diff --git a/src/apdu_sign.c b/src/apdu_sign.c index 5f18cf09..a27009bb 100644 --- a/src/apdu_sign.c +++ b/src/apdu_sign.c @@ -24,7 +24,8 @@ static inline void conditional_init_hash_state(blake2b_hash_state_t *const state) { check_null(state); if (!state->initialized) { - cx_blake2b_init(&state->state, SIGN_HASH_SIZE * 8); // cx_blake2b_init takes size in bits. + // cx_blake2b_init takes size in bits. + CX_THROW(cx_blake2b_init_no_throw(&state->state, SIGN_HASH_SIZE * 8)); state->initialized = true; } } @@ -42,7 +43,12 @@ static void blake2b_incremental_hash( while (*out_length > B2B_BLOCKBYTES) { if (current - out > (int) out_size) THROW(EXC_MEMORY_ERROR); conditional_init_hash_state(state); - cx_hash((cx_hash_t *) &state->state, 0, current, B2B_BLOCKBYTES, NULL, 0); + CX_THROW(cx_hash_no_throw((cx_hash_t *) &state->state, + 0, + current, + B2B_BLOCKBYTES, + NULL, + 0)); *out_length -= B2B_BLOCKBYTES; current += B2B_BLOCKBYTES; } @@ -64,7 +70,12 @@ static void blake2b_finish_hash( conditional_init_hash_state(state); blake2b_incremental_hash(buff, buff_size, buff_length, state); - cx_hash((cx_hash_t *) &state->state, CX_LAST, buff, *buff_length, out, out_size); + CX_THROW(cx_hash_no_throw((cx_hash_t *) &state->state, + CX_LAST, + buff, + *buff_length, + out, + out_size)); } static inline void clear_data(void) { diff --git a/src/keys.c b/src/keys.c index 4b8c5352..61c5107b 100644 --- a/src/keys.c +++ b/src/keys.c @@ -56,38 +56,30 @@ int crypto_derive_private_key(cx_ecfp_private_key_t *private_key, cx_curve_t const cx_curve = signature_type_to_cx_curve(derivation_type_to_signature_type(derivation_type)); - BEGIN_TRY { - TRY { - if (derivation_type == DERIVATION_TYPE_ED25519) { - // Old, non BIP32_Ed25519 way... - os_perso_derive_node_bip32_seed_key(HDW_ED25519_SLIP10, - CX_CURVE_Ed25519, - bip32_path->components, - bip32_path->length, - raw_private_key, - NULL, - NULL, - 0); - } else { - // derive the seed with bip32_path - os_perso_derive_node_bip32(cx_curve, - bip32_path->components, - bip32_path->length, - raw_private_key, - NULL); - } - - // new private_key from raw - cx_ecfp_init_private_key(cx_curve, raw_private_key, 32, private_key); - } - CATCH_OTHER(e) { - error = 1; - } - FINALLY { - explicit_bzero(raw_private_key, sizeof(raw_private_key)); - } + if (derivation_type == DERIVATION_TYPE_ED25519) { + // Old, non BIP32_Ed25519 way... + error = os_derive_bip32_with_seed_no_throw(HDW_ED25519_SLIP10, + CX_CURVE_Ed25519, + bip32_path->components, + bip32_path->length, + raw_private_key, + NULL, + NULL, + 0); + } else { + // derive the seed with bip32_path + error = os_derive_bip32_no_throw(cx_curve, + bip32_path->components, + bip32_path->length, + raw_private_key, + NULL); } - END_TRY; + + if (!error) + // new private_key from raw + error = cx_ecfp_init_private_key_no_throw(cx_curve, raw_private_key, 32, private_key); + + explicit_bzero(raw_private_key, sizeof(raw_private_key)); return error; } @@ -100,7 +92,10 @@ int crypto_init_public_key(derivation_type_t const derivation_type, signature_type_to_cx_curve(derivation_type_to_signature_type(derivation_type)); // generate corresponding public key - cx_ecfp_generate_pair(cx_curve, public_key, private_key, 1); + error = cx_ecfp_generate_pair_no_throw(cx_curve, public_key, private_key, 1); + if (error) { + return error; + } // If we're using the old curve, make sure to adjust accordingly. if (cx_curve == CX_CURVE_Ed25519) { @@ -170,13 +165,14 @@ void public_key_hash(uint8_t *const hash_out, } cx_blake2b_t hash_state; - cx_blake2b_init(&hash_state, HASH_SIZE * 8); // cx_blake2b_init takes size in bits. - cx_hash((cx_hash_t *) &hash_state, - CX_LAST, - compressed.W, - compressed.W_len, - hash_out, - HASH_SIZE); + // cx_blake2b_init takes size in bits. + CX_THROW(cx_blake2b_init_no_throw(&hash_state, HASH_SIZE * 8)); + CX_THROW(cx_hash_no_throw((cx_hash_t *) &hash_state, + CX_LAST, + compressed.W, + compressed.W_len, + hash_out, + HASH_SIZE)); if (compressed_out != NULL) { memmove(compressed_out, &compressed, sizeof(*compressed_out)); } @@ -197,30 +193,33 @@ size_t sign(uint8_t *const out, case SIGNATURE_TYPE_ED25519: { static size_t const SIG_SIZE = 64; if (out_size < SIG_SIZE) THROW(EXC_WRONG_LENGTH); - tx += cx_eddsa_sign(&pair->private_key, - 0, - CX_SHA512, - (uint8_t const *) PIC(in), - in_size, - NULL, - 0, - out, - SIG_SIZE, - NULL); + + CX_THROW(cx_eddsa_sign_no_throw(&pair->private_key, + CX_SHA512, + (uint8_t const *) PIC(in), + in_size, + out, + SIG_SIZE)); + + tx += SIG_SIZE; + } break; case SIGNATURE_TYPE_SECP256K1: case SIGNATURE_TYPE_SECP256R1: { static size_t const SIG_SIZE = 100; if (out_size < SIG_SIZE) THROW(EXC_WRONG_LENGTH); unsigned int info; - tx += cx_ecdsa_sign(&pair->private_key, - CX_LAST | CX_RND_RFC6979, - CX_SHA256, // historical reasons...semantically CX_NONE - (uint8_t const *) PIC(in), - in_size, - out, - SIG_SIZE, - &info); + size_t sig_len = SIG_SIZE; + CX_THROW(cx_ecdsa_sign_no_throw(&pair->private_key, + CX_LAST | CX_RND_RFC6979, + CX_SHA256, // historical reasons...semantically CX_NONE + (uint8_t const *) PIC(in), + in_size, + out, + &sig_len, + &info)); + tx += sig_len; + if (info & CX_ECCINFO_PARITY_ODD) { out[0] |= 0x01; }