Skip to content

Commit cc1f1ff

Browse files
sgliner-ledgersgliner-ledger
committed
some more error mgmt
1 parent b0c6256 commit cc1f1ff

File tree

10 files changed

+694
-281
lines changed

10 files changed

+694
-281
lines changed

src/monero_api.h

Lines changed: 41 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -142,14 +142,14 @@ extern const unsigned char C_FAKE_SEC_SPEND_KEY[32];
142142
int is_fake_view_key(unsigned char *s);
143143
int is_fake_spend_key(unsigned char *s);
144144

145-
void monero_ge_fromfe_frombytes(unsigned char *ge, unsigned char *bytes, size_t ge_len,
146-
size_t bytes_len);
145+
int monero_ge_fromfe_frombytes(unsigned char *ge, unsigned char *bytes, size_t ge_len,
146+
size_t bytes_len);
147147
void monero_sc_add(unsigned char *r, unsigned char *s1, unsigned char *s2);
148-
void monero_hash_to_scalar(unsigned char *scalar, unsigned char *raw, size_t scalar_len,
149-
unsigned int len);
150-
void monero_hash_to_ec(unsigned char *ec, unsigned char *ec_pub, size_t ec_len);
151-
void monero_generate_keypair(unsigned char *ec_pub, unsigned char *ec_priv, size_t ec_pub_len,
152-
size_t ec_priv_len);
148+
int monero_hash_to_scalar(unsigned char *scalar, unsigned char *raw, size_t scalar_len,
149+
unsigned int len);
150+
int monero_hash_to_ec(unsigned char *ec, unsigned char *ec_pub, size_t ec_len);
151+
int monero_generate_keypair(unsigned char *ec_pub, unsigned char *ec_priv, size_t ec_pub_len,
152+
size_t ec_priv_len);
153153
/*
154154
* compute s = 8 * (k*P)
155155
*
@@ -182,22 +182,22 @@ int monero_derive_secret_key(unsigned char *x, unsigned char *drv_data, unsigned
182182
int monero_derive_public_key(unsigned char *x, unsigned char *drv_data, unsigned int out_idx,
183183
unsigned char *ec_pub, size_t x_len, size_t drv_data_len,
184184
size_t ec_pub_len);
185-
void monero_secret_key_to_public_key(unsigned char *ec_pub, unsigned char *ec_priv,
186-
size_t ec_pub_len, size_t ec_priv_len);
187-
void monero_generate_key_image(unsigned char *img, unsigned char *P, unsigned char *x,
188-
size_t img_len, size_t x_len);
185+
int monero_secret_key_to_public_key(unsigned char *ec_pub, unsigned char *ec_priv,
186+
size_t ec_pub_len, size_t ec_priv_len);
187+
int monero_generate_key_image(unsigned char *img, unsigned char *P, unsigned char *x,
188+
size_t img_len, size_t x_len);
189189
int monero_derive_view_tag(unsigned char *view_tag, const unsigned char drv_data[static 32],
190190
unsigned int out_idx);
191191

192-
void monero_derive_subaddress_public_key(unsigned char *x, unsigned char *pub,
193-
unsigned char *drv_data, unsigned int index, size_t x_len,
194-
size_t pub_len, size_t drv_data_len);
195-
void monero_get_subaddress_spend_public_key(unsigned char *x, unsigned char *index, size_t x_len,
196-
size_t index_len);
197-
void monero_get_subaddress(unsigned char *C, unsigned char *D, unsigned char *index, size_t C_len,
198-
size_t D_len, size_t index_len);
199-
void monero_get_subaddress_secret_key(unsigned char *sub_s, unsigned char *s, unsigned char *index,
200-
size_t sub_s_len, size_t s_len, size_t index_len);
192+
int monero_derive_subaddress_public_key(unsigned char *x, unsigned char *pub,
193+
unsigned char *drv_data, unsigned int index, size_t x_len,
194+
size_t pub_len, size_t drv_data_len);
195+
int monero_get_subaddress_spend_public_key(unsigned char *x, unsigned char *index, size_t x_len,
196+
size_t index_len);
197+
int monero_get_subaddress(unsigned char *C, unsigned char *D, unsigned char *index, size_t C_len,
198+
size_t D_len, size_t index_len);
199+
int monero_get_subaddress_secret_key(unsigned char *sub_s, unsigned char *s, unsigned char *index,
200+
size_t sub_s_len, size_t s_len, size_t index_len);
201201

202202
void monero_clear_words(void);
203203
/* ----------------------------------------------------------------------- */
@@ -295,28 +295,28 @@ int monero_derivation_to_scalar(unsigned char *scalar, unsigned char *drv_data,
295295
/*
296296
* W = k.P
297297
*/
298-
void monero_ecmul_k(unsigned char *W, unsigned char *P, unsigned char *scalar32, size_t W_len,
299-
size_t P_len, size_t scalar32_len);
298+
int monero_ecmul_k(unsigned char *W, unsigned char *P, unsigned char *scalar32, size_t W_len,
299+
size_t P_len, size_t scalar32_len);
300300
/*
301301
* W = 8k.P
302302
*/
303-
void monero_ecmul_8k(unsigned char *W, unsigned char *P, unsigned char *scalar32, size_t W_len,
304-
size_t P_len, size_t scalar32_len);
303+
int monero_ecmul_8k(unsigned char *W, unsigned char *P, unsigned char *scalar32, size_t W_len,
304+
size_t P_len, size_t scalar32_len);
305305

306306
/*
307307
* W = 8.P
308308
*/
309-
void monero_ecmul_8(unsigned char *W, unsigned char *P, size_t W_len, size_t P_len);
309+
int monero_ecmul_8(unsigned char *W, unsigned char *P, size_t W_len, size_t P_len);
310310

311311
/*
312312
* W = k.G
313313
*/
314-
void monero_ecmul_G(unsigned char *W, unsigned char *scalar32, size_t W_len, size_t scalar32_len);
314+
int monero_ecmul_G(unsigned char *W, unsigned char *scalar32, size_t W_len, size_t scalar32_len);
315315

316316
/*
317317
* W = k.H
318318
*/
319-
void monero_ecmul_H(unsigned char *W, unsigned char *scalar32, size_t W_len, size_t scalar32_len);
319+
int monero_ecmul_H(unsigned char *W, unsigned char *scalar32, size_t W_len, size_t scalar32_len);
320320

321321
/**
322322
* keccak("amount"|sk)
@@ -326,38 +326,38 @@ void monero_ecdhHash(unsigned char *x, unsigned char *k, size_t k_len);
326326
/**
327327
* keccak("commitment_mask"|sk) %order
328328
*/
329-
void monero_genCommitmentMask(unsigned char *c, unsigned char *sk, size_t c_len, size_t sk_len);
329+
int monero_genCommitmentMask(unsigned char *c, unsigned char *sk, size_t c_len, size_t sk_len);
330330

331331
/*
332332
* W = P+Q
333333
*/
334-
void monero_ecadd(unsigned char *W, unsigned char *P, unsigned char *Q, size_t W_len, size_t P_len,
335-
size_t Q_len);
334+
int monero_ecadd(unsigned char *W, unsigned char *P, unsigned char *Q, size_t W_len, size_t P_len,
335+
size_t Q_len);
336336
/*
337337
* W = P-Q
338338
*/
339-
void monero_ecsub(unsigned char *W, unsigned char *P, unsigned char *Q, size_t W_len, size_t P_len,
340-
size_t Q_len);
339+
int monero_ecsub(unsigned char *W, unsigned char *P, unsigned char *Q, size_t W_len, size_t P_len,
340+
size_t Q_len);
341341

342342
/* r = (a+b) %order */
343-
void monero_addm(unsigned char *r, unsigned char *a, unsigned char *b, size_t r_len, size_t a_len,
344-
size_t b_len);
343+
int monero_addm(unsigned char *r, unsigned char *a, unsigned char *b, size_t r_len, size_t a_len,
344+
size_t b_len);
345345

346346
/* r = (a-b) %order */
347-
void monero_subm(unsigned char *r, unsigned char *a, unsigned char *b, size_t r_len, size_t a_len,
348-
size_t b_len);
347+
int monero_subm(unsigned char *r, unsigned char *a, unsigned char *b, size_t r_len, size_t a_len,
348+
size_t b_len);
349349

350350
/* r = (a*b) %order */
351-
void monero_multm(unsigned char *r, unsigned char *a, unsigned char *b, size_t r_len, size_t a_len,
352-
size_t b_len);
351+
int monero_multm(unsigned char *r, unsigned char *a, unsigned char *b, size_t r_len, size_t a_len,
352+
size_t b_len);
353353

354354
/* r = (a*8) %order */
355-
void monero_multm_8(unsigned char *r, unsigned char *a, size_t r_len, size_t a_len);
355+
int monero_multm_8(unsigned char *r, unsigned char *a, size_t r_len, size_t a_len);
356356

357357
/* */
358-
void monero_reduce(unsigned char *r, unsigned char *a, size_t r_len, size_t a_len);
358+
int monero_reduce(unsigned char *r, unsigned char *a, size_t r_len, size_t a_len);
359359

360-
void monero_rng_mod_order(unsigned char *r, size_t r_len);
360+
int monero_rng_mod_order(unsigned char *r, size_t r_len);
361361
/* ----------------------------------------------------------------------- */
362362
/* --- IO ---- */
363363
/* ----------------------------------------------------------------------- */

src/monero_blind.c

Lines changed: 53 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -48,11 +48,26 @@ int monero_apdu_blind() {
4848
}
4949
} else {
5050
// blind mask
51-
monero_hash_to_scalar(AKout, AKout, sizeof(AKout), sizeof(AKout));
52-
monero_addm(k, k, AKout, sizeof(k), sizeof(k), sizeof(AKout));
51+
err = monero_hash_to_scalar(AKout, AKout, sizeof(AKout), sizeof(AKout));
52+
if (err) {
53+
return err;
54+
}
55+
56+
err = monero_addm(k, k, AKout, sizeof(k), sizeof(k), sizeof(AKout));
57+
if (err) {
58+
return err;
59+
}
60+
5361
// blind value
54-
monero_hash_to_scalar(AKout, AKout, sizeof(AKout), sizeof(AKout));
55-
monero_addm(v, v, AKout, sizeof(v), sizeof(v), sizeof(AKout));
62+
err = monero_hash_to_scalar(AKout, AKout, sizeof(AKout), sizeof(AKout));
63+
if (err) {
64+
return err;
65+
}
66+
67+
err = monero_addm(v, v, AKout, sizeof(v), sizeof(v), sizeof(AKout));
68+
if (err) {
69+
return err;
70+
}
5671
}
5772
// ret all
5873
monero_io_insert(v, 32);
@@ -66,19 +81,39 @@ int monero_apdu_blind() {
6681
/* ----------------------------------------------------------------------- */
6782
int monero_unblind(unsigned char *v, unsigned char *k, unsigned char *AKout,
6883
unsigned int short_amount, size_t v_len, size_t k_len, size_t AKout_len) {
84+
int error;
6985
if (short_amount == 2) {
70-
monero_genCommitmentMask(k, AKout, k_len, AKout_len);
86+
error = monero_genCommitmentMask(k, AKout, k_len, AKout_len);
87+
if (error) {
88+
return error;
89+
}
90+
7191
monero_ecdhHash(AKout, AKout, AKout_len);
7292
for (int i = 0; i < 8; i++) {
7393
v[i] = v[i] ^ AKout[i];
7494
}
7595
} else {
7696
// unblind mask
77-
monero_hash_to_scalar(AKout, AKout, AKout_len, AKout_len);
78-
monero_subm(k, k, AKout, k_len, k_len, AKout_len);
97+
error = monero_hash_to_scalar(AKout, AKout, AKout_len, AKout_len);
98+
if (error) {
99+
return error;
100+
}
101+
102+
error = monero_subm(k, k, AKout, k_len, k_len, AKout_len);
103+
if (error) {
104+
return error;
105+
}
106+
79107
// unblind value
80-
monero_hash_to_scalar(AKout, AKout, AKout_len, AKout_len);
81-
monero_subm(v, v, AKout, v_len, v_len, AKout_len);
108+
error = monero_hash_to_scalar(AKout, AKout, AKout_len, AKout_len);
109+
if (error) {
110+
return error;
111+
}
112+
113+
error = monero_subm(v, v, AKout, v_len, v_len, AKout_len);
114+
if (error) {
115+
return error;
116+
}
82117
}
83118
return 0;
84119
}
@@ -101,8 +136,11 @@ int monero_apdu_unblind() {
101136

102137
monero_io_discard(1);
103138

104-
monero_unblind(v, k, AKout, G_monero_vstate.options & 0x03, sizeof(v), sizeof(k),
105-
sizeof(AKout));
139+
err = monero_unblind(v, k, AKout, G_monero_vstate.options & 0x03, sizeof(v), sizeof(k),
140+
sizeof(AKout));
141+
if (err) {
142+
return err;
143+
}
106144

107145
// ret all
108146
monero_io_insert(v, 32);
@@ -125,7 +163,10 @@ int monero_apdu_gen_commitment_mask() {
125163
}
126164

127165
monero_io_discard(1);
128-
monero_genCommitmentMask(k, AKout, sizeof(k), sizeof(AKout));
166+
err = monero_genCommitmentMask(k, AKout, sizeof(k), sizeof(AKout));
167+
if (err) {
168+
return err;
169+
}
129170

130171
// ret all
131172
monero_io_insert(k, 32);

src/monero_clsag.c

Lines changed: 78 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -62,20 +62,38 @@ int monero_apdu_clsag_prepare() {
6262
monero_io_discard(1);
6363

6464
// a
65-
monero_rng_mod_order(a, sizeof(a));
65+
err = monero_rng_mod_order(a, sizeof(a));
66+
if (err) {
67+
return err;
68+
}
69+
6670
monero_io_insert_encrypt(a, 32, TYPE_ALPHA);
6771
// a.G
68-
monero_ecmul_G(W, a, sizeof(W), sizeof(a));
72+
err = monero_ecmul_G(W, a, sizeof(W), sizeof(a));
73+
if (err) {
74+
return err;
75+
}
76+
6977
monero_io_insert(W, 32);
7078
// a.H
71-
monero_ecmul_k(W, H, a, sizeof(W), sizeof(H), sizeof(a));
79+
err = monero_ecmul_k(W, H, a, sizeof(W), sizeof(H), sizeof(a));
80+
if (err) {
81+
return err;
82+
}
83+
7284
monero_io_insert(W, 32);
7385
// I = p.H
74-
monero_ecmul_k(W, H, p, sizeof(W), sizeof(H), sizeof(p));
86+
err = monero_ecmul_k(W, H, p, sizeof(W), sizeof(H), sizeof(p));
87+
if (err) {
88+
return err;
89+
}
7590
monero_io_insert(W, 32);
7691

7792
// D = z.H
78-
monero_ecmul_k(W, H, z, sizeof(W), sizeof(H), sizeof(z));
93+
err = monero_ecmul_k(W, H, z, sizeof(W), sizeof(H), sizeof(z));
94+
if (err) {
95+
return err;
96+
}
7997
monero_io_insert(W, 32);
8098

8199
return SW_OK;
@@ -107,7 +125,10 @@ int monero_apdu_clsag_hash() {
107125
monero_keccak_update_H(msg, 32);
108126
if ((G_monero_vstate.options & 0x80) == 0) {
109127
monero_keccak_final_H(c);
110-
monero_reduce(c, c, sizeof(c), sizeof(c));
128+
int err = monero_reduce(c, c, sizeof(c), sizeof(c));
129+
if (err) {
130+
return err;
131+
}
111132
monero_io_insert(c, 32);
112133
memcpy(G_monero_vstate.c, c, 32);
113134
}
@@ -172,13 +193,36 @@ int monero_apdu_clsag_sign() {
172193
monero_check_scalar_not_null(p);
173194
monero_check_scalar_not_null(z);
174195

175-
monero_reduce(a, a, sizeof(a), sizeof(a));
176-
monero_reduce(p, p, sizeof(p), sizeof(p));
177-
monero_reduce(z, z, sizeof(z), sizeof(z));
178-
monero_reduce(mu_P, mu_P, sizeof(mu_P), sizeof(mu_P));
179-
monero_reduce(mu_C, mu_C, sizeof(mu_C), sizeof(mu_C));
180-
monero_reduce(G_monero_vstate.c, G_monero_vstate.c, sizeof(G_monero_vstate.c),
181-
sizeof(G_monero_vstate.c));
196+
err = monero_reduce(a, a, sizeof(a), sizeof(a));
197+
if (err) {
198+
return err;
199+
}
200+
201+
err = monero_reduce(p, p, sizeof(p), sizeof(p));
202+
if (err) {
203+
return err;
204+
}
205+
206+
err = monero_reduce(z, z, sizeof(z), sizeof(z));
207+
if (err) {
208+
return err;
209+
}
210+
211+
err = monero_reduce(mu_P, mu_P, sizeof(mu_P), sizeof(mu_P));
212+
if (err) {
213+
return err;
214+
}
215+
216+
err = monero_reduce(mu_C, mu_C, sizeof(mu_C), sizeof(mu_C));
217+
if (err) {
218+
return err;
219+
}
220+
221+
err = monero_reduce(G_monero_vstate.c, G_monero_vstate.c, sizeof(G_monero_vstate.c),
222+
sizeof(G_monero_vstate.c));
223+
if (err) {
224+
return err;
225+
}
182226

183227
// s0_p_mu_P = mu_P*p
184228
// s0_add_z_mu_C = mu_C*z + s0_p_mu_P
@@ -187,15 +231,31 @@ int monero_apdu_clsag_sign() {
187231
// = a - c*(mu_C*z + mu_P*p)
188232

189233
// s = p*mu_P
190-
monero_multm(s, p, mu_P, sizeof(s), sizeof(p), sizeof(mu_P));
234+
err = monero_multm(s, p, mu_P, sizeof(s), sizeof(p), sizeof(mu_P));
235+
if (err) {
236+
return err;
237+
}
191238
// mu_P = mu_C*z
192-
monero_multm(mu_P, mu_C, z, sizeof(mu_P), sizeof(mu_C), sizeof(z));
239+
err = monero_multm(mu_P, mu_C, z, sizeof(mu_P), sizeof(mu_C), sizeof(z));
240+
if (err) {
241+
return err;
242+
}
193243
// s = p*mu_P + mu_C*z
194-
monero_addm(s, s, mu_P, sizeof(s), sizeof(s), sizeof(mu_P));
244+
err = monero_addm(s, s, mu_P, sizeof(s), sizeof(s), sizeof(mu_P));
245+
if (err) {
246+
return err;
247+
}
195248
// mu_P = c * (p*mu_P + mu_C*z)
196-
monero_multm(mu_P, G_monero_vstate.c, s, sizeof(mu_P), sizeof(G_monero_vstate.c), sizeof(s));
249+
err = monero_multm(mu_P, G_monero_vstate.c, s, sizeof(mu_P), sizeof(G_monero_vstate.c),
250+
sizeof(s));
251+
if (err) {
252+
return err;
253+
}
197254
// s = a - c*(p*mu_P + mu_C*z)
198-
monero_subm(s, a, mu_P, sizeof(s), sizeof(a), sizeof(mu_P));
255+
err = monero_subm(s, a, mu_P, sizeof(s), sizeof(a), sizeof(mu_P));
256+
if (err) {
257+
return err;
258+
}
199259

200260
monero_io_insert(s, 32);
201261

0 commit comments

Comments
 (0)