1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-04 21:48:17 +00:00
Commit Graph

448 Commits

Author SHA1 Message Date
Pavol Rusnak
e15a7bc986
add extra test for rfc6979 from the paper 2017-04-03 21:19:19 +02:00
Pavol Rusnak
a820a5601b
split rfc6979 from ecdsa into separate module 2017-04-03 20:58:53 +02:00
Pavol Rusnak
3d04064384
don't skip const if not using gcc 2017-04-02 02:54:46 +02:00
Pavol Rusnak
a8aacac6be
ecdsa: rand -> rnd 2017-04-02 02:52:50 +02:00
Pavol Rusnak
900f4b0756
build: don't use const for ed25519/cosi if gcc<5 2017-04-02 02:51:09 +02:00
Pavol Rusnak
b666039f66
ed25519_cosi: small changes to code style 2017-04-02 01:28:18 +02:00
Jochen Hoenicke
d3d88591d0 Added co-signing for ed25519. 2017-04-02 01:18:03 +02:00
Pavol Rusnak
12af9b262b
build: switch to gcc-5 (in travis) 2017-04-02 01:13:50 +02:00
Pavol Rusnak
a46c372969
build: use trusty in travis 2017-04-02 00:01:07 +02:00
Pavol Rusnak
6d236cf5a1
fix typo in readme 2017-03-31 01:36:29 +02:00
Pavol Rusnak
36f099fe62
update emscripten stuff 2017-03-30 17:53:09 +02:00
Jochen Hoenicke
aa16b53bba Refactored duplicated code (#84)
Changed signature of public_ckd_address_optimized to not include the
compressed public_key (uncompressed is in pub).
2017-03-30 17:38:49 +02:00
Pavol Rusnak
323d6b023a
fix build 2017-03-30 15:07:29 +02:00
Pavol Rusnak
c200ce121a
introduce ED25519_NO_PRECOMP flag to optimize ed25519 verify size 2017-03-29 00:18:56 +02:00
Pavol Rusnak
df2524e35b
add changes to cmake/qmake builds 2017-03-28 23:18:55 +02:00
Pavol Rusnak
fdf1b6dc6d
remove duplicite curve25519 scalarmult implementations 2017-03-28 23:05:59 +02:00
Pavol Rusnak
1d232a6f86
whitespace cleanup 2017-03-28 22:52:02 +02:00
Pavol Rusnak
b1bee409e7
ed22519: remove more unused stuff, don't inline 2017-03-28 20:26:43 +02:00
Pavol Rusnak
4669c3db4c
more merging of curve25519 into ed25519 2017-03-28 19:48:36 +02:00
Pavol Rusnak
8cc6539d2d
remove unused functions 2017-03-28 19:20:40 +02:00
Pavol Rusnak
092d8e7bf1
merge curve25519 into ed25519, code reuse 2017-03-28 18:53:09 +02:00
Pavol Rusnak
397a13f654
simplify ed25519 code 2017-03-28 18:32:58 +02:00
Pavol Rusnak
cb471ba2ec
upgrade ed25519 to forthy42 fork 2017-03-28 18:01:42 +02:00
Pavol Rusnak
87c920a7e7
use BLOCK_LENGTH and DIGEST_LENGTH across all hash functions 2017-03-20 20:20:14 +01:00
Pavol Rusnak
27807fd367
blake: add compat macros 2017-03-20 19:19:24 +01:00
Pavol Rusnak
9a2310fc53
add Blake2b 2017-02-28 18:14:54 +01:00
Pavol Rusnak
3d364aac36
we don't use OPTIMIZED_IV anywhere anymore 2017-01-11 15:33:46 +01:00
Pavol Rusnak
3b97a8b34c Merge pull request #83 from jhoenicke/master
Removed duplicated code for multi-byte prefixes
2017-01-04 15:29:48 +01:00
Jochen Hoenicke
1fb56e3466
Test cases for multibyte address prefixes 2017-01-04 15:16:55 +01:00
Jochen Hoenicke
9443aefa9a
Multi-byte prefix cleanup
use the functions from address.c in ecdsa.c to avoid duplicated code.
2017-01-04 15:16:55 +01:00
Pavol Rusnak
b55473a01e
add fingerprint output parameter to hdnode_private_ckd_cached function 2016-12-12 12:07:33 +01:00
Saleem Rashid
6aac03d2d8 CMakeLists: Allow use as a library (#82)
This allows TrezorCrypto to be linked with by other CMake projects
2016-11-16 22:58:12 +01:00
Jan Pochyla
20bb7e9b5c sha1: fix context zeroing 2016-11-06 16:02:10 +01:00
Jochen Hoenicke
949220ac0b
Protect signing against side-channel attack (#81)
Signing uses the bn_inverse function that is prone to side-channel
attacks.  We randomize its argument by multiplying it with a random
non-zero number.  At the end we multiply again by the same number to
cancel it out.

Changed get_k_random to take the prime range as a second argument and
to return a non-zero number.  This function was previously only used
for (non-rfc6979) signing and is now used for side-channel protection.
2016-11-06 15:20:07 +01:00
Pavol Rusnak
e68267e04b
undef ALIGN macro in curve25519 2016-11-06 15:16:09 +01:00
Pavol Rusnak
bb61fb75d8
segwit address sizes 2016-11-05 22:27:10 +01:00
Jochen Hoenicke
e855c60529 Use bn_add instead of bn_addmod (#80)
The bip32 private key derivation used bn_addmod to handle
wrap around.  This was never sufficient as bn_addmod uses only
bn_fast_mod, so an additional bn_mod is necessary.  The bn_fast_mod
helped when bn_mod was not side-channel safe.  Now that bn_mod uses
constant time code, we can get rid of the unnecessary bn_fast_mod
step and use bn_add instead of bn_addmod.
2016-11-05 21:21:48 +01:00
Saleem Rashid
19efbeef8d sha2: add sha1_Raw 2016-11-05 15:14:37 +01:00
Saleem Rashid
d812c7209f sha2: import SHA1 implementation 2016-11-05 15:14:37 +01:00
Saleem Rashid
0acfb2cf28 tests: add SHA1 test 2016-11-05 15:14:37 +01:00
Saleem Rashid
1b79c93bbc sha2: NIST FIPS 180-2 naming conventions 2016-11-05 15:14:37 +01:00
Pavol Rusnak
a91e005633
extract block size and digest size as macros in ripemd160 2016-11-01 16:32:44 +01:00
Pavol Rusnak
f4e4c29356
add blake2s, add unittests for blake2s and sha3 2016-11-01 16:22:20 +01:00
Pavol Rusnak
459f4a5e7a
add setbit, clearbit, testbit and xor to bignum 2016-10-31 17:26:24 +01:00
Pavol Rusnak
1259c36f80
change shebang for test_curves.py 2016-10-24 21:43:33 +02:00
Roman Zeyde
5ecb8574cc tests: fix curve25519 unittests (#78) 2016-10-24 21:35:30 +02:00
Pavol Rusnak
fa8772dfee
include options.h to base58.h 2016-10-24 20:54:29 +02:00
Pavol Rusnak
0abc61f672
use curve25519-donna from floodyberry 2016-10-24 20:51:57 +02:00
Pavol Rusnak
bede439a62
remove unused macros in test-openssl.c 2016-10-24 20:39:55 +02:00
Pavol Rusnak
b617568068
add curve25519 multiply to test_speed 2016-10-24 20:27:48 +02:00