1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-21 05:48:23 +00:00
Commit Graph

107 Commits

Author SHA1 Message Date
Jochen Hoenicke
133c068f37 Reworked rfc6979 signing. (#72)
This adds an is_canonic parameter to all sign functions.  This is a
callback that determines if a signature corresponds to some coin
specific rules.  It is used, e. g., by ethereum (where the recovery
byte must be 0 or 1, and not 2 or 3) and or steem signatures (which
require both r and s to be between 2^248 and 2^255).

This also separates the initialization and the step function of the
random number generator, making it easy to restart the signature
process with the next random number.
2016-10-06 16:54:07 +02:00
Alex Beregszaszi
7e7e462be7 bignum: introduce bn_one 2016-08-27 13:15:20 +01:00
Alex Beregszaszi
e1dfa81ec5 tests: add bn_is_less 2016-08-27 13:07:10 +01:00
Alex Beregszaszi
8581614d66 bignum: introduce write uint32/uint64 2016-08-26 12:41:54 +01:00
Alex Beregszaszi
7956c2f2f1 bignum: implement bitcount 2016-08-26 12:31:51 +01:00
Alex Beregszaszi
29e82018cd bignum: rename bn_load_uint* to bn_read_uint* 2016-08-26 12:14:01 +01:00
Alex Beregszaszi
4eb2bd239c tests: add bn_zero/bn_is_zero 2016-08-26 12:12:54 +01:00
Alex Beregszaszi
d061139da9 bignum: introduce load uint32/uint64 2016-08-26 12:12:54 +01:00
Alex Beregszaszi
339d2f44a9 bignum: introduce is_even/is_odd 2016-08-26 12:12:54 +01:00
Alex Beregszaszi
dd25a2ee5a bignum: introduce copy 2016-08-26 01:08:55 +01:00
Alex Beregszaszi
62a0db8c4e bignum: introduce read/write_le 2016-08-25 23:18:24 +01:00
Alex Beregszaszi
ec316b6afc tests: add bn_is_equal 2016-08-25 23:07:28 +01:00
Alex Beregszaszi
8eebfb1986 tests: add bn_write_be 2016-08-25 22:51:34 +01:00
Alex Beregszaszi
d890f4d859 tests: include bn_read_be 2016-08-25 22:48:06 +01:00
Jochen Hoenicke
f4ed55377d Moved get_ethereum_address from ecdsa to bip32
The new name of the function is `hdnode_get_ethereum_address`
and it gets a hdnode as input as opposed to a public key.  This
also avoids first computing the compressed public key and then
uncompressing it.

Test cases were adapted to work with new function.  The test-vectors
are the same as for bip32 and independently checked with an adhoc
python implementation.
2016-08-18 16:21:33 +02:00
Jochen Hoenicke
d8e17d5d4d
Test cases for sha256 and sha512 2016-07-13 22:17:58 +02:00
Pavol Rusnak
dc167592d5
increase timeout in test_codepoints 2016-07-04 17:32:02 +02:00
Pavol Rusnak
ab81351de1 Merge pull request #61 from jhoenicke/master
Compute pubkey only on demand.
2016-07-04 17:28:18 +02:00
Pavol Rusnak
d61a151900
add bn_divmod1000 including unit test 2016-06-28 20:05:01 +02:00
Jochen Hoenicke
3390fcf89e Compute pubkey only on demand.
Remove fingerprint from hdnode structure (if you need it, call
hdnode_fingerprint on the parent hdnode).
Only compute public_key, when hdnode_fill_public_key is called.
2016-06-27 10:13:10 +02:00
Alex Beregszaszi
ec7bea4308 Add tests for ecdsa_get_ethereum_pubkeyhash() 2016-06-13 22:18:40 +01:00
Alex Beregszaszi
ca2fcbf3e3 Add tests for ecdsa_uncompress_pubkey() 2016-06-13 21:59:52 +01:00
Pavol Rusnak
f60cd681f6
fix sign-compare warning 2016-05-16 16:42:34 +02:00
Pavol Rusnak
31e05edca7
add script parsing functions 2016-05-16 14:45:09 +02:00
Pavol Rusnak
242a5de275
simplify pbkdf2 (support only klen == hashlen) and split it 2016-05-01 01:18:50 +02:00
Pavol Rusnak
5c4e131ada
add speed benchmark (secp256k1 vs ed25519) 2016-04-26 02:15:07 +02:00
Pavol Rusnak
91c64858d0 Merge pull request #57 from jhoenicke/master
Added Unit test, fixed one corner case.
2016-04-26 01:03:46 +02:00
Pavol Rusnak
0054893b60
add test speed for nist256p1 curve as well 2016-04-26 00:17:45 +02:00
Jochen Hoenicke
7b07dff25c
Added Unit test, fixed one corner case. 2016-04-25 22:55:30 +02:00
Pavol Rusnak
0590192536
add testcase for ed25519 2016-04-25 17:46:01 +02:00
Jochen Hoenicke
295a493846
Test vectors for ed25519 + BIP-0032 / SLIP-0010 2016-04-23 23:44:01 +02:00
Jochen Hoenicke
55edf71e27
ed25519 support 2016-04-22 18:21:58 +02:00
Jochen Hoenicke
698f40f385
BIP-32 without gaps, prepare non-ecdsa curves
* Split ecdsa_curve into curve_info and ecdsa_curve to support bip32 on
  curves that don't have a ecdsa_curve.
* Don't fail in key derivation but retry with a new hash.
* Adapted test case accordingly
2016-04-22 17:43:15 +02:00
Jochen Hoenicke
16ff4387ae New test case for a bip32 hole in nist256 2016-04-20 20:35:22 +02:00
Jochen Hoenicke
d577410fc4 Unit tests for the NIST256P1 curve 2016-04-20 15:13:40 +02:00
Jochen Hoenicke
b34be66a9c Updated tests 2016-04-20 10:43:53 +02:00
Pavol Rusnak
9a8e982153
implement bip39 cache 2016-01-19 15:11:57 +01:00
251
1d7fb4e38f Fixes a bug in the test_pbkdf2_hmac_sha256 test.
This bug fix sets the length of the derived key in the last test_pbkdf2_hmac_sha256 test to 40 bytes to fix a buffer overflow, which is caused by the call to the pbkdf2_hmac_sha256 function, on the memory reserved by the local variable k.
2015-09-21 23:51:10 +02:00
Jochen Hoenicke
e1347fcdf8 New Unit Tests
- Added unit tests for the NIST curve.
- Fix some missing bn_mod in unit tests.
- New tests for tricky 2 (2j+1) 2^{4i} exponents.
2015-08-05 21:42:40 +02:00
Jochen Hoenicke
6ba4d288b0 Cleaned up bignum code
1. Fixed bn_multiply_step to handle small primes.
2. Removed many calls to bn_mod to prevent side-channel leakage.
2015-08-05 19:36:30 +02:00
Roman Zeyde
0164137786 tests: fix signedness error 2015-07-29 21:49:00 +03:00
Roman Zeyde
7c58fc11a4 Add support for NIST256P1 elliptic curve
This enables SSH ECDSA public key authentication.
2015-06-26 10:33:14 +03:00
Pavol Rusnak
00954da5fe fix /dev/urandom problem 2015-05-04 19:53:06 +02:00
Pavol Rusnak
21d0bb437a cleanup coding style 2015-04-13 18:19:33 +02:00
Pavol Rusnak
f1b8f55d92 use curly braces in if block 2015-04-11 20:01:45 +02:00
Jochen Hoenicke
c90f79bce2 Added new tests for point multiplication 2015-04-11 13:12:03 +02:00
Jochen Hoenicke
1700caf2ad scalar_mult based on Jacobian representation
This version of scalar_mult should be faster and much better
against side-channel attacks.  Except bn_inverse and bn_mod
all functions are constant time.  bn_inverse is only used
in the last step and its input is randomized.  The function
bn_mod is only taking extra time in 2^32/2^256 cases, so
in practise it should not occur at all.  The input to bn_mod
is also depending on the random value.

There is secret dependent array access in scalar_multiply,
so cache may be an issue.
2015-03-17 19:18:34 +01:00
Pavol Rusnak
cb9ccc5cf4 remove all references to USE_PUBKEY_VALIDATE 2015-03-12 15:53:41 +01:00
Pavol Rusnak
92ab7504b2 add one more bip32_cache test 2015-03-04 15:43:14 +01:00
Pavol Rusnak
f4e6010e18 implement BIP32 cache 2015-01-26 19:10:19 +01:00