arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-18 13:38:12 +00:00
Code Issues Releases Wiki Activity
568 Commits 345 Branches 206 Tags 199 MiB
136c62e970
Commit Graph

113 Commits

Author SHA1 Message Date
Jochen Hoenicke
e2dd0b8e8d Always check for validity in ecdsa_read_pubkey. 
An invalid point may crash the implementation or, worse,
reveal information about the private key if used in a ECDH
context (e.g. cryptoMessageEn/Decrypt).

Therefore, check all user supplied points even if
USE_PUBKEY_VALIDATE is not set.

To improve speed, we don't check if the point lies in the
main group, since the secp256k1 curve does not have
any other subgroup.
 2015-03-08 21:09:21 +01:00
Jochen Hoenicke
ed9d8c1ebb Fix RFC6979 generation of k. 
The standard says:
step h:
  Set T to the empty sequence.
  while tlen < qlen
    V = HMAC_K(V)
    T = T || V
  k = bits2int(T)

in this case (HMAC-SHA256, qlen=256bit) this simplifies to
  V = HMAC_K(V)
  T = V
  k = bits2int(T)
and T can be omitted.

The old code (wrong) did:
  T = HMAC_K(V)
  k = bits2int(T)
Note that V will only be used again if the first k is out of range.
Thus, the old code produced the right result with a very high probability.
 2015-01-30 22:34:37 +01:00
Pavol Rusnak
795579cbac invert pby when normalizing S during signing 2014-12-23 18:13:33 +01:00
Pavol Rusnak
89a7d7797b replace base58 implementation 2014-12-23 03:11:58 +01:00
Pavol Rusnak
b4cdba8489 export pby from ecdsa_sign functions 2014-12-08 21:08:49 +01:00
Pavol Rusnak
9469a64a0a use bn_is_zero and bn_is_equal where possible 2014-11-17 17:17:14 +01:00
Pavol Rusnak
df3606dd5e introduce ecdsa_get_address_raw 2014-11-16 21:17:39 +01:00
Pavol Rusnak
0fe1857513 normalize y^2 in pubkey validation 
fix last commit
 2014-07-07 21:11:25 +02:00
Pavol Rusnak
b9d5896174 make pubkey validation optional, extract options to separate header 2014-07-07 20:14:36 +02:00
Ondrej Mikle
b34516bc49 Removed unnessary point copy. 2014-07-07 16:35:53 +02:00
Ondrej Mikle
03fee34550 Validating of public key curve point. 2014-07-07 15:11:40 +02:00
Ondrej Mikle
7fd81a1e0c Removed superfluous bn_mod, it's done now in point_add and point_double. 2014-07-06 14:50:12 +02:00
Ondrej Mikle
323da2d434 Keep results after point_add() and point_double() inside the finite field. Simplified point_is_negative_of(). 2014-07-05 22:07:03 +02:00
Ondrej Mikle
d827b2c862 Account for case when point.y == 0 when doubling. 2014-07-04 17:40:35 +02:00
Ondrej Mikle
6d61cefdb3 Removed test for point equality in ecdsa_verify_digest, point_add() already handles that. 2014-07-04 15:50:29 +02:00
Ondrej Mikle
da6a09880d Handling of special cases in EC arithmetic. 2014-07-04 15:30:15 +02:00
Pavol Rusnak
82ed3f31db fix comparison of points 2014-07-04 15:07:02 +02:00
Pavol Rusnak
eec5f7df15 fix bug in unoptimized branch of code 2014-07-03 10:16:19 +02:00
Pavol Rusnak
019d779a94 Revert "Revert "add more precomputation to ecdsa signing"" 
This reverts commit 3747ba4323.
 2014-07-03 10:09:45 +02:00
Pavol Rusnak
3747ba4323 Revert "add more precomputation to ecdsa signing" 
This reverts commit 06dd166a82.
 2014-07-03 01:18:00 +02:00
Ondrej Mikle
0ad302ea4e Hashing of secp256k1 pubkey recognizes point at infinity. 2014-07-01 16:16:06 +02:00
Pavol Rusnak
5e9cd15527 use new base58 code for address functions, add function for obtaining wif 2014-05-22 22:29:53 +02:00
Pavol Rusnak
612f5ab050 fix copyright headers 2014-05-22 20:54:58 +02:00
Pavol Rusnak
06dd166a82 add more precomputation to ecdsa signing 2014-05-15 17:11:26 +02:00
Pavol Rusnak
94d4a3733e fix typos 2014-04-11 15:33:29 +02:00
Pavol Rusnak
b5ceb14f8d extract ecdsa_get_pubkeyhash 2014-02-21 23:33:14 +01:00
Pavol Rusnak
d0e152a088 replace SHA256/SHA512 prefix with sha256/sha512 (OpenSSL clash) 2014-02-19 21:26:42 +01:00
Pavol Rusnak
50fb43127f use -Wextra 2014-02-08 19:12:07 +01:00
Pavol Rusnak
d433bcfa10 fix ecdsa_sig_to_der 2014-02-08 15:55:03 +01:00
Pavol Rusnak
6a856479a8 introduce point_multiply 2014-02-05 23:38:37 +01:00
Pavol Rusnak
fc144587e6 introduce ecdsa_verify_digest 2014-02-04 19:12:43 +01:00
Pavol Rusnak
8aaebe761b introduce uncompress_coords 2014-02-04 18:55:17 +01:00
Pavol Rusnak
81f462a5c5 add ecdsa_sig_to_der 2014-02-02 22:01:43 +01:00
Pavol Rusnak
73489fbd33 split signing into ecdsa_sign_digest and ecdsa_sign/ecdsa_sign_double 2014-02-02 20:36:03 +01:00
Pavol Rusnak
a40a077613 rework ecdsa_address_to_hash160 into ecdsa_address_decode 2014-01-31 15:26:51 +01:00
Pavol Rusnak
2e4ec7fe0a introduce ecdsa_address_to_hash160 2014-01-30 20:34:05 +01:00
Pavol Rusnak
7dc057c903 add testcases for address generation 
fix bug for version != 0
process uncompressed pubkeys as well
 2014-01-27 19:57:44 +01:00
Pavol Rusnak
ed7e2e5058 implement public child key derivation 2014-01-14 14:35:13 +01:00
Pavol Rusnak
8423c7abfd add check that pub.y != res.y 2014-01-04 17:39:37 +01:00
Pavol Rusnak
9da3b35962 extract xprv_fill_public method 2013-11-08 16:02:48 +01:00
Pavol Rusnak
a439d8674d small cosmetic changes 2013-10-24 19:44:54 +02:00
Pavol Rusnak
9205c0d952 use canonical signatures (if S > Order/2: S = Order - S) 2013-10-08 14:06:48 +02:00
Pavol Rusnak
f87e706407 add define for RFC6979 2013-10-03 18:19:30 +02:00
Pavol Rusnak
678e5b1af2 use #if instead of #ifdef for conditional macros 2013-10-03 17:32:27 +02:00
Pavol Rusnak
1691d5cc8c small cleanup 2013-10-01 18:08:33 +02:00
Pavol Rusnak
71ff1c5124 replace infinite loops with loops with counters 2013-09-27 15:55:55 +02:00
Pavol Rusnak
f4f246f3d7 optimize computations 2013-09-27 15:42:52 +02:00
Pavol Rusnak
7ed18947ba simplify divmod58 2013-09-25 12:39:23 +02:00
Pavol Rusnak
74a5b04b81 verify now supports compressed keys 2013-09-24 18:48:46 +02:00
Pavol Rusnak
896905c5c8 remove der encoding, introduce 33/65 bytes pubkeys, 64 bytes signature 2013-09-23 21:13:44 +02:00
Pavol Rusnak
58a65d9cd7 move speed tests to unit testing suite 2013-09-22 15:05:59 +02:00
Pavol Rusnak
92f070498f add function for computing addresses 2013-09-20 17:13:24 +02:00
Pavol Rusnak
afc9bcfe30 implement bip32 - https://en.bitcoin.it/wiki/BIP_0032 2013-09-12 21:20:03 +02:00
Pavol Rusnak
07d1c22730 refactor code -> bignum.c/h 2013-09-12 03:18:35 +02:00
Pavol Rusnak
603acbd1be implement RFC 6979 2013-09-11 19:02:22 +02:00
Pavol Rusnak
40fa3f52e4 use sha2 implementation by Aaron D. Gifford 2013-09-10 21:10:07 +02:00
Pavol Rusnak
d958d8a90e cleanup 2013-09-10 01:41:10 +02:00
Pavol Rusnak
df79a330e6 pave the way for RFC6979 2013-09-10 01:03:24 +02:00
Pavol Rusnak
3f737896a4 ecdsa_get_public_key and ecdsa_verify methods 2013-09-09 17:52:25 +02:00
mog
c87691205b added support for getting public key from a private key. 2013-09-05 03:57:26 -05:00
Pavol Rusnak
ee09a6a7b2 param names cleanup 2013-08-19 12:40:58 +02:00
Pavol Rusnak
1bd0592c26 fix for formatting 2013-08-17 14:32:25 +02:00
Pavol Rusnak
ccbc219b29 import sources 2013-08-17 14:20:15 +02:00