Pavol Rusnak
ae5bd43702
Merge pull request #26 from hno/patches/versioned_output
...
Put firmware files in output/ and name them with the tag built
2015-04-28 21:17:20 +02:00
Karel Bilek
55fa04c247
moving number back to 51
2015-04-27 19:40:45 +02:00
Karel Bilek
186a4dfdc6
Adding udev packaging
2015-04-27 19:15:56 +02:00
Henrik Nordstrom
6c40522291
Put firmware files in output/ and name them with the tag built
2015-04-17 09:02:18 +02:00
Pavol Rusnak
7d8fb375f0
seconds counter during pin lockdown
2015-04-16 18:16:30 +02:00
slush0
47fa2c0741
Added Coinprism, Bitex.la
2015-04-16 11:17:19 +02:00
Pavol Rusnak
2abe8d9879
fix udev rule location in description
2015-04-14 15:45:35 +02:00
Pavol Rusnak
d03f618c2f
make udev rules filename consistent with the trezord package
2015-04-14 15:38:25 +02:00
Pavol Rusnak
1501ca2f67
activate screensaver on ClearSession message
2015-04-13 19:52:38 +02:00
Pavol Rusnak
ea7e92f5dd
make gears turn faster when signing
2015-04-13 18:53:58 +02:00
Pavol Rusnak
21d0bb437a
cleanup coding style
2015-04-13 18:19:33 +02:00
Pavol Rusnak
6ec585fcee
Merge pull request #29 from netanelkl/master
...
Code Security change
2015-04-13 17:56:32 +02:00
Pavol Rusnak
f1b8f55d92
use curly braces in if block
2015-04-11 20:01:45 +02:00
Pavol Rusnak
99f01a9391
Merge pull request #30 from jhoenicke/master
...
Added more tests for new multiplications
2015-04-11 19:59:31 +02:00
Jochen Hoenicke
c90f79bce2
Added new tests for point multiplication
2015-04-11 13:12:03 +02:00
Jochen Hoenicke
e432d772c7
Program to precompute the table for scalar_mult
...
This program pre-computes the table and prints then in the form
that can be included in secp256k1.c
2015-04-11 13:12:03 +02:00
slush0
2f2ffd5239
Minor fixes of firmware_update
2015-04-09 21:13:35 +02:00
netanelkl
3fd32df8ed
More of the same.
2015-04-09 15:05:28 -04:00
netanelkl
70dc71c87e
Some more stack memory wipe before leaving functions.
...
Note that I preferred to change the multiple returns to multiple checks
of a boolean to concentrate the erase into the last part of the
functions.
2015-04-09 14:17:47 -04:00
netanelkl
aeefea054a
Added some private key nullification so that they won't be uncontrolled in the stack
2015-04-08 15:07:15 -04:00
slush0
4ffadc2216
trezorctl firmware_update: allow updating from URL, detects hex and converts to binary
2015-04-02 19:05:51 +02:00
Pavol Rusnak
0cc270e6df
reorder Dockerfile
2015-04-02 17:47:28 +02:00
Pavol Rusnak
795f70075b
make SignIdentity.challenge_hidden and SignIdentity.challenge_visual longer (256 bytes)
2015-04-02 17:20:39 +02:00
Pavol Rusnak
ba73f43f71
change "sign in" screen
2015-04-02 16:56:03 +02:00
Pavol Rusnak
00ccf6a8ce
bump storage version
2015-04-01 19:43:36 +02:00
Pavol Rusnak
8b268692fe
prepare 1.3.3 release
2015-04-01 17:17:37 +02:00
Pavol Rusnak
4cbf29505d
don't clear PIN on Initialize
2015-03-31 16:31:29 +02:00
Pavol Rusnak
956546ae54
update trezor-crypto
2015-03-31 16:26:51 +02:00
Pavol Rusnak
b9d43f8aa8
Merge pull request #4 from runn1ng/patch-1
...
Adding hidraw for raw HID access
2015-03-30 21:34:35 +02:00
Karel Bílek
fb846f8144
Adding hidraw for raw HID access
...
This rule is for allowing Chrome's HID API to work with Trezor on Linux
2015-03-30 20:43:43 +02:00
Pavol Rusnak
a757693fe3
Merge pull request #26 from jhoenicke/bignum_improvements
...
Bignum improvements
2015-03-30 17:48:43 +02:00
Pavol Rusnak
196cabe012
import random_uniform and random_permute functions from TREZOR codebase
2015-03-30 17:45:34 +02:00
Pavol Rusnak
ad71a16e61
Merge pull request #28 from oleganza/master
...
Typo fix in RFC6979 implementation
2015-03-30 17:32:38 +02:00
Oleg Andreev
a5a4333a8e
typo fix (no, this was not a bug)
2015-03-30 17:25:34 +02:00
Pavol Rusnak
aee35dc768
add pin_cached + passphrase_cached fields to Features message; add GetFeatures message
2015-03-30 15:47:03 +02:00
Pavol Rusnak
e96ec085d5
add pin_cached + passphrase_cached fields to Features message; add GetFeatures message
2015-03-30 15:38:11 +02:00
Pavol Rusnak
bda4267c38
clear session on Initialize message
2015-03-30 14:41:51 +02:00
Pavol Rusnak
7c6d2fe395
ask for PIN in GetAddress and GetPublicKey messages
2015-03-30 14:38:33 +02:00
Pavol Rusnak
f5fb0c364e
Merge pull request #23 from ELM4Ever/master
...
Darkcoin to Dash re-branding
2015-03-29 22:53:27 +02:00
ELMr4Ever
e855946d1c
Darkcoin to Dash re-branding
2015-03-28 21:12:01 -07:00
Jochen Hoenicke
56f5777b68
Refactored code for point doubling.
...
New function `bn_mult_3_2` that multiplies by 3/2.
This function is used in point_double and point_jacobian_double.
Cleaned up point_add and point_double, more comments.
2015-03-22 17:55:01 +01:00
Jochen Hoenicke
edf0fc4902
New fast variant of point_multiply.
...
Use a similar algorithm for `point_multiply` as for
`scalar_multiply` but with less precomputation.
Added double for points in Jacobian coordinates.
Simplified `point_jacobian_add` a little.
2015-03-21 21:10:08 +01:00
Pavol Rusnak
9761dd23e0
prepare 1.3.2 release
2015-03-21 10:44:30 +01:00
Pavol Rusnak
d4df66a8d0
Merge pull request #27 from jhoenicke/bip39fix
...
Off by one error in word length.
2015-03-21 10:33:06 +01:00
Jochen Hoenicke
1b42fde852
Off by one error in word length.
...
This could lead to a buffer overrun if the final 0 byte is
written to current_word[j] after the loop.
Also document the limit of passphrase in mnemonic_to_seed.
2015-03-20 21:46:32 +01:00
Pavol Rusnak
40e174ac87
bump storage version
2015-03-18 13:34:09 +01:00
Pavol Rusnak
137ae02853
fix typo
2015-03-18 10:49:52 +01:00
Jochen Hoenicke
1700caf2ad
scalar_mult based on Jacobian representation
...
This version of scalar_mult should be faster and much better
against side-channel attacks. Except bn_inverse and bn_mod
all functions are constant time. bn_inverse is only used
in the last step and its input is randomized. The function
bn_mod is only taking extra time in 2^32/2^256 cases, so
in practise it should not occur at all. The input to bn_mod
is also depending on the random value.
There is secret dependent array access in scalar_multiply,
so cache may be an issue.
2015-03-17 19:18:34 +01:00
Jochen Hoenicke
2c38929d03
Make scalar_multiply timing attack safe.
...
This should make side-channel attacks much more difficult. However,
1. Timing of bn_inverse, which is used in point_add depends on input.
2. Timing of reading secp256k1_cp may depend on input due to cache.
3. The conditions in point_add are not timing attack safe.
However point_add is always a straight addition, never double or some
other special case.
In the long run, I would like to use a specialized point_add using Jacobian
representation plus a randomization when converting the first point to
Jacobian representation. The Jacobian representation would also make
the procedure a bit faster.
2015-03-17 19:18:34 +01:00
Jochen Hoenicke
ec057a5102
"More" constant time point multiplication
...
About the same speed, about the same precomputation table requirements.
Simpler code.
2015-03-17 19:18:34 +01:00