mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-23 06:48:16 +00:00
fix(core): Prevent sensitive data from being left on the call stack in modtrezorcrypto.
This commit is contained in:
parent
6cb601509b
commit
c21ca81a1e
@ -43,8 +43,8 @@ typedef struct _mp_obj_HDNode_t {
|
||||
|
||||
STATIC const mp_obj_type_t mod_trezorcrypto_HDNode_type;
|
||||
|
||||
#define XPUB_MAXLEN 128
|
||||
#define ADDRESS_MAXLEN 40
|
||||
#define XPUB_MAXLEN 112
|
||||
#define ADDRESS_MAXLEN 39
|
||||
|
||||
/// def __init__(
|
||||
/// self,
|
||||
@ -266,15 +266,18 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_serialize_public(mp_obj_t self,
|
||||
mp_obj_t version) {
|
||||
uint32_t ver = trezor_obj_get_uint(version);
|
||||
mp_obj_HDNode_t *o = MP_OBJ_TO_PTR(self);
|
||||
char xpub[XPUB_MAXLEN] = {0};
|
||||
vstr_t xpub = {0};
|
||||
vstr_init_len(&xpub, XPUB_MAXLEN);
|
||||
hdnode_fill_public_key(&o->hdnode);
|
||||
int written = hdnode_serialize_public(&o->hdnode, o->fingerprint, ver, xpub,
|
||||
XPUB_MAXLEN);
|
||||
int written = hdnode_serialize_public(&o->hdnode, o->fingerprint, ver,
|
||||
xpub.buf, xpub.alloc);
|
||||
if (written <= 0) {
|
||||
vstr_clear(&xpub);
|
||||
mp_raise_ValueError("Failed to serialize");
|
||||
}
|
||||
// written includes NULL at the end of the string
|
||||
return mp_obj_new_str_copy(&mp_type_str, (const uint8_t *)xpub, written - 1);
|
||||
xpub.len = written - 1;
|
||||
return mp_obj_new_str_from_vstr(&mp_type_str, &xpub);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_HDNode_serialize_public_obj,
|
||||
mod_trezorcrypto_HDNode_serialize_public);
|
||||
@ -383,10 +386,11 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_address(mp_obj_t self,
|
||||
|
||||
uint32_t v = trezor_obj_get_uint(version);
|
||||
|
||||
char address[ADDRESS_MAXLEN] = {0};
|
||||
hdnode_get_address(&o->hdnode, v, address, ADDRESS_MAXLEN);
|
||||
return mp_obj_new_str_copy(&mp_type_str, (const uint8_t *)address,
|
||||
strlen(address));
|
||||
vstr_t address = {0};
|
||||
vstr_init_len(&address, ADDRESS_MAXLEN);
|
||||
hdnode_get_address(&o->hdnode, v, address.buf, address.alloc);
|
||||
address.len = strlen(address.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_str, &address);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_HDNode_address_obj,
|
||||
mod_trezorcrypto_HDNode_address);
|
||||
@ -403,12 +407,14 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_nem_address(mp_obj_t self,
|
||||
|
||||
uint8_t n = trezor_obj_get_uint8(network);
|
||||
|
||||
char address[NEM_ADDRESS_SIZE + 1] = {0}; // + 1 for the 0 byte
|
||||
if (!hdnode_get_nem_address(&o->hdnode, n, address)) {
|
||||
vstr_t address = {0};
|
||||
vstr_init_len(&address, NEM_ADDRESS_SIZE);
|
||||
if (!hdnode_get_nem_address(&o->hdnode, n, address.buf)) {
|
||||
vstr_clear(&address);
|
||||
mp_raise_ValueError("Failed to compute a NEM address");
|
||||
}
|
||||
return mp_obj_new_str_copy(&mp_type_str, (const uint8_t *)address,
|
||||
strlen(address));
|
||||
address.len = strlen(address.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_str, &address);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_HDNode_nem_address_obj,
|
||||
mod_trezorcrypto_HDNode_nem_address);
|
||||
@ -465,9 +471,10 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
STATIC mp_obj_t mod_trezorcrypto_HDNode_ethereum_pubkeyhash(mp_obj_t self) {
|
||||
mp_obj_HDNode_t *o = MP_OBJ_TO_PTR(self);
|
||||
|
||||
uint8_t pkh[20] = {0};
|
||||
hdnode_get_ethereum_pubkeyhash(&o->hdnode, pkh);
|
||||
return mp_obj_new_bytes(pkh, sizeof(pkh));
|
||||
vstr_t pkh = {0};
|
||||
vstr_init_len(&pkh, 20);
|
||||
hdnode_get_ethereum_pubkeyhash(&o->hdnode, (uint8_t *)pkh.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &pkh);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(
|
||||
mod_trezorcrypto_HDNode_ethereum_pubkeyhash_obj,
|
||||
|
@ -21,6 +21,7 @@
|
||||
#include "py/runtime.h"
|
||||
|
||||
#include "bip39.h"
|
||||
#include "sha2.h"
|
||||
|
||||
/// package: trezorcrypto.bip39
|
||||
|
||||
@ -135,19 +136,21 @@ STATIC mp_obj_t mod_trezorcrypto_bip39_seed(size_t n_args,
|
||||
mp_buffer_info_t phrase = {0};
|
||||
mp_get_buffer_raise(args[0], &mnemo, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(args[1], &phrase, MP_BUFFER_READ);
|
||||
uint8_t seed[64] = {0};
|
||||
vstr_t seed = {0};
|
||||
vstr_init_len(&seed, SHA512_DIGEST_LENGTH);
|
||||
const char *pmnemonic = mnemo.len > 0 ? mnemo.buf : "";
|
||||
const char *ppassphrase = phrase.len > 0 ? phrase.buf : "";
|
||||
if (n_args > 2) {
|
||||
// generate with a progress callback
|
||||
ui_wait_callback = args[2];
|
||||
mnemonic_to_seed(pmnemonic, ppassphrase, seed, wrapped_ui_wait_callback);
|
||||
mnemonic_to_seed(pmnemonic, ppassphrase, (uint8_t *)seed.buf,
|
||||
wrapped_ui_wait_callback);
|
||||
ui_wait_callback = mp_const_none;
|
||||
} else {
|
||||
// generate without callback
|
||||
mnemonic_to_seed(pmnemonic, ppassphrase, seed, NULL);
|
||||
mnemonic_to_seed(pmnemonic, ppassphrase, (uint8_t *)seed.buf, NULL);
|
||||
}
|
||||
return mp_obj_new_bytes(seed, sizeof(seed));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &seed);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_bip39_seed_obj, 2,
|
||||
3, mod_trezorcrypto_bip39_seed);
|
||||
|
@ -77,12 +77,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Blake256_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Blake256_digest(mp_obj_t self) {
|
||||
mp_obj_Blake256_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t hash[BLAKE256_DIGEST_LENGTH] = {0};
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, BLAKE256_DIGEST_LENGTH);
|
||||
BLAKE256_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(BLAKE256_CTX));
|
||||
blake256_Final(&ctx, hash);
|
||||
blake256_Final(&ctx, (uint8_t *)hash.buf);
|
||||
memzero(&ctx, sizeof(BLAKE256_CTX));
|
||||
return mp_obj_new_bytes(hash, sizeof(hash));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake256_digest_obj,
|
||||
mod_trezorcrypto_Blake256_digest);
|
||||
|
@ -131,12 +131,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Blake2b_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Blake2b_digest(mp_obj_t self) {
|
||||
mp_obj_Blake2b_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[BLAKE2B_DIGEST_LENGTH] = {0};
|
||||
BLAKE2B_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(BLAKE2B_CTX));
|
||||
blake2b_Final(&ctx, out, ctx.outlen);
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, ctx.outlen);
|
||||
blake2b_Final(&ctx, (uint8_t *)hash.buf, hash.len);
|
||||
memzero(&ctx, sizeof(BLAKE2B_CTX));
|
||||
return mp_obj_new_bytes(out, o->ctx.outlen);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2b_digest_obj,
|
||||
mod_trezorcrypto_Blake2b_digest);
|
||||
|
@ -131,12 +131,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Blake2s_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Blake2s_digest(mp_obj_t self) {
|
||||
mp_obj_Blake2s_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[BLAKE2S_DIGEST_LENGTH] = {0};
|
||||
BLAKE2S_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(BLAKE2S_CTX));
|
||||
blake2s_Final(&ctx, out, ctx.outlen);
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, ctx.outlen);
|
||||
blake2s_Final(&ctx, (uint8_t *)hash.buf, hash.len);
|
||||
memzero(&ctx, sizeof(BLAKE2S_CTX));
|
||||
return mp_obj_new_bytes(out, o->ctx.outlen);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2s_digest_obj,
|
||||
mod_trezorcrypto_Blake2s_digest);
|
||||
|
@ -123,9 +123,10 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_ChaCha20Poly1305_auth_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_ChaCha20Poly1305_finish(mp_obj_t self) {
|
||||
mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[16] = {0};
|
||||
rfc7539_finish(&(o->ctx), o->alen, o->plen, out);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
vstr_t mac = {0};
|
||||
vstr_init_len(&mac, 16);
|
||||
rfc7539_finish(&(o->ctx), o->alen, o->plen, (uint8_t *)mac.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &mac);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_ChaCha20Poly1305_finish_obj,
|
||||
mod_trezorcrypto_ChaCha20Poly1305_finish);
|
||||
|
@ -30,13 +30,14 @@
|
||||
/// Generate secret key.
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_curve25519_generate_secret() {
|
||||
uint8_t out[32] = {0};
|
||||
random_buffer(out, 32);
|
||||
vstr_t sk = {0};
|
||||
vstr_init_len(&sk, 32);
|
||||
random_buffer((uint8_t *)sk.buf, sk.len);
|
||||
// taken from https://cr.yp.to/ecdh.html
|
||||
out[0] &= 248;
|
||||
out[31] &= 127;
|
||||
out[31] |= 64;
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
sk.buf[0] &= 248;
|
||||
sk.buf[31] &= 127;
|
||||
sk.buf[31] |= 64;
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_0(
|
||||
mod_trezorcrypto_curve25519_generate_secret_obj,
|
||||
@ -52,9 +53,10 @@ STATIC mp_obj_t mod_trezorcrypto_curve25519_publickey(mp_obj_t secret_key) {
|
||||
if (sk.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of secret key");
|
||||
}
|
||||
uint8_t out[32] = {0};
|
||||
curve25519_scalarmult_basepoint(out, (const uint8_t *)sk.buf);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
vstr_t pk = {0};
|
||||
vstr_init_len(&pk, 32);
|
||||
curve25519_scalarmult_basepoint((uint8_t *)pk.buf, (const uint8_t *)sk.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_curve25519_publickey_obj,
|
||||
mod_trezorcrypto_curve25519_publickey);
|
||||
@ -75,9 +77,11 @@ STATIC mp_obj_t mod_trezorcrypto_curve25519_multiply(mp_obj_t secret_key,
|
||||
if (pk.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of public key");
|
||||
}
|
||||
uint8_t out[32] = {0};
|
||||
curve25519_scalarmult(out, (const uint8_t *)sk.buf, (const uint8_t *)pk.buf);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 32);
|
||||
curve25519_scalarmult((uint8_t *)out.buf, (const uint8_t *)sk.buf,
|
||||
(const uint8_t *)pk.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_curve25519_multiply_obj,
|
||||
mod_trezorcrypto_curve25519_multiply);
|
||||
|
@ -31,13 +31,14 @@
|
||||
/// Generate secret key.
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_ed25519_generate_secret() {
|
||||
uint8_t out[32] = {0};
|
||||
random_buffer(out, 32);
|
||||
vstr_t sk = {0};
|
||||
vstr_init_len(&sk, 32);
|
||||
random_buffer((uint8_t *)sk.buf, sk.len);
|
||||
// taken from https://cr.yp.to/ecdh.html
|
||||
out[0] &= 248;
|
||||
out[31] &= 127;
|
||||
out[31] |= 64;
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
sk.buf[0] &= 248;
|
||||
sk.buf[31] &= 127;
|
||||
sk.buf[31] |= 64;
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_ed25519_generate_secret_obj,
|
||||
mod_trezorcrypto_ed25519_generate_secret);
|
||||
@ -52,10 +53,11 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_publickey(mp_obj_t secret_key) {
|
||||
if (sk.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of secret key");
|
||||
}
|
||||
uint8_t out[32] = {0};
|
||||
vstr_t pk = {0};
|
||||
vstr_init_len(&pk, sizeof(ed25519_public_key));
|
||||
ed25519_publickey(*(const ed25519_secret_key *)sk.buf,
|
||||
*(ed25519_public_key *)out);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
*(ed25519_public_key *)pk.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_ed25519_publickey_obj,
|
||||
mod_trezorcrypto_ed25519_publickey);
|
||||
@ -76,8 +78,9 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_sign(size_t n_args,
|
||||
mp_raise_ValueError("Empty data to sign");
|
||||
}
|
||||
ed25519_public_key pk = {0};
|
||||
uint8_t out[64] = {0};
|
||||
mp_buffer_info_t hash_func = {0};
|
||||
vstr_t sig = {0};
|
||||
vstr_init_len(&sig, sizeof(ed25519_signature));
|
||||
|
||||
if (n_args == 3) {
|
||||
mp_get_buffer_raise(args[2], &hash_func, MP_BUFFER_READ);
|
||||
@ -85,17 +88,18 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_sign(size_t n_args,
|
||||
if (memcmp(hash_func.buf, "keccak", sizeof("keccak")) == 0) {
|
||||
ed25519_publickey_keccak(*(const ed25519_secret_key *)sk.buf, pk);
|
||||
ed25519_sign_keccak(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf,
|
||||
pk, *(ed25519_signature *)out);
|
||||
pk, *(ed25519_signature *)sig.buf);
|
||||
} else {
|
||||
vstr_clear(&sig);
|
||||
mp_raise_ValueError("Unknown hash function");
|
||||
}
|
||||
} else {
|
||||
ed25519_publickey(*(const ed25519_secret_key *)sk.buf, pk);
|
||||
ed25519_sign(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf, pk,
|
||||
*(ed25519_signature *)out);
|
||||
*(ed25519_signature *)sig.buf);
|
||||
}
|
||||
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_ed25519_sign_obj, 2,
|
||||
3, mod_trezorcrypto_ed25519_sign);
|
||||
@ -128,11 +132,12 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_sign_ext(mp_obj_t secret_key,
|
||||
|
||||
ed25519_publickey_ext(*(const ed25519_secret_key *)sk.buf,
|
||||
*(const ed25519_secret_key *)skext.buf, pk);
|
||||
uint8_t out[64] = {0};
|
||||
vstr_t sig = {0};
|
||||
vstr_init_len(&sig, sizeof(ed25519_signature));
|
||||
ed25519_sign_ext(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf,
|
||||
*(const ed25519_secret_key *)skext.buf, pk,
|
||||
*(ed25519_signature *)out);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
*(ed25519_signature *)sig.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_ed25519_sign_ext_obj,
|
||||
mod_trezorcrypto_ed25519_sign_ext);
|
||||
@ -191,12 +196,14 @@ mod_trezorcrypto_ed25519_cosi_combine_publickeys(mp_obj_t public_keys) {
|
||||
}
|
||||
memcpy(pks[i], buf.buf, buf.len);
|
||||
}
|
||||
uint8_t out[32] = {0};
|
||||
if (0 !=
|
||||
ed25519_cosi_combine_publickeys(*(ed25519_public_key *)out, pks, pklen)) {
|
||||
vstr_t pk = {0};
|
||||
vstr_init_len(&pk, sizeof(ed25519_public_key));
|
||||
if (0 != ed25519_cosi_combine_publickeys(*(ed25519_public_key *)pk.buf, pks,
|
||||
pklen)) {
|
||||
vstr_clear(&pk);
|
||||
mp_raise_ValueError("Error combining public keys");
|
||||
}
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(
|
||||
mod_trezorcrypto_ed25519_cosi_combine_publickeys_obj,
|
||||
@ -229,11 +236,12 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_cosi_combine_signatures(
|
||||
}
|
||||
memcpy(sigs[i], buf.buf, buf.len);
|
||||
}
|
||||
uint8_t out[64] = {0};
|
||||
ed25519_cosi_combine_signatures(*(ed25519_signature *)out,
|
||||
vstr_t sig = {0};
|
||||
vstr_init_len(&sig, sizeof(ed25519_signature));
|
||||
ed25519_cosi_combine_signatures(*(ed25519_signature *)sig.buf,
|
||||
*(const ed25519_public_key *)sigR.buf, sigs,
|
||||
siglen);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(
|
||||
mod_trezorcrypto_ed25519_cosi_combine_signatures_obj,
|
||||
@ -269,13 +277,15 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_cosi_sign(size_t n_args,
|
||||
if (pk.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of aggregated public key");
|
||||
}
|
||||
uint8_t out[32] = {0};
|
||||
vstr_t sig = {0};
|
||||
vstr_init_len(&sig, sizeof(ed25519_cosi_signature));
|
||||
;
|
||||
ed25519_cosi_sign(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf,
|
||||
*(const ed25519_secret_key *)nonce.buf,
|
||||
*(const ed25519_public_key *)sigR.buf,
|
||||
*(const ed25519_secret_key *)pk.buf,
|
||||
*(ed25519_cosi_signature *)out);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
*(ed25519_cosi_signature *)sig.buf);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
mod_trezorcrypto_ed25519_cosi_sign_obj, 5, 5,
|
||||
|
@ -81,12 +81,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Groestl512_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Groestl512_digest(mp_obj_t self) {
|
||||
mp_obj_Groestl512_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[GROESTL512_DIGEST_LENGTH] = {0};
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, GROESTL512_DIGEST_LENGTH);
|
||||
GROESTL512_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(GROESTL512_CTX));
|
||||
groestl512_Final(&ctx, out);
|
||||
groestl512_Final(&ctx, (uint8_t *)hash.buf);
|
||||
memzero(&ctx, sizeof(GROESTL512_CTX));
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Groestl512_digest_obj,
|
||||
mod_trezorcrypto_Groestl512_digest);
|
||||
|
@ -551,10 +551,10 @@ STATIC mp_obj_t mod_trezorcrypto_monero_pack256_modm(size_t n_args,
|
||||
const mp_obj_t *args) {
|
||||
if (n_args == 1 || args[0] == mp_const_none) {
|
||||
assert_scalar(args[0]);
|
||||
uint8_t buff[32] = {0};
|
||||
contract256_modm(buff, MP_OBJ_C_SCALAR(args[0]));
|
||||
return mp_obj_new_bytes(buff, 32);
|
||||
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 32);
|
||||
contract256_modm((uint8_t *)out.buf, MP_OBJ_C_SCALAR(args[0]));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
} else {
|
||||
mp_buffer_info_t bufm = {0};
|
||||
mp_get_buffer_raise(args[0], &bufm, MP_BUFFER_WRITE);
|
||||
@ -873,10 +873,10 @@ STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_pack(size_t n_args,
|
||||
const mp_obj_t *args) {
|
||||
if (n_args == 1 || args[0] == mp_const_none) {
|
||||
assert_ge25519(args[0]);
|
||||
uint8_t buff[32] = {0};
|
||||
ge25519_pack(buff, &MP_OBJ_C_GE25519(args[0]));
|
||||
return mp_obj_new_bytes(buff, 32);
|
||||
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 32);
|
||||
ge25519_pack((uint8_t *)out.buf, &MP_OBJ_C_GE25519(args[0]));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
} else {
|
||||
mp_buffer_info_t bufm = {0};
|
||||
mp_get_buffer_raise(args[0], &bufm, MP_BUFFER_WRITE);
|
||||
@ -922,17 +922,20 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_base58_addr_encode_check(
|
||||
size_t n_args, const mp_obj_t *args) {
|
||||
uint8_t out[128] = {0};
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 128);
|
||||
mp_buffer_info_t data = {0};
|
||||
mp_get_buffer_raise(args[1], &data, MP_BUFFER_READ);
|
||||
|
||||
int sz = xmr_base58_addr_encode_check(mp_obj_get_int(args[0]), data.buf,
|
||||
data.len, (char *)out, sizeof(out));
|
||||
if (sz == 0) {
|
||||
data.len, out.buf, out.alloc);
|
||||
if (sz <= 0) {
|
||||
vstr_clear(&out);
|
||||
mp_raise_ValueError("b58 encoding error");
|
||||
}
|
||||
out.len = sz;
|
||||
|
||||
return mp_obj_new_bytes(out, sz);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
mod_trezorcrypto_monero_xmr_base58_addr_encode_check_obj, 2, 2,
|
||||
@ -945,20 +948,23 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_base58_addr_decode_check(
|
||||
size_t n_args, const mp_obj_t *args) {
|
||||
uint8_t out[128] = {0};
|
||||
uint64_t tag = 0;
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 128);
|
||||
|
||||
mp_buffer_info_t data = {0};
|
||||
mp_get_buffer_raise(args[0], &data, MP_BUFFER_READ);
|
||||
|
||||
int sz =
|
||||
xmr_base58_addr_decode_check(data.buf, data.len, &tag, out, sizeof(out));
|
||||
if (sz == 0) {
|
||||
int sz = xmr_base58_addr_decode_check(data.buf, data.len, &tag, out.buf,
|
||||
out.alloc);
|
||||
if (sz <= 0) {
|
||||
vstr_clear(&out);
|
||||
mp_raise_ValueError("b58 decoding error");
|
||||
}
|
||||
out.len = sz;
|
||||
|
||||
mp_obj_tuple_t *tuple = MP_OBJ_TO_PTR(mp_obj_new_tuple(2, NULL));
|
||||
tuple->items[0] = mp_obj_new_bytes(out, sz);
|
||||
tuple->items[0] = mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
tuple->items[1] = mp_obj_new_int_from_ull(tag);
|
||||
return MP_OBJ_FROM_PTR(tuple);
|
||||
}
|
||||
@ -989,15 +995,19 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
STATIC mp_obj_t mod_trezorcrypto_monero_xmr_fast_hash(size_t n_args,
|
||||
const mp_obj_t *args) {
|
||||
const int off = n_args >= 2 ? 0 : -1;
|
||||
uint8_t buff[32] = {0};
|
||||
uint8_t *buff_use = buff;
|
||||
if (n_args > 1) {
|
||||
vstr_t out = {0};
|
||||
uint8_t *buff_use = NULL;
|
||||
if (n_args >= 2) {
|
||||
mp_buffer_info_t odata = {0};
|
||||
mp_get_buffer_raise(args[0], &odata, MP_BUFFER_WRITE);
|
||||
if (odata.len < 32) {
|
||||
if (odata.len < HASHER_DIGEST_LENGTH) {
|
||||
vstr_clear(&out);
|
||||
mp_raise_ValueError("Output buffer too small");
|
||||
}
|
||||
buff_use = odata.buf;
|
||||
} else {
|
||||
vstr_init_len(&out, HASHER_DIGEST_LENGTH);
|
||||
buff_use = (uint8_t *)out.buf;
|
||||
}
|
||||
|
||||
mp_buffer_info_t data = {0};
|
||||
@ -1010,7 +1020,7 @@ STATIC mp_obj_t mod_trezorcrypto_monero_xmr_fast_hash(size_t n_args,
|
||||
mp_raise_ValueError("Illegal offset/length");
|
||||
}
|
||||
xmr_fast_hash(buff_use, (const char *)data.buf + offset, length);
|
||||
return n_args >= 2 ? args[0] : mp_obj_new_bytes(buff, 32);
|
||||
return n_args >= 2 ? args[0] : mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
mod_trezorcrypto_monero_xmr_fast_hash_obj, 1, 4,
|
||||
@ -1333,22 +1343,22 @@ STATIC mp_obj_t mod_trezorcrypto_monero_hasher_digest(size_t n_args,
|
||||
Hasher ctx = {0};
|
||||
memcpy(&ctx, &(o->h), sizeof(Hasher));
|
||||
|
||||
uint8_t out[SHA3_256_DIGEST_LENGTH] = {0};
|
||||
xmr_hasher_final(&ctx, out);
|
||||
memzero(&ctx, sizeof(SHA3_CTX));
|
||||
|
||||
if (n_args == 1 || args[1] == mp_const_none) {
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, SHA3_256_DIGEST_LENGTH);
|
||||
xmr_hasher_final(&ctx, (uint8_t *)hash.buf);
|
||||
memzero(&ctx, sizeof(SHA3_CTX));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
} else {
|
||||
mp_buffer_info_t bufm = {0};
|
||||
mp_get_buffer_raise(args[1], &bufm, MP_BUFFER_WRITE);
|
||||
const mp_int_t offset = n_args >= 3 ? mp_obj_get_int(args[2]) : 0;
|
||||
if (bufm.len < 32 + offset) {
|
||||
if (bufm.len < SHA3_256_DIGEST_LENGTH + offset) {
|
||||
mp_raise_ValueError("Buffer too small");
|
||||
}
|
||||
|
||||
memcpy((uint8_t *)bufm.buf + offset, out, SHA3_256_DIGEST_LENGTH);
|
||||
xmr_hasher_final(&ctx, (uint8_t *)bufm.buf + offset);
|
||||
memzero(&ctx, sizeof(SHA3_CTX));
|
||||
return args[1];
|
||||
}
|
||||
}
|
||||
|
@ -29,27 +29,28 @@
|
||||
/// Generate secret key.
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_nist256p1_generate_secret() {
|
||||
uint8_t out[32] = {0};
|
||||
vstr_t sk = {0};
|
||||
vstr_init_len(&sk, 32);
|
||||
for (;;) {
|
||||
random_buffer(out, 32);
|
||||
random_buffer((uint8_t *)sk.buf, sk.len);
|
||||
// check whether secret > 0 && secret < curve_order
|
||||
if (0 ==
|
||||
memcmp(
|
||||
out,
|
||||
sk.buf,
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
|
||||
32))
|
||||
sk.len))
|
||||
continue;
|
||||
if (0 <=
|
||||
memcmp(
|
||||
out,
|
||||
sk.buf,
|
||||
"\xFF\xFF\xFF\xFF\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
|
||||
"\xBC\xE6\xFA\xAD\xA7\x17\x9E\x84\xF3\xB9\xCA\xC2\xFC\x63\x25\x51",
|
||||
32))
|
||||
sk.len))
|
||||
continue;
|
||||
break;
|
||||
}
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_nist256p1_generate_secret_obj,
|
||||
mod_trezorcrypto_nist256p1_generate_secret);
|
||||
@ -65,16 +66,18 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_publickey(size_t n_args,
|
||||
if (sk.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of secret key");
|
||||
}
|
||||
vstr_t pk = {0};
|
||||
bool compressed = n_args < 2 || args[1] == mp_const_true;
|
||||
if (compressed) {
|
||||
uint8_t out[33] = {0};
|
||||
ecdsa_get_public_key33(&nist256p1, (const uint8_t *)sk.buf, out);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
vstr_init_len(&pk, 33);
|
||||
ecdsa_get_public_key33(&nist256p1, (const uint8_t *)sk.buf,
|
||||
(uint8_t *)pk.buf);
|
||||
} else {
|
||||
uint8_t out[65] = {0};
|
||||
ecdsa_get_public_key65(&nist256p1, (const uint8_t *)sk.buf, out);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
vstr_init_len(&pk, 65);
|
||||
ecdsa_get_public_key65(&nist256p1, (const uint8_t *)sk.buf,
|
||||
(uint8_t *)pk.buf);
|
||||
}
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
mod_trezorcrypto_nist256p1_publickey_obj, 1, 2,
|
||||
@ -88,7 +91,8 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_nist256p1_sign(size_t n_args,
|
||||
const mp_obj_t *args) {
|
||||
mp_buffer_info_t sk = {0}, dig = {0};
|
||||
mp_buffer_info_t sk = {0};
|
||||
mp_buffer_info_t dig = {0};
|
||||
mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ);
|
||||
bool compressed = n_args < 3 || args[2] == mp_const_true;
|
||||
@ -98,13 +102,17 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_sign(size_t n_args,
|
||||
if (dig.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of digest");
|
||||
}
|
||||
uint8_t out[65] = {0}, pby = 0;
|
||||
vstr_t sig = {0};
|
||||
vstr_init_len(&sig, 65);
|
||||
uint8_t pby = 0;
|
||||
if (0 != ecdsa_sign_digest(&nist256p1, (const uint8_t *)sk.buf,
|
||||
(const uint8_t *)dig.buf, out + 1, &pby, NULL)) {
|
||||
(const uint8_t *)dig.buf, (uint8_t *)sig.buf + 1,
|
||||
&pby, NULL)) {
|
||||
vstr_clear(&sig);
|
||||
mp_raise_ValueError("Signing failed");
|
||||
}
|
||||
out[0] = 27 + pby + compressed * 4;
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
sig.buf[0] = 27 + pby + compressed * 4;
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_nist256p1_sign_obj,
|
||||
2, 3,
|
||||
@ -162,15 +170,16 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_verify_recover(mp_obj_t signature,
|
||||
}
|
||||
bool compressed = (recid >= 4);
|
||||
recid &= 3;
|
||||
uint8_t out[65] = {0};
|
||||
if (0 == ecdsa_recover_pub_from_sig(&nist256p1, out,
|
||||
vstr_t pk = {0};
|
||||
vstr_init_len(&pk, 65);
|
||||
if (0 == ecdsa_recover_pub_from_sig(&nist256p1, (uint8_t *)pk.buf,
|
||||
(const uint8_t *)sig.buf + 1,
|
||||
(const uint8_t *)dig.buf, recid)) {
|
||||
if (compressed) {
|
||||
out[0] = 0x02 | (out[64] & 1);
|
||||
return mp_obj_new_bytes(out, 33);
|
||||
pk.buf[0] = 0x02 | (pk.buf[64] & 1);
|
||||
pk.len = 33;
|
||||
}
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk);
|
||||
} else {
|
||||
return mp_const_none;
|
||||
}
|
||||
@ -194,12 +203,14 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_multiply(mp_obj_t secret_key,
|
||||
if (pk.len != 33 && pk.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of public key");
|
||||
}
|
||||
uint8_t out[65] = {0};
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 65);
|
||||
if (0 != ecdh_multiply(&nist256p1, (const uint8_t *)sk.buf,
|
||||
(const uint8_t *)pk.buf, out)) {
|
||||
(const uint8_t *)pk.buf, (uint8_t *)out.buf)) {
|
||||
vstr_clear(&out);
|
||||
mp_raise_ValueError("Multiply failed");
|
||||
}
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_nist256p1_multiply_obj,
|
||||
mod_trezorcrypto_nist256p1_multiply);
|
||||
|
@ -106,10 +106,12 @@ STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_update(mp_obj_t self,
|
||||
uint32_t iter = trezor_obj_get_uint(iterations);
|
||||
if (o->prf == PRF_HMAC_SHA256) {
|
||||
pbkdf2_hmac_sha256_Update(&(o->ctx256), iter);
|
||||
}
|
||||
if (o->prf == PRF_HMAC_SHA512) {
|
||||
} else if (o->prf == PRF_HMAC_SHA512) {
|
||||
pbkdf2_hmac_sha512_Update(&(o->ctx512), iter);
|
||||
} else {
|
||||
mp_raise_ValueError("Invalid PRF");
|
||||
}
|
||||
|
||||
return mp_const_none;
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Pbkdf2_update_obj,
|
||||
@ -121,23 +123,23 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Pbkdf2_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_key(mp_obj_t self) {
|
||||
mp_obj_Pbkdf2_t *o = MP_OBJ_TO_PTR(self);
|
||||
vstr_t out = {0};
|
||||
if (o->prf == PRF_HMAC_SHA256) {
|
||||
PBKDF2_HMAC_SHA256_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx256), sizeof(PBKDF2_HMAC_SHA256_CTX));
|
||||
uint8_t out[SHA256_DIGEST_LENGTH] = {0};
|
||||
pbkdf2_hmac_sha256_Final(&ctx, out);
|
||||
vstr_init_len(&out, SHA256_DIGEST_LENGTH);
|
||||
pbkdf2_hmac_sha256_Final(&ctx, (uint8_t *)out.buf);
|
||||
memzero(&ctx, sizeof(PBKDF2_HMAC_SHA256_CTX));
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
}
|
||||
if (o->prf == PRF_HMAC_SHA512) {
|
||||
} else if (o->prf == PRF_HMAC_SHA512) {
|
||||
PBKDF2_HMAC_SHA512_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx512), sizeof(PBKDF2_HMAC_SHA512_CTX));
|
||||
uint8_t out[SHA512_DIGEST_LENGTH] = {0};
|
||||
pbkdf2_hmac_sha512_Final(&ctx, out);
|
||||
vstr_init_len(&out, SHA512_DIGEST_LENGTH);
|
||||
pbkdf2_hmac_sha512_Final(&ctx, (uint8_t *)out.buf);
|
||||
memzero(&ctx, sizeof(PBKDF2_HMAC_SHA512_CTX));
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
} else {
|
||||
mp_raise_ValueError("Invalid PRF");
|
||||
}
|
||||
return mp_const_none;
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Pbkdf2_key_obj,
|
||||
mod_trezorcrypto_Pbkdf2_key);
|
||||
|
@ -78,12 +78,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Ripemd160_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Ripemd160_digest(mp_obj_t self) {
|
||||
mp_obj_Ripemd160_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[RIPEMD160_DIGEST_LENGTH] = {0};
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, RIPEMD160_DIGEST_LENGTH);
|
||||
RIPEMD160_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(RIPEMD160_CTX));
|
||||
ripemd160_Final(&ctx, out);
|
||||
ripemd160_Final(&ctx, (uint8_t *)hash.buf);
|
||||
memzero(&ctx, sizeof(RIPEMD160_CTX));
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Ripemd160_digest_obj,
|
||||
mod_trezorcrypto_Ripemd160_digest);
|
||||
|
@ -29,27 +29,28 @@
|
||||
/// Generate secret key.
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_secp256k1_generate_secret() {
|
||||
uint8_t out[32] = {0};
|
||||
vstr_t sk = {0};
|
||||
vstr_init_len(&sk, 32);
|
||||
for (;;) {
|
||||
random_buffer(out, 32);
|
||||
random_buffer((uint8_t *)sk.buf, sk.len);
|
||||
// check whether secret > 0 && secret < curve_order
|
||||
if (0 ==
|
||||
memcmp(
|
||||
out,
|
||||
sk.buf,
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
|
||||
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
|
||||
32))
|
||||
continue;
|
||||
if (0 <=
|
||||
memcmp(
|
||||
out,
|
||||
sk.buf,
|
||||
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE"
|
||||
"\xBA\xAE\xDC\xE6\xAF\x48\xA0\x3B\xBF\xD2\x5E\x8C\xD0\x36\x41\x41",
|
||||
32))
|
||||
continue;
|
||||
break;
|
||||
}
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_secp256k1_generate_secret_obj,
|
||||
mod_trezorcrypto_secp256k1_generate_secret);
|
||||
@ -65,16 +66,18 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_publickey(size_t n_args,
|
||||
if (sk.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of secret key");
|
||||
}
|
||||
vstr_t pk = {0};
|
||||
bool compressed = n_args < 2 || args[1] == mp_const_true;
|
||||
if (compressed) {
|
||||
uint8_t out[33] = {0};
|
||||
ecdsa_get_public_key33(&secp256k1, (const uint8_t *)sk.buf, out);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
vstr_init_len(&pk, 33);
|
||||
ecdsa_get_public_key33(&secp256k1, (const uint8_t *)sk.buf,
|
||||
(uint8_t *)pk.buf);
|
||||
} else {
|
||||
uint8_t out[65] = {0};
|
||||
ecdsa_get_public_key65(&secp256k1, (const uint8_t *)sk.buf, out);
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
vstr_init_len(&pk, 65);
|
||||
ecdsa_get_public_key65(&secp256k1, (const uint8_t *)sk.buf,
|
||||
(uint8_t *)pk.buf);
|
||||
}
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
mod_trezorcrypto_secp256k1_publickey_obj, 1, 2,
|
||||
@ -117,7 +120,8 @@ enum {
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_secp256k1_sign(size_t n_args,
|
||||
const mp_obj_t *args) {
|
||||
mp_buffer_info_t sk = {0}, dig = {0};
|
||||
mp_buffer_info_t sk = {0};
|
||||
mp_buffer_info_t dig = {0};
|
||||
mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ);
|
||||
mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ);
|
||||
bool compressed = (n_args < 3) || (args[2] == mp_const_true);
|
||||
@ -139,14 +143,17 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_sign(size_t n_args,
|
||||
if (dig.len != 32) {
|
||||
mp_raise_ValueError("Invalid length of digest");
|
||||
}
|
||||
uint8_t out[65] = {0}, pby = 0;
|
||||
vstr_t sig = {0};
|
||||
vstr_init_len(&sig, 65);
|
||||
uint8_t pby = 0;
|
||||
if (0 != ecdsa_sign_digest(&secp256k1, (const uint8_t *)sk.buf,
|
||||
(const uint8_t *)dig.buf, out + 1, &pby,
|
||||
is_canonical)) {
|
||||
(const uint8_t *)dig.buf, (uint8_t *)sig.buf + 1,
|
||||
&pby, is_canonical)) {
|
||||
vstr_clear(&sig);
|
||||
mp_raise_ValueError("Signing failed");
|
||||
}
|
||||
out[0] = 27 + pby + compressed * 4;
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
sig.buf[0] = 27 + pby + compressed * 4;
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_secp256k1_sign_obj,
|
||||
2, 4,
|
||||
@ -204,15 +211,16 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_verify_recover(mp_obj_t signature,
|
||||
}
|
||||
bool compressed = (recid >= 4);
|
||||
recid &= 3;
|
||||
uint8_t out[65] = {0};
|
||||
if (0 == ecdsa_recover_pub_from_sig(&secp256k1, out,
|
||||
vstr_t pk = {0};
|
||||
vstr_init_len(&pk, 65);
|
||||
if (0 == ecdsa_recover_pub_from_sig(&secp256k1, (uint8_t *)pk.buf,
|
||||
(const uint8_t *)sig.buf + 1,
|
||||
(const uint8_t *)dig.buf, recid)) {
|
||||
if (compressed) {
|
||||
out[0] = 0x02 | (out[64] & 1);
|
||||
return mp_obj_new_bytes(out, 33);
|
||||
pk.buf[0] = 0x02 | (pk.buf[64] & 1);
|
||||
pk.len = 33;
|
||||
}
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk);
|
||||
} else {
|
||||
return mp_const_none;
|
||||
}
|
||||
@ -236,12 +244,14 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_multiply(mp_obj_t secret_key,
|
||||
if (pk.len != 33 && pk.len != 65) {
|
||||
mp_raise_ValueError("Invalid length of public key");
|
||||
}
|
||||
uint8_t out[65] = {0};
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 65);
|
||||
if (0 != ecdh_multiply(&secp256k1, (const uint8_t *)sk.buf,
|
||||
(const uint8_t *)pk.buf, out)) {
|
||||
(const uint8_t *)pk.buf, (uint8_t *)out.buf)) {
|
||||
vstr_clear(&out);
|
||||
mp_raise_ValueError("Multiply failed");
|
||||
}
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_secp256k1_multiply_obj,
|
||||
mod_trezorcrypto_secp256k1_multiply);
|
||||
|
@ -130,15 +130,17 @@ static const secp256k1_context *mod_trezorcrypto_get_secp256k1_context(
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_generate_secret(mp_obj_t self) {
|
||||
const secp256k1_context *ctx = mod_trezorcrypto_get_secp256k1_context(self);
|
||||
uint8_t out[32] = {0};
|
||||
vstr_t sk = {0};
|
||||
vstr_init_len(&sk, 32);
|
||||
|
||||
for (;;) {
|
||||
random_buffer(out, 32);
|
||||
random_buffer((uint8_t *)sk.buf, sk.len);
|
||||
// check whether secret > 0 && secret < curve_order
|
||||
if (secp256k1_ec_seckey_verify(ctx, out) == 1) {
|
||||
if (secp256k1_ec_seckey_verify(ctx, (uint8_t *)sk.buf) == 1) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(
|
||||
mod_trezorcrypto_secp256k1_zkp_generate_secret_obj,
|
||||
@ -163,12 +165,13 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_context_publickey(
|
||||
}
|
||||
|
||||
bool compressed = n_args < 3 || args[2] == mp_const_true;
|
||||
uint8_t out[65] = {0};
|
||||
size_t outlen = sizeof(out);
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 65);
|
||||
|
||||
secp256k1_ec_pubkey_serialize(
|
||||
ctx, out, &outlen, &pk,
|
||||
ctx, (uint8_t *)out.buf, &out.len, &pk,
|
||||
compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
|
||||
return mp_obj_new_bytes(out, outlen);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
mod_trezorcrypto_secp256k1_context_publickey_obj, 2, 3,
|
||||
@ -195,16 +198,18 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_context_sign(size_t n_args,
|
||||
mp_raise_ValueError("Invalid length of digest");
|
||||
}
|
||||
secp256k1_ecdsa_recoverable_signature sig;
|
||||
uint8_t out[65] = {0};
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 65);
|
||||
int pby = 0;
|
||||
if (!secp256k1_ecdsa_sign_recoverable(ctx, &sig, (const uint8_t *)dig.buf,
|
||||
(const uint8_t *)sk.buf, NULL, NULL)) {
|
||||
vstr_clear(&out);
|
||||
mp_raise_ValueError("Signing failed");
|
||||
}
|
||||
secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, &out[1], &pby,
|
||||
&sig);
|
||||
out[0] = 27 + pby + compressed * 4;
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
secp256k1_ecdsa_recoverable_signature_serialize_compact(
|
||||
ctx, (uint8_t *)&out.buf[1], &pby, &sig);
|
||||
out.buf[0] = 27 + pby + compressed * 4;
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(
|
||||
mod_trezorcrypto_secp256k1_context_sign_obj, 3, 4,
|
||||
@ -286,12 +291,12 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_context_verify_recover(
|
||||
if (!secp256k1_ecdsa_recover(ctx, &pk, &ec_sig, (const uint8_t *)dig.buf)) {
|
||||
return mp_const_none;
|
||||
}
|
||||
uint8_t out[65] = {0};
|
||||
size_t pklen = sizeof(out);
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 65);
|
||||
secp256k1_ec_pubkey_serialize(
|
||||
ctx, out, &pklen, &pk,
|
||||
ctx, (uint8_t *)out.buf, &out.len, &pk,
|
||||
compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED);
|
||||
return mp_obj_new_bytes(out, pklen);
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_3(
|
||||
mod_trezorcrypto_secp256k1_context_verify_recover_obj,
|
||||
@ -328,12 +333,14 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_context_multiply(
|
||||
pk.len)) {
|
||||
mp_raise_ValueError("Invalid public key");
|
||||
}
|
||||
uint8_t out[65] = {0};
|
||||
if (!secp256k1_ecdh(ctx, out, &ec_pk, (const uint8_t *)sk.buf,
|
||||
vstr_t out = {0};
|
||||
vstr_init_len(&out, 65);
|
||||
if (!secp256k1_ecdh(ctx, (uint8_t *)out.buf, &ec_pk, (const uint8_t *)sk.buf,
|
||||
secp256k1_ecdh_hash_passthrough, NULL)) {
|
||||
vstr_clear(&out);
|
||||
mp_raise_ValueError("Multiply failed");
|
||||
}
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &out);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_3(
|
||||
mod_trezorcrypto_secp256k1_context_multiply_obj,
|
||||
|
@ -77,12 +77,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha1_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Sha1_digest(mp_obj_t self) {
|
||||
mp_obj_Sha1_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[SHA1_DIGEST_LENGTH] = {0};
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, SHA1_DIGEST_LENGTH);
|
||||
SHA1_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(SHA1_CTX));
|
||||
sha1_Final(&ctx, out);
|
||||
sha1_Final(&ctx, (uint8_t *)hash.buf);
|
||||
memzero(&ctx, sizeof(SHA1_CTX));
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha1_digest_obj,
|
||||
mod_trezorcrypto_Sha1_digest);
|
||||
|
@ -77,12 +77,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha256_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Sha256_digest(mp_obj_t self) {
|
||||
mp_obj_Sha256_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[SHA256_DIGEST_LENGTH] = {0};
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, SHA256_DIGEST_LENGTH);
|
||||
SHA256_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(SHA256_CTX));
|
||||
sha256_Final(&ctx, out);
|
||||
sha256_Final(&ctx, (uint8_t *)hash.buf);
|
||||
memzero(&ctx, sizeof(SHA256_CTX));
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha256_digest_obj,
|
||||
mod_trezorcrypto_Sha256_digest);
|
||||
|
@ -90,16 +90,17 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha3_256_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Sha3_256_digest(mp_obj_t self) {
|
||||
mp_obj_Sha3_256_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[SHA3_256_DIGEST_LENGTH] = {0};
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, SHA3_256_DIGEST_LENGTH);
|
||||
SHA3_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(SHA3_CTX));
|
||||
if (o->keccak) {
|
||||
keccak_Final(&ctx, out);
|
||||
keccak_Final(&ctx, (uint8_t *)hash.buf);
|
||||
} else {
|
||||
sha3_Final(&ctx, out);
|
||||
sha3_Final(&ctx, (uint8_t *)hash.buf);
|
||||
}
|
||||
memzero(&ctx, sizeof(SHA3_CTX));
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_256_digest_obj,
|
||||
mod_trezorcrypto_Sha3_256_digest);
|
||||
|
@ -90,16 +90,17 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha3_512_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Sha3_512_digest(mp_obj_t self) {
|
||||
mp_obj_Sha3_512_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[SHA3_512_DIGEST_LENGTH] = {0};
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, SHA3_512_DIGEST_LENGTH);
|
||||
SHA3_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(SHA3_CTX));
|
||||
if (o->keccak) {
|
||||
keccak_Final(&ctx, out);
|
||||
keccak_Final(&ctx, (uint8_t *)hash.buf);
|
||||
} else {
|
||||
sha3_Final(&ctx, out);
|
||||
sha3_Final(&ctx, (uint8_t *)hash.buf);
|
||||
}
|
||||
memzero(&ctx, sizeof(SHA3_CTX));
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_512_digest_obj,
|
||||
mod_trezorcrypto_Sha3_512_digest);
|
||||
|
@ -76,12 +76,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha512_update_obj,
|
||||
/// """
|
||||
STATIC mp_obj_t mod_trezorcrypto_Sha512_digest(mp_obj_t self) {
|
||||
mp_obj_Sha512_t *o = MP_OBJ_TO_PTR(self);
|
||||
uint8_t out[SHA512_DIGEST_LENGTH] = {0};
|
||||
vstr_t hash = {0};
|
||||
vstr_init_len(&hash, SHA512_DIGEST_LENGTH);
|
||||
SHA512_CTX ctx = {0};
|
||||
memcpy(&ctx, &(o->ctx), sizeof(SHA512_CTX));
|
||||
sha512_Final(&ctx, out);
|
||||
sha512_Final(&ctx, (uint8_t *)hash.buf);
|
||||
memzero(&ctx, sizeof(SHA512_CTX));
|
||||
return mp_obj_new_bytes(out, sizeof(out));
|
||||
return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash);
|
||||
}
|
||||
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha512_digest_obj,
|
||||
mod_trezorcrypto_Sha512_digest);
|
||||
|
Loading…
Reference in New Issue
Block a user