1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-25 07:48:10 +00:00
Commit Graph

439 Commits

Author SHA1 Message Date
Pavol Rusnak
d659fd49a5 return back normalization of signatures 2015-08-03 21:47:06 +02:00
Pavol Rusnak
9255595c97 Merge pull request #42 from romanz/master
bignum: use constant time comparisons
2015-08-03 21:46:53 +02:00
Roman Zeyde
793234a0ec bignum: use constant time comparisons 2015-08-03 10:57:09 +03:00
Pavol Rusnak
bfa812441d Merge pull request #41 from romanz/travis
Improve Travis CI usage
2015-07-31 11:04:49 +02:00
Roman Zeyde
558b3fd65b travis: add pytest (for test_curves.py) 2015-07-31 11:40:13 +03:00
Roman Zeyde
8a3ee52d63 travis: add openssl tests 2015-07-31 11:09:15 +03:00
Roman Zeyde
cfbd09d158 travis: use container-based infrastructure 2015-07-31 10:55:06 +03:00
Pavol Rusnak
79738f4251 Merge pull request #40 from romanz/travis
Add Travis CI for unit test suite
2015-07-29 21:02:38 +02:00
Roman Zeyde
f91e912dd2 README: add travis badge 2015-07-29 21:57:41 +03:00
Roman Zeyde
0164137786 tests: fix signedness error 2015-07-29 21:49:00 +03:00
Roman Zeyde
1163992e5c travis: add simple tests 2015-07-29 20:57:30 +03:00
Pavol Rusnak
f9df01c6e6 add CONTRIBUTORS file
generated using the following:

git log --format='%aN <%aE>' --no-merges | sort | uniq -c | sort -nr
2015-07-29 16:38:45 +02:00
Pavol Rusnak
8108524358 Merge pull request #39 from romanz/master
test_curves: fix test case name typo
2015-07-26 16:47:42 +02:00
Roman Zeyde
e569b019c4 test_curves: fix test case name typo 2015-07-24 10:44:56 +03:00
Pavol Rusnak
5ec72d3a5b Merge pull request #38 from romanz/master
Fix few small issues.
2015-07-07 18:32:13 +02:00
Pavol Rusnak
9c3e51074b use -O3 instead of -Os 2015-07-07 18:31:04 +02:00
Roman Zeyde
749cf8b75f gui: fixup after ECDSA updates 2015-07-07 10:58:08 +03:00
Roman Zeyde
ea16aa0b86 Remove unnecessary #include "secp256k1.h" 2015-07-07 10:39:12 +03:00
Roman Zeyde
587d6a65ea Update documentation regarding ECDSA curves support 2015-07-07 10:38:16 +03:00
Pavol Rusnak
f2ef64228a Merge pull request #37 from jdb6167/master
Fixed issues with Python files
2015-07-06 19:00:29 +02:00
Josh Billings
cb0b5169c5 whitespace 2015-07-06 12:48:11 -04:00
Josh Billings
d2120d6da1 two bugfixes: 1. nist256p1.c was not included in setup.py, causing import errors when using TrezorCrypto.so in Python. 2. if you attempted a hardened derivation in python using the compiled TrezorCrypto module, an IntegerOverflowError would occur because Python ints are always signed. one-line fix by changing int to unsigned int in the pyx file 2015-07-06 12:43:30 -04:00
Pavol Rusnak
71c24673ce Merge branch 'ssh-agent' of git://github.com/romanz/trezor-crypto into romanz-ssh-agent
Conflicts:
	ecdsa.c
2015-06-28 21:22:50 +02:00
Pavol Rusnak
36caf5b33a Merge pull request #35 from romanz/master
ecdsa: generate_k_rfc6979() should cleanup its stack before exit
2015-06-28 21:01:57 +02:00
Roman Zeyde
36847ac0d7 ecdsa: generate_k_rfc6979() should cleanup its stack before exit 2015-06-27 10:08:18 +03:00
Roman Zeyde
7c58fc11a4 Add support for NIST256P1 elliptic curve
This enables SSH ECDSA public key authentication.
2015-06-26 10:33:14 +03:00
Pavol Rusnak
0983c6c456 Merge pull request #34 from JohnDvorak/patch-1
Change return value of ecdsa_sign_digest
2015-06-18 15:58:12 +02:00
John Dvorak
85cebfe968 Change return value of ecdsa_sign_digest
Error codes were not being propagated, always returned as 0.
2015-06-18 09:55:12 -04:00
Pavol Rusnak
c58d4e03c5 add proof of concept bip39 bruteforce benchmark 2015-05-11 14:24:45 +02:00
Pavol Rusnak
00954da5fe fix /dev/urandom problem 2015-05-04 19:53:06 +02:00
Pavol Rusnak
ffedf8a4d0 suppress warning when debug is disabled 2015-05-04 19:40:15 +02:00
Pavol Rusnak
21d0bb437a cleanup coding style 2015-04-13 18:19:33 +02:00
Pavol Rusnak
6ec585fcee Merge pull request #29 from netanelkl/master
Code Security change
2015-04-13 17:56:32 +02:00
Pavol Rusnak
f1b8f55d92 use curly braces in if block 2015-04-11 20:01:45 +02:00
Pavol Rusnak
99f01a9391 Merge pull request #30 from jhoenicke/master
Added more tests for new multiplications
2015-04-11 19:59:31 +02:00
Jochen Hoenicke
c90f79bce2 Added new tests for point multiplication 2015-04-11 13:12:03 +02:00
Jochen Hoenicke
e432d772c7 Program to precompute the table for scalar_mult
This program pre-computes the table and prints then in the form
that can be included in secp256k1.c
2015-04-11 13:12:03 +02:00
netanelkl
3fd32df8ed More of the same. 2015-04-09 15:05:28 -04:00
netanelkl
70dc71c87e Some more stack memory wipe before leaving functions.
Note that I preferred to change the multiple returns to multiple checks
of a boolean to concentrate the erase into the last part of the
functions.
2015-04-09 14:17:47 -04:00
netanelkl
aeefea054a Added some private key nullification so that they won't be uncontrolled in the stack 2015-04-08 15:07:15 -04:00
Pavol Rusnak
a757693fe3 Merge pull request #26 from jhoenicke/bignum_improvements
Bignum improvements
2015-03-30 17:48:43 +02:00
Pavol Rusnak
196cabe012 import random_uniform and random_permute functions from TREZOR codebase 2015-03-30 17:45:34 +02:00
Pavol Rusnak
ad71a16e61 Merge pull request #28 from oleganza/master
Typo fix in RFC6979 implementation
2015-03-30 17:32:38 +02:00
Oleg Andreev
a5a4333a8e typo fix (no, this was not a bug) 2015-03-30 17:25:34 +02:00
Jochen Hoenicke
56f5777b68 Refactored code for point doubling.
New function `bn_mult_3_2` that multiplies by 3/2.
This function is used in point_double and point_jacobian_double.
Cleaned up point_add and point_double, more comments.
2015-03-22 17:55:01 +01:00
Jochen Hoenicke
edf0fc4902 New fast variant of point_multiply.
Use a similar algorithm for `point_multiply` as for
`scalar_multiply` but with less precomputation.
Added double for points in Jacobian coordinates.
Simplified `point_jacobian_add` a little.
2015-03-21 21:10:08 +01:00
Pavol Rusnak
d4df66a8d0 Merge pull request #27 from jhoenicke/bip39fix
Off by one error in word length.
2015-03-21 10:33:06 +01:00
Jochen Hoenicke
1b42fde852 Off by one error in word length.
This could lead to a buffer overrun if the final 0 byte is
written to current_word[j] after the loop.

Also document the limit of passphrase in mnemonic_to_seed.
2015-03-20 21:46:32 +01:00
Jochen Hoenicke
1700caf2ad scalar_mult based on Jacobian representation
This version of scalar_mult should be faster and much better
against side-channel attacks.  Except bn_inverse and bn_mod
all functions are constant time.  bn_inverse is only used
in the last step and its input is randomized.  The function
bn_mod is only taking extra time in 2^32/2^256 cases, so
in practise it should not occur at all.  The input to bn_mod
is also depending on the random value.

There is secret dependent array access in scalar_multiply,
so cache may be an issue.
2015-03-17 19:18:34 +01:00
Jochen Hoenicke
2c38929d03 Make scalar_multiply timing attack safe.
This should make side-channel attacks much more difficult. However,

1. Timing of bn_inverse, which is used in point_add depends on input.
2. Timing of reading secp256k1_cp may depend on input due to cache.
3. The conditions in point_add are not timing attack safe.
   However point_add is always a straight addition, never double or some
   other special case.

In the long run, I would like to use a specialized point_add using Jacobian
representation plus a randomization when converting the first point to
Jacobian representation.  The Jacobian representation would also make
the procedure a bit faster.
2015-03-17 19:18:34 +01:00