1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-04 21:48:17 +00:00
Commit Graph

668 Commits

Author SHA1 Message Date
Pavol Rusnak
b55473a01e
add fingerprint output parameter to hdnode_private_ckd_cached function 2016-12-12 12:07:33 +01:00
Saleem Rashid
6aac03d2d8 CMakeLists: Allow use as a library (#82)
This allows TrezorCrypto to be linked with by other CMake projects
2016-11-16 22:58:12 +01:00
Jan Pochyla
20bb7e9b5c sha1: fix context zeroing 2016-11-06 16:02:10 +01:00
Jochen Hoenicke
949220ac0b
Protect signing against side-channel attack (#81)
Signing uses the bn_inverse function that is prone to side-channel
attacks.  We randomize its argument by multiplying it with a random
non-zero number.  At the end we multiply again by the same number to
cancel it out.

Changed get_k_random to take the prime range as a second argument and
to return a non-zero number.  This function was previously only used
for (non-rfc6979) signing and is now used for side-channel protection.
2016-11-06 15:20:07 +01:00
Pavol Rusnak
e68267e04b
undef ALIGN macro in curve25519 2016-11-06 15:16:09 +01:00
Pavol Rusnak
bb61fb75d8
segwit address sizes 2016-11-05 22:27:10 +01:00
Jochen Hoenicke
e855c60529 Use bn_add instead of bn_addmod (#80)
The bip32 private key derivation used bn_addmod to handle
wrap around.  This was never sufficient as bn_addmod uses only
bn_fast_mod, so an additional bn_mod is necessary.  The bn_fast_mod
helped when bn_mod was not side-channel safe.  Now that bn_mod uses
constant time code, we can get rid of the unnecessary bn_fast_mod
step and use bn_add instead of bn_addmod.
2016-11-05 21:21:48 +01:00
Saleem Rashid
19efbeef8d sha2: add sha1_Raw 2016-11-05 15:14:37 +01:00
Saleem Rashid
d812c7209f sha2: import SHA1 implementation 2016-11-05 15:14:37 +01:00
Saleem Rashid
0acfb2cf28 tests: add SHA1 test 2016-11-05 15:14:37 +01:00
Saleem Rashid
1b79c93bbc sha2: NIST FIPS 180-2 naming conventions 2016-11-05 15:14:37 +01:00
Pavol Rusnak
a91e005633
extract block size and digest size as macros in ripemd160 2016-11-01 16:32:44 +01:00
Pavol Rusnak
f4e4c29356
add blake2s, add unittests for blake2s and sha3 2016-11-01 16:22:20 +01:00
Pavol Rusnak
459f4a5e7a
add setbit, clearbit, testbit and xor to bignum 2016-10-31 17:26:24 +01:00
Pavol Rusnak
1259c36f80
change shebang for test_curves.py 2016-10-24 21:43:33 +02:00
Roman Zeyde
5ecb8574cc tests: fix curve25519 unittests (#78) 2016-10-24 21:35:30 +02:00
Pavol Rusnak
fa8772dfee
include options.h to base58.h 2016-10-24 20:54:29 +02:00
Pavol Rusnak
0abc61f672
use curve25519-donna from floodyberry 2016-10-24 20:51:57 +02:00
Pavol Rusnak
bede439a62
remove unused macros in test-openssl.c 2016-10-24 20:39:55 +02:00
Pavol Rusnak
b617568068
add curve25519 multiply to test_speed 2016-10-24 20:27:48 +02:00
Pavol Rusnak
a8c7e5ef20
gui: fix build 2016-10-24 17:24:31 +02:00
Pavol Rusnak
ce9022ad5d
fix tests.c when USE_GRAPHENE=0 2016-10-24 12:44:25 +02:00
Roman Zeyde
420c71992a tests: add BIP32 ECDH (#76)
* tests: add BIP32 ECDH

* tests: BIP32 ECDH errors
2016-10-24 12:40:00 +02:00
Pavol Rusnak
6d08eb99b8
add ECDH to readme 2016-10-22 00:29:14 +02:00
Roman Zeyde
228f9425d1 Fix small typo in return value checking (#75) 2016-10-22 00:26:29 +02:00
Pavol Rusnak
cf21bb2fbf
refactor ECDH multiplication into ecdh_multiply function 2016-10-21 18:19:01 +02:00
Pavol Rusnak
ca4057aca0
tests: cleanup fromhex function 2016-10-20 12:04:05 +02:00
Pavol Rusnak
e6574f8eea
extract ck_assert_mem macros to separate file check_mem.h 2016-10-19 20:42:50 +02:00
Pavol Rusnak
ed755120af
fix broken test_speed 2016-10-16 02:26:16 +02:00
Fabian Schuh
54cc18c493 Steem integration 2016-10-16 01:41:20 +02:00
Pavol Rusnak
707c869fb9 Merge pull request #74 from romanz/curve25519
Add support for Curve25519-based ECDH
2016-10-16 01:28:45 +02:00
Roman Zeyde
0167d06378 Fix Travis build 2016-10-15 15:38:23 +03:00
Roman Zeyde
43f86e660d Add Python tests for Curve25519 ECDH 2016-10-15 15:38:23 +03:00
Roman Zeyde
906c543ebc Implement ECDH with Curve25519 at BIP32 module 2016-10-14 23:36:19 +03:00
Jan Pochyla
f45bcc65f2 bip32: deserialize the fingerprint 2016-10-14 14:44:05 +02:00
Roman Zeyde
0ad8a7c627 Add Curve25519 implementation
Using https://github.com/agl/curve25519-donna repository source.
2016-10-13 22:21:58 +03:00
Karel Bilek
0a158f6c7d Add compiled output 2016-10-12 18:04:03 +02:00
Pavol Rusnak
cb25b763b7
add emcripten outputs to gitignore 2016-10-12 17:36:46 +02:00
Pavol Rusnak
b05776be77
add address related funnctions 2016-10-10 11:22:15 +02:00
Pavol Rusnak
ad73c0d4e7
fix ecdsa_address_decode 2016-10-09 23:42:21 +02:00
Pavol Rusnak
4fb15a13d8
add hdnode_get_address 2016-10-08 18:18:32 +02:00
Pavol Rusnak
8764e26368
ecdsa_address_decode now needs version 2016-10-08 18:13:23 +02:00
Pavol Rusnak
430a5087c8
introduce MAX_ADDR_RAW_SIZE and MAX_WIF_RAW_SIZE macros 2016-10-08 18:01:44 +02:00
Pavol Rusnak
d10ec230c0
add support for multibyte address versions 2016-10-08 17:56:12 +02:00
Jochen Hoenicke
157caf3763 ecdsa: fix out-of-bounds read in point_multiply (#71)
Fixes #70.
2016-10-06 16:54:25 +02:00
Jochen Hoenicke
133c068f37 Reworked rfc6979 signing. (#72)
This adds an is_canonic parameter to all sign functions.  This is a
callback that determines if a signature corresponds to some coin
specific rules.  It is used, e. g., by ethereum (where the recovery
byte must be 0 or 1, and not 2 or 3) and or steem signatures (which
require both r and s to be between 2^248 and 2^255).

This also separates the initialization and the step function of the
random number generator, making it easy to restart the signature
process with the next random number.
2016-10-06 16:54:07 +02:00
Jan Pochyla
00413c0b6e bip32: serialization returns nu. of written bytes 2016-10-06 12:36:23 +02:00
Saleem Rashid
db1b638cdf gui: update for newer HDNode API (#68) 2016-09-11 00:35:02 +02:00
Pavol Rusnak
62b8f845f2 Merge pull request #67 from jhoenicke/master
sha2: fix unaligned access.
2016-08-29 22:03:32 +02:00
Jochen Hoenicke
19a1f501c4
Simplified sha256_Final/sha512_Last
- Fix the bug where we zero too many bytes in sha512_Last
  (SHORT_BLOCK_LENGTH != BLOCK_LENGTH -2).
- Get rid of an if branch.
- Don't reverse the last two words in 512_Last that are written later.
- make 256_Final and 512_Last look the same.
2016-08-29 21:55:57 +02:00