arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-15 12:08:59 +00:00
Code Issues Releases Wiki Activity

ecdsa: generate_k_rfc6979() should cleanup its stack before exit

Browse Source
This commit is contained in:
Roman Zeyde 2015-06-27 10:08:18 +03:00
parent c58d4e03c5
commit 36847ac0d7
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ecdsa.c
View File

@ -608,7 +608,7 @@ int generate_k_random(bignum256 *k) {
// http://tools.ietf.org/html/rfc6979 // http://tools.ietf.org/html/rfc6979
int generate_k_rfc6979(bignum256 *secret, const uint8_t *priv_key, const uint8_t *hash) int generate_k_rfc6979(bignum256 *secret, const uint8_t *priv_key, const uint8_t *hash)
{ {
int i; int i, error;
uint8_t v[32], k[32], bx[2*32], buf[32 + 1 + sizeof(bx)]; uint8_t v[32], k[32], bx[2*32], buf[32 + 1 + sizeof(bx)];
bignum256 z1; bignum256 z1;
@ -632,11 +632,13 @@ int generate_k_rfc6979(bignum256 *secret, const uint8_t *priv_key, const uint8_t
hmac_sha256(k, sizeof(k), buf, sizeof(buf), k); hmac_sha256(k, sizeof(k), buf, sizeof(buf), k);
hmac_sha256(k, sizeof(k), v, sizeof(v), v); hmac_sha256(k, sizeof(k), v, sizeof(v), v);
error = 1;
for (i = 0; i < 10000; i++) { for (i = 0; i < 10000; i++) {
hmac_sha256(k, sizeof(k), v, sizeof(v), v); hmac_sha256(k, sizeof(k), v, sizeof(v), v);
bn_read_be(v, secret); bn_read_be(v, secret);
if ( !bn_is_zero(secret) && bn_is_less(secret, &order256k1) ) { if ( !bn_is_zero(secret) && bn_is_less(secret, &order256k1) ) {
return 0; // good number -> no error error = 0; // good number -> no error
break;
} }
memcpy(buf, v, sizeof(v)); memcpy(buf, v, sizeof(v));
buf[sizeof(v)] = 0x00; buf[sizeof(v)] = 0x00;
@ -644,7 +646,12 @@ int generate_k_rfc6979(bignum256 *secret, const uint8_t *priv_key, const uint8_t
hmac_sha256(k, sizeof(k), v, sizeof(v), v); hmac_sha256(k, sizeof(k), v, sizeof(v), v);
} }
// we generated 10000 numbers, none of them is good -> fail // we generated 10000 numbers, none of them is good -> fail
return 1;
MEMSET_BZERO(v, sizeof(v));
MEMSET_BZERO(k, sizeof(k));
MEMSET_BZERO(bx, sizeof(bx));
MEMSET_BZERO(buf, sizeof(buf));
return error;
} }
// msg is a data to be signed // msg is a data to be signed