mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-13 08:50:56 +00:00
make pubkey validation optional, extract options to separate header
This commit is contained in:
parent
0c2f9fd6f9
commit
b9d5896174
4
Makefile
4
Makefile
@ -1,7 +1,7 @@
|
|||||||
CC = gcc
|
CC = gcc
|
||||||
CFLAGS = -Wall -Wextra -Os -Wno-sequence-point
|
CFLAGS = -Wall -Wextra -Os -Wno-sequence-point
|
||||||
ifdef SMALL
|
ifdef SMALL
|
||||||
CFLAGS += -DUSE_PRECOMPUTED_IV=0 -DUSE_PRECOMPUTED_CP=0
|
CFLAGS += -DUSE_PRECOMPUTED_IV=0 -DUSE_PRECOMPUTED_CP=0 -DUSE_PUBKEY_VALIDATE=0
|
||||||
endif
|
endif
|
||||||
OBJS = bignum.o ecdsa.o secp256k1.o rand.o hmac.o bip32.o bip39.o pbkdf2.o base58.o
|
OBJS = bignum.o ecdsa.o secp256k1.o rand.o hmac.o bip32.o bip39.o pbkdf2.o base58.o
|
||||||
OBJS += ripemd160.o
|
OBJS += ripemd160.o
|
||||||
@ -13,7 +13,7 @@ TESTSSLLIBS = -lcrypto
|
|||||||
|
|
||||||
all: tests test-openssl
|
all: tests test-openssl
|
||||||
|
|
||||||
%.o: %.c %.h
|
%.o: %.c %.h options.h
|
||||||
$(CC) $(CFLAGS) -o $@ -c $<
|
$(CC) $(CFLAGS) -o $@ -c $<
|
||||||
|
|
||||||
tests: tests.o $(OBJS)
|
tests: tests.o $(OBJS)
|
||||||
|
20
bignum.h
20
bignum.h
@ -25,21 +25,7 @@
|
|||||||
#define __BIGNUM_H__
|
#define __BIGNUM_H__
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
#include "options.h"
|
||||||
// use precomputed Inverse Values of powers of two
|
|
||||||
#ifndef USE_PRECOMPUTED_IV
|
|
||||||
#define USE_PRECOMPUTED_IV 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// use precomputed Curve Points (some scalar multiples of curve base point G)
|
|
||||||
#ifndef USE_PRECOMPUTED_CP
|
|
||||||
#define USE_PRECOMPUTED_CP 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// use fast inverse method
|
|
||||||
#ifndef USE_INVERSE_FAST
|
|
||||||
#define USE_INVERSE_FAST 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// bignum256 are 256 bits stored as 8*30 bit + 1*16 bit
|
// bignum256 are 256 bits stored as 8*30 bit + 1*16 bit
|
||||||
// val[0] are lowest 30 bits, val[8] highest 16 bits
|
// val[0] are lowest 30 bits, val[8] highest 16 bits
|
||||||
@ -97,10 +83,6 @@ void bn_substract_noprime(const bignum256 *a, const bignum256 *b, bignum256 *res
|
|||||||
|
|
||||||
void bn_divmod58(bignum256 *a, uint32_t *r);
|
void bn_divmod58(bignum256 *a, uint32_t *r);
|
||||||
|
|
||||||
#ifndef BN_PRINT
|
|
||||||
#define BN_PRINT 0
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if BN_PRINT
|
#if BN_PRINT
|
||||||
void bn_print(const bignum256 *a);
|
void bn_print(const bignum256 *a);
|
||||||
void bn_print_raw(const bignum256 *a);
|
void bn_print_raw(const bignum256 *a);
|
||||||
|
8
ecdsa.c
8
ecdsa.c
@ -459,12 +459,20 @@ int ecdsa_read_pubkey(const uint8_t *pub_key, curve_point *pub)
|
|||||||
if (pub_key[0] == 0x04) {
|
if (pub_key[0] == 0x04) {
|
||||||
bn_read_be(pub_key + 1, &(pub->x));
|
bn_read_be(pub_key + 1, &(pub->x));
|
||||||
bn_read_be(pub_key + 33, &(pub->y));
|
bn_read_be(pub_key + 33, &(pub->y));
|
||||||
|
#ifdef USE_PUBKEY_VALIDATE
|
||||||
return ecdsa_validate_pubkey(pub);
|
return ecdsa_validate_pubkey(pub);
|
||||||
|
#else
|
||||||
|
return 1;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
if (pub_key[0] == 0x02 || pub_key[0] == 0x03) { // compute missing y coords
|
if (pub_key[0] == 0x02 || pub_key[0] == 0x03) { // compute missing y coords
|
||||||
bn_read_be(pub_key + 1, &(pub->x));
|
bn_read_be(pub_key + 1, &(pub->x));
|
||||||
uncompress_coords(pub_key[0], &(pub->x), &(pub->y));
|
uncompress_coords(pub_key[0], &(pub->x), &(pub->y));
|
||||||
|
#ifdef USE_PUBKEY_VALIDATE
|
||||||
return ecdsa_validate_pubkey(pub);
|
return ecdsa_validate_pubkey(pub);
|
||||||
|
#else
|
||||||
|
return 1;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
// error
|
// error
|
||||||
return 0;
|
return 0;
|
||||||
|
6
ecdsa.h
6
ecdsa.h
@ -25,13 +25,9 @@
|
|||||||
#define __ECDSA_H__
|
#define __ECDSA_H__
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
#include "options.h"
|
||||||
#include "secp256k1.h"
|
#include "secp256k1.h"
|
||||||
|
|
||||||
#ifndef USE_RFC6979
|
|
||||||
#define USE_RFC6979 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void point_copy(const curve_point *cp1, curve_point *cp2);
|
void point_copy(const curve_point *cp1, curve_point *cp2);
|
||||||
void point_add(const curve_point *cp1, curve_point *cp2);
|
void point_add(const curve_point *cp1, curve_point *cp2);
|
||||||
void point_double(curve_point *cp);
|
void point_double(curve_point *cp);
|
||||||
|
56
options.h
Normal file
56
options.h
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
/**
|
||||||
|
* Copyright (c) 2013-2014 Pavol Rusnak
|
||||||
|
*
|
||||||
|
* Permission is hereby granted, free of charge, to any person obtaining
|
||||||
|
* a copy of this software and associated documentation files (the "Software"),
|
||||||
|
* to deal in the Software without restriction, including without limitation
|
||||||
|
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
|
||||||
|
* and/or sell copies of the Software, and to permit persons to whom the
|
||||||
|
* Software is furnished to do so, subject to the following conditions:
|
||||||
|
*
|
||||||
|
* The above copyright notice and this permission notice shall be included
|
||||||
|
* in all copies or substantial portions of the Software.
|
||||||
|
*
|
||||||
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
||||||
|
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
||||||
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
|
||||||
|
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
|
||||||
|
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
||||||
|
* OTHER DEALINGS IN THE SOFTWARE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef __OPTIONS_H__
|
||||||
|
#define __OPTIONS_H__
|
||||||
|
|
||||||
|
// use precomputed Inverse Values of powers of two
|
||||||
|
#ifndef USE_PRECOMPUTED_IV
|
||||||
|
#define USE_PRECOMPUTED_IV 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
// use precomputed Curve Points (some scalar multiples of curve base point G)
|
||||||
|
#ifndef USE_PRECOMPUTED_CP
|
||||||
|
#define USE_PRECOMPUTED_CP 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
// use fast inverse method
|
||||||
|
#ifndef USE_INVERSE_FAST
|
||||||
|
#define USE_INVERSE_FAST 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
// support for printing bignum256 structures via printf
|
||||||
|
#ifndef BN_PRINT
|
||||||
|
#define BN_PRINT 0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
// use deterministic signatures
|
||||||
|
#ifndef USE_RFC6979
|
||||||
|
#define USE_RFC6979 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
// check public key for validity
|
||||||
|
#ifndef USE_PUBKEY_VALIDATE
|
||||||
|
#define USE_PUBKEY_VALIDATE 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif
|
9
tests.c
9
tests.c
@ -34,6 +34,7 @@
|
|||||||
#include "ecdsa.h"
|
#include "ecdsa.h"
|
||||||
#include "pbkdf2.h"
|
#include "pbkdf2.h"
|
||||||
#include "sha2.h"
|
#include "sha2.h"
|
||||||
|
#include "options.h"
|
||||||
|
|
||||||
uint8_t *fromhex(const char *str)
|
uint8_t *fromhex(const char *str)
|
||||||
{
|
{
|
||||||
@ -415,7 +416,7 @@ START_TEST(test_verify_speed)
|
|||||||
memcpy(pub_key33, fromhex("024054fd18aeb277aeedea01d3f3986ff4e5be18092a04339dcf4e524e2c0a0974"), 33);
|
memcpy(pub_key33, fromhex("024054fd18aeb277aeedea01d3f3986ff4e5be18092a04339dcf4e524e2c0a0974"), 33);
|
||||||
memcpy(pub_key65, fromhex("044054fd18aeb277aeedea01d3f3986ff4e5be18092a04339dcf4e524e2c0a09746c7083ed2097011b1223a17a644e81f59aa3de22dac119fd980b36a8ff29a244"), 65);
|
memcpy(pub_key65, fromhex("044054fd18aeb277aeedea01d3f3986ff4e5be18092a04339dcf4e524e2c0a09746c7083ed2097011b1223a17a644e81f59aa3de22dac119fd980b36a8ff29a244"), 65);
|
||||||
|
|
||||||
for (i = 0 ; i < 50; i++) {
|
for (i = 0 ; i < 25; i++) {
|
||||||
res = ecdsa_verify(pub_key65, sig, msg, sizeof(msg));
|
res = ecdsa_verify(pub_key65, sig, msg, sizeof(msg));
|
||||||
ck_assert_int_eq(res, 0);
|
ck_assert_int_eq(res, 0);
|
||||||
res = ecdsa_verify(pub_key33, sig, msg, sizeof(msg));
|
res = ecdsa_verify(pub_key33, sig, msg, sizeof(msg));
|
||||||
@ -426,14 +427,14 @@ START_TEST(test_verify_speed)
|
|||||||
memcpy(pub_key33, fromhex("03ff45a5561a76be930358457d113f25fac790794ec70317eff3b97d7080d45719"), 33);
|
memcpy(pub_key33, fromhex("03ff45a5561a76be930358457d113f25fac790794ec70317eff3b97d7080d45719"), 33);
|
||||||
memcpy(pub_key65, fromhex("04ff45a5561a76be930358457d113f25fac790794ec70317eff3b97d7080d457196235193a15778062ddaa44aef7e6901b781763e52147f2504e268b2d572bf197"), 65);
|
memcpy(pub_key65, fromhex("04ff45a5561a76be930358457d113f25fac790794ec70317eff3b97d7080d457196235193a15778062ddaa44aef7e6901b781763e52147f2504e268b2d572bf197"), 65);
|
||||||
|
|
||||||
for (i = 0 ; i < 50; i++) {
|
for (i = 0 ; i < 25; i++) {
|
||||||
res = ecdsa_verify(pub_key65, sig, msg, sizeof(msg));
|
res = ecdsa_verify(pub_key65, sig, msg, sizeof(msg));
|
||||||
ck_assert_int_eq(res, 0);
|
ck_assert_int_eq(res, 0);
|
||||||
res = ecdsa_verify(pub_key33, sig, msg, sizeof(msg));
|
res = ecdsa_verify(pub_key33, sig, msg, sizeof(msg));
|
||||||
ck_assert_int_eq(res, 0);
|
ck_assert_int_eq(res, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
printf("Verifying speed: %0.2f sig/s\n", 200.0f / ((float)(clock() - t) / CLOCKS_PER_SEC));
|
printf("Verifying speed: %0.2f sig/s\n", 100.0f / ((float)(clock() - t) / CLOCKS_PER_SEC));
|
||||||
}
|
}
|
||||||
END_TEST
|
END_TEST
|
||||||
|
|
||||||
@ -886,6 +887,7 @@ START_TEST(test_pubkey_validity)
|
|||||||
res = ecdsa_read_pubkey(pub_key, &pub);
|
res = ecdsa_read_pubkey(pub_key, &pub);
|
||||||
ck_assert_int_eq(res, 1);
|
ck_assert_int_eq(res, 1);
|
||||||
|
|
||||||
|
#ifdef USE_PUBKEY_VALIDATE
|
||||||
memcpy(pub_key, fromhex("04f80490839af36d13701ec3f9eebdac901b51c362119d74553a3c537faff31b17e2a59ebddbdac9e87b816307a7ed5b826b8f40b92719086238e1bebf00000000"), 65);
|
memcpy(pub_key, fromhex("04f80490839af36d13701ec3f9eebdac901b51c362119d74553a3c537faff31b17e2a59ebddbdac9e87b816307a7ed5b826b8f40b92719086238e1bebf00000000"), 65);
|
||||||
res = ecdsa_read_pubkey(pub_key, &pub);
|
res = ecdsa_read_pubkey(pub_key, &pub);
|
||||||
ck_assert_int_eq(res, 0);
|
ck_assert_int_eq(res, 0);
|
||||||
@ -893,6 +895,7 @@ START_TEST(test_pubkey_validity)
|
|||||||
memcpy(pub_key, fromhex("04f80490839af36d13701ec3f9eebdac901b51c362119d74553a3c537faff31b17e2a59ebddbdac9e87b816307a7ed5b8211111111111111111111111111111111"), 65);
|
memcpy(pub_key, fromhex("04f80490839af36d13701ec3f9eebdac901b51c362119d74553a3c537faff31b17e2a59ebddbdac9e87b816307a7ed5b8211111111111111111111111111111111"), 65);
|
||||||
res = ecdsa_read_pubkey(pub_key, &pub);
|
res = ecdsa_read_pubkey(pub_key, &pub);
|
||||||
ck_assert_int_eq(res, 0);
|
ck_assert_int_eq(res, 0);
|
||||||
|
#endif
|
||||||
|
|
||||||
memcpy(pub_key, fromhex("00"), 1);
|
memcpy(pub_key, fromhex("00"), 1);
|
||||||
res = ecdsa_read_pubkey(pub_key, &pub);
|
res = ecdsa_read_pubkey(pub_key, &pub);
|
||||||
|
Loading…
Reference in New Issue
Block a user