arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-13 17:00:59 +00:00
Code Issues Releases Wiki Activity

core/secp256k1_zkp: don't allocate static buffer

Browse Source 
(cherry picked from commit ae749eedee)
This commit is contained in:
Pavol Rusnak 2019-05-27 17:20:07 +02:00
parent 21934c36fa
commit 876dbd9215
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
1 changed files with 36 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
core/embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1_zkp.h
View File

@ -25,11 +25,6 @@
#include "vendor/secp256k1-zkp/include/secp256k1_preallocated.h" #include "vendor/secp256k1-zkp/include/secp256k1_preallocated.h"
#include "vendor/secp256k1-zkp/include/secp256k1_recovery.h" #include "vendor/secp256k1-zkp/include/secp256k1_recovery.h"
// The minimum buffer size can vary in future secp256k1-zkp revisions.
// It can always be determined by a call to
// secp256k1_context_preallocated_size(...) as below.
STATIC uint8_t g_buffer[(1UL << (ECMULT_WINDOW_SIZE + 4)) + 208] = {0};
void secp256k1_default_illegal_callback_fn(const char *str, void *data) { void secp256k1_default_illegal_callback_fn(const char *str, void *data) {
(void)data; (void)data;
mp_raise_ValueError(str); mp_raise_ValueError(str);
@ -42,26 +37,37 @@ void secp256k1_default_error_callback_fn(const char *str, void *data) {
return; return;
} }
STATIC const secp256k1_context *mod_trezorcrypto_secp256k1_context(void) { static secp256k1_context *secp256k1_ctx = NULL;
static secp256k1_context *ctx; static void *secp256k1_ctx_buf = NULL;
if (ctx == NULL) { static size_t secp256k1_ctx_size = 0;
size_t sz = secp256k1_context_preallocated_size(SECP256K1_CONTEXT_SIGN |
SECP256K1_CONTEXT_VERIFY); static const secp256k1_context *mod_trezorcrypto_secp256k1_context_create(
if (sz > sizeof g_buffer) { void) {
mp_raise_ValueError("secp256k1 context is too large"); if (secp256k1_ctx == NULL) {
secp256k1_ctx_size = secp256k1_context_preallocated_size(
SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
secp256k1_ctx_buf = m_new_maybe(uint8_t, secp256k1_ctx_size);
if (!secp256k1_ctx_buf) {
mp_raise_ValueError("secp256k1_zkp context is too large");
} }
void *buf = (void *)g_buffer; secp256k1_ctx = secp256k1_context_preallocated_create(
ctx = secp256k1_context_preallocated_create( secp256k1_ctx_buf, SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
buf, SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
uint8_t rand[32]; uint8_t rand[32];
random_buffer(rand, 32); random_buffer(rand, 32);
int ret = secp256k1_context_randomize(ctx, rand); int ret = secp256k1_context_randomize(secp256k1_ctx, rand);
if (ret != 1) { if (ret != 1) {
mp_raise_msg(&mp_type_RuntimeError, "secp256k1_context_randomize failed"); mp_raise_msg(&mp_type_RuntimeError, "secp256k1_context_randomize failed");
} }
} }
return ctx; return secp256k1_ctx;
}
STATIC void mod_trezorcrypto_secp256k1_context_delete(void) {
secp256k1_context_destroy(secp256k1_ctx);
m_del(uint8_t, secp256k1_ctx_buf, secp256k1_ctx_size);
secp256k1_ctx_buf = NULL;
secp256k1_ctx = NULL;
} }
/// package: trezorcrypto.secp256k1_zkp /// package: trezorcrypto.secp256k1_zkp
@ -101,7 +107,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_0(
/// """ /// """
STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_publickey(size_t n_args, STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_publickey(size_t n_args,
const mp_obj_t *args) { const mp_obj_t *args) {
const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context(); const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context_create();
mp_buffer_info_t sk; mp_buffer_info_t sk;
mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ); mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ);
secp256k1_pubkey pk; secp256k1_pubkey pk;
@ -118,6 +124,7 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_publickey(size_t n_args,
secp256k1_ec_pubkey_serialize( secp256k1_ec_pubkey_serialize(
ctx, out, &outlen, &pk, ctx, out, &outlen, &pk,
compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED); compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
mod_trezorcrypto_secp256k1_context_delete();
return mp_obj_new_bytes(out, outlen); return mp_obj_new_bytes(out, outlen);
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
@ -132,7 +139,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
/// """ /// """
STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_sign(size_t n_args, STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_sign(size_t n_args,
const mp_obj_t *args) { const mp_obj_t *args) {
const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context(); const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context_create();
mp_buffer_info_t sk, dig; mp_buffer_info_t sk, dig;
mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ); mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ);
mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ); mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ);
@ -152,6 +159,7 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_sign(size_t n_args,
} }
secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, &out[1], &pby, secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, &out[1], &pby,
&sig); &sig);
mod_trezorcrypto_secp256k1_context_delete();
out[0] = 27 + pby + compressed * 4; out[0] = 27 + pby + compressed * 4;
return mp_obj_new_bytes(out, sizeof(out)); return mp_obj_new_bytes(out, sizeof(out));
} }
@ -167,7 +175,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify(mp_obj_t public_key, STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify(mp_obj_t public_key,
mp_obj_t signature, mp_obj_t signature,
mp_obj_t digest) { mp_obj_t digest) {
const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context(); const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context_create();
mp_buffer_info_t pk, sig, dig; mp_buffer_info_t pk, sig, dig;
mp_get_buffer_raise(public_key, &pk, MP_BUFFER_READ); mp_get_buffer_raise(public_key, &pk, MP_BUFFER_READ);
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ); mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
@ -192,9 +200,10 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify(mp_obj_t public_key,
pk.len)) { pk.len)) {
return mp_const_false; return mp_const_false;
} }
return mp_obj_new_bool(1 == secp256k1_ecdsa_verify(ctx, &ec_sig, bool ret = (1 == secp256k1_ecdsa_verify(ctx, &ec_sig,
(const uint8_t *)dig.buf, (const uint8_t *)dig.buf, &ec_pk));
&ec_pk)); mod_trezorcrypto_secp256k1_context_delete();
return mp_obj_new_bool(ret);
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_secp256k1_zkp_verify_obj, STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_secp256k1_zkp_verify_obj,
mod_trezorcrypto_secp256k1_zkp_verify); mod_trezorcrypto_secp256k1_zkp_verify);
@ -206,7 +215,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_secp256k1_zkp_verify_obj,
/// """ /// """
STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify_recover( STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify_recover(
mp_obj_t signature, mp_obj_t digest) { mp_obj_t signature, mp_obj_t digest) {
const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context(); const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context_create();
mp_buffer_info_t sig, dig; mp_buffer_info_t sig, dig;
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ); mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ); mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
@ -237,6 +246,7 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify_recover(
secp256k1_ec_pubkey_serialize( secp256k1_ec_pubkey_serialize(
ctx, out, &pklen, &pk, ctx, out, &pklen, &pk,
compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED); compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
mod_trezorcrypto_secp256k1_context_delete();
return mp_obj_new_bytes(out, pklen); return mp_obj_new_bytes(out, pklen);
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_2( STATIC MP_DEFINE_CONST_FUN_OBJ_2(
@ -259,7 +269,7 @@ static int secp256k1_ecdh_hash_passthrough(uint8_t *output, const uint8_t *x,
/// """ /// """
STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_multiply(mp_obj_t secret_key, STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_multiply(mp_obj_t secret_key,
mp_obj_t public_key) { mp_obj_t public_key) {
const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context(); const secp256k1_context *ctx = mod_trezorcrypto_secp256k1_context_create();
mp_buffer_info_t sk, pk; mp_buffer_info_t sk, pk;
mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ); mp_get_buffer_raise(secret_key, &sk, MP_BUFFER_READ);
mp_get_buffer_raise(public_key, &pk, MP_BUFFER_READ); mp_get_buffer_raise(public_key, &pk, MP_BUFFER_READ);
@ -279,6 +289,7 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_multiply(mp_obj_t secret_key,
secp256k1_ecdh_hash_passthrough, NULL)) { secp256k1_ecdh_hash_passthrough, NULL)) {
mp_raise_ValueError("Multiply failed"); mp_raise_ValueError("Multiply failed");
} }
mod_trezorcrypto_secp256k1_context_delete();
return mp_obj_new_bytes(out, sizeof(out)); return mp_obj_new_bytes(out, sizeof(out));
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_secp256k1_zkp_multiply_obj, STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_secp256k1_zkp_multiply_obj,