1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-26 08:08:51 +00:00

Merge pull request #53 from jhoenicke/multicurve

Multicurve
This commit is contained in:
Pavol Rusnak 2016-04-20 20:40:59 +02:00
commit de30ffbf9a
2 changed files with 41 additions and 3 deletions

16
bip32.c
View File

@ -36,16 +36,20 @@
int hdnode_from_xpub(uint32_t depth, uint32_t fingerprint, uint32_t child_num, const uint8_t *chain_code, const uint8_t *public_key, const char* curve, HDNode *out)
{
const ecdsa_curve *curve_info = get_curve_by_name(curve);
if (curve_info == 0) {
return 0;
}
if (public_key[0] != 0x02 && public_key[0] != 0x03) { // invalid pubkey
return 0;
}
out->curve = curve_info;
out->depth = depth;
out->fingerprint = fingerprint;
out->child_num = child_num;
memcpy(out->chain_code, chain_code, 32);
MEMSET_BZERO(out->private_key, 32);
memcpy(out->public_key, public_key, 33);
out->curve = get_curve_by_name(curve);
return 1;
}
@ -53,10 +57,12 @@ int hdnode_from_xprv(uint32_t depth, uint32_t fingerprint, uint32_t child_num, c
{
bignum256 a;
bn_read_be(private_key, &a);
out->curve = get_curve_by_name(curve);
bool failed = false;
if (bn_is_zero(&a)) { // == 0
const ecdsa_curve *curve_info = get_curve_by_name(curve);
if (curve_info == 0) {
failed = true;
} else if (bn_is_zero(&a)) { // == 0
failed = true;
} else {
if (!bn_is_less(&a, &out->curve->order)) { // >= order
@ -69,6 +75,7 @@ int hdnode_from_xprv(uint32_t depth, uint32_t fingerprint, uint32_t child_num, c
return 0;
}
out->curve = curve_info;
out->depth = depth;
out->fingerprint = fingerprint;
out->child_num = child_num;
@ -86,6 +93,9 @@ int hdnode_from_seed(const uint8_t *seed, int seed_len, const char* curve, HDNod
out->fingerprint = 0x00000000;
out->child_num = 0;
out->curve = get_curve_by_name(curve);
if (out->curve == 0) {
return 0;
}
hmac_sha512((const uint8_t*) out->curve->bip32_name,
strlen(out->curve->bip32_name), seed, seed_len, I);
memcpy(out->private_key, I, 32);

28
tests.c
View File

@ -648,6 +648,33 @@ START_TEST(test_bip32_nist_compare)
}
END_TEST
START_TEST(test_bip32_nist_invalid)
{
HDNode node, node2;
int r;
// init m
hdnode_from_seed(fromhex("000102030405060708090a0b0c0d0e0f"), 16, NIST256P1_NAME, &node);
// [Chain m/28578']
r = hdnode_private_ckd_prime(&node, 28578);
ck_assert_int_eq(r, 1);
ck_assert_int_eq(node.fingerprint, 0xbe6105b5);
ck_assert_mem_eq(node.chain_code, fromhex("e94c8ebe30c2250a14713212f6449b20f3329105ea15b652ca5bdfc68f6c65c2"), 32);
ck_assert_mem_eq(node.private_key, fromhex("06f0db126f023755d0b8d86d4591718a5210dd8d024e3e14b6159d63f53aa669"), 32);
ck_assert_mem_eq(node.public_key, fromhex("02519b5554a4872e8c9c1c847115363051ec43e93400e030ba3c36b52a3e70a5b7"), 33);
memcpy(&node2, &node, sizeof(HDNode));
r = hdnode_private_ckd(&node2, 33941);
ck_assert_int_eq(r, 0);
memcpy(&node2, &node, sizeof(HDNode));
memset(&node2.private_key, 0, 32);
r = hdnode_public_ckd(&node2, 33941);
ck_assert_int_eq(r, 0);
}
END_TEST
#define test_deterministic(KEY, MSG, K) do { \
sha256_Raw((uint8_t *)MSG, strlen(MSG), buf); \
res = generate_k_rfc6979(curve, &k, fromhex(KEY), buf); \
@ -1569,6 +1596,7 @@ Suite *test_suite(void)
tcase_add_test(tc, test_bip32_nist_vector_1);
tcase_add_test(tc, test_bip32_nist_vector_2);
tcase_add_test(tc, test_bip32_nist_compare);
tcase_add_test(tc, test_bip32_nist_invalid);
suite_add_tcase(s, tc);
tc = tcase_create("rfc6979");