1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-30 03:18:20 +00:00
Commit Graph

62 Commits

Author SHA1 Message Date
Jochen Hoenicke
ed9d8c1ebb Fix RFC6979 generation of k.
The standard says:
step h:
  Set T to the empty sequence.
  while tlen < qlen
    V = HMAC_K(V)
    T = T || V
  k = bits2int(T)

in this case (HMAC-SHA256, qlen=256bit) this simplifies to
  V = HMAC_K(V)
  T = V
  k = bits2int(T)
and T can be omitted.

The old code (wrong) did:
  T = HMAC_K(V)
  k = bits2int(T)
Note that V will only be used again if the first k is out of range.
Thus, the old code produced the right result with a very high probability.
2015-01-30 22:34:37 +01:00
Pavol Rusnak
795579cbac invert pby when normalizing S during signing 2014-12-23 18:13:33 +01:00
Pavol Rusnak
89a7d7797b replace base58 implementation 2014-12-23 03:11:58 +01:00
Pavol Rusnak
b4cdba8489 export pby from ecdsa_sign functions 2014-12-08 21:08:49 +01:00
Pavol Rusnak
9469a64a0a use bn_is_zero and bn_is_equal where possible 2014-11-17 17:17:14 +01:00
Pavol Rusnak
df3606dd5e introduce ecdsa_get_address_raw 2014-11-16 21:17:39 +01:00
Pavol Rusnak
0fe1857513 normalize y^2 in pubkey validation
fix last commit
2014-07-07 21:11:25 +02:00
Pavol Rusnak
b9d5896174 make pubkey validation optional, extract options to separate header 2014-07-07 20:14:36 +02:00
Ondrej Mikle
b34516bc49 Removed unnessary point copy. 2014-07-07 16:35:53 +02:00
Ondrej Mikle
03fee34550 Validating of public key curve point. 2014-07-07 15:11:40 +02:00
Ondrej Mikle
7fd81a1e0c Removed superfluous bn_mod, it's done now in point_add and point_double. 2014-07-06 14:50:12 +02:00
Ondrej Mikle
323da2d434 Keep results after point_add() and point_double() inside the finite field. Simplified point_is_negative_of(). 2014-07-05 22:07:03 +02:00
Ondrej Mikle
d827b2c862 Account for case when point.y == 0 when doubling. 2014-07-04 17:40:35 +02:00
Ondrej Mikle
6d61cefdb3 Removed test for point equality in ecdsa_verify_digest, point_add() already handles that. 2014-07-04 15:50:29 +02:00
Ondrej Mikle
da6a09880d Handling of special cases in EC arithmetic. 2014-07-04 15:30:15 +02:00
Pavol Rusnak
82ed3f31db fix comparison of points 2014-07-04 15:07:02 +02:00
Pavol Rusnak
eec5f7df15 fix bug in unoptimized branch of code 2014-07-03 10:16:19 +02:00
Pavol Rusnak
019d779a94 Revert "Revert "add more precomputation to ecdsa signing""
This reverts commit 3747ba4323.
2014-07-03 10:09:45 +02:00
Pavol Rusnak
3747ba4323 Revert "add more precomputation to ecdsa signing"
This reverts commit 06dd166a82.
2014-07-03 01:18:00 +02:00
Ondrej Mikle
0ad302ea4e Hashing of secp256k1 pubkey recognizes point at infinity. 2014-07-01 16:16:06 +02:00
Pavol Rusnak
5e9cd15527 use new base58 code for address functions, add function for obtaining wif 2014-05-22 22:29:53 +02:00
Pavol Rusnak
612f5ab050 fix copyright headers 2014-05-22 20:54:58 +02:00
Pavol Rusnak
06dd166a82 add more precomputation to ecdsa signing 2014-05-15 17:11:26 +02:00
Pavol Rusnak
94d4a3733e fix typos 2014-04-11 15:33:29 +02:00
Pavol Rusnak
b5ceb14f8d extract ecdsa_get_pubkeyhash 2014-02-21 23:33:14 +01:00
Pavol Rusnak
d0e152a088 replace SHA256/SHA512 prefix with sha256/sha512 (OpenSSL clash) 2014-02-19 21:26:42 +01:00
Pavol Rusnak
50fb43127f use -Wextra 2014-02-08 19:12:07 +01:00
Pavol Rusnak
d433bcfa10 fix ecdsa_sig_to_der 2014-02-08 15:55:03 +01:00
Pavol Rusnak
6a856479a8 introduce point_multiply 2014-02-05 23:38:37 +01:00
Pavol Rusnak
fc144587e6 introduce ecdsa_verify_digest 2014-02-04 19:12:43 +01:00
Pavol Rusnak
8aaebe761b introduce uncompress_coords 2014-02-04 18:55:17 +01:00
Pavol Rusnak
81f462a5c5 add ecdsa_sig_to_der 2014-02-02 22:01:43 +01:00
Pavol Rusnak
73489fbd33 split signing into ecdsa_sign_digest and ecdsa_sign/ecdsa_sign_double 2014-02-02 20:36:03 +01:00
Pavol Rusnak
a40a077613 rework ecdsa_address_to_hash160 into ecdsa_address_decode 2014-01-31 15:26:51 +01:00
Pavol Rusnak
2e4ec7fe0a introduce ecdsa_address_to_hash160 2014-01-30 20:34:05 +01:00
Pavol Rusnak
7dc057c903 add testcases for address generation
fix bug for version != 0
process uncompressed pubkeys as well
2014-01-27 19:57:44 +01:00
Pavol Rusnak
ed7e2e5058 implement public child key derivation 2014-01-14 14:35:13 +01:00
Pavol Rusnak
8423c7abfd add check that pub.y != res.y 2014-01-04 17:39:37 +01:00
Pavol Rusnak
9da3b35962 extract xprv_fill_public method 2013-11-08 16:02:48 +01:00
Pavol Rusnak
a439d8674d small cosmetic changes 2013-10-24 19:44:54 +02:00
Pavol Rusnak
9205c0d952 use canonical signatures (if S > Order/2: S = Order - S) 2013-10-08 14:06:48 +02:00
Pavol Rusnak
f87e706407 add define for RFC6979 2013-10-03 18:19:30 +02:00
Pavol Rusnak
678e5b1af2 use #if instead of #ifdef for conditional macros 2013-10-03 17:32:27 +02:00
Pavol Rusnak
1691d5cc8c small cleanup 2013-10-01 18:08:33 +02:00
Pavol Rusnak
71ff1c5124 replace infinite loops with loops with counters 2013-09-27 15:55:55 +02:00
Pavol Rusnak
f4f246f3d7 optimize computations 2013-09-27 15:42:52 +02:00
Pavol Rusnak
7ed18947ba simplify divmod58 2013-09-25 12:39:23 +02:00
Pavol Rusnak
74a5b04b81 verify now supports compressed keys 2013-09-24 18:48:46 +02:00
Pavol Rusnak
896905c5c8 remove der encoding, introduce 33/65 bytes pubkeys, 64 bytes signature 2013-09-23 21:13:44 +02:00
Pavol Rusnak
58a65d9cd7 move speed tests to unit testing suite 2013-09-22 15:05:59 +02:00