refactor(crypto,core): make zkp_context_init() return status

core/embed/firmware/main.c

@@ -75,10 +75,6 @@ int main(void) {
   enable_systemview();
 #endif
 
-#ifdef USE_SECP256K1_ZKP
-  zkp_context_init();
-#endif
-
 #if TREZOR_MODEL == T
 #if PRODUCTION
   check_and_replace_bootloader();
@@ -109,6 +105,10 @@ int main(void) {
   display_clear();
 #endif
 
+#ifdef USE_SECP256K1_ZKP
+  ensure(sectrue * (zkp_context_init() == 0), NULL);
+#endif
+
   printf("CORE: Preparing stack\n");
   // Stack limit should be less than real stack size, so we have a chance
   // to recover from limit hit.

core/embed/unix/main_main.c

@@ -13,7 +13,7 @@ int main(int argc, char **argv) {
   collect_hw_entropy();
 
 #ifdef USE_SECP256K1_ZKP
-  zkp_context_init();
+  ensure(sectrue * (zkp_context_init() == 0), NULL);
 #endif
 
 #if MICROPY_PY_THREAD

crypto/tests/test_check.c

@@ -21,6 +21,7 @@
  * OTHER DEALINGS IN THE SOFTWARE.
  */
 
+#include <assert.h>
 #include <check.h>
 #include <inttypes.h>
 #include <stdint.h>
@@ -9920,7 +9921,7 @@ Suite *test_suite(void) {
 
 // run suite
 int main(void) {
-  zkp_context_init();
+  assert(zkp_context_init() == 0);
   int number_failed;
   Suite *s = test_suite();
   SRunner *sr = srunner_create(s);

crypto/tests/test_curves.py

@@ -80,7 +80,7 @@ random_iters = int(os.environ.get("ITERS", 1))
 DIR = os.path.abspath(os.path.dirname(__file__))
 lib = c.cdll.LoadLibrary(os.path.join(DIR, "libtrezor-crypto.so"))
 if not lib.zkp_context_is_initialized():
-    lib.zkp_context_init()
+    assert lib.zkp_context_init() == 0
 
 BIGNUM = c.c_uint32 * 9
 

crypto/tests/test_wycheproof.py

@@ -600,7 +600,7 @@ def generate_eddsa(filename):
 dir = os.path.abspath(os.path.dirname(__file__))
 lib = ctypes.cdll.LoadLibrary(os.path.join(dir, "libtrezor-crypto.so"))
 if not lib.zkp_context_is_initialized():
-    lib.zkp_context_init()
+    assert lib.zkp_context_init() == 0
 testvectors_directory = os.path.join(dir, "wycheproof/testvectors")
 context_structure_length = 1024
 

crypto/zkp_context.c

@@ -44,7 +44,8 @@ void secp256k1_context_writable_randomize(secp256k1_context *context_writable) {
 
 bool zkp_context_is_initialized(void) { return context != NULL; }
 
-void zkp_context_init() {
+// returns 0 on success
+int zkp_context_init() {
   assert(context == NULL);
 
   const unsigned int context_flags =
@@ -52,16 +53,23 @@ void zkp_context_init() {
 
   const size_t context_size =
       secp256k1_context_preallocated_size(context_flags);
-  assert(context_size != 0);
+  // Assert the context is as small as possible
-  assert(context_size <= SECP256K1_CONTEXT_SIZE);
+  assert(context_size == SECP256K1_CONTEXT_SIZE);
+  if (context_size == 0 || context_size > SECP256K1_CONTEXT_SIZE) {
+    return 1;
+  }
 
   context =
       secp256k1_context_preallocated_create(context_buffer, context_flags);
-  assert(context != NULL);
+  if (context == NULL) {
+    return 1;
+  }
 
   secp256k1_context_writable_randomize(context);
 
   atomic_flag_clear(&locked);
+
+  return 0;
 }
 
 void zkp_context_destroy() {

crypto/zkp_context.h

@@ -6,7 +6,7 @@
 #include "vendor/secp256k1-zkp/include/secp256k1_preallocated.h"
 
 void secp256k1_context_writable_randomize(secp256k1_context *context);
-void zkp_context_init(void);
+int zkp_context_init(void);
 void zkp_context_destroy(void);
 const secp256k1_context *zkp_context_get_read_only(void);
 secp256k1_context *zkp_context_acquire_writable(void);