trezor-firmware

Commit Graph

Author	SHA1	Message	Date
Pavol Rusnak	d659fd49a5	return back normalization of signatures	9 years ago
Pavol Rusnak	9255595c97	Merge pull request #42 from romanz/master bignum: use constant time comparisons	9 years ago
Roman Zeyde	793234a0ec	bignum: use constant time comparisons	9 years ago
Pavol Rusnak	bfa812441d	Merge pull request #41 from romanz/travis Improve Travis CI usage	9 years ago
Roman Zeyde	558b3fd65b	travis: add pytest (for test_curves.py)	9 years ago
Roman Zeyde	8a3ee52d63	travis: add openssl tests	9 years ago
Roman Zeyde	cfbd09d158	travis: use container-based infrastructure	9 years ago
Pavol Rusnak	79738f4251	Merge pull request #40 from romanz/travis Add Travis CI for unit test suite	9 years ago
Roman Zeyde	f91e912dd2	README: add travis badge	9 years ago
Roman Zeyde	0164137786	tests: fix signedness error	9 years ago
Roman Zeyde	1163992e5c	travis: add simple tests	9 years ago
Pavol Rusnak	f9df01c6e6	add CONTRIBUTORS file generated using the following: git log --format='%aN <%aE>' --no-merges \| sort \| uniq -c \| sort -nr	9 years ago
Pavol Rusnak	8108524358	Merge pull request #39 from romanz/master test_curves: fix test case name typo	9 years ago
Roman Zeyde	e569b019c4	test_curves: fix test case name typo	9 years ago
Pavol Rusnak	5ec72d3a5b	Merge pull request #38 from romanz/master Fix few small issues.	9 years ago
Pavol Rusnak	9c3e51074b	use -O3 instead of -Os	9 years ago
Roman Zeyde	749cf8b75f	gui: fixup after ECDSA updates	9 years ago
Roman Zeyde	ea16aa0b86	Remove unnecessary #include "secp256k1.h"	9 years ago
Roman Zeyde	587d6a65ea	Update documentation regarding ECDSA curves support	9 years ago
Pavol Rusnak	f2ef64228a	Merge pull request #37 from jdb6167/master Fixed issues with Python files	9 years ago
Josh Billings	cb0b5169c5	whitespace	9 years ago
Josh Billings	d2120d6da1	two bugfixes: 1. nist256p1.c was not included in setup.py, causing import errors when using TrezorCrypto.so in Python. 2. if you attempted a hardened derivation in python using the compiled TrezorCrypto module, an IntegerOverflowError would occur because Python ints are always signed. one-line fix by changing int to unsigned int in the pyx file	9 years ago
Pavol Rusnak	71c24673ce	Merge branch 'ssh-agent' of git://github.com/romanz/trezor-crypto into romanz-ssh-agent Conflicts: ecdsa.c	9 years ago
Pavol Rusnak	36caf5b33a	Merge pull request #35 from romanz/master ecdsa: generate_k_rfc6979() should cleanup its stack before exit	9 years ago
Roman Zeyde	36847ac0d7	ecdsa: generate_k_rfc6979() should cleanup its stack before exit	9 years ago
Roman Zeyde	7c58fc11a4	Add support for NIST256P1 elliptic curve This enables SSH ECDSA public key authentication.	9 years ago
Pavol Rusnak	0983c6c456	Merge pull request #34 from JohnDvorak/patch-1 Change return value of ecdsa_sign_digest	9 years ago
John Dvorak	85cebfe968	Change return value of ecdsa_sign_digest Error codes were not being propagated, always returned as 0.	9 years ago
Pavol Rusnak	c58d4e03c5	add proof of concept bip39 bruteforce benchmark	9 years ago
Pavol Rusnak	00954da5fe	fix /dev/urandom problem	9 years ago
Pavol Rusnak	ffedf8a4d0	suppress warning when debug is disabled	9 years ago
Pavol Rusnak	21d0bb437a	cleanup coding style	9 years ago
Pavol Rusnak	6ec585fcee	Merge pull request #29 from netanelkl/master Code Security change	9 years ago
Pavol Rusnak	f1b8f55d92	use curly braces in if block	9 years ago
Pavol Rusnak	99f01a9391	Merge pull request #30 from jhoenicke/master Added more tests for new multiplications	9 years ago
Jochen Hoenicke	c90f79bce2	Added new tests for point multiplication	9 years ago
Jochen Hoenicke	e432d772c7	Program to precompute the table for scalar_mult This program pre-computes the table and prints then in the form that can be included in secp256k1.c	9 years ago
netanelkl	3fd32df8ed	More of the same.	9 years ago
netanelkl	70dc71c87e	Some more stack memory wipe before leaving functions. Note that I preferred to change the multiple returns to multiple checks of a boolean to concentrate the erase into the last part of the functions.	9 years ago
netanelkl	aeefea054a	Added some private key nullification so that they won't be uncontrolled in the stack	9 years ago
Pavol Rusnak	a757693fe3	Merge pull request #26 from jhoenicke/bignum_improvements Bignum improvements	9 years ago
Pavol Rusnak	196cabe012	import random_uniform and random_permute functions from TREZOR codebase	9 years ago
Pavol Rusnak	ad71a16e61	Merge pull request #28 from oleganza/master Typo fix in RFC6979 implementation	9 years ago
Oleg Andreev	a5a4333a8e	typo fix (no, this was not a bug)	9 years ago
Jochen Hoenicke	56f5777b68	Refactored code for point doubling. New function `bn_mult_3_2` that multiplies by 3/2. This function is used in point_double and point_jacobian_double. Cleaned up point_add and point_double, more comments.	9 years ago
Jochen Hoenicke	edf0fc4902	New fast variant of point_multiply. Use a similar algorithm for `point_multiply` as for `scalar_multiply` but with less precomputation. Added double for points in Jacobian coordinates. Simplified `point_jacobian_add` a little.	9 years ago
Pavol Rusnak	d4df66a8d0	Merge pull request #27 from jhoenicke/bip39fix Off by one error in word length.	9 years ago
Jochen Hoenicke	1b42fde852	Off by one error in word length. This could lead to a buffer overrun if the final 0 byte is written to current_word[j] after the loop. Also document the limit of passphrase in mnemonic_to_seed.	9 years ago
Jochen Hoenicke	1700caf2ad	scalar_mult based on Jacobian representation This version of scalar_mult should be faster and much better against side-channel attacks. Except bn_inverse and bn_mod all functions are constant time. bn_inverse is only used in the last step and its input is randomized. The function bn_mod is only taking extra time in 2^32/2^256 cases, so in practise it should not occur at all. The input to bn_mod is also depending on the random value. There is secret dependent array access in scalar_multiply, so cache may be an issue.	9 years ago
Jochen Hoenicke	2c38929d03	Make scalar_multiply timing attack safe. This should make side-channel attacks much more difficult. However, 1. Timing of bn_inverse, which is used in point_add depends on input. 2. Timing of reading secp256k1_cp may depend on input due to cache. 3. The conditions in point_add are not timing attack safe. However point_add is always a straight addition, never double or some other special case. In the long run, I would like to use a specialized point_add using Jacobian representation plus a randomization when converting the first point to Jacobian representation. The Jacobian representation would also make the procedure a bit faster.	9 years ago

1 2 3 4 5 ...

339 Commits (dc167592d547ff067e66376eaba90feee8622ff2) All Branches Search

339 Commits (dc167592d547ff067e66376eaba90feee8622ff2)

All Branches