From 71b12a2a713894104db291f94fca2382abb9ca9e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Vejpustek?= Date: Wed, 3 Nov 2021 22:38:39 +0100 Subject: [PATCH] refactor(crypto): make secp256k1_context_writable_randomize() return status --- crypto/zkp_bip340.c | 109 +++++++++++++++++++++++++++---------------- crypto/zkp_context.c | 10 +++- crypto/zkp_context.h | 2 +- crypto/zkp_ecdsa.c | 92 ++++++++++++++++++++++++------------ 4 files changed, 138 insertions(+), 75 deletions(-) diff --git a/crypto/zkp_bip340.c b/crypto/zkp_bip340.c index 0b354d0e9..f45505faf 100644 --- a/crypto/zkp_bip340.c +++ b/crypto/zkp_bip340.c @@ -47,33 +47,43 @@ int zkp_bip340_get_public_key(const uint8_t *private_key_bytes, uint8_t *public_key_bytes) { int result = 0; - secp256k1_pubkey pubkey = {0}; + secp256k1_context *context_writable = NULL; + if (result == 0) { + context_writable = zkp_context_acquire_writable(); + if (context_writable == NULL) { + result = -1; + } + } + if (result == 0) { + if (secp256k1_context_writable_randomize(context_writable) != 0) { + result = -1; + } + } + secp256k1_pubkey public_key = {0}; if (result == 0) { - secp256k1_context *context_writable = zkp_context_acquire_writable(); - if (context_writable) { - secp256k1_context_writable_randomize(context_writable); - if (secp256k1_ec_pubkey_create(context_writable, &pubkey, - private_key_bytes) != 1) { - result = -1; - } - zkp_context_release_writable(); - } else { + if (secp256k1_ec_pubkey_create(context_writable, &public_key, + private_key_bytes) != 1) { result = -1; } } + if (context_writable) { + zkp_context_release_writable(); + context_writable = NULL; + } + secp256k1_xonly_pubkey xonly_pubkey = {0}; const secp256k1_context *context_read_only = zkp_context_get_read_only(); if (result == 0) { if (secp256k1_xonly_pubkey_from_pubkey(context_read_only, &xonly_pubkey, - NULL, &pubkey) != 1) { + NULL, &public_key) != 1) { result = -1; } } - memzero(&pubkey, sizeof(pubkey)); + memzero(&public_key, sizeof(public_key)); if (result == 0) { if (secp256k1_xonly_pubkey_serialize(context_read_only, public_key_bytes, @@ -98,36 +108,45 @@ int zkp_bip340_sign_digest(const uint8_t *private_key_bytes, uint8_t *auxiliary_data) { int result = 0; + secp256k1_context *context_writable = NULL; + if (result == 0) { + context_writable = zkp_context_acquire_writable(); + if (context_writable == NULL) { + result = -1; + } + } + if (result == 0) { + if (secp256k1_context_writable_randomize(context_writable) != 0) { + result = -1; + } + } + secp256k1_keypair keypair = {0}; + if (result == 0) { + if (secp256k1_keypair_create(context_writable, &keypair, + private_key_bytes) != 1) { + result = -1; + } + } if (result == 0) { - secp256k1_context *context_writable = zkp_context_acquire_writable(); - if (context_writable) { - secp256k1_context_writable_randomize(context_writable); - if (secp256k1_keypair_create(context_writable, &keypair, - private_key_bytes) != 1) { - result = -1; - } - zkp_context_release_writable(); - } else { + if (secp256k1_context_writable_randomize(context_writable) != 0) { result = -1; } } if (result == 0) { - secp256k1_context *context_writable = zkp_context_acquire_writable(); - if (context_writable) { - secp256k1_context_writable_randomize(context_writable); - if (secp256k1_schnorrsig_sign(context_writable, signature_bytes, digest, - &keypair, auxiliary_data) != 1) { - result = -1; - } - zkp_context_release_writable(); - } else { + if (secp256k1_schnorrsig_sign(context_writable, signature_bytes, digest, + &keypair, auxiliary_data) != 1) { result = -1; } } + if (context_writable) { + zkp_context_release_writable(); + context_writable = NULL; + } + memzero(&keypair, sizeof(keypair)); return result; @@ -240,21 +259,29 @@ int zkp_bip340_tweak_private_key(const uint8_t *internal_private_key, uint8_t *output_private_key) { int result = 0; - secp256k1_keypair keypair = {0}; - + secp256k1_context *context_writable = NULL; if (result == 0) { - secp256k1_context *context_writable = zkp_context_acquire_writable(); - if (context_writable) { - secp256k1_context_writable_randomize(context_writable); - if (secp256k1_keypair_create(context_writable, &keypair, - internal_private_key) != 1) { - result = -1; - } - zkp_context_release_writable(); - } else { + context_writable = zkp_context_acquire_writable(); + if (context_writable == NULL) { result = -1; } } + if (result == 0) { + if (secp256k1_context_writable_randomize(context_writable) != 0) { + result = -1; + } + } + + secp256k1_keypair keypair = {0}; + if (secp256k1_keypair_create(context_writable, &keypair, + internal_private_key) != 1) { + result = -1; + } + + if (context_writable) { + zkp_context_release_writable(); + context_writable = NULL; + } const secp256k1_context *context_read_only = zkp_context_get_read_only(); diff --git a/crypto/zkp_context.c b/crypto/zkp_context.c index aac4cf7d9..c2e760a4a 100644 --- a/crypto/zkp_context.c +++ b/crypto/zkp_context.c @@ -34,12 +34,18 @@ static uint8_t context_buffer[SECP256K1_CONTEXT_SIZE]; static secp256k1_context *context; static volatile atomic_flag locked; -void secp256k1_context_writable_randomize(secp256k1_context *context_writable) { +// returns 0 on success +int secp256k1_context_writable_randomize(secp256k1_context *context_writable) { uint8_t seed[32] = {0}; random_buffer(seed, sizeof(seed)); int returned = secp256k1_context_randomize(context_writable, seed); memzero(seed, sizeof(seed)); - assert(returned == 1); + + if (returned != 1) { + return 1; + } + + return 0; } bool zkp_context_is_initialized(void) { return context != NULL; } diff --git a/crypto/zkp_context.h b/crypto/zkp_context.h index 02bf5ee19..1bef171c3 100644 --- a/crypto/zkp_context.h +++ b/crypto/zkp_context.h @@ -5,7 +5,7 @@ #include "vendor/secp256k1-zkp/include/secp256k1_preallocated.h" -void secp256k1_context_writable_randomize(secp256k1_context *context); +int secp256k1_context_writable_randomize(secp256k1_context *context); int zkp_context_init(void); void zkp_context_destroy(void); const secp256k1_context *zkp_context_get_read_only(void); diff --git a/crypto/zkp_ecdsa.c b/crypto/zkp_ecdsa.c index 2d0915fba..7d0733c9e 100644 --- a/crypto/zkp_ecdsa.c +++ b/crypto/zkp_ecdsa.c @@ -55,22 +55,32 @@ int zkp_ecdsa_get_public_key33(const ecdsa_curve *curve, int result = 0; - secp256k1_pubkey public_key = {0}; + secp256k1_context *context_writable = NULL; + if (result == 0) { + context_writable = zkp_context_acquire_writable(); + if (context_writable == NULL) { + result = 1; + } + } + if (result == 0) { + if (secp256k1_context_writable_randomize(context_writable) != 0) { + result = 1; + } + } + secp256k1_pubkey public_key = {0}; if (result == 0) { - secp256k1_context *context_writable = zkp_context_acquire_writable(); - if (context_writable) { - secp256k1_context_writable_randomize(context_writable); - if (secp256k1_ec_pubkey_create(context_writable, &public_key, - private_key_bytes) != 1) { - result = 1; - } - zkp_context_release_writable(); - } else { + if (secp256k1_ec_pubkey_create(context_writable, &public_key, + private_key_bytes) != 1) { result = 1; } } + if (context_writable) { + zkp_context_release_writable(); + context_writable = NULL; + } + if (result == 0) { size_t written = 33; const secp256k1_context *context_read_only = zkp_context_get_read_only(); @@ -102,22 +112,32 @@ int zkp_ecdsa_get_public_key65(const ecdsa_curve *curve, int result = 0; - secp256k1_pubkey public_key = {0}; + secp256k1_context *context_writable = NULL; + if (result == 0) { + context_writable = zkp_context_acquire_writable(); + if (context_writable == NULL) { + result = 1; + } + } + if (result == 0) { + if (secp256k1_context_writable_randomize(context_writable) != 0) { + result = 1; + } + } + secp256k1_pubkey public_key = {0}; if (result == 0) { - secp256k1_context *context_writable = zkp_context_acquire_writable(); - if (context_writable) { - secp256k1_context_writable_randomize(context_writable); - if (secp256k1_ec_pubkey_create(context_writable, &public_key, - private_key_bytes) != 1) { - result = 1; - } - zkp_context_release_writable(); - } else { + if (secp256k1_ec_pubkey_create(context_writable, &public_key, + private_key_bytes) != 1) { result = 1; } } + if (context_writable) { + zkp_context_release_writable(); + context_writable = NULL; + } + if (result == 0) { size_t written = 65; const secp256k1_context *context_read_only = zkp_context_get_read_only(); @@ -164,23 +184,33 @@ int zkp_ecdsa_sign_digest( } } - secp256k1_ecdsa_recoverable_signature recoverable_signature = {0}; + secp256k1_context *context_writable = NULL; + if (result == 0) { + context_writable = zkp_context_acquire_writable(); + if (context_writable == NULL) { + result = 1; + } + } + if (result == 0) { + if (secp256k1_context_writable_randomize(context_writable) != 0) { + result = 1; + } + } + secp256k1_ecdsa_recoverable_signature recoverable_signature = {0}; if (result == 0) { - secp256k1_context *context_writable = zkp_context_acquire_writable(); - if (context_writable) { - secp256k1_context_writable_randomize(context_writable); - if (secp256k1_ecdsa_sign_recoverable( - context_writable, &recoverable_signature, digest, - private_key_bytes, NULL, NULL) != 1) { - result = 1; - } - zkp_context_release_writable(); - } else { + if (secp256k1_ecdsa_sign_recoverable(context_writable, + &recoverable_signature, digest, + private_key_bytes, NULL, NULL) != 1) { result = 1; } } + if (context_writable) { + zkp_context_release_writable(); + context_writable = NULL; + } + if (result == 0) { int recid = 0; const secp256k1_context *context_read_only = zkp_context_get_read_only();