From 6ed8aad60840e47e8dd8954f5d6f2201f256823a Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Mon, 29 Jul 2024 18:32:47 +0200 Subject: [PATCH] fix(core): Remove bias in ed25519.generate_secret() [no changelog] --- core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h | 4 ---- core/tests/test_trezor.crypto.curve.ed25519.py | 6 ------ 2 files changed, 10 deletions(-) diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h index 17fea3cbcc..a09c18e919 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h @@ -34,10 +34,6 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_generate_secret() { vstr_t sk = {0}; vstr_init_len(&sk, 32); random_buffer((uint8_t *)sk.buf, sk.len); - // taken from https://cr.yp.to/ecdh.html - sk.buf[0] &= 248; - sk.buf[31] &= 127; - sk.buf[31] |= 64; return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk); } STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_ed25519_generate_secret_obj, diff --git a/core/tests/test_trezor.crypto.curve.ed25519.py b/core/tests/test_trezor.crypto.curve.ed25519.py index a03ef8c645..7cfb31b20a 100644 --- a/core/tests/test_trezor.crypto.curve.ed25519.py +++ b/core/tests/test_trezor.crypto.curve.ed25519.py @@ -69,12 +69,6 @@ class TestCryptoEd25519(unittest.TestCase): ) pass - def test_generate_secret(self): - for _ in range(100): - sk = ed25519.generate_secret() - self.assertTrue(len(sk) == 32) - self.assertTrue(sk[0] & 7 == 0 and sk[31] & 128 == 0 and sk[31] & 64 == 64) - def test_sign_verify_random(self): for l in range(1, 300): sk = ed25519.generate_secret()