:lock: Don't use this repo, use the new monorepo instead:

Overview

trezor-crypto

Build Status gitter

Heavily optimized cryptography algorithms for embedded devices.

These include:

  • AES/Rijndael encryption/decryption
  • Big Number (256 bit) Arithmetics
  • BIP32 Hierarchical Deterministic Wallets
  • BIP39 Mnemonic code
  • ECDSA signing/verifying (supports secp256k1 and nist256p1 curves, uses RFC6979 for deterministic signatures)
  • ECDSA public key derivation
  • Base32 (RFC4648 and custom alphabets)
  • Base58 address representation
  • Ed25519 signing/verifying (also SHA3 and Keccak variants)
  • ECDH using secp256k1, nist256p1 and Curve25519
  • HMAC-SHA256 and HMAC-SHA512
  • PBKDF2
  • RIPEMD-160
  • SHA1
  • SHA2-256/SHA2-512
  • SHA3/Keccak
  • BLAKE2s/BLAKE2b
  • Chacha20-Poly1305
  • unit tests (using Check - check.sf.net; in test_check.c)
  • tests against OpenSSL (in test_openssl.c)
  • integrated Wycheproof tests

Distibuted under MIT License.

Some parts of the library come from external sources:

Issues
  • xmr: monero crypto functions, tests

    xmr: monero crypto functions, tests

    original PR: https://github.com/trezor/trezor-crypto/pull/162

    • basic crypto in ed25519 (ge, fe, sc) missing from the trezor-crypto, required for Monero.
    • Monero specific functions (e.g., sub-address computation, Pedersen commitments, base58 block-based, hash_to_scalar, hash_to_point, derivation to scalar)
    • serialization routines - simple variable sized integer serialization
    • memory optimized range proof, Borromean.
    • tests - should be covered pretty well.
    opened by prusnak 27
  • Add Cardano currency support

    Add Cardano currency support

    This PR is for adding Cardano currency support and is intended to merge with https://github.com/trezor/trezor-core/pull/250

    For the support of Cardano currency was required to add cardano-specific ed25519 crypto support. The crypto code is based on cardano-crypto and cardano-sl - official Cardano repos.

    We are NOT official developers of Cardano, however we are developers of www.cardanolite.com

    opened by ddeath 12
  • Fix decred bip32 name

    Fix decred bip32 name

    Standard decred software uses Bitcoin seed instead of Decred seed as the bip32 master key[1][2].

    Ideally, trezor should use the same master key as standard decred software to allow better interoperability; in particular to allow users to import their trezor seed (after a small conversion) into standard decred software.

    While this breaks any existing decred trezor wallets, no software has been officially released to allow using decred with trezor. Neither trezor web wallet nor any decred wallet has been released to the general public yet. We can also provide a recovery path for any outstanding trezor users that might have already used the recently released firmware 1.6.2 with mainnet decred coins.

    We'll need to have this fix applied then wait for the next round of firmware updates to be released before releasing official decred wallets with trezor support.

    [1] https://github.com/decred/dcrd/blob/master/hdkeychain/extendedkey.go#L97 [2] https://github.com/decred/dcrd/blob/master/hdkeychain/extendedkey.go#L464

    opened by matheusd 10
  • Monero: normalization fixes

    Monero: normalization fixes

    PR that came from the discussion with @onvej-sl in https://github.com/trezor/trezor-crypto/pull/169

    Requires rebasing on top of the master and merging https://github.com/trezor/trezor-crypto/pull/171 and https://github.com/trezor/trezor-crypto/pull/172 first.

    opened by ph4r05 9
  • Ed25519/modm neg, sub added

    Ed25519/modm neg, sub added

    Two new operations on ed25519 scalar values (modulo m) were added:

    • -x mod m
    • x-y mod m

    I need this for Monero implementation. I am working another few which I will PR as they are finished and tested.

    opened by ph4r05 8
  • MEMSET_BZERO optimized out for automatic variables

    MEMSET_BZERO optimized out for automatic variables

    GCC optimizes out the memset call for automatic variables, such as https://github.com/trezor/trezor-crypto/blob/8d8bc9c762b504ee8c66f94d93600d417d92841e/bip39.c#L66-L69

    Using volatile does not solve the issue because memset discards the qualifier.

    One possible solution would be to define MEMSET_BZERO as explicit_bzero from Newlib in the firmware. Or we could implement our own version so other dependent projects benefit from it. It is simply a call to memset(buffer, 0, size) but the compiler will not optimize it out.

    opened by saleemrashid 8
  • Ed25519-SHA-3 & Ed25519-Keccak Support

    Ed25519-SHA-3 & Ed25519-Keccak Support

    • Add Ed25519 variants (_sha3 and _keccak)
    • Enable USE_KECCAK by default
    • Added DONNA_UNUSED to ed25519.h for curve25519_scalar_product & expand256_modm (-Werror=unused-function)
    • Added Ruby script to import test vectors from https://github.com/NemProject/nem-test-vectors
    • Added test vectors for Keccak-256
    • Added test vectors for Ed25519-Keccak
    • Added ed25519_sha3_info and ed25519_keccak_info curves for BIP32 and BIP39
    • Constant time verification of ed25519_keccak using #96
    opened by saleemrashid 8
  • Add integer and faux division support to bn_format

    Add integer and faux division support to bn_format

    Add support for formatting as integers (e.g. no decimal point - I think a negative decimals works for this, but I'm not sure if that's an intentional part of the API) and division by a power of 10 while maintaining the decimals.

    Also a flag to force trailing zeroes would be useful. I think the best way to implement this would be adding divisor for the faux division and trailing for the trailing zeroes. Making the decimals functionality explicit should do for the integer formatting.

    I implemented a workaround in trezor/trezor-mcu#196 but ideally this should become functionality of bn_format

    opened by saleemrashid 7
  • Compute pubkey only on demand.

    Compute pubkey only on demand.

    I'm not completely happy with this pull request, but I opened it to be able to discuss this. This pull request changes the API and needs more changes to trezor-mcu to work, see the corresponding pull request trezor/trezor-mcu#97.

    The goal of this pull request is to reduce the number of times we compute the public key. This is both for performance reasons and to reduce the side-channel risk. I'm confident that the current implementation is side-channel resistant but if we can avoid computing a public key, we should avoid it. For example for u2f we currently compute 10 public keys, including the master public key for the nist256p hierarchy. With this patch u2f only computes the R value of the signature from the private nonce.

    Things I'm not happy with:

    • Most functions on hdnode are no longer const, since they may write the public key to the hdnode.
    • The previous point is especially true for ed25519 sign, which needs the public key.
    • The hdnode becomes stateful. If we compute a hdnode, then use a function that needs the public key and then access the public key, it works. If we later remove the function, the public key would be zero, which is a hard to find bug.
    • The unit tests don't test the statefulness of hdnode.
    • We now set the first byte of the 33 byte ed25519 public key to 1, to mark the presence of the public key. Currently the Trezor API sets it to 0. (Officially, an ed25519 public key is 32 byte).

    The public key is always 33 byte. NIST and SECP public keys use the usual 02/03 prefix byte to mark even/odd compressed public key. ed25519 instead uses a 01 prefix, just to distinguish unset public key.

    opened by jhoenicke 7
  • Replace hasher_Double with HASHER_*D

    Replace hasher_Double with HASHER_*D

    This allows us to finely control when to use a single hash or a double hash in various places. For example, Bitcoin signatures use double SHA256, but Decred signatures use a single BLAKE256. However, both use double hashes for Base58.

    opened by saleemrashid 6
  • WIP Decred support

    WIP Decred support

    Decred specific crypto functions

    /cc @saleemrashid - could you please review this code and recommend a better way to generalize decred_get_address, decred_message_sign and decred_message_verify?

    opened by peterzen 6
Owner
TREZOR
The Original Hardware Wallet
TREZOR
Rubicon - a New Custom Encryption Algorithm/Tool

Rubicon - a New Custom Encryption Algorithm/Tool Disclaimer DO NOT use this project for purposes other than legitimate red teaming/pentesting jobs

null 25 Mar 12, 2022
A modern, portable, easy to use crypto library.

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, i

Frank Denis 10.2k Jun 25, 2022
A lightweight, secure, easy-to-use crypto library suitable for constrained environments.

The Hydrogen library is a small, easy-to-use, hard-to-misuse cryptographic library. Features: Consistent high-level API, inspired by libsodium. Instea

Frank Denis 388 Jun 18, 2022
An open source, portable, easy to use, readable and flexible SSL library

README for Mbed TLS Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocol

Arm Mbed 3.6k Jun 30, 2022
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Tink A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Ubuntu

Google 12.4k Jun 23, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.5k Jun 25, 2022
A Powerful, Easy-to-Use, Compact, Cross-Platform and Installation-Free Crypto Tool. 一个强大,易用,小巧,跨平台且免安装的加密解密签名工具。

GpgFrontend GpgFrontend is a Powerful, Easy-to-Use, Compact, Cross-Platform, and Installation-Free OpenPGP Crypto Tool. By using GpgFrontend, you can

Saturn&Eric 136 Jun 21, 2022
This repository contains commercially licensed wolfSSL products and example code for use on specified Renesas platforms.

wolfSSL Product for Renesas This repository contains commercially licensed wolfSSL product code for use on specified Renesas platforms. This code is o

wolfSSL 4 Jun 9, 2022
Mbedcrypto - a portable, small, easy to use and fast c++14 library for cryptography.

mbedcrypto mbedcrypto is a portable, small, easy to use, feature rich and fast c++14 library for cryptography based on fantastic and clean mbedtlsnote

amir zamani 37 Jun 16, 2022
This repository aims to provide an easy-to-use implementation of the Secure Hash Standard as specified in FIPS 180-4

HashLibCpp This repository aims to provide an easy-to-use implementation of the Secure Hash Standard. (currently implemented are SHA224, SHA256 and SH

ADD1609 1 Feb 2, 2022
CS 244B project to use a public blockchain as a two-phase commit coordinator to securely commit an atomic transaction across any two systems of a database.

blockchain-2pc CS 244B project to use a public blockchain as a two-phase commit coordinator to securely commit an atomic transaction across any two sy

null 4 Jun 13, 2022
✔️The smallest header-only GUI library(4 KLOC) for all platforms

Welcome to GUI-lite The smallest header-only GUI library (4 KLOC) for all platforms. 中文 Lightweight ✂️ Small: 4,000+ lines of C++ code, zero dependenc

null 6.3k Jun 27, 2022
RE:INSTEAD - Lite INSTEAD metaparser-only player

RE:INSTEAD Минималистичный плеер парсерных игр INSTEAD для Linux, Windows, Plan9 и Android. МАНИФЕСТ INSTALL INSTEAD МЕТАПАРСЕР Параметры [путь к ката

INSTEAD 15 Feb 28, 2022
My version of psxfunkin with new changes like new story mode, new options,etc

PSXFunkin Friday Night Funkin' on the PSX LOL Compilation Refer to COMPILE.md here Characters Igor Ver added new characters Like XmasGF,Monster and mu

IgorSou3000 4 Jun 8, 2022
Use an esp32 as gateway for the Eqiva Bluetooth smart lock to integrate it in Home Assistant as MQTT lock

esp32-keyble-homeassistant Use an esp32 as gateway for the Eqiva Bluetooth smart lock to integrate it in Home Assistant as MQTT lock Based on the grea

null 7 Apr 28, 2022
a new encryption algorithm that uses increments instead of XOR

incrypt a new encryption algorithm that uses increments instead of XOR. how to compile for linux: gcc incrypt.c -o incrypt gcc dicrypt.c -o dicrypt ho

man_s_our 1 Nov 24, 2021
This is kdmapper but it doesn't use ExAllocatePool instead it allocates pages to avoid being in BigPoolTable,

KDMapper without allocating memory in BigPoolTable Original creator https://github.com/z175 Improved by https://github.com/TheCruZ TheCruz has intergr

tygo lokum 33 Jun 12, 2022
A high performance, middleware oriented C++14 http web framework please use matt-42/lithium instead

A high performance, middleware oriented C++14 http web framework please use matt-42/lithium instead

Matthieu Garrigues 1.7k Jun 14, 2022
Brand new engine with new and QoL features. Grafex is Psych engine with some additions and Better graphics

Friday Night Funkin' - Graphex Engine Credits: Grafex Mod aka Psych Graphic Rework: Xale - Lead Coding, Artist PurpleSnake - Second Coder Psych Engine

Xale 2 Jun 27, 2022
This is like Inverting Binary Tree, but instead of a Binary Tree it's a File Tree.

Invert File Tree in C++ This is like Inverting Binary Tree, but instead of the Binary Tree it's a File Tree. This is intended as a simple exercise to

Tsoding 11 Jun 18, 2021
INSTEAD interpreter for developers

instead-cli Trivial INSTEAD interpreter for developers. Build and run Dependencies: luajit (or lua), iconv. $ git clone https://github.com/instead-hub

INSTEAD 8 Apr 22, 2022
Axel Gneiting 1.3k Jun 24, 2022
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file

Process Ghosting This is my implementation of the technique presented by Gabriel Landau: https://www.elastic.co/blog/process-ghosting-a-new-executable

hasherezade 457 Jun 21, 2022
Phan Sang 4 Jun 21, 2022
Minimal MIDI live looper that works like sooperlooper but with MIDI instead of audio.

loop192 Minimal MIDI live looper that works like sooperlooper but with MIDI instead of audio. Build Dependencies (as debian packages) libjack-jackd2-d

null 6 Feb 10, 2022
This is an upgrade to the initial TerminalOS source, supporting real hardware other than just QEMU, using GRUB as a bootloader instead of the crappy one i wrote

Terminal OS Author: Maheswaran Date: 20th Nov 2021 PROGRESS Multiboot compilance achieved VGA driver from complete with print_hex, print_dec, printf f

Maheswaran Parameswaran 1 Nov 28, 2021
A hook for Project Zomboid that intercepts files access for savegames and puts them in an SQLite DB instead.

ZomboidDB This project consists of a library and patcher that results in file calls for your savegame(s) being transparently intercepted and redirecte

Oliver 6 May 6, 2022
Concurrency Kit 2.1k Jun 18, 2022
A fast multi-producer, multi-consumer lock-free concurrent queue for C++11

moodycamel::ConcurrentQueue An industrial-strength lock-free queue for C++. Note: If all you need is a single-producer, single-consumer queue, I have

Cameron 6.8k Jun 24, 2022