Jan Pochyla
20bb7e9b5c
sha1: fix context zeroing
2016-11-06 16:02:10 +01:00
Jochen Hoenicke
949220ac0b
Protect signing against side-channel attack ( #81 )
...
Signing uses the bn_inverse function that is prone to side-channel
attacks. We randomize its argument by multiplying it with a random
non-zero number. At the end we multiply again by the same number to
cancel it out.
Changed get_k_random to take the prime range as a second argument and
to return a non-zero number. This function was previously only used
for (non-rfc6979) signing and is now used for side-channel protection.
2016-11-06 15:20:07 +01:00
Pavol Rusnak
e68267e04b
undef ALIGN macro in curve25519
2016-11-06 15:16:09 +01:00
Pavol Rusnak
bb61fb75d8
segwit address sizes
2016-11-05 22:27:10 +01:00
Jochen Hoenicke
e855c60529
Use bn_add instead of bn_addmod ( #80 )
...
The bip32 private key derivation used bn_addmod to handle
wrap around. This was never sufficient as bn_addmod uses only
bn_fast_mod, so an additional bn_mod is necessary. The bn_fast_mod
helped when bn_mod was not side-channel safe. Now that bn_mod uses
constant time code, we can get rid of the unnecessary bn_fast_mod
step and use bn_add instead of bn_addmod.
2016-11-05 21:21:48 +01:00
Saleem Rashid
19efbeef8d
sha2: add sha1_Raw
2016-11-05 15:14:37 +01:00
Saleem Rashid
d812c7209f
sha2: import SHA1 implementation
2016-11-05 15:14:37 +01:00
Saleem Rashid
0acfb2cf28
tests: add SHA1 test
2016-11-05 15:14:37 +01:00
Saleem Rashid
1b79c93bbc
sha2: NIST FIPS 180-2 naming conventions
2016-11-05 15:14:37 +01:00
Pavol Rusnak
a91e005633
extract block size and digest size as macros in ripemd160
2016-11-01 16:32:44 +01:00
Pavol Rusnak
f4e4c29356
add blake2s, add unittests for blake2s and sha3
2016-11-01 16:22:20 +01:00
Pavol Rusnak
459f4a5e7a
add setbit, clearbit, testbit and xor to bignum
2016-10-31 17:26:24 +01:00
Pavol Rusnak
1259c36f80
change shebang for test_curves.py
2016-10-24 21:43:33 +02:00
Roman Zeyde
5ecb8574cc
tests: fix curve25519 unittests ( #78 )
2016-10-24 21:35:30 +02:00
Pavol Rusnak
fa8772dfee
include options.h to base58.h
2016-10-24 20:54:29 +02:00
Pavol Rusnak
0abc61f672
use curve25519-donna from floodyberry
2016-10-24 20:51:57 +02:00
Pavol Rusnak
bede439a62
remove unused macros in test-openssl.c
2016-10-24 20:39:55 +02:00
Pavol Rusnak
b617568068
add curve25519 multiply to test_speed
2016-10-24 20:27:48 +02:00
Pavol Rusnak
a8c7e5ef20
gui: fix build
2016-10-24 17:24:31 +02:00
Pavol Rusnak
ce9022ad5d
fix tests.c when USE_GRAPHENE=0
2016-10-24 12:44:25 +02:00
Roman Zeyde
420c71992a
tests: add BIP32 ECDH ( #76 )
...
* tests: add BIP32 ECDH
* tests: BIP32 ECDH errors
2016-10-24 12:40:00 +02:00
Pavol Rusnak
6d08eb99b8
add ECDH to readme
2016-10-22 00:29:14 +02:00
Roman Zeyde
228f9425d1
Fix small typo in return value checking ( #75 )
2016-10-22 00:26:29 +02:00
Pavol Rusnak
cf21bb2fbf
refactor ECDH multiplication into ecdh_multiply function
2016-10-21 18:19:01 +02:00
Pavol Rusnak
ca4057aca0
tests: cleanup fromhex function
2016-10-20 12:04:05 +02:00
Pavol Rusnak
e6574f8eea
extract ck_assert_mem macros to separate file check_mem.h
2016-10-19 20:42:50 +02:00
Pavol Rusnak
ed755120af
fix broken test_speed
2016-10-16 02:26:16 +02:00
Fabian Schuh
54cc18c493
Steem integration
2016-10-16 01:41:20 +02:00
Pavol Rusnak
707c869fb9
Merge pull request #74 from romanz/curve25519
...
Add support for Curve25519-based ECDH
2016-10-16 01:28:45 +02:00
Roman Zeyde
0167d06378
Fix Travis build
2016-10-15 15:38:23 +03:00
Roman Zeyde
43f86e660d
Add Python tests for Curve25519 ECDH
2016-10-15 15:38:23 +03:00
Roman Zeyde
906c543ebc
Implement ECDH with Curve25519 at BIP32 module
2016-10-14 23:36:19 +03:00
Jan Pochyla
f45bcc65f2
bip32: deserialize the fingerprint
2016-10-14 14:44:05 +02:00
Roman Zeyde
0ad8a7c627
Add Curve25519 implementation
...
Using https://github.com/agl/curve25519-donna repository source.
2016-10-13 22:21:58 +03:00
Karel Bilek
0a158f6c7d
Add compiled output
2016-10-12 18:04:03 +02:00
Pavol Rusnak
cb25b763b7
add emcripten outputs to gitignore
2016-10-12 17:36:46 +02:00
Pavol Rusnak
b05776be77
add address related funnctions
2016-10-10 11:22:15 +02:00
Pavol Rusnak
ad73c0d4e7
fix ecdsa_address_decode
2016-10-09 23:42:21 +02:00
Pavol Rusnak
4fb15a13d8
add hdnode_get_address
2016-10-08 18:18:32 +02:00
Pavol Rusnak
8764e26368
ecdsa_address_decode now needs version
2016-10-08 18:13:23 +02:00
Pavol Rusnak
430a5087c8
introduce MAX_ADDR_RAW_SIZE and MAX_WIF_RAW_SIZE macros
2016-10-08 18:01:44 +02:00
Pavol Rusnak
d10ec230c0
add support for multibyte address versions
2016-10-08 17:56:12 +02:00
Jochen Hoenicke
157caf3763
ecdsa: fix out-of-bounds read in point_multiply ( #71 )
...
Fixes #70 .
2016-10-06 16:54:25 +02:00
Jochen Hoenicke
133c068f37
Reworked rfc6979 signing. ( #72 )
...
This adds an is_canonic parameter to all sign functions. This is a
callback that determines if a signature corresponds to some coin
specific rules. It is used, e. g., by ethereum (where the recovery
byte must be 0 or 1, and not 2 or 3) and or steem signatures (which
require both r and s to be between 2^248 and 2^255).
This also separates the initialization and the step function of the
random number generator, making it easy to restart the signature
process with the next random number.
2016-10-06 16:54:07 +02:00
Jan Pochyla
00413c0b6e
bip32: serialization returns nu. of written bytes
2016-10-06 12:36:23 +02:00
Saleem Rashid
db1b638cdf
gui: update for newer HDNode API ( #68 )
2016-09-11 00:35:02 +02:00
Pavol Rusnak
62b8f845f2
Merge pull request #67 from jhoenicke/master
...
sha2: fix unaligned access.
2016-08-29 22:03:32 +02:00
Jochen Hoenicke
19a1f501c4
Simplified sha256_Final/sha512_Last
...
- Fix the bug where we zero too many bytes in sha512_Last
(SHORT_BLOCK_LENGTH != BLOCK_LENGTH -2).
- Get rid of an if branch.
- Don't reverse the last two words in 512_Last that are written later.
- make 256_Final and 512_Last look the same.
2016-08-29 21:55:57 +02:00
Jochen Hoenicke
b3e6eecfce
sha2: Fix unaligned access
2016-08-29 21:55:11 +02:00
Pavol Rusnak
10a2a0014b
Merge pull request #66 from axic/bignum
...
Bignum: add bn_one
2016-08-28 14:28:27 +02:00