1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-12 08:20:56 +00:00

make pubkey validation optional, extract options to separate header

This commit is contained in:
Pavol Rusnak 2014-07-07 20:14:15 +02:00
parent 0c2f9fd6f9
commit b9d5896174
6 changed files with 74 additions and 29 deletions

View File

@ -1,7 +1,7 @@
CC = gcc
CFLAGS = -Wall -Wextra -Os -Wno-sequence-point
ifdef SMALL
CFLAGS += -DUSE_PRECOMPUTED_IV=0 -DUSE_PRECOMPUTED_CP=0
CFLAGS += -DUSE_PRECOMPUTED_IV=0 -DUSE_PRECOMPUTED_CP=0 -DUSE_PUBKEY_VALIDATE=0
endif
OBJS = bignum.o ecdsa.o secp256k1.o rand.o hmac.o bip32.o bip39.o pbkdf2.o base58.o
OBJS += ripemd160.o
@ -13,7 +13,7 @@ TESTSSLLIBS = -lcrypto
all: tests test-openssl
%.o: %.c %.h
%.o: %.c %.h options.h
$(CC) $(CFLAGS) -o $@ -c $<
tests: tests.o $(OBJS)

View File

@ -25,21 +25,7 @@
#define __BIGNUM_H__
#include <stdint.h>
// use precomputed Inverse Values of powers of two
#ifndef USE_PRECOMPUTED_IV
#define USE_PRECOMPUTED_IV 1
#endif
// use precomputed Curve Points (some scalar multiples of curve base point G)
#ifndef USE_PRECOMPUTED_CP
#define USE_PRECOMPUTED_CP 1
#endif
// use fast inverse method
#ifndef USE_INVERSE_FAST
#define USE_INVERSE_FAST 1
#endif
#include "options.h"
// bignum256 are 256 bits stored as 8*30 bit + 1*16 bit
// val[0] are lowest 30 bits, val[8] highest 16 bits
@ -97,10 +83,6 @@ void bn_substract_noprime(const bignum256 *a, const bignum256 *b, bignum256 *res
void bn_divmod58(bignum256 *a, uint32_t *r);
#ifndef BN_PRINT
#define BN_PRINT 0
#endif
#if BN_PRINT
void bn_print(const bignum256 *a);
void bn_print_raw(const bignum256 *a);

View File

@ -459,12 +459,20 @@ int ecdsa_read_pubkey(const uint8_t *pub_key, curve_point *pub)
if (pub_key[0] == 0x04) {
bn_read_be(pub_key + 1, &(pub->x));
bn_read_be(pub_key + 33, &(pub->y));
#ifdef USE_PUBKEY_VALIDATE
return ecdsa_validate_pubkey(pub);
#else
return 1;
#endif
}
if (pub_key[0] == 0x02 || pub_key[0] == 0x03) { // compute missing y coords
bn_read_be(pub_key + 1, &(pub->x));
uncompress_coords(pub_key[0], &(pub->x), &(pub->y));
#ifdef USE_PUBKEY_VALIDATE
return ecdsa_validate_pubkey(pub);
#else
return 1;
#endif
}
// error
return 0;

View File

@ -25,13 +25,9 @@
#define __ECDSA_H__
#include <stdint.h>
#include "options.h"
#include "secp256k1.h"
#ifndef USE_RFC6979
#define USE_RFC6979 1
#endif
void point_copy(const curve_point *cp1, curve_point *cp2);
void point_add(const curve_point *cp1, curve_point *cp2);
void point_double(curve_point *cp);

56
options.h Normal file
View File

@ -0,0 +1,56 @@
/**
* Copyright (c) 2013-2014 Pavol Rusnak
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the "Software"),
* to deal in the Software without restriction, including without limitation
* the rights to use, copy, modify, merge, publish, distribute, sublicense,
* and/or sell copies of the Software, and to permit persons to whom the
* Software is furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
* OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
#ifndef __OPTIONS_H__
#define __OPTIONS_H__
// use precomputed Inverse Values of powers of two
#ifndef USE_PRECOMPUTED_IV
#define USE_PRECOMPUTED_IV 1
#endif
// use precomputed Curve Points (some scalar multiples of curve base point G)
#ifndef USE_PRECOMPUTED_CP
#define USE_PRECOMPUTED_CP 1
#endif
// use fast inverse method
#ifndef USE_INVERSE_FAST
#define USE_INVERSE_FAST 1
#endif
// support for printing bignum256 structures via printf
#ifndef BN_PRINT
#define BN_PRINT 0
#endif
// use deterministic signatures
#ifndef USE_RFC6979
#define USE_RFC6979 1
#endif
// check public key for validity
#ifndef USE_PUBKEY_VALIDATE
#define USE_PUBKEY_VALIDATE 1
#endif
#endif

View File

@ -34,6 +34,7 @@
#include "ecdsa.h"
#include "pbkdf2.h"
#include "sha2.h"
#include "options.h"
uint8_t *fromhex(const char *str)
{
@ -415,7 +416,7 @@ START_TEST(test_verify_speed)
memcpy(pub_key33, fromhex("024054fd18aeb277aeedea01d3f3986ff4e5be18092a04339dcf4e524e2c0a0974"), 33);
memcpy(pub_key65, fromhex("044054fd18aeb277aeedea01d3f3986ff4e5be18092a04339dcf4e524e2c0a09746c7083ed2097011b1223a17a644e81f59aa3de22dac119fd980b36a8ff29a244"), 65);
for (i = 0 ; i < 50; i++) {
for (i = 0 ; i < 25; i++) {
res = ecdsa_verify(pub_key65, sig, msg, sizeof(msg));
ck_assert_int_eq(res, 0);
res = ecdsa_verify(pub_key33, sig, msg, sizeof(msg));
@ -426,14 +427,14 @@ START_TEST(test_verify_speed)
memcpy(pub_key33, fromhex("03ff45a5561a76be930358457d113f25fac790794ec70317eff3b97d7080d45719"), 33);
memcpy(pub_key65, fromhex("04ff45a5561a76be930358457d113f25fac790794ec70317eff3b97d7080d457196235193a15778062ddaa44aef7e6901b781763e52147f2504e268b2d572bf197"), 65);
for (i = 0 ; i < 50; i++) {
for (i = 0 ; i < 25; i++) {
res = ecdsa_verify(pub_key65, sig, msg, sizeof(msg));
ck_assert_int_eq(res, 0);
res = ecdsa_verify(pub_key33, sig, msg, sizeof(msg));
ck_assert_int_eq(res, 0);
}
printf("Verifying speed: %0.2f sig/s\n", 200.0f / ((float)(clock() - t) / CLOCKS_PER_SEC));
printf("Verifying speed: %0.2f sig/s\n", 100.0f / ((float)(clock() - t) / CLOCKS_PER_SEC));
}
END_TEST
@ -886,6 +887,7 @@ START_TEST(test_pubkey_validity)
res = ecdsa_read_pubkey(pub_key, &pub);
ck_assert_int_eq(res, 1);
#ifdef USE_PUBKEY_VALIDATE
memcpy(pub_key, fromhex("04f80490839af36d13701ec3f9eebdac901b51c362119d74553a3c537faff31b17e2a59ebddbdac9e87b816307a7ed5b826b8f40b92719086238e1bebf00000000"), 65);
res = ecdsa_read_pubkey(pub_key, &pub);
ck_assert_int_eq(res, 0);
@ -893,6 +895,7 @@ START_TEST(test_pubkey_validity)
memcpy(pub_key, fromhex("04f80490839af36d13701ec3f9eebdac901b51c362119d74553a3c537faff31b17e2a59ebddbdac9e87b816307a7ed5b8211111111111111111111111111111111"), 65);
res = ecdsa_read_pubkey(pub_key, &pub);
ck_assert_int_eq(res, 0);
#endif
memcpy(pub_key, fromhex("00"), 1);
res = ecdsa_read_pubkey(pub_key, &pub);