Bitcoin Forum

Bitcoin => Hardware wallets => Topic started by: Ann1989 on January 15, 2019, 10:17:40 AM


Title: Cobo Wallet:Core Component of Security Chip Open Sourced
Post by: Ann1989 on January 15, 2019, 10:17:40 AM
The core component of the Cobo Vault's security chip has been open sourced on GitHub. https://github.com/cobowallet/Cobo-Vault-Security-Chip-Firmware
After looking at the source code, I saw how much the development team values security. In the source code, when using critical data comparison, custom memcmp_ATA () is used instead of the C language implemention memcmp().
Code:
/**memcmp Anti-Timing-Attack*/
bool memcmp_ATA(const uint8_t *buf1, const uint8_t *buf2, uint16_t len)
{
	uint16_t i = 0;
	bool bIsDiff = false;
	
	for (i=0; i<len; i++)
	{
		bIsDiff |= (buf1[i]^buf2[i]);
	}
	
	return bIsDiff;
}
This prevents timing-attacks when comparing critical information, which effectively protects user data.


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines