1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-29 01:28:10 +00:00
Commit Graph

63 Commits

Author SHA1 Message Date
Clément Nussbaumer
f9523f97df Improve function naming (#181)
Changes the `ecdsa_verify_digest_recover` function to `ecdsa_recover_pub_from_sig`, to avoid confusion
Fix #180
2018-09-13 14:58:29 +02:00
Jochen Hoenicke
e65adcf5ca Added cashaddr support (#120)
The new bitcoincash address format.
2018-04-05 11:15:05 +02:00
Saleem Rashid
c70e440128 hasher: Replace hasher_Double with HASHER_*D
This allows us to finely control when to use a single hash or a double hash in
various places. For example, Bitcoin signatures use double SHA256, but Decred
signatures use a single BLAKE256. However, both use double hashes for Base58.
2018-04-03 18:28:06 +02:00
Saleem Rashid
b41a51805f Use hasher_Raw instead of sha256_Raw 2017-12-10 20:07:13 +01:00
Pavol Rusnak
95a522bf1a
fix typo 2017-11-03 18:52:23 +01:00
Jochen Hoenicke
a5653dafe7 Increased length of addresses 2017-11-03 18:49:19 +01:00
Pavol Rusnak
af06a997cb
refactor ecdsa_get_address_segwit_p2sh{,_raw} 2017-07-25 17:59:26 +02:00
Pavol Rusnak
c950342063
refactor hdnode_public_ckd_address_optimized 2017-07-24 22:57:20 +02:00
Pavol Rusnak
a820a5601b
split rfc6979 from ecdsa into separate module 2017-04-03 20:58:53 +02:00
Pavol Rusnak
a8aacac6be
ecdsa: rand -> rnd 2017-04-02 02:52:50 +02:00
Jochen Hoenicke
d3d88591d0 Added co-signing for ed25519. 2017-04-02 01:18:03 +02:00
Jochen Hoenicke
949220ac0b
Protect signing against side-channel attack (#81)
Signing uses the bn_inverse function that is prone to side-channel
attacks.  We randomize its argument by multiplying it with a random
non-zero number.  At the end we multiply again by the same number to
cancel it out.

Changed get_k_random to take the prime range as a second argument and
to return a non-zero number.  This function was previously only used
for (non-rfc6979) signing and is now used for side-channel protection.
2016-11-06 15:20:07 +01:00
Pavol Rusnak
bb61fb75d8
segwit address sizes 2016-11-05 22:27:10 +01:00
Pavol Rusnak
cf21bb2fbf
refactor ECDH multiplication into ecdh_multiply function 2016-10-21 18:19:01 +02:00
Pavol Rusnak
ed755120af
fix broken test_speed 2016-10-16 02:26:16 +02:00
Pavol Rusnak
8764e26368
ecdsa_address_decode now needs version 2016-10-08 18:13:23 +02:00
Pavol Rusnak
430a5087c8
introduce MAX_ADDR_RAW_SIZE and MAX_WIF_RAW_SIZE macros 2016-10-08 18:01:44 +02:00
Pavol Rusnak
d10ec230c0
add support for multibyte address versions 2016-10-08 17:56:12 +02:00
Jochen Hoenicke
133c068f37 Reworked rfc6979 signing. (#72)
This adds an is_canonic parameter to all sign functions.  This is a
callback that determines if a signature corresponds to some coin
specific rules.  It is used, e. g., by ethereum (where the recovery
byte must be 0 or 1, and not 2 or 3) and or steem signatures (which
require both r and s to be between 2^248 and 2^255).

This also separates the initialization and the step function of the
random number generator, making it easy to restart the signature
process with the next random number.
2016-10-06 16:54:07 +02:00
Jochen Hoenicke
f4ed55377d Moved get_ethereum_address from ecdsa to bip32
The new name of the function is `hdnode_get_ethereum_address`
and it gets a hdnode as input as opposed to a public key.  This
also avoids first computing the compressed public key and then
uncompressing it.

Test cases were adapted to work with new function.  The test-vectors
are the same as for bip32 and independently checked with an adhoc
python implementation.
2016-08-18 16:21:33 +02:00
Alex Beregszaszi
1b8e3d557f Implement ecdsa_get_ethereum_pubkeyhash() 2016-05-23 19:10:06 +01:00
Alex Beregszaszi
7d68a6ee17 Add ecdsa_uncompress_pubkey()
Code based on @Arachnid's PR, but has more strict checks
2016-05-17 19:38:14 +01:00
Jochen Hoenicke
409783ba64
New function ecdsa_verify_recover
Moved the code from Trezor firmware to here for recovering the public key
when verifying a bitcoin message.  Fixed the signing and verification for
the unlikely case the r value overflows.
2016-04-25 18:02:24 +02:00
Jochen Hoenicke
698f40f385
BIP-32 without gaps, prepare non-ecdsa curves
* Split ecdsa_curve into curve_info and ecdsa_curve to support bip32 on
  curves that don't have a ecdsa_curve.
* Don't fail in key derivation but retry with a new hash.
* Adapted test case accordingly
2016-04-22 17:43:15 +02:00
Jochen Hoenicke
0bc1b70c4a Use different seed modifier for different curves 2016-04-20 10:38:11 +02:00
Jochen Hoenicke
f2081d88d8 New jacobian_add that handles doubling.
Fix bug where jacobian_add is called with two identical points.
2015-08-05 21:23:04 +02:00
Pavol Rusnak
2e09a9ff35 add b to ecdsa_curve structure 2015-08-05 18:06:10 +02:00
Pavol Rusnak
d659fd49a5 return back normalization of signatures 2015-08-03 21:47:06 +02:00
Roman Zeyde
7c58fc11a4 Add support for NIST256P1 elliptic curve
This enables SSH ECDSA public key authentication.
2015-06-26 10:33:14 +03:00
Dustin Laurence
8ce1f34233 Add prototypes for private functions 2015-01-23 12:12:40 -08:00
Pavol Rusnak
89a7d7797b replace base58 implementation 2014-12-23 03:11:58 +01:00
Pavol Rusnak
b4cdba8489 export pby from ecdsa_sign functions 2014-12-08 21:08:49 +01:00
Pavol Rusnak
df3606dd5e introduce ecdsa_get_address_raw 2014-11-16 21:17:39 +01:00
Pavol Rusnak
b9d5896174 make pubkey validation optional, extract options to separate header 2014-07-07 20:14:36 +02:00
Ondrej Mikle
03fee34550 Validating of public key curve point. 2014-07-07 15:11:40 +02:00
Ondrej Mikle
d827b2c862 Account for case when point.y == 0 when doubling. 2014-07-04 17:40:35 +02:00
Ondrej Mikle
da6a09880d Handling of special cases in EC arithmetic. 2014-07-04 15:30:15 +02:00
Pavol Rusnak
5e9cd15527 use new base58 code for address functions, add function for obtaining wif 2014-05-22 22:29:53 +02:00
Pavol Rusnak
612f5ab050 fix copyright headers 2014-05-22 20:54:58 +02:00
Pavol Rusnak
b5ceb14f8d extract ecdsa_get_pubkeyhash 2014-02-21 23:33:14 +01:00
Pavol Rusnak
6a856479a8 introduce point_multiply 2014-02-05 23:38:37 +01:00
Pavol Rusnak
fc144587e6 introduce ecdsa_verify_digest 2014-02-04 19:12:43 +01:00
Pavol Rusnak
8aaebe761b introduce uncompress_coords 2014-02-04 18:55:17 +01:00
Pavol Rusnak
81f462a5c5 add ecdsa_sig_to_der 2014-02-02 22:01:43 +01:00
Pavol Rusnak
73489fbd33 split signing into ecdsa_sign_digest and ecdsa_sign/ecdsa_sign_double 2014-02-02 20:36:03 +01:00
Pavol Rusnak
a40a077613 rework ecdsa_address_to_hash160 into ecdsa_address_decode 2014-01-31 15:26:51 +01:00
Pavol Rusnak
2e4ec7fe0a introduce ecdsa_address_to_hash160 2014-01-30 20:34:05 +01:00
Pavol Rusnak
ed7e2e5058 implement public child key derivation 2014-01-14 14:35:13 +01:00
Pavol Rusnak
9da3b35962 extract xprv_fill_public method 2013-11-08 16:02:48 +01:00
Pavol Rusnak
0fc4ad0976 move declaration 2013-10-08 21:07:53 +02:00