arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-09 06:50:58 +00:00
Code Issues Releases Wiki Activity
190 Commits 376 Branches 205 Tags 220 MiB
Python 34.6%
C 33.7%
Rust 29.4%
Nix 0.6%
C++ 0.4%
Other 1.1%
2c38929d03
Go to file
Jochen Hoenicke 2c38929d03 Make scalar_multiply timing attack safe. 
This should make side-channel attacks much more difficult. However,

1. Timing of bn_inverse, which is used in point_add depends on input.
2. Timing of reading secp256k1_cp may depend on input due to cache.
3. The conditions in point_add are not timing attack safe.
   However point_add is always a straight addition, never double or some
   other special case.

In the long run, I would like to use a specialized point_add using Jacobian
representation plus a randomization when converting the first point to
Jacobian representation.  The Jacobian representation would also make
the procedure a bit faster.
2015-03-17 19:18:34 +01:00
gui add more checks for improbable cases; rework gui testing app 2014-08-07 18:35:54 +02:00
tools remove all references to USE_PUBKEY_VALIDATE 2015-03-12 15:53:41 +01:00
.gitignore prepare cython-TrezorCrypto for pip release 2015-01-12 19:11:43 +01:00
aes_modes.c rename aes_ctr_counter_inc to aes_ctr_cbuf_inc and move it to aes_modes.c 2014-06-07 14:16:27 +02:00
aes.h rename aes_ctr_counter_inc to aes_ctr_cbuf_inc and move it to aes_modes.c 2014-06-07 14:16:27 +02:00
aescrypt.c update AES code to support different modes of operation, add unittests 2014-06-07 13:38:56 +02:00
aeskey.c update AES code to support different modes of operation, add unittests 2014-06-07 13:38:56 +02:00
aesopt.h don't include aescpp.h 2014-07-24 15:26:50 +02:00
aestab.c update AES code to support different modes of operation, add unittests 2014-06-07 13:38:56 +02:00
aestab.h update AES code to support different modes of operation, add unittests 2014-06-07 13:38:56 +02:00
AUTHORS import sources 2013-08-17 14:20:15 +02:00
base58.c replace base58 implementation 2014-12-23 03:11:58 +01:00
base58.h Add stdbool.h 2015-01-23 12:12:40 -08:00
bignum.c Added modulus to bn_subtractmod 2015-03-17 19:17:56 +01:00
bignum.h Added modulus to bn_subtractmod 2015-03-17 19:17:56 +01:00
bip32.c remove all references to USE_PUBKEY_VALIDATE 2015-03-12 15:53:41 +01:00
bip32.h add stdlib to header 2015-01-26 19:12:22 +01:00
bip39_english.h Make word list const 2015-02-14 12:00:44 +01:00
bip39.c Make word list const 2015-02-14 12:00:44 +01:00
bip39.h Make word list const 2015-02-14 12:00:44 +01:00
c.pxd prepare cython-TrezorCrypto for pip release 2015-01-12 19:11:43 +01:00
CMakeLists.txt Make test build optional in CMake 2014-07-17 12:51:00 -05:00
ecdsa.c Make scalar_multiply timing attack safe. 2015-03-17 19:18:34 +01:00
ecdsa.h Add prototypes for private functions 2015-01-23 12:12:40 -08:00
hmac.c fix copyright headers 2014-05-22 20:54:58 +02:00
hmac.h fix copyright headers 2014-05-22 20:54:58 +02:00
LICENSE import sources 2013-08-17 14:20:15 +02:00
Makefile remove all references to USE_PUBKEY_VALIDATE 2015-03-12 15:53:41 +01:00
MANIFEST.in prepare cython-TrezorCrypto for pip release 2015-01-12 19:11:43 +01:00
options.h Optimized the bn_inverse method. 2015-03-17 19:17:47 +01:00
pbkdf2.c split pbkdf2 into pbkdf2_hmac_sha256 and pbkdf2_hmac_sha512 2014-10-30 01:35:13 +01:00
pbkdf2.h split pbkdf2 into pbkdf2_hmac_sha256 and pbkdf2_hmac_sha512 2014-10-30 01:35:13 +01:00
rand.c Add finalize_rand() to prove we have no leaks 2015-01-23 06:05:38 -08:00
rand.h Add stdlib.h to header. Needed for size_t. 2015-01-27 21:44:48 -05:00
README.md README -> README.md 2014-12-24 01:27:20 +01:00
ripemd160.c use #if instead of #ifdef for conditional macros 2013-10-03 17:32:27 +02:00
ripemd160.h add ripemd160 2013-09-16 01:32:56 +02:00
secp256k1.c "More" constant time point multiplication 2015-03-17 19:18:34 +01:00
secp256k1.h "More" constant time point multiplication 2015-03-17 19:18:34 +01:00
setup.py remove all references to USE_PUBKEY_VALIDATE 2015-03-12 15:53:41 +01:00
sha2.c Remove unused static variable sha384_initial_hash_value. 2015-01-27 19:22:42 -05:00
sha2.h fix copyright headers 2014-05-22 20:54:58 +02:00
test-openssl.c export pby from ecdsa_sign functions 2014-12-08 21:08:49 +01:00
test.py prepare cython-TrezorCrypto for pip release 2015-01-12 19:11:43 +01:00
tests.c remove all references to USE_PUBKEY_VALIDATE 2015-03-12 15:53:41 +01:00
TrezorCrypto.pyx prepare cython-TrezorCrypto for pip release 2015-01-12 19:11:43 +01:00

README.md

trezor-crypto

Heavily optimized cryptography algorithms for embedded devices.

These include:

  • AES/Rijndael encryption/decryption
  • Big Number (256 bit) Arithmetics
  • BIP32 Hierarchical Deterministic Wallets
  • BIP39 Mnemonic code
  • ECDSA signing/verifying (only hardcoded secp256k1 curve, uses RFC6979 for deterministic signatures)
  • ECDSA public key derivation + Base58 address representation
  • HMAC-SHA256 and HMAC-SHA512
  • PBKDF2
  • RIPEMD-160
  • SHA256/SHA512
  • unit tests (using Check - check.sf.net; in tests.c)
  • tests against OpenSSL (in test-openssl.c)

Distibuted under MIT License.