Roman Zeyde
793234a0ec
bignum: use constant time comparisons
2015-08-03 10:57:09 +03:00
Pavol Rusnak
bfa812441d
Merge pull request #41 from romanz/travis
...
Improve Travis CI usage
2015-07-31 11:04:49 +02:00
Roman Zeyde
558b3fd65b
travis: add pytest (for test_curves.py)
2015-07-31 11:40:13 +03:00
Roman Zeyde
8a3ee52d63
travis: add openssl tests
2015-07-31 11:09:15 +03:00
Roman Zeyde
cfbd09d158
travis: use container-based infrastructure
2015-07-31 10:55:06 +03:00
Pavol Rusnak
79738f4251
Merge pull request #40 from romanz/travis
...
Add Travis CI for unit test suite
2015-07-29 21:02:38 +02:00
Roman Zeyde
f91e912dd2
README: add travis badge
2015-07-29 21:57:41 +03:00
Roman Zeyde
0164137786
tests: fix signedness error
2015-07-29 21:49:00 +03:00
Roman Zeyde
1163992e5c
travis: add simple tests
2015-07-29 20:57:30 +03:00
Pavol Rusnak
f9df01c6e6
add CONTRIBUTORS file
...
generated using the following:
git log --format='%aN <%aE>' --no-merges | sort | uniq -c | sort -nr
2015-07-29 16:38:45 +02:00
Pavol Rusnak
8108524358
Merge pull request #39 from romanz/master
...
test_curves: fix test case name typo
2015-07-26 16:47:42 +02:00
Roman Zeyde
e569b019c4
test_curves: fix test case name typo
2015-07-24 10:44:56 +03:00
Pavol Rusnak
5ec72d3a5b
Merge pull request #38 from romanz/master
...
Fix few small issues.
2015-07-07 18:32:13 +02:00
Pavol Rusnak
9c3e51074b
use -O3 instead of -Os
2015-07-07 18:31:04 +02:00
Roman Zeyde
749cf8b75f
gui: fixup after ECDSA updates
2015-07-07 10:58:08 +03:00
Roman Zeyde
ea16aa0b86
Remove unnecessary #include "secp256k1.h"
2015-07-07 10:39:12 +03:00
Roman Zeyde
587d6a65ea
Update documentation regarding ECDSA curves support
2015-07-07 10:38:16 +03:00
Pavol Rusnak
f2ef64228a
Merge pull request #37 from jdb6167/master
...
Fixed issues with Python files
2015-07-06 19:00:29 +02:00
Josh Billings
cb0b5169c5
whitespace
2015-07-06 12:48:11 -04:00
Josh Billings
d2120d6da1
two bugfixes: 1. nist256p1.c was not included in setup.py, causing import errors when using TrezorCrypto.so in Python. 2. if you attempted a hardened derivation in python using the compiled TrezorCrypto module, an IntegerOverflowError would occur because Python ints are always signed. one-line fix by changing int to unsigned int in the pyx file
2015-07-06 12:43:30 -04:00
Pavol Rusnak
71c24673ce
Merge branch 'ssh-agent' of git://github.com/romanz/trezor-crypto into romanz-ssh-agent
...
Conflicts:
ecdsa.c
2015-06-28 21:22:50 +02:00
Pavol Rusnak
36caf5b33a
Merge pull request #35 from romanz/master
...
ecdsa: generate_k_rfc6979() should cleanup its stack before exit
2015-06-28 21:01:57 +02:00
Roman Zeyde
36847ac0d7
ecdsa: generate_k_rfc6979() should cleanup its stack before exit
2015-06-27 10:08:18 +03:00
Roman Zeyde
7c58fc11a4
Add support for NIST256P1 elliptic curve
...
This enables SSH ECDSA public key authentication.
2015-06-26 10:33:14 +03:00
Pavol Rusnak
0983c6c456
Merge pull request #34 from JohnDvorak/patch-1
...
Change return value of ecdsa_sign_digest
2015-06-18 15:58:12 +02:00
John Dvorak
85cebfe968
Change return value of ecdsa_sign_digest
...
Error codes were not being propagated, always returned as 0.
2015-06-18 09:55:12 -04:00
Pavol Rusnak
c58d4e03c5
add proof of concept bip39 bruteforce benchmark
2015-05-11 14:24:45 +02:00
Pavol Rusnak
00954da5fe
fix /dev/urandom problem
2015-05-04 19:53:06 +02:00
Pavol Rusnak
ffedf8a4d0
suppress warning when debug is disabled
2015-05-04 19:40:15 +02:00
Pavol Rusnak
21d0bb437a
cleanup coding style
2015-04-13 18:19:33 +02:00
Pavol Rusnak
6ec585fcee
Merge pull request #29 from netanelkl/master
...
Code Security change
2015-04-13 17:56:32 +02:00
Pavol Rusnak
f1b8f55d92
use curly braces in if block
2015-04-11 20:01:45 +02:00
Pavol Rusnak
99f01a9391
Merge pull request #30 from jhoenicke/master
...
Added more tests for new multiplications
2015-04-11 19:59:31 +02:00
Jochen Hoenicke
c90f79bce2
Added new tests for point multiplication
2015-04-11 13:12:03 +02:00
Jochen Hoenicke
e432d772c7
Program to precompute the table for scalar_mult
...
This program pre-computes the table and prints then in the form
that can be included in secp256k1.c
2015-04-11 13:12:03 +02:00
netanelkl
3fd32df8ed
More of the same.
2015-04-09 15:05:28 -04:00
netanelkl
70dc71c87e
Some more stack memory wipe before leaving functions.
...
Note that I preferred to change the multiple returns to multiple checks
of a boolean to concentrate the erase into the last part of the
functions.
2015-04-09 14:17:47 -04:00
netanelkl
aeefea054a
Added some private key nullification so that they won't be uncontrolled in the stack
2015-04-08 15:07:15 -04:00
Pavol Rusnak
a757693fe3
Merge pull request #26 from jhoenicke/bignum_improvements
...
Bignum improvements
2015-03-30 17:48:43 +02:00
Pavol Rusnak
196cabe012
import random_uniform and random_permute functions from TREZOR codebase
2015-03-30 17:45:34 +02:00
Pavol Rusnak
ad71a16e61
Merge pull request #28 from oleganza/master
...
Typo fix in RFC6979 implementation
2015-03-30 17:32:38 +02:00
Oleg Andreev
a5a4333a8e
typo fix (no, this was not a bug)
2015-03-30 17:25:34 +02:00
Jochen Hoenicke
56f5777b68
Refactored code for point doubling.
...
New function `bn_mult_3_2` that multiplies by 3/2.
This function is used in point_double and point_jacobian_double.
Cleaned up point_add and point_double, more comments.
2015-03-22 17:55:01 +01:00
Jochen Hoenicke
edf0fc4902
New fast variant of point_multiply.
...
Use a similar algorithm for `point_multiply` as for
`scalar_multiply` but with less precomputation.
Added double for points in Jacobian coordinates.
Simplified `point_jacobian_add` a little.
2015-03-21 21:10:08 +01:00
Pavol Rusnak
d4df66a8d0
Merge pull request #27 from jhoenicke/bip39fix
...
Off by one error in word length.
2015-03-21 10:33:06 +01:00
Jochen Hoenicke
1b42fde852
Off by one error in word length.
...
This could lead to a buffer overrun if the final 0 byte is
written to current_word[j] after the loop.
Also document the limit of passphrase in mnemonic_to_seed.
2015-03-20 21:46:32 +01:00
Jochen Hoenicke
1700caf2ad
scalar_mult based on Jacobian representation
...
This version of scalar_mult should be faster and much better
against side-channel attacks. Except bn_inverse and bn_mod
all functions are constant time. bn_inverse is only used
in the last step and its input is randomized. The function
bn_mod is only taking extra time in 2^32/2^256 cases, so
in practise it should not occur at all. The input to bn_mod
is also depending on the random value.
There is secret dependent array access in scalar_multiply,
so cache may be an issue.
2015-03-17 19:18:34 +01:00
Jochen Hoenicke
2c38929d03
Make scalar_multiply timing attack safe.
...
This should make side-channel attacks much more difficult. However,
1. Timing of bn_inverse, which is used in point_add depends on input.
2. Timing of reading secp256k1_cp may depend on input due to cache.
3. The conditions in point_add are not timing attack safe.
However point_add is always a straight addition, never double or some
other special case.
In the long run, I would like to use a specialized point_add using Jacobian
representation plus a randomization when converting the first point to
Jacobian representation. The Jacobian representation would also make
the procedure a bit faster.
2015-03-17 19:18:34 +01:00
Jochen Hoenicke
ec057a5102
"More" constant time point multiplication
...
About the same speed, about the same precomputation table requirements.
Simpler code.
2015-03-17 19:18:34 +01:00
Jochen Hoenicke
eb6e74f361
Improve speed of scalar_multiply.
...
We also allow for substracting values to be able to do 3 bits at a time.
2015-03-17 19:18:34 +01:00