Bitcoin Forum

Bitcoin => Hardware wallets => Topic started by: Ann1989 on January 15, 2019, 10:17:40 AM



Title: Cobo Wallet:Core Component of Security Chip Open Sourced
Post by: Ann1989 on January 15, 2019, 10:17:40 AM
The core component of the Cobo Vault's security chip has been open sourced on GitHub. https://github.com/cobowallet/Cobo-Vault-Security-Chip-Firmware
After looking at the source code, I saw how much the development team values security. In the source code, when using critical data comparison, custom memcmp_ATA () is used instead of the C language implemention memcmp().
Code:
/**memcmp Anti-Timing-Attack*/
bool memcmp_ATA(const uint8_t *buf1, const uint8_t *buf2, uint16_t len)
{
uint16_t i = 0;
bool bIsDiff = false;

for (i=0; i<len; i++)
{
bIsDiff |= (buf1[i]^buf2[i]);
}

return bIsDiff;
}
This prevents timing-attacks when comparing critical information, which effectively protects user data.