Coverage Report

Created: 2024-11-21 07:03

/src/trezor-firmware/crypto/rfc6979.c
Line
Count
Source (jump to first uncovered line)
1
/**
2
 * Copyright (c) 2013-2014 Tomas Dzetkulic
3
 * Copyright (c) 2013-2014 Pavol Rusnak
4
 * Copyright (c)      2015 Jochen Hoenicke
5
 *
6
 * Permission is hereby granted, free of charge, to any person obtaining
7
 * a copy of this software and associated documentation files (the "Software"),
8
 * to deal in the Software without restriction, including without limitation
9
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
10
 * and/or sell copies of the Software, and to permit persons to whom the
11
 * Software is furnished to do so, subject to the following conditions:
12
 *
13
 * The above copyright notice and this permission notice shall be included
14
 * in all copies or substantial portions of the Software.
15
 *
16
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
17
 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19
 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES
20
 * OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21
 * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22
 * OTHER DEALINGS IN THE SOFTWARE.
23
 */
24
#include <assert.h>
25
26
#include "hmac_drbg.h"
27
#include "memzero.h"
28
#include "rfc6979.h"
29
30
void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash,
31
203
                  const ecdsa_curve *curve, rfc6979_state *state) {
32
203
  if (curve) {
33
203
    bignum256 hash_bn = {0};
34
203
    bn_read_be(hash, &hash_bn);
35
36
    // Make sure hash is partly reduced modulo order
37
203
    assert(bn_bitcount(&curve->order) >= 256);
38
203
    bn_mod(&hash_bn, &curve->order);
39
40
203
    uint8_t hash_reduced[32] = {0};
41
203
    bn_write_be(&hash_bn, hash_reduced);
42
203
    memzero(&hash_bn, sizeof(hash_bn));
43
203
    hmac_drbg_init(state, priv_key, 32, hash_reduced, 32);
44
203
    memzero(hash_reduced, sizeof(hash_reduced));
45
203
  } else {
46
0
    hmac_drbg_init(state, priv_key, 32, hash, 32);
47
0
  }
48
203
}
49
50
// generate next number from deterministic random number generator
51
203
void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state) {
52
203
  hmac_drbg_generate(state, rnd, 32);
53
203
}
54
55
// generate K in a deterministic way, according to RFC6979
56
// http://tools.ietf.org/html/rfc6979
57
203
void generate_k_rfc6979(bignum256 *k, rfc6979_state *state) {
58
203
  uint8_t buf[32] = {0};
59
203
  generate_rfc6979(buf, state);
60
203
  bn_read_be(buf, k);
61
203
  memzero(buf, sizeof(buf));
62
203
}