1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 06:18:07 +00:00
Commit Graph

12460 Commits

Author SHA1 Message Date
Pavol Rusnak
ae5bd43702 Merge pull request #26 from hno/patches/versioned_output
Put firmware files in output/ and name them with the tag built
2015-04-28 21:17:20 +02:00
Karel Bilek
55fa04c247 moving number back to 51 2015-04-27 19:40:45 +02:00
Karel Bilek
186a4dfdc6 Adding udev packaging 2015-04-27 19:15:56 +02:00
Henrik Nordstrom
6c40522291 Put firmware files in output/ and name them with the tag built 2015-04-17 09:02:18 +02:00
Pavol Rusnak
7d8fb375f0 seconds counter during pin lockdown 2015-04-16 18:16:30 +02:00
slush0
47fa2c0741 Added Coinprism, Bitex.la 2015-04-16 11:17:19 +02:00
Pavol Rusnak
2abe8d9879 fix udev rule location in description 2015-04-14 15:45:35 +02:00
Pavol Rusnak
d03f618c2f make udev rules filename consistent with the trezord package 2015-04-14 15:38:25 +02:00
Pavol Rusnak
1501ca2f67 activate screensaver on ClearSession message 2015-04-13 19:52:38 +02:00
Pavol Rusnak
ea7e92f5dd make gears turn faster when signing 2015-04-13 18:53:58 +02:00
Pavol Rusnak
21d0bb437a cleanup coding style 2015-04-13 18:19:33 +02:00
Pavol Rusnak
6ec585fcee Merge pull request #29 from netanelkl/master
Code Security change
2015-04-13 17:56:32 +02:00
Pavol Rusnak
f1b8f55d92 use curly braces in if block 2015-04-11 20:01:45 +02:00
Pavol Rusnak
99f01a9391 Merge pull request #30 from jhoenicke/master
Added more tests for new multiplications
2015-04-11 19:59:31 +02:00
Jochen Hoenicke
c90f79bce2 Added new tests for point multiplication 2015-04-11 13:12:03 +02:00
Jochen Hoenicke
e432d772c7 Program to precompute the table for scalar_mult
This program pre-computes the table and prints then in the form
that can be included in secp256k1.c
2015-04-11 13:12:03 +02:00
slush0
2f2ffd5239 Minor fixes of firmware_update 2015-04-09 21:13:35 +02:00
netanelkl
3fd32df8ed More of the same. 2015-04-09 15:05:28 -04:00
netanelkl
70dc71c87e Some more stack memory wipe before leaving functions.
Note that I preferred to change the multiple returns to multiple checks
of a boolean to concentrate the erase into the last part of the
functions.
2015-04-09 14:17:47 -04:00
netanelkl
aeefea054a Added some private key nullification so that they won't be uncontrolled in the stack 2015-04-08 15:07:15 -04:00
slush0
4ffadc2216 trezorctl firmware_update: allow updating from URL, detects hex and converts to binary 2015-04-02 19:05:51 +02:00
Pavol Rusnak
0cc270e6df reorder Dockerfile 2015-04-02 17:47:28 +02:00
Pavol Rusnak
795f70075b make SignIdentity.challenge_hidden and SignIdentity.challenge_visual longer (256 bytes) 2015-04-02 17:20:39 +02:00
Pavol Rusnak
ba73f43f71 change "sign in" screen 2015-04-02 16:56:03 +02:00
Pavol Rusnak
00ccf6a8ce bump storage version 2015-04-01 19:43:36 +02:00
Pavol Rusnak
8b268692fe prepare 1.3.3 release 2015-04-01 17:17:37 +02:00
Pavol Rusnak
4cbf29505d don't clear PIN on Initialize 2015-03-31 16:31:29 +02:00
Pavol Rusnak
956546ae54 update trezor-crypto 2015-03-31 16:26:51 +02:00
Pavol Rusnak
b9d43f8aa8 Merge pull request #4 from runn1ng/patch-1
Adding hidraw for raw HID access
2015-03-30 21:34:35 +02:00
Karel Bílek
fb846f8144 Adding hidraw for raw HID access
This rule is for allowing Chrome's HID API to work with Trezor on Linux
2015-03-30 20:43:43 +02:00
Pavol Rusnak
a757693fe3 Merge pull request #26 from jhoenicke/bignum_improvements
Bignum improvements
2015-03-30 17:48:43 +02:00
Pavol Rusnak
196cabe012 import random_uniform and random_permute functions from TREZOR codebase 2015-03-30 17:45:34 +02:00
Pavol Rusnak
ad71a16e61 Merge pull request #28 from oleganza/master
Typo fix in RFC6979 implementation
2015-03-30 17:32:38 +02:00
Oleg Andreev
a5a4333a8e typo fix (no, this was not a bug) 2015-03-30 17:25:34 +02:00
Pavol Rusnak
aee35dc768 add pin_cached + passphrase_cached fields to Features message; add GetFeatures message 2015-03-30 15:47:03 +02:00
Pavol Rusnak
e96ec085d5 add pin_cached + passphrase_cached fields to Features message; add GetFeatures message 2015-03-30 15:38:11 +02:00
Pavol Rusnak
bda4267c38 clear session on Initialize message 2015-03-30 14:41:51 +02:00
Pavol Rusnak
7c6d2fe395 ask for PIN in GetAddress and GetPublicKey messages 2015-03-30 14:38:33 +02:00
Pavol Rusnak
f5fb0c364e Merge pull request #23 from ELM4Ever/master
Darkcoin to Dash re-branding
2015-03-29 22:53:27 +02:00
ELMr4Ever
e855946d1c Darkcoin to Dash re-branding 2015-03-28 21:12:01 -07:00
Jochen Hoenicke
56f5777b68 Refactored code for point doubling.
New function `bn_mult_3_2` that multiplies by 3/2.
This function is used in point_double and point_jacobian_double.
Cleaned up point_add and point_double, more comments.
2015-03-22 17:55:01 +01:00
Jochen Hoenicke
edf0fc4902 New fast variant of point_multiply.
Use a similar algorithm for `point_multiply` as for
`scalar_multiply` but with less precomputation.
Added double for points in Jacobian coordinates.
Simplified `point_jacobian_add` a little.
2015-03-21 21:10:08 +01:00
Pavol Rusnak
9761dd23e0 prepare 1.3.2 release 2015-03-21 10:44:30 +01:00
Pavol Rusnak
d4df66a8d0 Merge pull request #27 from jhoenicke/bip39fix
Off by one error in word length.
2015-03-21 10:33:06 +01:00
Jochen Hoenicke
1b42fde852 Off by one error in word length.
This could lead to a buffer overrun if the final 0 byte is
written to current_word[j] after the loop.

Also document the limit of passphrase in mnemonic_to_seed.
2015-03-20 21:46:32 +01:00
Pavol Rusnak
40e174ac87 bump storage version 2015-03-18 13:34:09 +01:00
Pavol Rusnak
137ae02853 fix typo 2015-03-18 10:49:52 +01:00
Jochen Hoenicke
1700caf2ad scalar_mult based on Jacobian representation
This version of scalar_mult should be faster and much better
against side-channel attacks.  Except bn_inverse and bn_mod
all functions are constant time.  bn_inverse is only used
in the last step and its input is randomized.  The function
bn_mod is only taking extra time in 2^32/2^256 cases, so
in practise it should not occur at all.  The input to bn_mod
is also depending on the random value.

There is secret dependent array access in scalar_multiply,
so cache may be an issue.
2015-03-17 19:18:34 +01:00
Jochen Hoenicke
2c38929d03 Make scalar_multiply timing attack safe.
This should make side-channel attacks much more difficult. However,

1. Timing of bn_inverse, which is used in point_add depends on input.
2. Timing of reading secp256k1_cp may depend on input due to cache.
3. The conditions in point_add are not timing attack safe.
   However point_add is always a straight addition, never double or some
   other special case.

In the long run, I would like to use a specialized point_add using Jacobian
representation plus a randomization when converting the first point to
Jacobian representation.  The Jacobian representation would also make
the procedure a bit faster.
2015-03-17 19:18:34 +01:00
Jochen Hoenicke
ec057a5102 "More" constant time point multiplication
About the same speed, about the same precomputation table requirements.
Simpler code.
2015-03-17 19:18:34 +01:00