Closed keepkeyjon closed 5 years ago
Question: can we just change the declaration to const char wordlist[][8]
or ...[9]
(for NUL-terminators) to pad the words and allow using memcpy/memcmp with fixed length. This should also use less extra memory. With [8]
all current uses of strcpy/strcmp must be replaced by memcpy, [9]
would be backwards compatible, but unalignedness would cause more non-constant timing.
Of course, then you also need to change return type of mnemonic_wordlist
in bip39.c/h.
In the end you cannot get around non-constant timing. We cannot pad the words in the final seed, or we would violate bip39.
Question: can we just change the declaration to const char wordlist[][8] or ...[9] (for NUL-terminators) to pad the words and allow using memcpy/memcmp with fixed length. This should also use less extra memory.
I considered that, but wasn't sure whether any other consumers of this library would be sensitive to the type. Good point about unaligned memory.
Let's not merge for the reasons stated above.
This allows constant time word matching, without exercising UB.
Subsumes trezor/trezor-crypto #182.