||||||
}
|
}
|
||||||
|
MEMSET_BZERO(&a, sizeof(a));
|
||||||
// Making sure a is wiped.
|
|
||||||
MEMSET_BZERO(&a,sizeof(a));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!failed) {
|
if (!failed) {
|
||||||
memcpy(out->chain_code, I + 32, 32);
|
memcpy(out->chain_code, I + 32, 32);
|
||||||
hdnode_fill_public_key(out);
|
hdnode_fill_public_key(out);
|
||||||
}
|
}
|
||||||
|
|
||||||
MEMSET_BZERO(I,sizeof(I));
|
MEMSET_BZERO(I, sizeof(I));
|
||||||
return failed ? 0 : 1;
|
return failed ? 0 : 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -141,30 +138,25 @@ int hdnode_private_ckd(HDNode *inout, uint32_t i)
|
|||||||
if (!bn_is_less(&b, &order256k1)) { // >= order
|
if (!bn_is_less(&b, &order256k1)) { // >= order
|
||||||
failed = true;
|
failed = true;
|
||||||
}
|
}
|
||||||
if(!failed) {
|
if (!failed) {
|
||||||
|
|
||||||
bn_addmod(&a, &b, &order256k1);
|
bn_addmod(&a, &b, &order256k1);
|
||||||
|
|
||||||
if (bn_is_zero(&a)) {
|
if (bn_is_zero(&a)) {
|
||||||
failed = true;
|
failed = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (!failed) {
|
||||||
if(!failed)
|
|
||||||
{
|
|
||||||
inout->depth++;
|
inout->depth++;
|
||||||
inout->child_num = i;
|
inout->child_num = i;
|
||||||
bn_write_be(&a, inout->private_key);
|
bn_write_be(&a, inout->private_key);
|
||||||
|
|
||||||
hdnode_fill_public_key(inout);
|
hdnode_fill_public_key(inout);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Making sure to wipe our memory!
|
// making sure to wipe our memory
|
||||||
MEMSET_BZERO(&a,sizeof(a));
|
MEMSET_BZERO(&a, sizeof(a));
|
||||||
MEMSET_BZERO(&b,sizeof(b));
|
MEMSET_BZERO(&b, sizeof(b));
|
||||||
MEMSET_BZERO(I,sizeof(I));
|
MEMSET_BZERO(I, sizeof(I));
|
||||||
MEMSET_BZERO(fingerprint,sizeof(fingerprint));
|
MEMSET_BZERO(fingerprint, sizeof(fingerprint));
|
||||||
MEMSET_BZERO(data,sizeof(data));
|
MEMSET_BZERO(data, sizeof(data));
|
||||||
return failed ? 0 : 1;
|
return failed ? 0 : 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -194,43 +186,37 @@ int hdnode_public_ckd(HDNode *inout, uint32_t i)
|
|||||||
failed = true;
|
failed = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!failed)
|
if (!failed) {
|
||||||
{
|
|
||||||
hmac_sha512(inout->chain_code, 32, data, sizeof(data), I);
|
hmac_sha512(inout->chain_code, 32, data, sizeof(data), I);
|
||||||
memcpy(inout->chain_code, I + 32, 32);
|
memcpy(inout->chain_code, I + 32, 32);
|
||||||
bn_read_be(I, &c);
|
bn_read_be(I, &c);
|
||||||
|
|
||||||
if (!bn_is_less(&c, &order256k1)) { // >= order
|
if (!bn_is_less(&c, &order256k1)) { // >= order
|
||||||
failed = true;
|
failed = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!failed)
|
if (!failed) {
|
||||||
{
|
|
||||||
scalar_multiply(&c, &b); // b = c * G
|
scalar_multiply(&c, &b); // b = c * G
|
||||||
point_add(&a, &b); // b = a + b
|
point_add(&a, &b); // b = a + b
|
||||||
|
|
||||||
if (!ecdsa_validate_pubkey(&b)) {
|
if (!ecdsa_validate_pubkey(&b)) {
|
||||||
failed = true;
|
failed = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!failed)
|
if (!failed) {
|
||||||
{
|
|
||||||
inout->public_key[0] = 0x02 | (b.y.val[0] & 0x01);
|
inout->public_key[0] = 0x02 | (b.y.val[0] & 0x01);
|
||||||
bn_write_be(&b.x, inout->public_key + 1);
|
bn_write_be(&b.x, inout->public_key + 1);
|
||||||
|
|
||||||
inout->depth++;
|
inout->depth++;
|
||||||
inout->child_num = i;
|
inout->child_num = i;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Wipe all stack data.
|
// Wipe all stack data.
|
||||||
MEMSET_BZERO(data,sizeof(data));
|
MEMSET_BZERO(data, sizeof(data));
|
||||||
MEMSET_BZERO(I,sizeof(I));
|
MEMSET_BZERO(I, sizeof(I));
|
||||||
MEMSET_BZERO(fingerprint,sizeof(fingerprint));
|
MEMSET_BZERO(fingerprint, sizeof(fingerprint));
|
||||||
MEMSET_BZERO(&a,sizeof(a));
|
MEMSET_BZERO(&a, sizeof(a));
|
||||||
MEMSET_BZERO(&b,sizeof(b));
|
MEMSET_BZERO(&b, sizeof(b));
|
||||||
MEMSET_BZERO(&c,sizeof(c));
|
MEMSET_BZERO(&c, sizeof(c));
|
||||||
|
|
||||||
return failed ? 0 : 1;
|
return failed ? 0 : 1;
|
||||||
}
|
}
|
||||||
|
80
ecdsa.c
80
ecdsa.c
@ -33,7 +33,7 @@
|
|||||||
#include "hmac.h"
|
#include "hmac.h"
|
||||||
#include "ecdsa.h"
|
#include "ecdsa.h"
|
||||||
#include "base58.h"
|
#include "base58.h"
|
||||||
#include "macro_utils.h"
|
#include "macros.h"
|
||||||
|
|
||||||
// Set cp2 = cp1
|
// Set cp2 = cp1
|
||||||
void point_copy(const curve_point *cp1, curve_point *cp2)
|
void point_copy(const curve_point *cp1, curve_point *cp2)
|
||||||
@ -165,12 +165,12 @@ int point_is_negative_of(const curve_point *p, const curve_point *q)
|
|||||||
if (!bn_is_equal(&(p->x), &(q->x))) {
|
if (!bn_is_equal(&(p->x), &(q->x))) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// we shouldn't hit this for a valid point
|
// we shouldn't hit this for a valid point
|
||||||
if (bn_is_zero(&(p->y))) {
|
if (bn_is_zero(&(p->y))) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return !bn_is_equal(&(p->y), &(q->y));
|
return !bn_is_equal(&(p->y), &(q->y));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -200,7 +200,7 @@ static void curve_to_jacobian(const curve_point *p, jacobian_curve_point *jp) {
|
|||||||
jp->z.val[i] = random32() & 0x3FFFFFFF;
|
jp->z.val[i] = random32() & 0x3FFFFFFF;
|
||||||
}
|
}
|
||||||
jp->z.val[8] = (random32() & 0x7fff) + 1;
|
jp->z.val[8] = (random32() & 0x7fff) + 1;
|
||||||
|
|
||||||
jp->x = jp->z;
|
jp->x = jp->z;
|
||||||
bn_multiply(&jp->z, &jp->x, &prime256k1);
|
bn_multiply(&jp->z, &jp->x, &prime256k1);
|
||||||
// x = z^2
|
// x = z^2
|
||||||
@ -259,7 +259,6 @@ static void point_jacobian_add(const curve_point *p1, jacobian_curve_point *p2)
|
|||||||
* and y3 = (lambda * (x2/z2^2 - x3/z3^2) - y2/z2^3) * z3^3
|
* and y3 = (lambda * (x2/z2^2 - x3/z3^2) - y2/z2^3) * z3^3
|
||||||
* = r * (h^2*x2 - x3) - h^3*y2
|
* = r * (h^2*x2 - x3) - h^3*y2
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
/* h = x1*z2^2 - x2
|
/* h = x1*z2^2 - x2
|
||||||
* r = y1*z2^3 - y2
|
* r = y1*z2^3 - y2
|
||||||
@ -347,7 +346,6 @@ static void point_jacobian_double(jacobian_curve_point *p) {
|
|||||||
* and y3 = (lambda * (x/z^2 - x3/z3^2) - y/z^3) * z3^3
|
* and y3 = (lambda * (x/z^2 - x3/z3^2) - y/z^3) * z3^3
|
||||||
* = m * (xy^2 - x3) - y^4
|
* = m * (xy^2 - x3) - y^4
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
/* m = 3/2*x*x
|
/* m = 3/2*x*x
|
||||||
* x3 = m^2 - 2*xy^2
|
* x3 = m^2 - 2*xy^2
|
||||||
@ -486,7 +484,7 @@ void point_multiply(const bignum256 *k, const curve_point *p, curve_point *res)
|
|||||||
// negate last result to make signs of this round and the
|
// negate last result to make signs of this round and the
|
||||||
// last round equal.
|
// last round equal.
|
||||||
conditional_negate(sign ^ nsign, &jres.z, &prime256k1);
|
conditional_negate(sign ^ nsign, &jres.z, &prime256k1);
|
||||||
|
|
||||||
// add odd factor
|
// add odd factor
|
||||||
point_jacobian_add(&pmult[bits >> 1], &jres);
|
point_jacobian_add(&pmult[bits >> 1], &jres);
|
||||||
sign = nsign;
|
sign = nsign;
|
||||||
@ -572,7 +570,7 @@ void scalar_multiply(const bignum256 *k, curve_point *res)
|
|||||||
// negate last result to make signs of this round and the
|
// negate last result to make signs of this round and the
|
||||||
// last round equal.
|
// last round equal.
|
||||||
conditional_negate((lowbits & 1) - 1, &jres.y, &prime256k1);
|
conditional_negate((lowbits & 1) - 1, &jres.y, &prime256k1);
|
||||||
|
|
||||||
// add odd factor
|
// add odd factor
|
||||||
point_jacobian_add(&secp256k1_cp[i][lowbits >> 1], &jres);
|
point_jacobian_add(&secp256k1_cp[i][lowbits >> 1], &jres);
|
||||||
}
|
}
|
||||||
@ -656,7 +654,6 @@ int ecdsa_sign(const uint8_t *priv_key, const uint8_t *msg, uint32_t msg_len, ui
|
|||||||
uint8_t hash[32];
|
uint8_t hash[32];
|
||||||
sha256_Raw(msg, msg_len, hash);
|
sha256_Raw(msg, msg_len, hash);
|
||||||
int res = ecdsa_sign_digest(priv_key, hash, sig, pby);
|
int res = ecdsa_sign_digest(priv_key, hash, sig, pby);
|
||||||
|
|
||||||
MEMSET_BZERO(hash, sizeof(hash));
|
MEMSET_BZERO(hash, sizeof(hash));
|
||||||
return res;
|
return res;
|
||||||
|
|
||||||
@ -670,9 +667,7 @@ int ecdsa_sign_double(const uint8_t *priv_key, const uint8_t *msg, uint32_t msg_
|
|||||||
sha256_Raw(msg, msg_len, hash);
|
sha256_Raw(msg, msg_len, hash);
|
||||||
sha256_Raw(hash, 32, hash);
|
sha256_Raw(hash, 32, hash);
|
||||||
int res = ecdsa_sign_digest(priv_key, hash, sig, pby);
|
int res = ecdsa_sign_digest(priv_key, hash, sig, pby);
|
||||||
|
|
||||||
MEMSET_BZERO(hash, sizeof(hash));
|
MEMSET_BZERO(hash, sizeof(hash));
|
||||||
|
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -701,7 +696,7 @@ int ecdsa_sign_digest(const uint8_t *priv_key, const uint8_t *digest, uint8_t *s
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(result == 0) {
|
if (result == 0) {
|
||||||
// compute k*G
|
// compute k*G
|
||||||
scalar_multiply(&k, &R);
|
scalar_multiply(&k, &R);
|
||||||
if (pby) {
|
if (pby) {
|
||||||
@ -716,7 +711,7 @@ int ecdsa_sign_digest(const uint8_t *priv_key, const uint8_t *digest, uint8_t *s
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(result == 0) {
|
if (result == 0) {
|
||||||
bn_inverse(&k, &order256k1);
|
bn_inverse(&k, &order256k1);
|
||||||
bn_read_be(priv_key, da);
|
bn_read_be(priv_key, da);
|
||||||
bn_multiply(&R.x, da, &order256k1);
|
bn_multiply(&R.x, da, &order256k1);
|
||||||
@ -734,8 +729,7 @@ int ecdsa_sign_digest(const uint8_t *priv_key, const uint8_t *digest, uint8_t *s
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(result == 0)
|
if (result == 0) {
|
||||||
{
|
|
||||||
// if S > order/2 => S = -S
|
// if S > order/2 => S = -S
|
||||||
if (bn_is_less(&order256k1_half, &k)) {
|
if (bn_is_less(&order256k1_half, &k)) {
|
||||||
bn_subtract(&order256k1, &k, &k);
|
bn_subtract(&order256k1, &k, &k);
|
||||||
@ -748,9 +742,9 @@ int ecdsa_sign_digest(const uint8_t *priv_key, const uint8_t *digest, uint8_t *s
|
|||||||
bn_write_be(&k, sig + 32);
|
bn_write_be(&k, sig + 32);
|
||||||
}
|
}
|
||||||
|
|
||||||
MEMSET_BZERO(&k,sizeof(k));
|
MEMSET_BZERO(&k, sizeof(k));
|
||||||
MEMSET_BZERO(&z,sizeof(z));
|
MEMSET_BZERO(&z, sizeof(z));
|
||||||
MEMSET_BZERO(&R,sizeof(R));
|
MEMSET_BZERO(&R, sizeof(R));
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -764,8 +758,8 @@ void ecdsa_get_public_key33(const uint8_t *priv_key, uint8_t *pub_key)
|
|||||||
scalar_multiply(&k, &R);
|
scalar_multiply(&k, &R);
|
||||||
pub_key[0] = 0x02 | (R.y.val[0] & 0x01);
|
pub_key[0] = 0x02 | (R.y.val[0] & 0x01);
|
||||||
bn_write_be(&R.x, pub_key + 1);
|
bn_write_be(&R.x, pub_key + 1);
|
||||||
MEMSET_BZERO(&R,sizeof(R));
|
MEMSET_BZERO(&R, sizeof(R));
|
||||||
MEMSET_BZERO(&k,sizeof(k));
|
MEMSET_BZERO(&k, sizeof(k));
|
||||||
}
|
}
|
||||||
|
|
||||||
void ecdsa_get_public_key65(const uint8_t *priv_key, uint8_t *pub_key)
|
void ecdsa_get_public_key65(const uint8_t *priv_key, uint8_t *pub_key)
|
||||||
@ -779,8 +773,8 @@ void ecdsa_get_public_key65(const uint8_t *priv_key, uint8_t *pub_key)
|
|||||||
pub_key[0] = 0x04;
|
pub_key[0] = 0x04;
|
||||||
bn_write_be(&R.x, pub_key + 1);
|
bn_write_be(&R.x, pub_key + 1);
|
||||||
bn_write_be(&R.y, pub_key + 33);
|
bn_write_be(&R.y, pub_key + 33);
|
||||||
MEMSET_BZERO(&R,sizeof(R));
|
MEMSET_BZERO(&R, sizeof(R));
|
||||||
MEMSET_BZERO(&k,sizeof(k));
|
MEMSET_BZERO(&k, sizeof(k));
|
||||||
}
|
}
|
||||||
|
|
||||||
void ecdsa_get_pubkeyhash(const uint8_t *pub_key, uint8_t *pubkeyhash)
|
void ecdsa_get_pubkeyhash(const uint8_t *pub_key, uint8_t *pubkeyhash)
|
||||||
@ -794,7 +788,7 @@ void ecdsa_get_pubkeyhash(const uint8_t *pub_key, uint8_t *pubkeyhash)
|
|||||||
sha256_Raw(pub_key, 33, h); // expecting compressed format
|
sha256_Raw(pub_key, 33, h); // expecting compressed format
|
||||||
}
|
}
|
||||||
ripemd160(h, 32, pubkeyhash);
|
ripemd160(h, 32, pubkeyhash);
|
||||||
MEMSET_BZERO(h,sizeof(h));
|
MEMSET_BZERO(h, sizeof(h));
|
||||||
}
|
}
|
||||||
|
|
||||||
void ecdsa_get_address_raw(const uint8_t *pub_key, uint8_t version, uint8_t *addr_raw)
|
void ecdsa_get_address_raw(const uint8_t *pub_key, uint8_t version, uint8_t *addr_raw)
|
||||||
@ -809,8 +803,8 @@ void ecdsa_get_address(const uint8_t *pub_key, uint8_t version, char *addr, int
|
|||||||
ecdsa_get_address_raw(pub_key, version, raw);
|
ecdsa_get_address_raw(pub_key, version, raw);
|
||||||
base58_encode_check(raw, 21, addr, addrsize);
|
base58_encode_check(raw, 21, addr, addrsize);
|
||||||
|
|
||||||
// Not as important to clear this one, but we might as well.
|
// not as important to clear this one, but we might as well
|
||||||
MEMSET_BZERO(raw,sizeof(raw));
|
MEMSET_BZERO(raw, sizeof(raw));
|
||||||
}
|
}
|
||||||
|
|
||||||
void ecdsa_get_wif(const uint8_t *priv_key, uint8_t version, char *wif, int wifsize)
|
void ecdsa_get_wif(const uint8_t *priv_key, uint8_t version, char *wif, int wifsize)
|
||||||
@ -821,8 +815,8 @@ void ecdsa_get_wif(const uint8_t *priv_key, uint8_t version, char *wif, int wifs
|
|||||||
data[33] = 0x01;
|
data[33] = 0x01;
|
||||||
base58_encode_check(data, 34, wif, wifsize);
|
base58_encode_check(data, 34, wif, wifsize);
|
||||||
|
|
||||||
// This private keys running around our stack can cause trouble!
|
// private keys running around our stack can cause trouble
|
||||||
MEMSET_BZERO(data,sizeof(data));
|
MEMSET_BZERO(data, sizeof(data));
|
||||||
}
|
}
|
||||||
|
|
||||||
int ecdsa_address_decode(const char *addr, uint8_t *out)
|
int ecdsa_address_decode(const char *addr, uint8_t *out)
|
||||||
@ -907,8 +901,7 @@ int ecdsa_verify(const uint8_t *pub_key, const uint8_t *sig, const uint8_t *msg,
|
|||||||
uint8_t hash[32];
|
uint8_t hash[32];
|
||||||
sha256_Raw(msg, msg_len, hash);
|
sha256_Raw(msg, msg_len, hash);
|
||||||
int res = ecdsa_verify_digest(pub_key, sig, hash);
|
int res = ecdsa_verify_digest(pub_key, sig, hash);
|
||||||
|
MEMSET_BZERO(hash, sizeof(hash));
|
||||||
MEMSET_BZERO(hash,sizeof(hash));
|
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -917,10 +910,8 @@ int ecdsa_verify_double(const uint8_t *pub_key, const uint8_t *sig, const uint8_
|
|||||||
uint8_t hash[32];
|
uint8_t hash[32];
|
||||||
sha256_Raw(msg, msg_len, hash);
|
sha256_Raw(msg, msg_len, hash);
|
||||||
sha256_Raw(hash, 32, hash);
|
sha256_Raw(hash, 32, hash);
|
||||||
|
|
||||||
int res = ecdsa_verify_digest(pub_key, sig, hash);
|
int res = ecdsa_verify_digest(pub_key, sig, hash);
|
||||||
|
MEMSET_BZERO(hash, sizeof(hash));
|
||||||
MEMSET_BZERO(hash,sizeof(hash));
|
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -958,24 +949,23 @@ int ecdsa_verify_digest(const uint8_t *pub_key, const uint8_t *sig, const uint8_
|
|||||||
scalar_multiply(&z, &res);
|
scalar_multiply(&z, &res);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(result == 0) {
|
if (result == 0) {
|
||||||
|
// both pub and res can be infinity, can have y = 0 OR can be equal -> false negative
|
||||||
// both pub and res can be infinity, can have y = 0 OR can be equal -> false negative
|
point_multiply(&s, &pub, &pub);
|
||||||
point_multiply(&s, &pub, &pub);
|
point_add(&pub, &res);
|
||||||
point_add(&pub, &res);
|
bn_mod(&(res.x), &order256k1);
|
||||||
bn_mod(&(res.x), &order256k1);
|
// signature does not match
|
||||||
|
|
||||||
// signature does not match
|
|
||||||
if (!bn_is_equal(&res.x, &r)) {
|
if (!bn_is_equal(&res.x, &r)) {
|
||||||
result = 5;
|
result = 5;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MEMSET_BZERO(&pub,sizeof(pub));
|
MEMSET_BZERO(&pub, sizeof(pub));
|
||||||
MEMSET_BZERO(&res,sizeof(res));
|
MEMSET_BZERO(&res, sizeof(res));
|
||||||
MEMSET_BZERO(&r,sizeof(r));
|
MEMSET_BZERO(&r, sizeof(r));
|
||||||
MEMSET_BZERO(&s,sizeof(s));
|
MEMSET_BZERO(&s, sizeof(s));
|
||||||
MEMSET_BZERO(&z,sizeof(z));
|
MEMSET_BZERO(&z, sizeof(z));
|
||||||
|
|
||||||
// all OK
|
// all OK
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
15
hmac.c
15
hmac.c
@ -25,7 +25,7 @@
|
|||||||
|
|
||||||
#include "hmac.h"
|
#include "hmac.h"
|
||||||
#include "sha2.h"
|
#include "sha2.h"
|
||||||
#include "macro_utils.h"
|
#include "macros.h"
|
||||||
|
|
||||||
void hmac_sha256(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
|
void hmac_sha256(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
|
||||||
{
|
{
|
||||||
@ -54,10 +54,9 @@ void hmac_sha256(const uint8_t *key, const uint32_t keylen, const uint8_t *msg,
|
|||||||
sha256_Update(&ctx, o_key_pad, SHA256_BLOCK_LENGTH);
|
sha256_Update(&ctx, o_key_pad, SHA256_BLOCK_LENGTH);
|
||||||
sha256_Update(&ctx, buf, SHA256_DIGEST_LENGTH);
|
sha256_Update(&ctx, buf, SHA256_DIGEST_LENGTH);
|
||||||
sha256_Final(hmac, &ctx);
|
sha256_Final(hmac, &ctx);
|
||||||
MEMSET_BZERO(buf,sizeof(buf));
|
MEMSET_BZERO(buf, sizeof(buf));
|
||||||
MEMSET_BZERO(o_key_pad,sizeof(o_key_pad));
|
MEMSET_BZERO(o_key_pad, sizeof(o_key_pad));
|
||||||
MEMSET_BZERO(i_key_pad,sizeof(i_key_pad));
|
MEMSET_BZERO(i_key_pad, sizeof(i_key_pad));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
|
void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
|
||||||
@ -88,7 +87,7 @@ void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg,
|
|||||||
sha512_Update(&ctx, buf, SHA512_DIGEST_LENGTH);
|
sha512_Update(&ctx, buf, SHA512_DIGEST_LENGTH);
|
||||||
sha512_Final(hmac, &ctx);
|
sha512_Final(hmac, &ctx);
|
||||||
|
|
||||||
MEMSET_BZERO(buf,sizeof(buf));
|
MEMSET_BZERO(buf, sizeof(buf));
|
||||||
MEMSET_BZERO(o_key_pad,sizeof(o_key_pad));
|
MEMSET_BZERO(o_key_pad, sizeof(o_key_pad));
|
||||||
MEMSET_BZERO(i_key_pad,sizeof(i_key_pad));
|
MEMSET_BZERO(i_key_pad, sizeof(i_key_pad));
|
||||||
}
|
}
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
|
|
||||||
#if !defined( _MACRO_UTILS_H )
|
|
||||||
#define _MACRO_UTILS_H
|
|
||||||
|
|
||||||
#define MEMSET_BZERO(p,l) memset((p), 0, (l))
|
|
||||||
|
|
||||||
|
|
||||||
#endif
|
|
6
macros.h
Normal file
6
macros.h
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#ifndef __MACROS_H__
|
||||||
|
#define __MACROS_H__
|
||||||
|
|
||||||
|
#define MEMSET_BZERO(p,l) memset((p), 0, (l))
|
||||||
|
|
||||||
|
#endif
|
8
pbkdf2.c
8
pbkdf2.c
@ -24,7 +24,7 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "pbkdf2.h"
|
#include "pbkdf2.h"
|
||||||
#include "hmac.h"
|
#include "hmac.h"
|
||||||
#include "macro_utils.h"
|
#include "macros.h"
|
||||||
|
|
||||||
void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, uint8_t *salt, int saltlen, uint32_t iterations, uint8_t *key, int keylen, void (*progress_callback)(uint32_t current, uint32_t total))
|
void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, uint8_t *salt, int saltlen, uint32_t iterations, uint8_t *key, int keylen, void (*progress_callback)(uint32_t current, uint32_t total))
|
||||||
{
|
{
|
||||||
@ -57,8 +57,7 @@ void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, uint8_t *salt, int sal
|
|||||||
memcpy(key + HMACLEN * (i - 1), f, HMACLEN);
|
memcpy(key + HMACLEN * (i - 1), f, HMACLEN);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
MEMSET_BZERO(f, sizeof(f));
|
||||||
MEMSET_BZERO(f,sizeof(f));
|
|
||||||
MEMSET_BZERO(g, sizeof(g));
|
MEMSET_BZERO(g, sizeof(g));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -93,7 +92,6 @@ void pbkdf2_hmac_sha512(const uint8_t *pass, int passlen, uint8_t *salt, int sal
|
|||||||
memcpy(key + HMACLEN * (i - 1), f, HMACLEN);
|
memcpy(key + HMACLEN * (i - 1), f, HMACLEN);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
MEMSET_BZERO(f, sizeof(f));
|
||||||
MEMSET_BZERO(f,sizeof(f));
|
|
||||||
MEMSET_BZERO(g, sizeof(g));
|
MEMSET_BZERO(g, sizeof(g));
|
||||||
}
|
}
|
||||||
|
2
tests.c
2
tests.c
@ -1220,7 +1220,7 @@ START_TEST(test_secp256k1_cp) {
|
|||||||
point_multiply(&a, &G256k1, &p);
|
point_multiply(&a, &G256k1, &p);
|
||||||
ck_assert_mem_eq(&p, &secp256k1_cp[i][j], sizeof(curve_point));
|
ck_assert_mem_eq(&p, &secp256k1_cp[i][j], sizeof(curve_point));
|
||||||
|
|
||||||
// even/odd has different behaviour;
|
// even/odd has different behaviour;
|
||||||
// increment by one and test again
|
// increment by one and test again
|
||||||
p1 = p;
|
p1 = p;
|
||||||
point_add(&G256k1, &p1);
|
point_add(&G256k1, &p1);
|
||||||
|
Loading…
Reference in New Issue
Block a user