1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-23 23:08:14 +00:00

fix(core): Remove bias in ed25519.generate_secret()

[no changelog]
This commit is contained in:
Andrew Kozlik 2024-07-29 18:32:47 +02:00 committed by Andrew Kozlik
parent b37971eea4
commit 6ed8aad608
2 changed files with 0 additions and 10 deletions

View File

@ -34,10 +34,6 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_generate_secret() {
vstr_t sk = {0}; vstr_t sk = {0};
vstr_init_len(&sk, 32); vstr_init_len(&sk, 32);
random_buffer((uint8_t *)sk.buf, sk.len); random_buffer((uint8_t *)sk.buf, sk.len);
// taken from https://cr.yp.to/ecdh.html
sk.buf[0] &= 248;
sk.buf[31] &= 127;
sk.buf[31] |= 64;
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk); return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk);
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_ed25519_generate_secret_obj, STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_ed25519_generate_secret_obj,

View File

@ -69,12 +69,6 @@ class TestCryptoEd25519(unittest.TestCase):
) )
pass pass
def test_generate_secret(self):
for _ in range(100):
sk = ed25519.generate_secret()
self.assertTrue(len(sk) == 32)
self.assertTrue(sk[0] & 7 == 0 and sk[31] & 128 == 0 and sk[31] & 64 == 64)
def test_sign_verify_random(self): def test_sign_verify_random(self):
for l in range(1, 300): for l in range(1, 300):
sk = ed25519.generate_secret() sk = ed25519.generate_secret()