arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-18 20:38:10 +00:00
Code Issues Releases Wiki Activity

Use bn_add instead of bn_addmod (#80)

Browse Source 
The bip32 private key derivation used bn_addmod to handle
wrap around.  This was never sufficient as bn_addmod uses only
bn_fast_mod, so an additional bn_mod is necessary.  The bn_fast_mod
helped when bn_mod was not side-channel safe.  Now that bn_mod uses
constant time code, we can get rid of the unnecessary bn_fast_mod
step and use bn_add instead of bn_addmod.
This commit is contained in:
Jochen Hoenicke 2016-11-05 21:21:48 +01:00 committed by Pavol Rusnak
parent 19efbeef8d
commit e855c60529
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bip32.c
View File

@ -178,7 +178,7 @@ int hdnode_private_ckd(HDNode *inout, uint32_t i)
if (!bn_is_less(&b, &inout->curve->params->order)) { // >= order
failed = true;
} else {
bn_addmod(&b, &a, &inout->curve->params->order);
bn_add(&b, &a);
bn_mod(&b, &inout->curve->params->order);
if (bn_is_zero(&b)) {
failed = true;