1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 07:28:10 +00:00

fix(crypto): initialize local variables to zero in ed25519-dona

This commit is contained in:
Ondřej Vejpustek 2022-07-01 14:57:52 +02:00
parent 0094c90153
commit f4d0dd9807
2 changed files with 7 additions and 7 deletions

View File

@ -12,7 +12,7 @@
* Out: b = 2^250 - 2^0 * Out: b = 2^250 - 2^0
*/ */
void curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) { void curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) {
bignum25519 ALIGN(16) t0,c; bignum25519 ALIGN(16) t0 = {0}, c = {0};
/* 2^5 - 2^0 */ /* b */ /* 2^5 - 2^0 */ /* b */
/* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5); /* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5);
@ -35,7 +35,7 @@ void curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) {
* z^(p - 2) = z(2^255 - 21) * z^(p - 2) = z(2^255 - 21)
*/ */
void curve25519_recip(bignum25519 out, const bignum25519 z) { void curve25519_recip(bignum25519 out, const bignum25519 z) {
bignum25519 ALIGN(16) a,t0,b; bignum25519 ALIGN(16) a = {0}, t0 = {0}, b = {0};
/* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */ /* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */
/* 8 */ curve25519_square_times(t0, a, 2); /* 8 */ curve25519_square_times(t0, a, 2);

View File

@ -140,7 +140,7 @@ ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_sec
int int
ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) { ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
ge25519 ALIGN(16) R, A; ge25519 ALIGN(16) R = {0}, A = {0};
hash_512bits hash = {0}; hash_512bits hash = {0};
bignum256modm hram = {0}, S = {0}; bignum256modm hram = {0}, S = {0};
unsigned char checkR[32] = {0}; unsigned char checkR[32] = {0};
@ -168,7 +168,7 @@ ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed2551
int int
ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk) { ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk) {
bignum256modm a = {0}; bignum256modm a = {0};
ge25519 ALIGN(16) A, P; ge25519 ALIGN(16) A = {0}, P = {0};
hash_512bits extsk = {0}; hash_512bits extsk = {0};
ed25519_extsk(extsk, sk); ed25519_extsk(extsk, sk);
@ -194,7 +194,7 @@ ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key
void void
ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk) { ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk) {
bignum256modm a = {0}; bignum256modm a = {0};
ge25519 ALIGN(16) A; ge25519 ALIGN(16) A = {0};
expand256_modm(a, extsk, 32); expand256_modm(a, extsk, 32);
@ -256,8 +256,8 @@ void
curve25519_scalarmult_basepoint(curve25519_key pk, const curve25519_key e) { curve25519_scalarmult_basepoint(curve25519_key pk, const curve25519_key e) {
curve25519_key ec = {0}; curve25519_key ec = {0};
bignum256modm s = {0}; bignum256modm s = {0};
bignum25519 ALIGN(16) yplusz, zminusy; bignum25519 ALIGN(16) yplusz = {0}, zminusy = {0};
ge25519 ALIGN(16) p; ge25519 ALIGN(16) p = {0};
size_t i = 0; size_t i = 0;
/* clamp */ /* clamp */