embed/extmod/modtrezorcrypto: refactor pbkdf2 prf

embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h

@@ -22,6 +22,9 @@
 #include "pbkdf2.h"
 #include "memzero.h"
 
+#define PRF_HMAC_SHA256 256
+#define PRF_HMAC_SHA512 512
+
 /// class Pbkdf2:
 ///     '''
 ///     PBKDF2 context.
@@ -32,12 +35,12 @@ typedef struct _mp_obj_Pbkdf2_t {
         PBKDF2_HMAC_SHA256_CTX ctx256;
         PBKDF2_HMAC_SHA512_CTX ctx512;
     };
-    int prf;
+    uint32_t prf;
 } mp_obj_Pbkdf2_t;
 
 STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_update(mp_obj_t self, mp_obj_t data);
 
-/// def __init__(self, prf: str, password: bytes, salt: bytes, iterations: int = None) -> None:
+/// def __init__(self, prf: int, password: bytes, salt: bytes, iterations: int = None, blocknr: int = 1) -> None:
 ///     '''
 ///     Create a PBKDF2 context.
 ///     '''
@@ -46,8 +49,6 @@ STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_make_new(const mp_obj_type_t *type, size
     mp_obj_Pbkdf2_t *o = m_new_obj(mp_obj_Pbkdf2_t);
     o->base.type = type;
 
-    mp_buffer_info_t prf;
-    mp_get_buffer_raise(args[0], &prf, MP_BUFFER_READ);
     mp_buffer_info_t password;
     mp_get_buffer_raise(args[1], &password, MP_BUFFER_READ);
     mp_buffer_info_t salt;
@@ -60,16 +61,18 @@ STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_make_new(const mp_obj_type_t *type, size
         salt.buf = "";
     }
 
-    o->prf = 0;
-    if (prf.len == 11 && memcmp(prf.buf, "hmac-sha256", prf.len) == 0) {
-        pbkdf2_hmac_sha256_Init(&(o->ctx256), password.buf, password.len, salt.buf, salt.len, 1);
-        o->prf = 256;
+    uint32_t blocknr = 1;
+    if (n_args > 4) { // blocknr is set
+        blocknr = trezor_obj_get_uint(args[4]);
+    }
+
+    o->prf = trezor_obj_get_uint(args[0]);
+    if (o->prf == PRF_HMAC_SHA256) {
+        pbkdf2_hmac_sha256_Init(&(o->ctx256), password.buf, password.len, salt.buf, salt.len, blocknr);
     } else
-    if (prf.len == 11 && memcmp(prf.buf, "hmac-sha512", prf.len) == 0) {
-        pbkdf2_hmac_sha512_Init(&(o->ctx512), password.buf, password.len, salt.buf, salt.len, 1);
-        o->prf = 512;
-    } else
-    if (o->prf == 0) {
+    if (o->prf == PRF_HMAC_SHA512) {
+        pbkdf2_hmac_sha512_Init(&(o->ctx512), password.buf, password.len, salt.buf, salt.len, blocknr);
+    } else {
         mp_raise_ValueError("Invalid PRF");
     }
     // constructor called with iterations as fourth parameter
@@ -86,10 +89,10 @@ STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_make_new(const mp_obj_type_t *type, size
 STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_update(mp_obj_t self, mp_obj_t iterations) {
     mp_obj_Pbkdf2_t *o = MP_OBJ_TO_PTR(self);
     uint32_t iter = trezor_obj_get_uint(iterations);
-    if (o->prf == 256) {
+    if (o->prf == PRF_HMAC_SHA256) {
         pbkdf2_hmac_sha256_Update(&(o->ctx256), iter);
     }
-    if (o->prf == 512) {
+    if (o->prf == PRF_HMAC_SHA512) {
         pbkdf2_hmac_sha512_Update(&(o->ctx512), iter);
     }
     return mp_const_none;
@@ -102,7 +105,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_Pbkdf2_update_obj, mod_trezorc
 ///     '''
 STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_key(mp_obj_t self) {
     mp_obj_Pbkdf2_t *o = MP_OBJ_TO_PTR(self);
-    if (o->prf == 256) {
+    if (o->prf == PRF_HMAC_SHA256) {
         PBKDF2_HMAC_SHA256_CTX ctx;
         memcpy(&ctx, &(o->ctx256), sizeof(PBKDF2_HMAC_SHA256_CTX));
         uint8_t out[SHA256_DIGEST_LENGTH];
@@ -110,7 +113,7 @@ STATIC mp_obj_t mod_trezorcrypto_Pbkdf2_key(mp_obj_t self) {
         memset(&ctx, 0, sizeof(PBKDF2_HMAC_SHA256_CTX));
         return mp_obj_new_bytes(out, sizeof(out));
     }
-    if (o->prf == 512) {
+    if (o->prf == PRF_HMAC_SHA512) {
         PBKDF2_HMAC_SHA512_CTX ctx;
         memcpy(&ctx, &(o->ctx512), sizeof(PBKDF2_HMAC_SHA512_CTX));
         uint8_t out[SHA512_DIGEST_LENGTH];
@@ -134,6 +137,8 @@ STATIC const mp_rom_map_elem_t mod_trezorcrypto_Pbkdf2_locals_dict_table[] = {
     { MP_ROM_QSTR(MP_QSTR_update), MP_ROM_PTR(&mod_trezorcrypto_Pbkdf2_update_obj) },
     { MP_ROM_QSTR(MP_QSTR_key), MP_ROM_PTR(&mod_trezorcrypto_Pbkdf2_key_obj) },
     { MP_ROM_QSTR(MP_QSTR___del__), MP_ROM_PTR(&mod_trezorcrypto_Pbkdf2___del___obj) },
+    { MP_ROM_QSTR(MP_QSTR_HMAC_SHA256), MP_OBJ_NEW_SMALL_INT(PRF_HMAC_SHA256) },
+    { MP_ROM_QSTR(MP_QSTR_HMAC_SHA512), MP_OBJ_NEW_SMALL_INT(PRF_HMAC_SHA512) },
 };
 STATIC MP_DEFINE_CONST_DICT(mod_trezorcrypto_Pbkdf2_locals_dict, mod_trezorcrypto_Pbkdf2_locals_dict_table);
 

tests/test_trezor.crypto.pbkdf2.py

@@ -10,37 +10,37 @@ class TestCryptoPbkdf2(unittest.TestCase):
     def test_pbkdf2_hmac_sha256(self):
         P = b'password'
         S = b'salt'
-        dk = pbkdf2('hmac-sha256', P, S, 1).key()
+        dk = pbkdf2(pbkdf2.HMAC_SHA256, P, S, 1).key()
         self.assertEqual(dk, unhexlify('120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b'))
-        dk = pbkdf2('hmac-sha256', P, S, 2).key()
+        dk = pbkdf2(pbkdf2.HMAC_SHA256, P, S, 2).key()
         self.assertEqual(dk, unhexlify('ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43'))
-        dk = pbkdf2('hmac-sha256', P, S, 4096).key()
+        dk = pbkdf2(pbkdf2.HMAC_SHA256, P, S, 4096).key()
         self.assertEqual(dk, unhexlify('c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a'))
         P = b'passwordPASSWORDpassword'
         S = b'saltSALTsaltSALTsaltSALTsaltSALTsalt'
-        dk = pbkdf2('hmac-sha256', P, S, 4096).key()
+        dk = pbkdf2(pbkdf2.HMAC_SHA256, P, S, 4096).key()
         self.assertEqual(dk, unhexlify('348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1'))
 
     def test_pbkdf2_hmac_sha256_update(self):
         P = b'password'
         S = b'salt'
-        p = pbkdf2('hmac-sha256', P, S)
+        p = pbkdf2(pbkdf2.HMAC_SHA256, P, S)
         p.update(1)
         dk = p.key()
         self.assertEqual(dk, unhexlify('120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b'))
-        p = pbkdf2('hmac-sha256', P, S)
+        p = pbkdf2(pbkdf2.HMAC_SHA256, P, S)
         p.update(1)
         p.update(1)
         dk = p.key()
         self.assertEqual(dk, unhexlify('ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43'))
-        p = pbkdf2('hmac-sha256', P, S)
+        p = pbkdf2(pbkdf2.HMAC_SHA256, P, S)
         for i in range(32):
             p.update(128)
         dk = p.key()
         self.assertEqual(dk, unhexlify('c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a'))
         P = b'passwordPASSWORDpassword'
         S = b'saltSALTsaltSALTsaltSALTsaltSALTsalt'
-        p = pbkdf2('hmac-sha256', P, S)
+        p = pbkdf2(pbkdf2.HMAC_SHA256, P, S)
         for i in range(64):
             p.update(64)
         dk = p.key()
@@ -51,37 +51,37 @@ class TestCryptoPbkdf2(unittest.TestCase):
     def test_pbkdf2_hmac_sha512(self):
         P = b'password'
         S = b'salt'
-        dk = pbkdf2('hmac-sha512', P, S, 1).key()
+        dk = pbkdf2(pbkdf2.HMAC_SHA512, P, S, 1).key()
         self.assertEqual(dk, unhexlify('867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce'))
-        dk = pbkdf2('hmac-sha512', P, S, 2).key()
+        dk = pbkdf2(pbkdf2.HMAC_SHA512, P, S, 2).key()
         self.assertEqual(dk, unhexlify('e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e'))
-        dk = pbkdf2('hmac-sha512', P, S, 4096).key()
+        dk = pbkdf2(pbkdf2.HMAC_SHA512, P, S, 4096).key()
         self.assertEqual(dk, unhexlify('d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5'))
         P = b'passwordPASSWORDpassword'
         S = b'saltSALTsaltSALTsaltSALTsaltSALTsalt'
-        dk = pbkdf2('hmac-sha512', P, S, 4096).key()
+        dk = pbkdf2(pbkdf2.HMAC_SHA512, P, S, 4096).key()
         self.assertEqual(dk, unhexlify('8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8'))
 
     def test_pbkdf2_hmac_sha512_update(self):
         P = b'password'
         S = b'salt'
-        p = pbkdf2('hmac-sha512', P, S)
+        p = pbkdf2(pbkdf2.HMAC_SHA512, P, S)
         p.update(1)
         dk = p.key()
         self.assertEqual(dk, unhexlify('867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce'))
-        p = pbkdf2('hmac-sha512', P, S)
+        p = pbkdf2(pbkdf2.HMAC_SHA512, P, S)
         p.update(1)
         p.update(1)
         dk = p.key()
         self.assertEqual(dk, unhexlify('e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e'))
-        p = pbkdf2('hmac-sha512', P, S)
+        p = pbkdf2(pbkdf2.HMAC_SHA512, P, S)
         for i in range(32):
             p.update(128)
         dk = p.key()
         self.assertEqual(dk, unhexlify('d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5'))
         P = b'passwordPASSWORDpassword'
         S = b'saltSALTsaltSALTsaltSALTsaltSALTsalt'
-        p = pbkdf2('hmac-sha512', P, S)
+        p = pbkdf2(pbkdf2.HMAC_SHA512, P, S)
         for i in range(64):
             p.update(64)
         dk = p.key()
@@ -90,13 +90,13 @@ class TestCryptoPbkdf2(unittest.TestCase):
     def test_key_multi(self):
         P = b'password'
         S = b'salt'
-        p = pbkdf2('hmac-sha256', P, S, 16)
+        p = pbkdf2(pbkdf2.HMAC_SHA256, P, S, 16)
         k0 = p.key()
         k1 = p.key()
         k2 = p.key()
         self.assertEqual(k0, k1)
         self.assertEqual(k0, k2)
-        p = pbkdf2('hmac-sha512', P, S, 16)
+        p = pbkdf2(pbkdf2.HMAC_SHA512, P, S, 16)
         k0 = p.key()
         k1 = p.key()
         k2 = p.key()

vendor/trezor-crypto

@@ -1 +1 @@
-Subproject commit a59742817f8ef89ab02b8093d4f57c3ded770a42
+Subproject commit 9c2cfb04704b1419e7d1aebbb21b192fbf49644d