From c21ca81a1e9d6260845aacfa9b741770742fcafc Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Sun, 11 Oct 2020 12:28:30 +0200 Subject: [PATCH] fix(core): Prevent sensitive data from being left on the call stack in modtrezorcrypto. --- .../modtrezorcrypto/modtrezorcrypto-bip32.h | 41 ++++++----- .../modtrezorcrypto/modtrezorcrypto-bip39.h | 11 +-- .../modtrezorcrypto-blake256.h | 7 +- .../modtrezorcrypto/modtrezorcrypto-blake2b.h | 7 +- .../modtrezorcrypto/modtrezorcrypto-blake2s.h | 7 +- .../modtrezorcrypto-chacha20poly1305.h | 7 +- .../modtrezorcrypto-curve25519.h | 28 ++++---- .../modtrezorcrypto/modtrezorcrypto-ed25519.h | 62 +++++++++------- .../modtrezorcrypto/modtrezorcrypto-groestl.h | 7 +- .../modtrezorcrypto/modtrezorcrypto-monero.h | 70 +++++++++++-------- .../modtrezorcrypto-nist256p1.h | 63 ++++++++++------- .../modtrezorcrypto/modtrezorcrypto-pbkdf2.h | 24 ++++--- .../modtrezorcrypto-ripemd160.h | 7 +- .../modtrezorcrypto-secp256k1.h | 60 +++++++++------- .../modtrezorcrypto-secp256k1_zkp.h | 47 +++++++------ .../modtrezorcrypto/modtrezorcrypto-sha1.h | 7 +- .../modtrezorcrypto/modtrezorcrypto-sha256.h | 7 +- .../modtrezorcrypto-sha3-256.h | 9 +-- .../modtrezorcrypto-sha3-512.h | 9 +-- .../modtrezorcrypto/modtrezorcrypto-sha512.h | 7 +- 20 files changed, 281 insertions(+), 206 deletions(-) diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h index c79d56812..9c20582c6 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h @@ -43,8 +43,8 @@ typedef struct _mp_obj_HDNode_t { STATIC const mp_obj_type_t mod_trezorcrypto_HDNode_type; -#define XPUB_MAXLEN 128 -#define ADDRESS_MAXLEN 40 +#define XPUB_MAXLEN 112 +#define ADDRESS_MAXLEN 39 /// def __init__( /// self, @@ -266,15 +266,18 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_serialize_public(mp_obj_t self, mp_obj_t version) { uint32_t ver = trezor_obj_get_uint(version); mp_obj_HDNode_t *o = MP_OBJ_TO_PTR(self); - char xpub[XPUB_MAXLEN] = {0}; + vstr_t xpub = {0}; + vstr_init_len(&xpub, XPUB_MAXLEN); hdnode_fill_public_key(&o->hdnode); - int written = hdnode_serialize_public(&o->hdnode, o->fingerprint, ver, xpub, - XPUB_MAXLEN); + int written = hdnode_serialize_public(&o->hdnode, o->fingerprint, ver, + xpub.buf, xpub.alloc); if (written <= 0) { + vstr_clear(&xpub); mp_raise_ValueError("Failed to serialize"); } // written includes NULL at the end of the string - return mp_obj_new_str_copy(&mp_type_str, (const uint8_t *)xpub, written - 1); + xpub.len = written - 1; + return mp_obj_new_str_from_vstr(&mp_type_str, &xpub); } STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_HDNode_serialize_public_obj, mod_trezorcrypto_HDNode_serialize_public); @@ -383,10 +386,11 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_address(mp_obj_t self, uint32_t v = trezor_obj_get_uint(version); - char address[ADDRESS_MAXLEN] = {0}; - hdnode_get_address(&o->hdnode, v, address, ADDRESS_MAXLEN); - return mp_obj_new_str_copy(&mp_type_str, (const uint8_t *)address, - strlen(address)); + vstr_t address = {0}; + vstr_init_len(&address, ADDRESS_MAXLEN); + hdnode_get_address(&o->hdnode, v, address.buf, address.alloc); + address.len = strlen(address.buf); + return mp_obj_new_str_from_vstr(&mp_type_str, &address); } STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_HDNode_address_obj, mod_trezorcrypto_HDNode_address); @@ -403,12 +407,14 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_nem_address(mp_obj_t self, uint8_t n = trezor_obj_get_uint8(network); - char address[NEM_ADDRESS_SIZE + 1] = {0}; // + 1 for the 0 byte - if (!hdnode_get_nem_address(&o->hdnode, n, address)) { + vstr_t address = {0}; + vstr_init_len(&address, NEM_ADDRESS_SIZE); + if (!hdnode_get_nem_address(&o->hdnode, n, address.buf)) { + vstr_clear(&address); mp_raise_ValueError("Failed to compute a NEM address"); } - return mp_obj_new_str_copy(&mp_type_str, (const uint8_t *)address, - strlen(address)); + address.len = strlen(address.buf); + return mp_obj_new_str_from_vstr(&mp_type_str, &address); } STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_HDNode_nem_address_obj, mod_trezorcrypto_HDNode_nem_address); @@ -465,9 +471,10 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( STATIC mp_obj_t mod_trezorcrypto_HDNode_ethereum_pubkeyhash(mp_obj_t self) { mp_obj_HDNode_t *o = MP_OBJ_TO_PTR(self); - uint8_t pkh[20] = {0}; - hdnode_get_ethereum_pubkeyhash(&o->hdnode, pkh); - return mp_obj_new_bytes(pkh, sizeof(pkh)); + vstr_t pkh = {0}; + vstr_init_len(&pkh, 20); + hdnode_get_ethereum_pubkeyhash(&o->hdnode, (uint8_t *)pkh.buf); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &pkh); } STATIC MP_DEFINE_CONST_FUN_OBJ_1( mod_trezorcrypto_HDNode_ethereum_pubkeyhash_obj, diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip39.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip39.h index adbd325a2..0ac9c8fc3 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip39.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip39.h @@ -21,6 +21,7 @@ #include "py/runtime.h" #include "bip39.h" +#include "sha2.h" /// package: trezorcrypto.bip39 @@ -135,19 +136,21 @@ STATIC mp_obj_t mod_trezorcrypto_bip39_seed(size_t n_args, mp_buffer_info_t phrase = {0}; mp_get_buffer_raise(args[0], &mnemo, MP_BUFFER_READ); mp_get_buffer_raise(args[1], &phrase, MP_BUFFER_READ); - uint8_t seed[64] = {0}; + vstr_t seed = {0}; + vstr_init_len(&seed, SHA512_DIGEST_LENGTH); const char *pmnemonic = mnemo.len > 0 ? mnemo.buf : ""; const char *ppassphrase = phrase.len > 0 ? phrase.buf : ""; if (n_args > 2) { // generate with a progress callback ui_wait_callback = args[2]; - mnemonic_to_seed(pmnemonic, ppassphrase, seed, wrapped_ui_wait_callback); + mnemonic_to_seed(pmnemonic, ppassphrase, (uint8_t *)seed.buf, + wrapped_ui_wait_callback); ui_wait_callback = mp_const_none; } else { // generate without callback - mnemonic_to_seed(pmnemonic, ppassphrase, seed, NULL); + mnemonic_to_seed(pmnemonic, ppassphrase, (uint8_t *)seed.buf, NULL); } - return mp_obj_new_bytes(seed, sizeof(seed)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &seed); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_bip39_seed_obj, 2, 3, mod_trezorcrypto_bip39_seed); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h index a254a475c..423002562 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h @@ -77,12 +77,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Blake256_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Blake256_digest(mp_obj_t self) { mp_obj_Blake256_t *o = MP_OBJ_TO_PTR(self); - uint8_t hash[BLAKE256_DIGEST_LENGTH] = {0}; + vstr_t hash = {0}; + vstr_init_len(&hash, BLAKE256_DIGEST_LENGTH); BLAKE256_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(BLAKE256_CTX)); - blake256_Final(&ctx, hash); + blake256_Final(&ctx, (uint8_t *)hash.buf); memzero(&ctx, sizeof(BLAKE256_CTX)); - return mp_obj_new_bytes(hash, sizeof(hash)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake256_digest_obj, mod_trezorcrypto_Blake256_digest); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h index 663984b04..4ec0124e2 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h @@ -131,12 +131,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Blake2b_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Blake2b_digest(mp_obj_t self) { mp_obj_Blake2b_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[BLAKE2B_DIGEST_LENGTH] = {0}; BLAKE2B_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(BLAKE2B_CTX)); - blake2b_Final(&ctx, out, ctx.outlen); + vstr_t hash = {0}; + vstr_init_len(&hash, ctx.outlen); + blake2b_Final(&ctx, (uint8_t *)hash.buf, hash.len); memzero(&ctx, sizeof(BLAKE2B_CTX)); - return mp_obj_new_bytes(out, o->ctx.outlen); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2b_digest_obj, mod_trezorcrypto_Blake2b_digest); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h index 16df666a9..3a2ca04fc 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h @@ -131,12 +131,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Blake2s_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Blake2s_digest(mp_obj_t self) { mp_obj_Blake2s_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[BLAKE2S_DIGEST_LENGTH] = {0}; BLAKE2S_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(BLAKE2S_CTX)); - blake2s_Final(&ctx, out, ctx.outlen); + vstr_t hash = {0}; + vstr_init_len(&hash, ctx.outlen); + blake2s_Final(&ctx, (uint8_t *)hash.buf, hash.len); memzero(&ctx, sizeof(BLAKE2S_CTX)); - return mp_obj_new_bytes(out, o->ctx.outlen); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2s_digest_obj, mod_trezorcrypto_Blake2s_digest); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h index 9937aca53..33a23da63 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h @@ -123,9 +123,10 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_ChaCha20Poly1305_auth_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_ChaCha20Poly1305_finish(mp_obj_t self) { mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[16] = {0}; - rfc7539_finish(&(o->ctx), o->alen, o->plen, out); - return mp_obj_new_bytes(out, sizeof(out)); + vstr_t mac = {0}; + vstr_init_len(&mac, 16); + rfc7539_finish(&(o->ctx), o->alen, o->plen, (uint8_t *)mac.buf); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &mac); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_ChaCha20Poly1305_finish_obj, mod_trezorcrypto_ChaCha20Poly1305_finish); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-curve25519.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-curve25519.h index 904cb4a31..cd48bbc99 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-curve25519.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-curve25519.h @@ -30,13 +30,14 @@ /// Generate secret key. /// """ STATIC mp_obj_t mod_trezorcrypto_curve25519_generate_secret() { - uint8_t out[32] = {0}; - random_buffer(out, 32); + vstr_t sk = {0}; + vstr_init_len(&sk, 32); + random_buffer((uint8_t *)sk.buf, sk.len); // taken from https://cr.yp.to/ecdh.html - out[0] &= 248; - out[31] &= 127; - out[31] |= 64; - return mp_obj_new_bytes(out, sizeof(out)); + sk.buf[0] &= 248; + sk.buf[31] &= 127; + sk.buf[31] |= 64; + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk); } STATIC MP_DEFINE_CONST_FUN_OBJ_0( mod_trezorcrypto_curve25519_generate_secret_obj, @@ -52,9 +53,10 @@ STATIC mp_obj_t mod_trezorcrypto_curve25519_publickey(mp_obj_t secret_key) { if (sk.len != 32) { mp_raise_ValueError("Invalid length of secret key"); } - uint8_t out[32] = {0}; - curve25519_scalarmult_basepoint(out, (const uint8_t *)sk.buf); - return mp_obj_new_bytes(out, sizeof(out)); + vstr_t pk = {0}; + vstr_init_len(&pk, 32); + curve25519_scalarmult_basepoint((uint8_t *)pk.buf, (const uint8_t *)sk.buf); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_curve25519_publickey_obj, mod_trezorcrypto_curve25519_publickey); @@ -75,9 +77,11 @@ STATIC mp_obj_t mod_trezorcrypto_curve25519_multiply(mp_obj_t secret_key, if (pk.len != 32) { mp_raise_ValueError("Invalid length of public key"); } - uint8_t out[32] = {0}; - curve25519_scalarmult(out, (const uint8_t *)sk.buf, (const uint8_t *)pk.buf); - return mp_obj_new_bytes(out, sizeof(out)); + vstr_t out = {0}; + vstr_init_len(&out, 32); + curve25519_scalarmult((uint8_t *)out.buf, (const uint8_t *)sk.buf, + (const uint8_t *)pk.buf); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_curve25519_multiply_obj, mod_trezorcrypto_curve25519_multiply); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h index 3d18162d0..b0309b43f 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ed25519.h @@ -31,13 +31,14 @@ /// Generate secret key. /// """ STATIC mp_obj_t mod_trezorcrypto_ed25519_generate_secret() { - uint8_t out[32] = {0}; - random_buffer(out, 32); + vstr_t sk = {0}; + vstr_init_len(&sk, 32); + random_buffer((uint8_t *)sk.buf, sk.len); // taken from https://cr.yp.to/ecdh.html - out[0] &= 248; - out[31] &= 127; - out[31] |= 64; - return mp_obj_new_bytes(out, sizeof(out)); + sk.buf[0] &= 248; + sk.buf[31] &= 127; + sk.buf[31] |= 64; + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk); } STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_ed25519_generate_secret_obj, mod_trezorcrypto_ed25519_generate_secret); @@ -52,10 +53,11 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_publickey(mp_obj_t secret_key) { if (sk.len != 32) { mp_raise_ValueError("Invalid length of secret key"); } - uint8_t out[32] = {0}; + vstr_t pk = {0}; + vstr_init_len(&pk, sizeof(ed25519_public_key)); ed25519_publickey(*(const ed25519_secret_key *)sk.buf, - *(ed25519_public_key *)out); - return mp_obj_new_bytes(out, sizeof(out)); + *(ed25519_public_key *)pk.buf); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_ed25519_publickey_obj, mod_trezorcrypto_ed25519_publickey); @@ -76,8 +78,9 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_sign(size_t n_args, mp_raise_ValueError("Empty data to sign"); } ed25519_public_key pk = {0}; - uint8_t out[64] = {0}; mp_buffer_info_t hash_func = {0}; + vstr_t sig = {0}; + vstr_init_len(&sig, sizeof(ed25519_signature)); if (n_args == 3) { mp_get_buffer_raise(args[2], &hash_func, MP_BUFFER_READ); @@ -85,17 +88,18 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_sign(size_t n_args, if (memcmp(hash_func.buf, "keccak", sizeof("keccak")) == 0) { ed25519_publickey_keccak(*(const ed25519_secret_key *)sk.buf, pk); ed25519_sign_keccak(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf, - pk, *(ed25519_signature *)out); + pk, *(ed25519_signature *)sig.buf); } else { + vstr_clear(&sig); mp_raise_ValueError("Unknown hash function"); } } else { ed25519_publickey(*(const ed25519_secret_key *)sk.buf, pk); ed25519_sign(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf, pk, - *(ed25519_signature *)out); + *(ed25519_signature *)sig.buf); } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_ed25519_sign_obj, 2, 3, mod_trezorcrypto_ed25519_sign); @@ -128,11 +132,12 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_sign_ext(mp_obj_t secret_key, ed25519_publickey_ext(*(const ed25519_secret_key *)sk.buf, *(const ed25519_secret_key *)skext.buf, pk); - uint8_t out[64] = {0}; + vstr_t sig = {0}; + vstr_init_len(&sig, sizeof(ed25519_signature)); ed25519_sign_ext(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf, *(const ed25519_secret_key *)skext.buf, pk, - *(ed25519_signature *)out); - return mp_obj_new_bytes(out, sizeof(out)); + *(ed25519_signature *)sig.buf); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig); } STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_ed25519_sign_ext_obj, mod_trezorcrypto_ed25519_sign_ext); @@ -191,12 +196,14 @@ mod_trezorcrypto_ed25519_cosi_combine_publickeys(mp_obj_t public_keys) { } memcpy(pks[i], buf.buf, buf.len); } - uint8_t out[32] = {0}; - if (0 != - ed25519_cosi_combine_publickeys(*(ed25519_public_key *)out, pks, pklen)) { + vstr_t pk = {0}; + vstr_init_len(&pk, sizeof(ed25519_public_key)); + if (0 != ed25519_cosi_combine_publickeys(*(ed25519_public_key *)pk.buf, pks, + pklen)) { + vstr_clear(&pk); mp_raise_ValueError("Error combining public keys"); } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk); } STATIC MP_DEFINE_CONST_FUN_OBJ_1( mod_trezorcrypto_ed25519_cosi_combine_publickeys_obj, @@ -229,11 +236,12 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_cosi_combine_signatures( } memcpy(sigs[i], buf.buf, buf.len); } - uint8_t out[64] = {0}; - ed25519_cosi_combine_signatures(*(ed25519_signature *)out, + vstr_t sig = {0}; + vstr_init_len(&sig, sizeof(ed25519_signature)); + ed25519_cosi_combine_signatures(*(ed25519_signature *)sig.buf, *(const ed25519_public_key *)sigR.buf, sigs, siglen); - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig); } STATIC MP_DEFINE_CONST_FUN_OBJ_2( mod_trezorcrypto_ed25519_cosi_combine_signatures_obj, @@ -269,13 +277,15 @@ STATIC mp_obj_t mod_trezorcrypto_ed25519_cosi_sign(size_t n_args, if (pk.len != 32) { mp_raise_ValueError("Invalid length of aggregated public key"); } - uint8_t out[32] = {0}; + vstr_t sig = {0}; + vstr_init_len(&sig, sizeof(ed25519_cosi_signature)); + ; ed25519_cosi_sign(msg.buf, msg.len, *(const ed25519_secret_key *)sk.buf, *(const ed25519_secret_key *)nonce.buf, *(const ed25519_public_key *)sigR.buf, *(const ed25519_secret_key *)pk.buf, - *(ed25519_cosi_signature *)out); - return mp_obj_new_bytes(out, sizeof(out)); + *(ed25519_cosi_signature *)sig.buf); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( mod_trezorcrypto_ed25519_cosi_sign_obj, 5, 5, diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-groestl.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-groestl.h index 891fdc8f6..4fb98f230 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-groestl.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-groestl.h @@ -81,12 +81,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Groestl512_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Groestl512_digest(mp_obj_t self) { mp_obj_Groestl512_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[GROESTL512_DIGEST_LENGTH] = {0}; + vstr_t hash = {0}; + vstr_init_len(&hash, GROESTL512_DIGEST_LENGTH); GROESTL512_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(GROESTL512_CTX)); - groestl512_Final(&ctx, out); + groestl512_Final(&ctx, (uint8_t *)hash.buf); memzero(&ctx, sizeof(GROESTL512_CTX)); - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Groestl512_digest_obj, mod_trezorcrypto_Groestl512_digest); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-monero.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-monero.h index 922a4ed02..1e863d489 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-monero.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-monero.h @@ -551,10 +551,10 @@ STATIC mp_obj_t mod_trezorcrypto_monero_pack256_modm(size_t n_args, const mp_obj_t *args) { if (n_args == 1 || args[0] == mp_const_none) { assert_scalar(args[0]); - uint8_t buff[32] = {0}; - contract256_modm(buff, MP_OBJ_C_SCALAR(args[0])); - return mp_obj_new_bytes(buff, 32); - + vstr_t out = {0}; + vstr_init_len(&out, 32); + contract256_modm((uint8_t *)out.buf, MP_OBJ_C_SCALAR(args[0])); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } else { mp_buffer_info_t bufm = {0}; mp_get_buffer_raise(args[0], &bufm, MP_BUFFER_WRITE); @@ -873,10 +873,10 @@ STATIC mp_obj_t mod_trezorcrypto_monero_ge25519_pack(size_t n_args, const mp_obj_t *args) { if (n_args == 1 || args[0] == mp_const_none) { assert_ge25519(args[0]); - uint8_t buff[32] = {0}; - ge25519_pack(buff, &MP_OBJ_C_GE25519(args[0])); - return mp_obj_new_bytes(buff, 32); - + vstr_t out = {0}; + vstr_init_len(&out, 32); + ge25519_pack((uint8_t *)out.buf, &MP_OBJ_C_GE25519(args[0])); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } else { mp_buffer_info_t bufm = {0}; mp_get_buffer_raise(args[0], &bufm, MP_BUFFER_WRITE); @@ -922,17 +922,20 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( /// """ STATIC mp_obj_t mod_trezorcrypto_monero_xmr_base58_addr_encode_check( size_t n_args, const mp_obj_t *args) { - uint8_t out[128] = {0}; + vstr_t out = {0}; + vstr_init_len(&out, 128); mp_buffer_info_t data = {0}; mp_get_buffer_raise(args[1], &data, MP_BUFFER_READ); int sz = xmr_base58_addr_encode_check(mp_obj_get_int(args[0]), data.buf, - data.len, (char *)out, sizeof(out)); - if (sz == 0) { + data.len, out.buf, out.alloc); + if (sz <= 0) { + vstr_clear(&out); mp_raise_ValueError("b58 encoding error"); } + out.len = sz; - return mp_obj_new_bytes(out, sz); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( mod_trezorcrypto_monero_xmr_base58_addr_encode_check_obj, 2, 2, @@ -945,20 +948,23 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( /// """ STATIC mp_obj_t mod_trezorcrypto_monero_xmr_base58_addr_decode_check( size_t n_args, const mp_obj_t *args) { - uint8_t out[128] = {0}; uint64_t tag = 0; + vstr_t out = {0}; + vstr_init_len(&out, 128); mp_buffer_info_t data = {0}; mp_get_buffer_raise(args[0], &data, MP_BUFFER_READ); - int sz = - xmr_base58_addr_decode_check(data.buf, data.len, &tag, out, sizeof(out)); - if (sz == 0) { + int sz = xmr_base58_addr_decode_check(data.buf, data.len, &tag, out.buf, + out.alloc); + if (sz <= 0) { + vstr_clear(&out); mp_raise_ValueError("b58 decoding error"); } + out.len = sz; mp_obj_tuple_t *tuple = MP_OBJ_TO_PTR(mp_obj_new_tuple(2, NULL)); - tuple->items[0] = mp_obj_new_bytes(out, sz); + tuple->items[0] = mp_obj_new_str_from_vstr(&mp_type_bytes, &out); tuple->items[1] = mp_obj_new_int_from_ull(tag); return MP_OBJ_FROM_PTR(tuple); } @@ -989,15 +995,19 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( STATIC mp_obj_t mod_trezorcrypto_monero_xmr_fast_hash(size_t n_args, const mp_obj_t *args) { const int off = n_args >= 2 ? 0 : -1; - uint8_t buff[32] = {0}; - uint8_t *buff_use = buff; - if (n_args > 1) { + vstr_t out = {0}; + uint8_t *buff_use = NULL; + if (n_args >= 2) { mp_buffer_info_t odata = {0}; mp_get_buffer_raise(args[0], &odata, MP_BUFFER_WRITE); - if (odata.len < 32) { + if (odata.len < HASHER_DIGEST_LENGTH) { + vstr_clear(&out); mp_raise_ValueError("Output buffer too small"); } buff_use = odata.buf; + } else { + vstr_init_len(&out, HASHER_DIGEST_LENGTH); + buff_use = (uint8_t *)out.buf; } mp_buffer_info_t data = {0}; @@ -1010,7 +1020,7 @@ STATIC mp_obj_t mod_trezorcrypto_monero_xmr_fast_hash(size_t n_args, mp_raise_ValueError("Illegal offset/length"); } xmr_fast_hash(buff_use, (const char *)data.buf + offset, length); - return n_args >= 2 ? args[0] : mp_obj_new_bytes(buff, 32); + return n_args >= 2 ? args[0] : mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( mod_trezorcrypto_monero_xmr_fast_hash_obj, 1, 4, @@ -1333,22 +1343,22 @@ STATIC mp_obj_t mod_trezorcrypto_monero_hasher_digest(size_t n_args, Hasher ctx = {0}; memcpy(&ctx, &(o->h), sizeof(Hasher)); - uint8_t out[SHA3_256_DIGEST_LENGTH] = {0}; - xmr_hasher_final(&ctx, out); - memzero(&ctx, sizeof(SHA3_CTX)); - if (n_args == 1 || args[1] == mp_const_none) { - return mp_obj_new_bytes(out, sizeof(out)); - + vstr_t hash = {0}; + vstr_init_len(&hash, SHA3_256_DIGEST_LENGTH); + xmr_hasher_final(&ctx, (uint8_t *)hash.buf); + memzero(&ctx, sizeof(SHA3_CTX)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } else { mp_buffer_info_t bufm = {0}; mp_get_buffer_raise(args[1], &bufm, MP_BUFFER_WRITE); const mp_int_t offset = n_args >= 3 ? mp_obj_get_int(args[2]) : 0; - if (bufm.len < 32 + offset) { + if (bufm.len < SHA3_256_DIGEST_LENGTH + offset) { mp_raise_ValueError("Buffer too small"); } - memcpy((uint8_t *)bufm.buf + offset, out, SHA3_256_DIGEST_LENGTH); + xmr_hasher_final(&ctx, (uint8_t *)bufm.buf + offset); + memzero(&ctx, sizeof(SHA3_CTX)); return args[1]; } } diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-nist256p1.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-nist256p1.h index 0f55a4d64..09bfe214c 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-nist256p1.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-nist256p1.h @@ -29,27 +29,28 @@ /// Generate secret key. /// """ STATIC mp_obj_t mod_trezorcrypto_nist256p1_generate_secret() { - uint8_t out[32] = {0}; + vstr_t sk = {0}; + vstr_init_len(&sk, 32); for (;;) { - random_buffer(out, 32); + random_buffer((uint8_t *)sk.buf, sk.len); // check whether secret > 0 && secret < curve_order if (0 == memcmp( - out, + sk.buf, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", - 32)) + sk.len)) continue; if (0 <= memcmp( - out, + sk.buf, "\xFF\xFF\xFF\xFF\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xBC\xE6\xFA\xAD\xA7\x17\x9E\x84\xF3\xB9\xCA\xC2\xFC\x63\x25\x51", - 32)) + sk.len)) continue; break; } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk); } STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_nist256p1_generate_secret_obj, mod_trezorcrypto_nist256p1_generate_secret); @@ -65,16 +66,18 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_publickey(size_t n_args, if (sk.len != 32) { mp_raise_ValueError("Invalid length of secret key"); } + vstr_t pk = {0}; bool compressed = n_args < 2 || args[1] == mp_const_true; if (compressed) { - uint8_t out[33] = {0}; - ecdsa_get_public_key33(&nist256p1, (const uint8_t *)sk.buf, out); - return mp_obj_new_bytes(out, sizeof(out)); + vstr_init_len(&pk, 33); + ecdsa_get_public_key33(&nist256p1, (const uint8_t *)sk.buf, + (uint8_t *)pk.buf); } else { - uint8_t out[65] = {0}; - ecdsa_get_public_key65(&nist256p1, (const uint8_t *)sk.buf, out); - return mp_obj_new_bytes(out, sizeof(out)); + vstr_init_len(&pk, 65); + ecdsa_get_public_key65(&nist256p1, (const uint8_t *)sk.buf, + (uint8_t *)pk.buf); } + return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( mod_trezorcrypto_nist256p1_publickey_obj, 1, 2, @@ -88,7 +91,8 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( /// """ STATIC mp_obj_t mod_trezorcrypto_nist256p1_sign(size_t n_args, const mp_obj_t *args) { - mp_buffer_info_t sk = {0}, dig = {0}; + mp_buffer_info_t sk = {0}; + mp_buffer_info_t dig = {0}; mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ); mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ); bool compressed = n_args < 3 || args[2] == mp_const_true; @@ -98,13 +102,17 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_sign(size_t n_args, if (dig.len != 32) { mp_raise_ValueError("Invalid length of digest"); } - uint8_t out[65] = {0}, pby = 0; + vstr_t sig = {0}; + vstr_init_len(&sig, 65); + uint8_t pby = 0; if (0 != ecdsa_sign_digest(&nist256p1, (const uint8_t *)sk.buf, - (const uint8_t *)dig.buf, out + 1, &pby, NULL)) { + (const uint8_t *)dig.buf, (uint8_t *)sig.buf + 1, + &pby, NULL)) { + vstr_clear(&sig); mp_raise_ValueError("Signing failed"); } - out[0] = 27 + pby + compressed * 4; - return mp_obj_new_bytes(out, sizeof(out)); + sig.buf[0] = 27 + pby + compressed * 4; + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_nist256p1_sign_obj, 2, 3, @@ -162,15 +170,16 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_verify_recover(mp_obj_t signature, } bool compressed = (recid >= 4); recid &= 3; - uint8_t out[65] = {0}; - if (0 == ecdsa_recover_pub_from_sig(&nist256p1, out, + vstr_t pk = {0}; + vstr_init_len(&pk, 65); + if (0 == ecdsa_recover_pub_from_sig(&nist256p1, (uint8_t *)pk.buf, (const uint8_t *)sig.buf + 1, (const uint8_t *)dig.buf, recid)) { if (compressed) { - out[0] = 0x02 | (out[64] & 1); - return mp_obj_new_bytes(out, 33); + pk.buf[0] = 0x02 | (pk.buf[64] & 1); + pk.len = 33; } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk); } else { return mp_const_none; } @@ -194,12 +203,14 @@ STATIC mp_obj_t mod_trezorcrypto_nist256p1_multiply(mp_obj_t secret_key, if (pk.len != 33 && pk.len != 65) { mp_raise_ValueError("Invalid length of public key"); } - uint8_t out[65] = {0}; + vstr_t out = {0}; + vstr_init_len(&out, 65); if (0 != ecdh_multiply(&nist256p1, (const uint8_t *)sk.buf, - (const uint8_t *)pk.buf, out)) { + (const uint8_t *)pk.buf, (uint8_t *)out.buf)) { + vstr_clear(&out); mp_raise_ValueError("Multiply failed"); } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_nist256p1_multiply_obj, mod_trezorcrypto_nist256p1_multiply); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h index ada3a7919..85b2ec633 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h @@ -106,10 +106,12 @@ STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_update(mp_obj_t self, uint32_t iter = trezor_obj_get_uint(iterations); if (o->prf == PRF_HMAC_SHA256) { pbkdf2_hmac_sha256_Update(&(o->ctx256), iter); - } - if (o->prf == PRF_HMAC_SHA512) { + } else if (o->prf == PRF_HMAC_SHA512) { pbkdf2_hmac_sha512_Update(&(o->ctx512), iter); + } else { + mp_raise_ValueError("Invalid PRF"); } + return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Pbkdf2_update_obj, @@ -121,23 +123,23 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Pbkdf2_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_key(mp_obj_t self) { mp_obj_Pbkdf2_t *o = MP_OBJ_TO_PTR(self); + vstr_t out = {0}; if (o->prf == PRF_HMAC_SHA256) { PBKDF2_HMAC_SHA256_CTX ctx = {0}; memcpy(&ctx, &(o->ctx256), sizeof(PBKDF2_HMAC_SHA256_CTX)); - uint8_t out[SHA256_DIGEST_LENGTH] = {0}; - pbkdf2_hmac_sha256_Final(&ctx, out); + vstr_init_len(&out, SHA256_DIGEST_LENGTH); + pbkdf2_hmac_sha256_Final(&ctx, (uint8_t *)out.buf); memzero(&ctx, sizeof(PBKDF2_HMAC_SHA256_CTX)); - return mp_obj_new_bytes(out, sizeof(out)); - } - if (o->prf == PRF_HMAC_SHA512) { + } else if (o->prf == PRF_HMAC_SHA512) { PBKDF2_HMAC_SHA512_CTX ctx = {0}; memcpy(&ctx, &(o->ctx512), sizeof(PBKDF2_HMAC_SHA512_CTX)); - uint8_t out[SHA512_DIGEST_LENGTH] = {0}; - pbkdf2_hmac_sha512_Final(&ctx, out); + vstr_init_len(&out, SHA512_DIGEST_LENGTH); + pbkdf2_hmac_sha512_Final(&ctx, (uint8_t *)out.buf); memzero(&ctx, sizeof(PBKDF2_HMAC_SHA512_CTX)); - return mp_obj_new_bytes(out, sizeof(out)); + } else { + mp_raise_ValueError("Invalid PRF"); } - return mp_const_none; + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Pbkdf2_key_obj, mod_trezorcrypto_Pbkdf2_key); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h index 12f3d05df..ef8ed13b9 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h @@ -78,12 +78,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Ripemd160_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Ripemd160_digest(mp_obj_t self) { mp_obj_Ripemd160_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[RIPEMD160_DIGEST_LENGTH] = {0}; + vstr_t hash = {0}; + vstr_init_len(&hash, RIPEMD160_DIGEST_LENGTH); RIPEMD160_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(RIPEMD160_CTX)); - ripemd160_Final(&ctx, out); + ripemd160_Final(&ctx, (uint8_t *)hash.buf); memzero(&ctx, sizeof(RIPEMD160_CTX)); - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Ripemd160_digest_obj, mod_trezorcrypto_Ripemd160_digest); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1.h index 4d87c9478..eaa615d1f 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1.h @@ -29,27 +29,28 @@ /// Generate secret key. /// """ STATIC mp_obj_t mod_trezorcrypto_secp256k1_generate_secret() { - uint8_t out[32] = {0}; + vstr_t sk = {0}; + vstr_init_len(&sk, 32); for (;;) { - random_buffer(out, 32); + random_buffer((uint8_t *)sk.buf, sk.len); // check whether secret > 0 && secret < curve_order if (0 == memcmp( - out, + sk.buf, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 32)) continue; if (0 <= memcmp( - out, + sk.buf, "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE" "\xBA\xAE\xDC\xE6\xAF\x48\xA0\x3B\xBF\xD2\x5E\x8C\xD0\x36\x41\x41", 32)) continue; break; } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk); } STATIC MP_DEFINE_CONST_FUN_OBJ_0(mod_trezorcrypto_secp256k1_generate_secret_obj, mod_trezorcrypto_secp256k1_generate_secret); @@ -65,16 +66,18 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_publickey(size_t n_args, if (sk.len != 32) { mp_raise_ValueError("Invalid length of secret key"); } + vstr_t pk = {0}; bool compressed = n_args < 2 || args[1] == mp_const_true; if (compressed) { - uint8_t out[33] = {0}; - ecdsa_get_public_key33(&secp256k1, (const uint8_t *)sk.buf, out); - return mp_obj_new_bytes(out, sizeof(out)); + vstr_init_len(&pk, 33); + ecdsa_get_public_key33(&secp256k1, (const uint8_t *)sk.buf, + (uint8_t *)pk.buf); } else { - uint8_t out[65] = {0}; - ecdsa_get_public_key65(&secp256k1, (const uint8_t *)sk.buf, out); - return mp_obj_new_bytes(out, sizeof(out)); + vstr_init_len(&pk, 65); + ecdsa_get_public_key65(&secp256k1, (const uint8_t *)sk.buf, + (uint8_t *)pk.buf); } + return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( mod_trezorcrypto_secp256k1_publickey_obj, 1, 2, @@ -117,7 +120,8 @@ enum { /// """ STATIC mp_obj_t mod_trezorcrypto_secp256k1_sign(size_t n_args, const mp_obj_t *args) { - mp_buffer_info_t sk = {0}, dig = {0}; + mp_buffer_info_t sk = {0}; + mp_buffer_info_t dig = {0}; mp_get_buffer_raise(args[0], &sk, MP_BUFFER_READ); mp_get_buffer_raise(args[1], &dig, MP_BUFFER_READ); bool compressed = (n_args < 3) || (args[2] == mp_const_true); @@ -139,14 +143,17 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_sign(size_t n_args, if (dig.len != 32) { mp_raise_ValueError("Invalid length of digest"); } - uint8_t out[65] = {0}, pby = 0; + vstr_t sig = {0}; + vstr_init_len(&sig, 65); + uint8_t pby = 0; if (0 != ecdsa_sign_digest(&secp256k1, (const uint8_t *)sk.buf, - (const uint8_t *)dig.buf, out + 1, &pby, - is_canonical)) { + (const uint8_t *)dig.buf, (uint8_t *)sig.buf + 1, + &pby, is_canonical)) { + vstr_clear(&sig); mp_raise_ValueError("Signing failed"); } - out[0] = 27 + pby + compressed * 4; - return mp_obj_new_bytes(out, sizeof(out)); + sig.buf[0] = 27 + pby + compressed * 4; + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sig); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_secp256k1_sign_obj, 2, 4, @@ -204,15 +211,16 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_verify_recover(mp_obj_t signature, } bool compressed = (recid >= 4); recid &= 3; - uint8_t out[65] = {0}; - if (0 == ecdsa_recover_pub_from_sig(&secp256k1, out, + vstr_t pk = {0}; + vstr_init_len(&pk, 65); + if (0 == ecdsa_recover_pub_from_sig(&secp256k1, (uint8_t *)pk.buf, (const uint8_t *)sig.buf + 1, (const uint8_t *)dig.buf, recid)) { if (compressed) { - out[0] = 0x02 | (out[64] & 1); - return mp_obj_new_bytes(out, 33); + pk.buf[0] = 0x02 | (pk.buf[64] & 1); + pk.len = 33; } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &pk); } else { return mp_const_none; } @@ -236,12 +244,14 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_multiply(mp_obj_t secret_key, if (pk.len != 33 && pk.len != 65) { mp_raise_ValueError("Invalid length of public key"); } - uint8_t out[65] = {0}; + vstr_t out = {0}; + vstr_init_len(&out, 65); if (0 != ecdh_multiply(&secp256k1, (const uint8_t *)sk.buf, - (const uint8_t *)pk.buf, out)) { + (const uint8_t *)pk.buf, (uint8_t *)out.buf)) { + vstr_clear(&out); mp_raise_ValueError("Multiply failed"); } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_secp256k1_multiply_obj, mod_trezorcrypto_secp256k1_multiply); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1_zkp.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1_zkp.h index 8477b43f6..6af914ae2 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1_zkp.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-secp256k1_zkp.h @@ -130,15 +130,17 @@ static const secp256k1_context *mod_trezorcrypto_get_secp256k1_context( /// """ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_generate_secret(mp_obj_t self) { const secp256k1_context *ctx = mod_trezorcrypto_get_secp256k1_context(self); - uint8_t out[32] = {0}; + vstr_t sk = {0}; + vstr_init_len(&sk, 32); + for (;;) { - random_buffer(out, 32); + random_buffer((uint8_t *)sk.buf, sk.len); // check whether secret > 0 && secret < curve_order - if (secp256k1_ec_seckey_verify(ctx, out) == 1) { + if (secp256k1_ec_seckey_verify(ctx, (uint8_t *)sk.buf) == 1) { break; } } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &sk); } STATIC MP_DEFINE_CONST_FUN_OBJ_1( mod_trezorcrypto_secp256k1_zkp_generate_secret_obj, @@ -163,12 +165,13 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_context_publickey( } bool compressed = n_args < 3 || args[2] == mp_const_true; - uint8_t out[65] = {0}; - size_t outlen = sizeof(out); + vstr_t out = {0}; + vstr_init_len(&out, 65); + secp256k1_ec_pubkey_serialize( - ctx, out, &outlen, &pk, + ctx, (uint8_t *)out.buf, &out.len, &pk, compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED); - return mp_obj_new_bytes(out, outlen); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( mod_trezorcrypto_secp256k1_context_publickey_obj, 2, 3, @@ -195,16 +198,18 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_context_sign(size_t n_args, mp_raise_ValueError("Invalid length of digest"); } secp256k1_ecdsa_recoverable_signature sig; - uint8_t out[65] = {0}; + vstr_t out = {0}; + vstr_init_len(&out, 65); int pby = 0; if (!secp256k1_ecdsa_sign_recoverable(ctx, &sig, (const uint8_t *)dig.buf, (const uint8_t *)sk.buf, NULL, NULL)) { + vstr_clear(&out); mp_raise_ValueError("Signing failed"); } - secp256k1_ecdsa_recoverable_signature_serialize_compact(ctx, &out[1], &pby, - &sig); - out[0] = 27 + pby + compressed * 4; - return mp_obj_new_bytes(out, sizeof(out)); + secp256k1_ecdsa_recoverable_signature_serialize_compact( + ctx, (uint8_t *)&out.buf[1], &pby, &sig); + out.buf[0] = 27 + pby + compressed * 4; + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN( mod_trezorcrypto_secp256k1_context_sign_obj, 3, 4, @@ -286,12 +291,12 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_context_verify_recover( if (!secp256k1_ecdsa_recover(ctx, &pk, &ec_sig, (const uint8_t *)dig.buf)) { return mp_const_none; } - uint8_t out[65] = {0}; - size_t pklen = sizeof(out); + vstr_t out = {0}; + vstr_init_len(&out, 65); secp256k1_ec_pubkey_serialize( - ctx, out, &pklen, &pk, + ctx, (uint8_t *)out.buf, &out.len, &pk, compressed ? SECP256K1_EC_COMPRESSED : SECP256K1_EC_UNCOMPRESSED); - return mp_obj_new_bytes(out, pklen); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_3( mod_trezorcrypto_secp256k1_context_verify_recover_obj, @@ -328,12 +333,14 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_context_multiply( pk.len)) { mp_raise_ValueError("Invalid public key"); } - uint8_t out[65] = {0}; - if (!secp256k1_ecdh(ctx, out, &ec_pk, (const uint8_t *)sk.buf, + vstr_t out = {0}; + vstr_init_len(&out, 65); + if (!secp256k1_ecdh(ctx, (uint8_t *)out.buf, &ec_pk, (const uint8_t *)sk.buf, secp256k1_ecdh_hash_passthrough, NULL)) { + vstr_clear(&out); mp_raise_ValueError("Multiply failed"); } - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &out); } STATIC MP_DEFINE_CONST_FUN_OBJ_3( mod_trezorcrypto_secp256k1_context_multiply_obj, diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h index ed793f354..36e5a6a7d 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h @@ -77,12 +77,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha1_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Sha1_digest(mp_obj_t self) { mp_obj_Sha1_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[SHA1_DIGEST_LENGTH] = {0}; + vstr_t hash = {0}; + vstr_init_len(&hash, SHA1_DIGEST_LENGTH); SHA1_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(SHA1_CTX)); - sha1_Final(&ctx, out); + sha1_Final(&ctx, (uint8_t *)hash.buf); memzero(&ctx, sizeof(SHA1_CTX)); - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha1_digest_obj, mod_trezorcrypto_Sha1_digest); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h index 9baac59f5..762eaaf92 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h @@ -77,12 +77,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha256_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Sha256_digest(mp_obj_t self) { mp_obj_Sha256_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[SHA256_DIGEST_LENGTH] = {0}; + vstr_t hash = {0}; + vstr_init_len(&hash, SHA256_DIGEST_LENGTH); SHA256_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(SHA256_CTX)); - sha256_Final(&ctx, out); + sha256_Final(&ctx, (uint8_t *)hash.buf); memzero(&ctx, sizeof(SHA256_CTX)); - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha256_digest_obj, mod_trezorcrypto_Sha256_digest); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h index 880b40adc..69f822790 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h @@ -90,16 +90,17 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha3_256_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Sha3_256_digest(mp_obj_t self) { mp_obj_Sha3_256_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[SHA3_256_DIGEST_LENGTH] = {0}; + vstr_t hash = {0}; + vstr_init_len(&hash, SHA3_256_DIGEST_LENGTH); SHA3_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(SHA3_CTX)); if (o->keccak) { - keccak_Final(&ctx, out); + keccak_Final(&ctx, (uint8_t *)hash.buf); } else { - sha3_Final(&ctx, out); + sha3_Final(&ctx, (uint8_t *)hash.buf); } memzero(&ctx, sizeof(SHA3_CTX)); - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_256_digest_obj, mod_trezorcrypto_Sha3_256_digest); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h index 91200f2cf..8002beeff 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h @@ -90,16 +90,17 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha3_512_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Sha3_512_digest(mp_obj_t self) { mp_obj_Sha3_512_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[SHA3_512_DIGEST_LENGTH] = {0}; + vstr_t hash = {0}; + vstr_init_len(&hash, SHA3_512_DIGEST_LENGTH); SHA3_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(SHA3_CTX)); if (o->keccak) { - keccak_Final(&ctx, out); + keccak_Final(&ctx, (uint8_t *)hash.buf); } else { - sha3_Final(&ctx, out); + sha3_Final(&ctx, (uint8_t *)hash.buf); } memzero(&ctx, sizeof(SHA3_CTX)); - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_512_digest_obj, mod_trezorcrypto_Sha3_512_digest); diff --git a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h index 983060b64..5a16fd467 100644 --- a/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h +++ b/core/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h @@ -76,12 +76,13 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Sha512_update_obj, /// """ STATIC mp_obj_t mod_trezorcrypto_Sha512_digest(mp_obj_t self) { mp_obj_Sha512_t *o = MP_OBJ_TO_PTR(self); - uint8_t out[SHA512_DIGEST_LENGTH] = {0}; + vstr_t hash = {0}; + vstr_init_len(&hash, SHA512_DIGEST_LENGTH); SHA512_CTX ctx = {0}; memcpy(&ctx, &(o->ctx), sizeof(SHA512_CTX)); - sha512_Final(&ctx, out); + sha512_Final(&ctx, (uint8_t *)hash.buf); memzero(&ctx, sizeof(SHA512_CTX)); - return mp_obj_new_bytes(out, sizeof(out)); + return mp_obj_new_str_from_vstr(&mp_type_bytes, &hash); } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha512_digest_obj, mod_trezorcrypto_Sha512_digest);