From 3dfd6f907fe563f60365aa3ad17fadba637789cd Mon Sep 17 00:00:00 2001 From: "William K. Santiago" Date: Fri, 23 Jan 2026 09:50:15 -0400 Subject: [PATCH 1/5] Add PIN prefix anti-phishing derivation --- main/CMakeLists.txt | 1 + main/bip39_wordlist.h | 2058 ++++++++++++++++++++++++++++++++ main/pin_prefix.c | 111 ++ main/pin_prefix.h | 37 + test/native/CMakeLists.txt | 12 + test/native/mocks/mbedtls/md.h | 134 +++ test/native/test_pin_prefix.c | 369 ++++++ 7 files changed, 2722 insertions(+) create mode 100644 main/bip39_wordlist.h create mode 100644 main/pin_prefix.c create mode 100644 main/pin_prefix.h create mode 100644 test/native/test_pin_prefix.c diff --git a/main/CMakeLists.txt b/main/CMakeLists.txt index 4aff22f..839cd7e 100644 --- a/main/CMakeLists.txt +++ b/main/CMakeLists.txt @@ -5,6 +5,7 @@ set(SRCS "nostr_frost.c" "nostr_frost_sign.c" "nostr_frost_dkg_events.c" "nostr_frost_nip46.c" "frost_crypto_ops.c" "frost_coordinator.c" "frost_dkg.c" "psbt.c" "psbt_fraud.c" "policy.c" "error_context.c" "error_codes.c" "random_utils.c" "hw_entropy.c" "ux_manager.c" "ux_serial.c" "self_test.c" "anti_glitch.c" + "pin_prefix.c" ) set(REQUIRES diff --git a/main/bip39_wordlist.h b/main/bip39_wordlist.h new file mode 100644 index 0000000..763297a --- /dev/null +++ b/main/bip39_wordlist.h @@ -0,0 +1,2058 @@ +// SPDX-FileCopyrightText: © 2026 PrivKey LLC +// SPDX-License-Identifier: AGPL-3.0-or-later + +#ifndef BIP39_WORDLIST_H +#define BIP39_WORDLIST_H + +static const char *const BIP39_WORDLIST[2048] = { + "abandon", + "ability", + "able", + "about", + "above", + "absent", + "absorb", + "abstract", + "absurd", + "abuse", + "access", + "accident", + "account", + "accuse", + "achieve", + "acid", + "acoustic", + "acquire", + "across", + "act", + "action", + "actor", + "actress", + "actual", + "adapt", + "add", + "addict", + "address", + "adjust", + "admit", + "adult", + "advance", + "advice", + "aerobic", + "affair", + "afford", + "afraid", + "again", + "age", + "agent", + "agree", + "ahead", + "aim", + "air", + "airport", + "aisle", + "alarm", + "album", + "alcohol", + "alert", + "alien", + "all", + "alley", + "allow", + "almost", + "alone", + "alpha", + "already", + "also", + "alter", + "always", + "amateur", + "amazing", + "among", + "amount", + "amused", + "analyst", + "anchor", + "ancient", + "anger", + "angle", + "angry", + "animal", + "ankle", + "announce", + "annual", + "another", + "answer", + "antenna", + "antique", + "anxiety", + "any", + "apart", + "apology", + "appear", + "apple", + "approve", + "april", + "arch", + "arctic", + "area", + "arena", + "argue", + "arm", + "armed", + "armor", + "army", + "around", + "arrange", + "arrest", + "arrive", + "arrow", + "art", + "artefact", + "artist", + "artwork", + "ask", + "aspect", + "assault", + "asset", + "assist", + "assume", + "asthma", + "athlete", + "atom", + "attack", + "attend", + "attitude", + "attract", + "auction", + "audit", + "august", + "aunt", + "author", + "auto", + "autumn", + "average", + "avocado", + "avoid", + "awake", + "aware", + "away", + "awesome", + "awful", + "awkward", + "axis", + "baby", + "bachelor", + "bacon", + "badge", + "bag", + "balance", + "balcony", + "ball", + "bamboo", + "banana", + "banner", + "bar", + "barely", + "bargain", + "barrel", + "base", + "basic", + "basket", + "battle", + "beach", + "bean", + "beauty", + "because", + "become", + "beef", + "before", + "begin", + "behave", + "behind", + "believe", + "below", + "belt", + "bench", + "benefit", + "best", + "betray", + "better", + "between", + "beyond", + "bicycle", + "bid", + "bike", + "bind", + "biology", + "bird", + "birth", + "bitter", + "black", + "blade", + "blame", + "blanket", + "blast", + "bleak", + "bless", + "blind", + "blood", + "blossom", + "blouse", + "blue", + "blur", + "blush", + "board", + "boat", + "body", + "boil", + "bomb", + "bone", + "bonus", + "book", + "boost", + "border", + "boring", + "borrow", + "boss", + "bottom", + "bounce", + "box", + "boy", + "bracket", + "brain", + "brand", + "brass", + "brave", + "bread", + "breeze", + "brick", + "bridge", + "brief", + "bright", + "bring", + "brisk", + "broccoli", + "broken", + "bronze", + "broom", + "brother", + "brown", + "brush", + "bubble", + "buddy", + "budget", + "buffalo", + "build", + "bulb", + "bulk", + "bullet", + "bundle", + "bunker", + "burden", + "burger", + "burst", + "bus", + "business", + "busy", + "butter", + "buyer", + "buzz", + "cabbage", + "cabin", + "cable", + "cactus", + "cage", + "cake", + "call", + "calm", + "camera", + "camp", + "can", + "canal", + "cancel", + "candy", + "cannon", + "canoe", + "canvas", + "canyon", + "capable", + "capital", + "captain", + "car", + "carbon", + "card", + "cargo", + "carpet", + "carry", + "cart", + "case", + "cash", + "casino", + "castle", + "casual", + "cat", + "catalog", + "catch", + "category", + "cattle", + "caught", + "cause", + "caution", + "cave", + "ceiling", + "celery", + "cement", + "census", + "century", + "cereal", + "certain", + "chair", + "chalk", + "champion", + "change", + "chaos", + "chapter", + "charge", + "chase", + "chat", + "cheap", + "check", + "cheese", + "chef", + "cherry", + "chest", + "chicken", + "chief", + "child", + "chimney", + "choice", + "choose", + "chronic", + "chuckle", + "chunk", + "churn", + "cigar", + "cinnamon", + "circle", + "citizen", + "city", + "civil", + "claim", + "clap", + "clarify", + "claw", + "clay", + "clean", + "clerk", + "clever", + "click", + "client", + "cliff", + "climb", + "clinic", + "clip", + "clock", + "clog", + "close", + "cloth", + "cloud", + "clown", + "club", + "clump", + "cluster", + "clutch", + "coach", + "coast", + "coconut", + "code", + "coffee", + "coil", + "coin", + "collect", + "color", + "column", + "combine", + "come", + "comfort", + "comic", + "common", + "company", + "concert", + "conduct", + "confirm", + "congress", + "connect", + "consider", + "control", + "convince", + "cook", + "cool", + "copper", + "copy", + "coral", + "core", + "corn", + "correct", + "cost", + "cotton", + "couch", + "country", + "couple", + "course", + "cousin", + "cover", + "coyote", + "crack", + "cradle", + "craft", + "cram", + "crane", + "crash", + "crater", + "crawl", + "crazy", + "cream", + "credit", + "creek", + "crew", + "cricket", + "crime", + "crisp", + "critic", + "crop", + "cross", + "crouch", + "crowd", + "crucial", + "cruel", + "cruise", + "crumble", + "crunch", + "crush", + "cry", + "crystal", + "cube", + "culture", + "cup", + "cupboard", + "curious", + "current", + "curtain", + "curve", + "cushion", + "custom", + "cute", + "cycle", + "dad", + "damage", + "damp", + "dance", + "danger", + "daring", + "dash", + "daughter", + "dawn", + "day", + "deal", + "debate", + "debris", + "decade", + "december", + "decide", + "decline", + "decorate", + "decrease", + "deer", + "defense", + "define", + "defy", + "degree", + "delay", + "deliver", + "demand", + "demise", + "denial", + "dentist", + "deny", + "depart", + "depend", + "deposit", + "depth", + "deputy", + "derive", + "describe", + "desert", + "design", + "desk", + "despair", + "destroy", + "detail", + "detect", + "develop", + "device", + "devote", + "diagram", + "dial", + "diamond", + "diary", + "dice", + "diesel", + "diet", + "differ", + "digital", + "dignity", + "dilemma", + "dinner", + "dinosaur", + "direct", + "dirt", + "disagree", + "discover", + "disease", + "dish", + "dismiss", + "disorder", + "display", + "distance", + "divert", + "divide", + "divorce", + "dizzy", + "doctor", + "document", + "dog", + "doll", + "dolphin", + "domain", + "donate", + "donkey", + "donor", + "door", + "dose", + "double", + "dove", + "draft", + "dragon", + "drama", + "drastic", + "draw", + "dream", + "dress", + "drift", + "drill", + "drink", + "drip", + "drive", + "drop", + "drum", + "dry", + "duck", + "dumb", + "dune", + "during", + "dust", + "dutch", + "duty", + "dwarf", + "dynamic", + "eager", + "eagle", + "early", + "earn", + "earth", + "easily", + "east", + "easy", + "echo", + "ecology", + "economy", + "edge", + "edit", + "educate", + "effort", + "egg", + "eight", + "either", + "elbow", + "elder", + "electric", + "elegant", + "element", + "elephant", + "elevator", + "elite", + "else", + "embark", + "embody", + "embrace", + "emerge", + "emotion", + "employ", + "empower", + "empty", + "enable", + "enact", + "end", + "endless", + "endorse", + "enemy", + "energy", + "enforce", + "engage", + "engine", + "enhance", + "enjoy", + "enlist", + "enough", + "enrich", + "enroll", + "ensure", + "enter", + "entire", + "entry", + "envelope", + "episode", + "equal", + "equip", + "era", + "erase", + "erode", + "erosion", + "error", + "erupt", + "escape", + "essay", + "essence", + "estate", + "eternal", + "ethics", + "evidence", + "evil", + "evoke", + "evolve", + "exact", + "example", + "excess", + "exchange", + "excite", + "exclude", + "excuse", + "execute", + "exercise", + "exhaust", + "exhibit", + "exile", + "exist", + "exit", + "exotic", + "expand", + "expect", + "expire", + "explain", + "expose", + "express", + "extend", + "extra", + "eye", + "eyebrow", + "fabric", + "face", + "faculty", + "fade", + "faint", + "faith", + "fall", + "false", + "fame", + "family", + "famous", + "fan", + "fancy", + "fantasy", + "farm", + "fashion", + "fat", + "fatal", + "father", + "fatigue", + "fault", + "favorite", + "feature", + "february", + "federal", + "fee", + "feed", + "feel", + "female", + "fence", + "festival", + "fetch", + "fever", + "few", + "fiber", + "fiction", + "field", + "figure", + "file", + "film", + "filter", + "final", + "find", + "fine", + "finger", + "finish", + "fire", + "firm", + "first", + "fiscal", + "fish", + "fit", + "fitness", + "fix", + "flag", + "flame", + "flash", + "flat", + "flavor", + "flee", + "flight", + "flip", + "float", + "flock", + "floor", + "flower", + "fluid", + "flush", + "fly", + "foam", + "focus", + "fog", + "foil", + "fold", + "follow", + "food", + "foot", + "force", + "forest", + "forget", + "fork", + "fortune", + "forum", + "forward", + "fossil", + "foster", + "found", + "fox", + "fragile", + "frame", + "frequent", + "fresh", + "friend", + "fringe", + "frog", + "front", + "frost", + "frown", + "frozen", + "fruit", + "fuel", + "fun", + "funny", + "furnace", + "fury", + "future", + "gadget", + "gain", + "galaxy", + "gallery", + "game", + "gap", + "garage", + "garbage", + "garden", + "garlic", + "garment", + "gas", + "gasp", + "gate", + "gather", + "gauge", + "gaze", + "general", + "genius", + "genre", + "gentle", + "genuine", + "gesture", + "ghost", + "giant", + "gift", + "giggle", + "ginger", + "giraffe", + "girl", + "give", + "glad", + "glance", + "glare", + "glass", + "glide", + "glimpse", + "globe", + "gloom", + "glory", + "glove", + "glow", + "glue", + "goat", + "goddess", + "gold", + "good", + "goose", + "gorilla", + "gospel", + "gossip", + "govern", + "gown", + "grab", + "grace", + "grain", + "grant", + "grape", + "grass", + "gravity", + "great", + "green", + "grid", + "grief", + "grit", + "grocery", + "group", + "grow", + "grunt", + "guard", + "guess", + "guide", + "guilt", + "guitar", + "gun", + "gym", + "habit", + "hair", + "half", + "hammer", + "hamster", + "hand", + "happy", + "harbor", + "hard", + "harsh", + "harvest", + "hat", + "have", + "hawk", + "hazard", + "head", + "health", + "heart", + "heavy", + "hedgehog", + "height", + "hello", + "helmet", + "help", + "hen", + "hero", + "hidden", + "high", + "hill", + "hint", + "hip", + "hire", + "history", + "hobby", + "hockey", + "hold", + "hole", + "holiday", + "hollow", + "home", + "honey", + "hood", + "hope", + "horn", + "horror", + "horse", + "hospital", + "host", + "hotel", + "hour", + "hover", + "hub", + "huge", + "human", + "humble", + "humor", + "hundred", + "hungry", + "hunt", + "hurdle", + "hurry", + "hurt", + "husband", + "hybrid", + "ice", + "icon", + "idea", + "identify", + "idle", + "ignore", + "ill", + "illegal", + "illness", + "image", + "imitate", + "immense", + "immune", + "impact", + "impose", + "improve", + "impulse", + "inch", + "include", + "income", + "increase", + "index", + "indicate", + "indoor", + "industry", + "infant", + "inflict", + "inform", + "inhale", + "inherit", + "initial", + "inject", + "injury", + "inmate", + "inner", + "innocent", + "input", + "inquiry", + "insane", + "insect", + "inside", + "inspire", + "install", + "intact", + "interest", + "into", + "invest", + "invite", + "involve", + "iron", + "island", + "isolate", + "issue", + "item", + "ivory", + "jacket", + "jaguar", + "jar", + "jazz", + "jealous", + "jeans", + "jelly", + "jewel", + "job", + "join", + "joke", + "journey", + "joy", + "judge", + "juice", + "jump", + "jungle", + "junior", + "junk", + "just", + "kangaroo", + "keen", + "keep", + "ketchup", + "key", + "kick", + "kid", + "kidney", + "kind", + "kingdom", + "kiss", + "kit", + "kitchen", + "kite", + "kitten", + "kiwi", + "knee", + "knife", + "knock", + "know", + "lab", + "label", + "labor", + "ladder", + "lady", + "lake", + "lamp", + "language", + "laptop", + "large", + "later", + "latin", + "laugh", + "laundry", + "lava", + "law", + "lawn", + "lawsuit", + "layer", + "lazy", + "leader", + "leaf", + "learn", + "leave", + "lecture", + "left", + "leg", + "legal", + "legend", + "leisure", + "lemon", + "lend", + "length", + "lens", + "leopard", + "lesson", + "letter", + "level", + "liar", + "liberty", + "library", + "license", + "life", + "lift", + "light", + "like", + "limb", + "limit", + "link", + "lion", + "liquid", + "list", + "little", + "live", + "lizard", + "load", + "loan", + "lobster", + "local", + "lock", + "logic", + "lonely", + "long", + "loop", + "lottery", + "loud", + "lounge", + "love", + "loyal", + "lucky", + "luggage", + "lumber", + "lunar", + "lunch", + "luxury", + "lyrics", + "machine", + "mad", + "magic", + "magnet", + "maid", + "mail", + "main", + "major", + "make", + "mammal", + "man", + "manage", + "mandate", + "mango", + "mansion", + "manual", + "maple", + "marble", + "march", + "margin", + "marine", + "market", + "marriage", + "mask", + "mass", + "master", + "match", + "material", + "math", + "matrix", + "matter", + "maximum", + "maze", + "meadow", + "mean", + "measure", + "meat", + "mechanic", + "medal", + "media", + "melody", + "melt", + "member", + "memory", + "mention", + "menu", + "mercy", + "merge", + "merit", + "merry", + "mesh", + "message", + "metal", + "method", + "middle", + "midnight", + "milk", + "million", + "mimic", + "mind", + "minimum", + "minor", + "minute", + "miracle", + "mirror", + "misery", + "miss", + "mistake", + "mix", + "mixed", + "mixture", + "mobile", + "model", + "modify", + "mom", + "moment", + "monitor", + "monkey", + "monster", + "month", + "moon", + "moral", + "more", + "morning", + "mosquito", + "mother", + "motion", + "motor", + "mountain", + "mouse", + "move", + "movie", + "much", + "muffin", + "mule", + "multiply", + "muscle", + "museum", + "mushroom", + "music", + "must", + "mutual", + "myself", + "mystery", + "myth", + "naive", + "name", + "napkin", + "narrow", + "nasty", + "nation", + "nature", + "near", + "neck", + "need", + "negative", + "neglect", + "neither", + "nephew", + "nerve", + "nest", + "net", + "network", + "neutral", + "never", + "news", + "next", + "nice", + "night", + "noble", + "noise", + "nominee", + "noodle", + "normal", + "north", + "nose", + "notable", + "note", + "nothing", + "notice", + "novel", + "now", + "nuclear", + "number", + "nurse", + "nut", + "oak", + "obey", + "object", + "oblige", + "obscure", + "observe", + "obtain", + "obvious", + "occur", + "ocean", + "october", + "odor", + "off", + "offer", + "office", + "often", + "oil", + "okay", + "old", + "olive", + "olympic", + "omit", + "once", + "one", + "onion", + "online", + "only", + "open", + "opera", + "opinion", + "oppose", + "option", + "orange", + "orbit", + "orchard", + "order", + "ordinary", + "organ", + "orient", + "original", + "orphan", + "ostrich", + "other", + "outdoor", + "outer", + "output", + "outside", + "oval", + "oven", + "over", + "own", + "owner", + "oxygen", + "oyster", + "ozone", + "pact", + "paddle", + "page", + "pair", + "palace", + "palm", + "panda", + "panel", + "panic", + "panther", + "paper", + "parade", + "parent", + "park", + "parrot", + "party", + "pass", + "patch", + "path", + "patient", + "patrol", + "pattern", + "pause", + "pave", + "payment", + "peace", + "peanut", + "pear", + "peasant", + "pelican", + "pen", + "penalty", + "pencil", + "people", + "pepper", + "perfect", + "permit", + "person", + "pet", + "phone", + "photo", + "phrase", + "physical", + "piano", + "picnic", + "picture", + "piece", + "pig", + "pigeon", + "pill", + "pilot", + "pink", + "pioneer", + "pipe", + "pistol", + "pitch", + "pizza", + "place", + "planet", + "plastic", + "plate", + "play", + "please", + "pledge", + "pluck", + "plug", + "plunge", + "poem", + "poet", + "point", + "polar", + "pole", + "police", + "pond", + "pony", + "pool", + "popular", + "portion", + "position", + "possible", + "post", + "potato", + "pottery", + "poverty", + "powder", + "power", + "practice", + "praise", + "predict", + "prefer", + "prepare", + "present", + "pretty", + "prevent", + "price", + "pride", + "primary", + "print", + "priority", + "prison", + "private", + "prize", + "problem", + "process", + "produce", + "profit", + "program", + "project", + "promote", + "proof", + "property", + "prosper", + "protect", + "proud", + "provide", + "public", + "pudding", + "pull", + "pulp", + "pulse", + "pumpkin", + "punch", + "pupil", + "puppy", + "purchase", + "purity", + "purpose", + "purse", + "push", + "put", + "puzzle", + "pyramid", + "quality", + "quantum", + "quarter", + "question", + "quick", + "quit", + "quiz", + "quote", + "rabbit", + "raccoon", + "race", + "rack", + "radar", + "radio", + "rail", + "rain", + "raise", + "rally", + "ramp", + "ranch", + "random", + "range", + "rapid", + "rare", + "rate", + "rather", + "raven", + "raw", + "razor", + "ready", + "real", + "reason", + "rebel", + "rebuild", + "recall", + "receive", + "recipe", + "record", + "recycle", + "reduce", + "reflect", + "reform", + "refuse", + "region", + "regret", + "regular", + "reject", + "relax", + "release", + "relief", + "rely", + "remain", + "remember", + "remind", + "remove", + "render", + "renew", + "rent", + "reopen", + "repair", + "repeat", + "replace", + "report", + "require", + "rescue", + "resemble", + "resist", + "resource", + "response", + "result", + "retire", + "retreat", + "return", + "reunion", + "reveal", + "review", + "reward", + "rhythm", + "rib", + "ribbon", + "rice", + "rich", + "ride", + "ridge", + "rifle", + "right", + "rigid", + "ring", + "riot", + "ripple", + "risk", + "ritual", + "rival", + "river", + "road", + "roast", + "robot", + "robust", + "rocket", + "romance", + "roof", + "rookie", + "room", + "rose", + "rotate", + "rough", + "round", + "route", + "royal", + "rubber", + "rude", + "rug", + "rule", + "run", + "runway", + "rural", + "sad", + "saddle", + "sadness", + "safe", + "sail", + "salad", + "salmon", + "salon", + "salt", + "salute", + "same", + "sample", + "sand", + "satisfy", + "satoshi", + "sauce", + "sausage", + "save", + "say", + "scale", + "scan", + "scare", + "scatter", + "scene", + "scheme", + "school", + "science", + "scissors", + "scorpion", + "scout", + "scrap", + "screen", + "script", + "scrub", + "sea", + "search", + "season", + "seat", + "second", + "secret", + "section", + "security", + "seed", + "seek", + "segment", + "select", + "sell", + "seminar", + "senior", + "sense", + "sentence", + "series", + "service", + "session", + "settle", + "setup", + "seven", + "shadow", + "shaft", + "shallow", + "share", + "shed", + "shell", + "sheriff", + "shield", + "shift", + "shine", + "ship", + "shiver", + "shock", + "shoe", + "shoot", + "shop", + "short", + "shoulder", + "shove", + "shrimp", + "shrug", + "shuffle", + "shy", + "sibling", + "sick", + "side", + "siege", + "sight", + "sign", + "silent", + "silk", + "silly", + "silver", + "similar", + "simple", + "since", + "sing", + "siren", + "sister", + "situate", + "six", + "size", + "skate", + "sketch", + "ski", + "skill", + "skin", + "skirt", + "skull", + "slab", + "slam", + "sleep", + "slender", + "slice", + "slide", + "slight", + "slim", + "slogan", + "slot", + "slow", + "slush", + "small", + "smart", + "smile", + "smoke", + "smooth", + "snack", + "snake", + "snap", + "sniff", + "snow", + "soap", + "soccer", + "social", + "sock", + "soda", + "soft", + "solar", + "soldier", + "solid", + "solution", + "solve", + "someone", + "song", + "soon", + "sorry", + "sort", + "soul", + "sound", + "soup", + "source", + "south", + "space", + "spare", + "spatial", + "spawn", + "speak", + "special", + "speed", + "spell", + "spend", + "sphere", + "spice", + "spider", + "spike", + "spin", + "spirit", + "split", + "spoil", + "sponsor", + "spoon", + "sport", + "spot", + "spray", + "spread", + "spring", + "spy", + "square", + "squeeze", + "squirrel", + "stable", + "stadium", + "staff", + "stage", + "stairs", + "stamp", + "stand", + "start", + "state", + "stay", + "steak", + "steel", + "stem", + "step", + "stereo", + "stick", + "still", + "sting", + "stock", + "stomach", + "stone", + "stool", + "story", + "stove", + "strategy", + "street", + "strike", + "strong", + "struggle", + "student", + "stuff", + "stumble", + "style", + "subject", + "submit", + "subway", + "success", + "such", + "sudden", + "suffer", + "sugar", + "suggest", + "suit", + "summer", + "sun", + "sunny", + "sunset", + "super", + "supply", + "supreme", + "sure", + "surface", + "surge", + "surprise", + "surround", + "survey", + "suspect", + "sustain", + "swallow", + "swamp", + "swap", + "swarm", + "swear", + "sweet", + "swift", + "swim", + "swing", + "switch", + "sword", + "symbol", + "symptom", + "syrup", + "system", + "table", + "tackle", + "tag", + "tail", + "talent", + "talk", + "tank", + "tape", + "target", + "task", + "taste", + "tattoo", + "taxi", + "teach", + "team", + "tell", + "ten", + "tenant", + "tennis", + "tent", + "term", + "test", + "text", + "thank", + "that", + "theme", + "then", + "theory", + "there", + "they", + "thing", + "this", + "thought", + "three", + "thrive", + "throw", + "thumb", + "thunder", + "ticket", + "tide", + "tiger", + "tilt", + "timber", + "time", + "tiny", + "tip", + "tired", + "tissue", + "title", + "toast", + "tobacco", + "today", + "toddler", + "toe", + "together", + "toilet", + "token", + "tomato", + "tomorrow", + "tone", + "tongue", + "tonight", + "tool", + "tooth", + "top", + "topic", + "topple", + "torch", + "tornado", + "tortoise", + "toss", + "total", + "tourist", + "toward", + "tower", + "town", + "toy", + "track", + "trade", + "traffic", + "tragic", + "train", + "transfer", + "trap", + "trash", + "travel", + "tray", + "treat", + "tree", + "trend", + "trial", + "tribe", + "trick", + "trigger", + "trim", + "trip", + "trophy", + "trouble", + "truck", + "true", + "truly", + "trumpet", + "trust", + "truth", + "try", + "tube", + "tuition", + "tumble", + "tuna", + "tunnel", + "turkey", + "turn", + "turtle", + "twelve", + "twenty", + "twice", + "twin", + "twist", + "two", + "type", + "typical", + "ugly", + "umbrella", + "unable", + "unaware", + "uncle", + "uncover", + "under", + "undo", + "unfair", + "unfold", + "unhappy", + "uniform", + "unique", + "unit", + "universe", + "unknown", + "unlock", + "until", + "unusual", + "unveil", + "update", + "upgrade", + "uphold", + "upon", + "upper", + "upset", + "urban", + "urge", + "usage", + "use", + "used", + "useful", + "useless", + "usual", + "utility", + "vacant", + "vacuum", + "vague", + "valid", + "valley", + "valve", + "van", + "vanish", + "vapor", + "various", + "vast", + "vault", + "vehicle", + "velvet", + "vendor", + "venture", + "venue", + "verb", + "verify", + "version", + "very", + "vessel", + "veteran", + "viable", + "vibrant", + "vicious", + "victory", + "video", + "view", + "village", + "vintage", + "violin", + "virtual", + "virus", + "visa", + "visit", + "visual", + "vital", + "vivid", + "vocal", + "voice", + "void", + "volcano", + "volume", + "vote", + "voyage", + "wage", + "wagon", + "wait", + "walk", + "wall", + "walnut", + "want", + "warfare", + "warm", + "warrior", + "wash", + "wasp", + "waste", + "water", + "wave", + "way", + "wealth", + "weapon", + "wear", + "weasel", + "weather", + "web", + "wedding", + "weekend", + "weird", + "welcome", + "west", + "wet", + "whale", + "what", + "wheat", + "wheel", + "when", + "where", + "whip", + "whisper", + "wide", + "width", + "wife", + "wild", + "will", + "win", + "window", + "wine", + "wing", + "wink", + "winner", + "winter", + "wire", + "wisdom", + "wise", + "wish", + "witness", + "wolf", + "woman", + "wonder", + "wood", + "wool", + "word", + "work", + "world", + "worry", + "worth", + "wrap", + "wreck", + "wrestle", + "wrist", + "write", + "wrong", + "yard", + "year", + "yellow", + "you", + "young", + "youth", + "zebra", + "zero", + "zone", + "zoo", +}; + +#endif diff --git a/main/pin_prefix.c b/main/pin_prefix.c new file mode 100644 index 0000000..e8cceee --- /dev/null +++ b/main/pin_prefix.c @@ -0,0 +1,111 @@ +// SPDX-FileCopyrightText: © 2026 PrivKey LLC +// SPDX-License-Identifier: AGPL-3.0-or-later + +#include "pin_prefix.h" +#include "bip39_wordlist.h" +#include "crypto_asm.h" +#include +#include +#include + +#define HMAC_OUTPUT_SIZE 32 +#define ANTI_PHISHING_CONTEXT "anti-phishing" +#define CONTEXT_LEN 13 + +int pin_prefix_derive_words(const pin_prefix_t *prefix, const uint8_t *device_secret, + size_t secret_len, uint16_t *word1_index, uint16_t *word2_index) { + if (!prefix || !device_secret || !word1_index || !word2_index) { + return -1; + } + if (prefix->len < PIN_PREFIX_MIN_LEN || prefix->len > PIN_PREFIX_MAX_LEN) { + return -1; + } + if (secret_len == 0) { + return -1; + } + + uint8_t input[CONTEXT_LEN + PIN_PREFIX_MAX_LEN]; + memcpy(input, ANTI_PHISHING_CONTEXT, CONTEXT_LEN); + memcpy(input + CONTEXT_LEN, prefix->digits, prefix->len); + size_t input_len = CONTEXT_LEN + prefix->len; + + uint8_t hmac_out[HMAC_OUTPUT_SIZE]; + int ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), device_secret, + secret_len, input, input_len, hmac_out); + + secure_memzero(input, sizeof(input)); + + if (ret != 0) { + secure_memzero(hmac_out, sizeof(hmac_out)); + return -1; + } + + *word1_index = ((uint16_t)hmac_out[0] << 3 | hmac_out[1] >> 5) & 0x7FF; + *word2_index = ((uint16_t)(hmac_out[1] & 0x1F) << 6 | hmac_out[2] >> 2) & 0x7FF; + + secure_memzero(hmac_out, sizeof(hmac_out)); + return 0; +} + +const char *bip39_get_word(uint16_t index) { + if (index >= BIP39_WORD_COUNT) { + return NULL; + } + return BIP39_WORDLIST[index]; +} + +int pin_prefix_get_words(const pin_prefix_t *prefix, const uint8_t *device_secret, + size_t secret_len, char *word1, size_t word1_size, char *word2, + size_t word2_size) { + if (!word1 || !word2 || word1_size == 0 || word2_size == 0) { + return -1; + } + + uint16_t idx1, idx2; + if (pin_prefix_derive_words(prefix, device_secret, secret_len, &idx1, &idx2) != 0) { + return -1; + } + + const char *w1 = bip39_get_word(idx1); + const char *w2 = bip39_get_word(idx2); + if (!w1 || !w2) { + return -1; + } + + size_t len1 = strlen(w1); + size_t len2 = strlen(w2); + if (len1 >= word1_size || len2 >= word2_size) { + return -1; + } + + memcpy(word1, w1, len1 + 1); + memcpy(word2, w2, len2 + 1); + return 0; +} + +int pin_prefix_set_digit(pin_prefix_t *prefix, uint8_t digit) { + if (!prefix) { + return -1; + } + if (digit > 9) { + return -1; + } + if (prefix->len >= PIN_PREFIX_MAX_LEN) { + return -1; + } + prefix->digits[prefix->len++] = digit; + return 0; +} + +void pin_prefix_clear(pin_prefix_t *prefix) { + if (prefix) { + secure_memzero(prefix, sizeof(*prefix)); + } +} + +bool pin_prefix_is_ready(const pin_prefix_t *prefix) { + if (!prefix) { + return false; + } + return prefix->len >= PIN_PREFIX_MIN_LEN; +} diff --git a/main/pin_prefix.h b/main/pin_prefix.h new file mode 100644 index 0000000..399878e --- /dev/null +++ b/main/pin_prefix.h @@ -0,0 +1,37 @@ +// SPDX-FileCopyrightText: © 2026 PrivKey LLC +// SPDX-License-Identifier: AGPL-3.0-or-later + +#ifndef PIN_PREFIX_H +#define PIN_PREFIX_H + +#include +#include +#include + +#define PIN_PREFIX_MAX_LEN 4 +#define PIN_PREFIX_MIN_LEN 2 +#define PIN_PREFIX_WORD_COUNT 2 +#define BIP39_WORD_COUNT 2048 +#define BIP39_MAX_WORD_LEN 8 + +typedef struct { + uint8_t digits[PIN_PREFIX_MAX_LEN]; + uint8_t len; +} pin_prefix_t; + +int pin_prefix_derive_words(const pin_prefix_t *prefix, const uint8_t *device_secret, + size_t secret_len, uint16_t *word1_index, uint16_t *word2_index); + +const char *bip39_get_word(uint16_t index); + +int pin_prefix_get_words(const pin_prefix_t *prefix, const uint8_t *device_secret, + size_t secret_len, char *word1, size_t word1_size, char *word2, + size_t word2_size); + +int pin_prefix_set_digit(pin_prefix_t *prefix, uint8_t digit); + +void pin_prefix_clear(pin_prefix_t *prefix); + +bool pin_prefix_is_ready(const pin_prefix_t *prefix); + +#endif diff --git a/test/native/CMakeLists.txt b/test/native/CMakeLists.txt index 09672e2..d6f3cfd 100644 --- a/test/native/CMakeLists.txt +++ b/test/native/CMakeLists.txt @@ -165,3 +165,15 @@ target_include_directories(test_anti_glitch PRIVATE ${MAIN_DIR} ) target_compile_definitions(test_anti_glitch PRIVATE NATIVE_TEST=1) + +add_executable(test_pin_prefix test_pin_prefix.c) +target_include_directories(test_pin_prefix PRIVATE + ${CMAKE_CURRENT_SOURCE_DIR}/mocks + ${MAIN_DIR} +) +target_compile_definitions(test_pin_prefix PRIVATE NATIVE_TEST=1) +find_package(OpenSSL QUIET) +if(OpenSSL_FOUND) + target_compile_definitions(test_pin_prefix PRIVATE HAS_OPENSSL=1) + target_link_libraries(test_pin_prefix OpenSSL::Crypto) +endif() diff --git a/test/native/mocks/mbedtls/md.h b/test/native/mocks/mbedtls/md.h index d04e93b..e1ac68f 100644 --- a/test/native/mocks/mbedtls/md.h +++ b/test/native/mocks/mbedtls/md.h @@ -3,6 +3,7 @@ #include #include +#include typedef enum { MBEDTLS_MD_SHA256 = 6 } mbedtls_md_type_t; @@ -37,4 +38,137 @@ static inline int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_i return 0; } +#ifdef HAS_OPENSSL +#include +#include + +static inline int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, + size_t keylen, const unsigned char *input, size_t ilen, + unsigned char *output) { + (void)md_info; + unsigned int out_len = 32; + if (HMAC(EVP_sha256(), key, (int)keylen, input, ilen, output, &out_len) == NULL) { + return -1; + } + return 0; +} + +#else + +static inline uint32_t rotr32(uint32_t x, int n) { + return (x >> n) | (x << (32 - n)); +} + +static inline void sha256_transform(uint32_t state[8], const uint8_t block[64]) { + static const uint32_t k[64] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, + 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, + 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, + 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, + 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, + 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, + 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, + 0xc67178f2}; + uint32_t w[64]; + for (int i = 0; i < 16; i++) { + w[i] = ((uint32_t)block[i * 4] << 24) | ((uint32_t)block[i * 4 + 1] << 16) | + ((uint32_t)block[i * 4 + 2] << 8) | block[i * 4 + 3]; + } + for (int i = 16; i < 64; i++) { + uint32_t s0 = rotr32(w[i - 15], 7) ^ rotr32(w[i - 15], 18) ^ (w[i - 15] >> 3); + uint32_t s1 = rotr32(w[i - 2], 17) ^ rotr32(w[i - 2], 19) ^ (w[i - 2] >> 10); + w[i] = w[i - 16] + s0 + w[i - 7] + s1; + } + uint32_t a = state[0], b = state[1], c = state[2], d = state[3]; + uint32_t e = state[4], f = state[5], g = state[6], h = state[7]; + for (int i = 0; i < 64; i++) { + uint32_t S1 = rotr32(e, 6) ^ rotr32(e, 11) ^ rotr32(e, 25); + uint32_t ch = (e & f) ^ (~e & g); + uint32_t t1 = h + S1 + ch + k[i] + w[i]; + uint32_t S0 = rotr32(a, 2) ^ rotr32(a, 13) ^ rotr32(a, 22); + uint32_t maj = (a & b) ^ (a & c) ^ (b & c); + uint32_t t2 = S0 + maj; + h = g; + g = f; + f = e; + e = d + t1; + d = c; + c = b; + b = a; + a = t1 + t2; + } + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + state[5] += f; + state[6] += g; + state[7] += h; +} + +static inline void sha256(const uint8_t *data, size_t len, uint8_t out[32]) { + uint32_t state[8] = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; + uint8_t block[64]; + size_t i; + for (i = 0; i + 64 <= len; i += 64) { + sha256_transform(state, data + i); + } + size_t rem = len - i; + memset(block, 0, 64); + memcpy(block, data + i, rem); + block[rem] = 0x80; + if (rem >= 56) { + sha256_transform(state, block); + memset(block, 0, 64); + } + uint64_t bits = (uint64_t)len * 8; + for (int j = 0; j < 8; j++) { + block[63 - j] = (uint8_t)(bits >> (j * 8)); + } + sha256_transform(state, block); + for (int j = 0; j < 8; j++) { + out[j * 4] = (uint8_t)(state[j] >> 24); + out[j * 4 + 1] = (uint8_t)(state[j] >> 16); + out[j * 4 + 2] = (uint8_t)(state[j] >> 8); + out[j * 4 + 3] = (uint8_t)state[j]; + } +} + +static inline int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, + size_t keylen, const unsigned char *input, size_t ilen, + unsigned char *output) { + (void)md_info; + uint8_t k_ipad[64], k_opad[64]; + uint8_t tk[32]; + if (keylen > 64) { + sha256(key, keylen, tk); + key = tk; + keylen = 32; + } + memset(k_ipad, 0x36, 64); + memset(k_opad, 0x5c, 64); + for (size_t i = 0; i < keylen; i++) { + k_ipad[i] ^= key[i]; + k_opad[i] ^= key[i]; + } + uint8_t inner[64 + 1024]; + if (ilen > 1024) + return -1; + memcpy(inner, k_ipad, 64); + memcpy(inner + 64, input, ilen); + uint8_t inner_hash[32]; + sha256(inner, 64 + ilen, inner_hash); + uint8_t outer[64 + 32]; + memcpy(outer, k_opad, 64); + memcpy(outer + 64, inner_hash, 32); + sha256(outer, 64 + 32, output); + return 0; +} + +#endif + #endif diff --git a/test/native/test_pin_prefix.c b/test/native/test_pin_prefix.c new file mode 100644 index 0000000..f2bfef8 --- /dev/null +++ b/test/native/test_pin_prefix.c @@ -0,0 +1,369 @@ +// SPDX-FileCopyrightText: © 2026 PrivKey LLC +// SPDX-License-Identifier: AGPL-3.0-or-later + +#include +#include +#include + +#include "crypto_asm.h" +#include "pin_prefix.h" +#include "pin_prefix.c" + +#define TEST(name) printf(" TEST: %s\n", name) +#define PASS() printf(" PASS\n") +#define FAIL(msg) \ + do { \ + printf(" FAIL: %s\n", msg); \ + return 1; \ + } while (0) + +static const uint8_t TEST_SECRET[32] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, + 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20}; + +static int test_derive_words_basic(void) { + TEST("derive words basic"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + uint16_t word1, word2; + + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), &word1, &word2) != 0) + FAIL("derive failed"); + + if (word1 >= BIP39_WORD_COUNT) + FAIL("word1 index out of range"); + if (word2 >= BIP39_WORD_COUNT) + FAIL("word2 index out of range"); + + PASS(); + return 0; +} + +static int test_derive_words_deterministic(void) { + TEST("derive words deterministic"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + uint16_t word1_a, word2_a, word1_b, word2_b; + + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), &word1_a, &word2_a) != 0) + FAIL("first derive failed"); + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), &word1_b, &word2_b) != 0) + FAIL("second derive failed"); + + if (word1_a != word1_b) + FAIL("word1 not deterministic"); + if (word2_a != word2_b) + FAIL("word2 not deterministic"); + + PASS(); + return 0; +} + +static int test_different_prefix_different_words(void) { + TEST("different prefix different words"); + + pin_prefix_t prefix1 = {.digits = {1, 2, 3, 4}, .len = 4}; + pin_prefix_t prefix2 = {.digits = {5, 6, 7, 8}, .len = 4}; + uint16_t word1_a, word2_a, word1_b, word2_b; + + if (pin_prefix_derive_words(&prefix1, TEST_SECRET, sizeof(TEST_SECRET), &word1_a, &word2_a) != 0) + FAIL("first derive failed"); + if (pin_prefix_derive_words(&prefix2, TEST_SECRET, sizeof(TEST_SECRET), &word1_b, &word2_b) != 0) + FAIL("second derive failed"); + + if (word1_a == word1_b && word2_a == word2_b) + FAIL("different prefixes should produce different words"); + + PASS(); + return 0; +} + +static int test_different_secret_different_words(void) { + TEST("different secret different words"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + uint8_t secret2[32]; + memcpy(secret2, TEST_SECRET, sizeof(secret2)); + secret2[0] ^= 0xFF; + + uint16_t word1_a, word2_a, word1_b, word2_b; + + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), &word1_a, &word2_a) != 0) + FAIL("first derive failed"); + if (pin_prefix_derive_words(&prefix, secret2, sizeof(secret2), &word1_b, &word2_b) != 0) + FAIL("second derive failed"); + + if (word1_a == word1_b && word2_a == word2_b) + FAIL("different secrets should produce different words"); + + PASS(); + return 0; +} + +static int test_min_prefix_len(void) { + TEST("minimum prefix length"); + + pin_prefix_t prefix = {.digits = {1, 2}, .len = 2}; + uint16_t word1, word2; + + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), &word1, &word2) != 0) + FAIL("derive with 2 digits should work"); + + PASS(); + return 0; +} + +static int test_prefix_too_short(void) { + TEST("prefix too short"); + + pin_prefix_t prefix = {.digits = {1}, .len = 1}; + uint16_t word1, word2; + + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), &word1, &word2) == 0) + FAIL("should fail with 1 digit"); + + PASS(); + return 0; +} + +static int test_prefix_too_long(void) { + TEST("prefix too long"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 5}; + uint16_t word1, word2; + + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), &word1, &word2) == 0) + FAIL("should fail with 5 digits"); + + PASS(); + return 0; +} + +static int test_null_params(void) { + TEST("null parameters"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + uint16_t word1, word2; + + if (pin_prefix_derive_words(NULL, TEST_SECRET, sizeof(TEST_SECRET), &word1, &word2) == 0) + FAIL("should fail with null prefix"); + if (pin_prefix_derive_words(&prefix, NULL, sizeof(TEST_SECRET), &word1, &word2) == 0) + FAIL("should fail with null secret"); + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), NULL, &word2) == 0) + FAIL("should fail with null word1"); + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), &word1, NULL) == 0) + FAIL("should fail with null word2"); + + PASS(); + return 0; +} + +static int test_zero_secret_len(void) { + TEST("zero secret length"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + uint16_t word1, word2; + + if (pin_prefix_derive_words(&prefix, TEST_SECRET, 0, &word1, &word2) == 0) + FAIL("should fail with zero secret length"); + + PASS(); + return 0; +} + +static int test_bip39_get_word(void) { + TEST("bip39_get_word"); + + const char *first = bip39_get_word(0); + const char *last = bip39_get_word(2047); + + if (!first) + FAIL("first word is null"); + if (!last) + FAIL("last word is null"); + if (strcmp(first, "abandon") != 0) + FAIL("first word should be 'abandon'"); + if (strcmp(last, "zoo") != 0) + FAIL("last word should be 'zoo'"); + if (bip39_get_word(2048) != NULL) + FAIL("out of range should return null"); + + PASS(); + return 0; +} + +static int test_get_words(void) { + TEST("get_words convenience function"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + char word1[16], word2[16]; + + if (pin_prefix_get_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), word1, sizeof(word1), word2, + sizeof(word2)) != 0) + FAIL("get_words failed"); + + if (strlen(word1) == 0) + FAIL("word1 is empty"); + if (strlen(word2) == 0) + FAIL("word2 is empty"); + + PASS(); + return 0; +} + +static int test_get_words_buffer_too_small(void) { + TEST("get_words buffer too small"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + char word1[2], word2[16]; + + if (pin_prefix_get_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), word1, sizeof(word1), word2, + sizeof(word2)) == 0) + FAIL("should fail with small buffer"); + + PASS(); + return 0; +} + +static int test_set_digit(void) { + TEST("set_digit"); + + pin_prefix_t prefix; + pin_prefix_clear(&prefix); + + if (pin_prefix_set_digit(&prefix, 1) != 0) + FAIL("set first digit failed"); + if (pin_prefix_set_digit(&prefix, 2) != 0) + FAIL("set second digit failed"); + if (prefix.len != 2) + FAIL("length should be 2"); + if (prefix.digits[0] != 1 || prefix.digits[1] != 2) + FAIL("digits mismatch"); + + PASS(); + return 0; +} + +static int test_set_digit_overflow(void) { + TEST("set_digit overflow"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + + if (pin_prefix_set_digit(&prefix, 5) == 0) + FAIL("should fail when full"); + + PASS(); + return 0; +} + +static int test_set_digit_invalid(void) { + TEST("set_digit invalid digit"); + + pin_prefix_t prefix; + pin_prefix_clear(&prefix); + + if (pin_prefix_set_digit(&prefix, 10) == 0) + FAIL("should reject digit > 9"); + + PASS(); + return 0; +} + +static int test_is_ready(void) { + TEST("is_ready"); + + pin_prefix_t prefix; + pin_prefix_clear(&prefix); + + if (pin_prefix_is_ready(&prefix)) + FAIL("should not be ready with 0 digits"); + + pin_prefix_set_digit(&prefix, 1); + if (pin_prefix_is_ready(&prefix)) + FAIL("should not be ready with 1 digit"); + + pin_prefix_set_digit(&prefix, 2); + if (!pin_prefix_is_ready(&prefix)) + FAIL("should be ready with 2 digits"); + + PASS(); + return 0; +} + +static int test_clear(void) { + TEST("clear"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + pin_prefix_clear(&prefix); + + if (prefix.len != 0) + FAIL("length should be 0"); + for (int i = 0; i < PIN_PREFIX_MAX_LEN; i++) { + if (prefix.digits[i] != 0) + FAIL("digits should be zeroed"); + } + + PASS(); + return 0; +} + +static int test_word_index_distribution(void) { + TEST("word index distribution"); + + int seen_different = 0; + uint16_t prev_word1 = 0, prev_word2 = 0; + + for (int i = 0; i < 10; i++) { + pin_prefix_t prefix = {.digits = {(uint8_t)i, (uint8_t)((i + 1) % 10)}, .len = 2}; + uint16_t word1, word2; + + if (pin_prefix_derive_words(&prefix, TEST_SECRET, sizeof(TEST_SECRET), &word1, &word2) != 0) + FAIL("derive failed"); + + if (i > 0 && (word1 != prev_word1 || word2 != prev_word2)) { + seen_different = 1; + } + prev_word1 = word1; + prev_word2 = word2; + } + + if (!seen_different) + FAIL("all prefixes produced same words"); + + PASS(); + return 0; +} + +int main(void) { + printf("\n=== PIN Prefix Anti-Phishing Tests ===\n\n"); + + int failures = 0; + failures += test_derive_words_basic(); + failures += test_derive_words_deterministic(); + failures += test_different_prefix_different_words(); + failures += test_different_secret_different_words(); + failures += test_min_prefix_len(); + failures += test_prefix_too_short(); + failures += test_prefix_too_long(); + failures += test_null_params(); + failures += test_zero_secret_len(); + failures += test_bip39_get_word(); + failures += test_get_words(); + failures += test_get_words_buffer_too_small(); + failures += test_set_digit(); + failures += test_set_digit_overflow(); + failures += test_set_digit_invalid(); + failures += test_is_ready(); + failures += test_clear(); + failures += test_word_index_distribution(); + + printf("\n"); + if (failures == 0) { + printf("=== All tests passed ===\n\n"); + return 0; + } else { + printf("=== %d test(s) failed ===\n\n", failures); + return 1; + } +} From 26b2df7c913dfd6ed7f6678e98cd58c27d9a0514 Mon Sep 17 00:00:00 2001 From: "William K. Santiago" Date: Fri, 23 Jan 2026 09:53:18 -0400 Subject: [PATCH 2/5] fix: address security review findings --- main/pin_prefix.c | 6 +++++- test/native/mocks/mbedtls/md.h | 13 +++++++++++++ test/native/test_pin_prefix.c | 14 ++++++++++++++ 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/main/pin_prefix.c b/main/pin_prefix.c index e8cceee..a54cbab 100644 --- a/main/pin_prefix.c +++ b/main/pin_prefix.c @@ -8,9 +8,13 @@ #include #include +_Static_assert(sizeof(BIP39_WORDLIST) / sizeof(BIP39_WORDLIST[0]) == BIP39_WORD_COUNT, + "BIP39_WORDLIST size mismatch"); + #define HMAC_OUTPUT_SIZE 32 #define ANTI_PHISHING_CONTEXT "anti-phishing" #define CONTEXT_LEN 13 +#define SECRET_LEN_MAX 1024 int pin_prefix_derive_words(const pin_prefix_t *prefix, const uint8_t *device_secret, size_t secret_len, uint16_t *word1_index, uint16_t *word2_index) { @@ -20,7 +24,7 @@ int pin_prefix_derive_words(const pin_prefix_t *prefix, const uint8_t *device_se if (prefix->len < PIN_PREFIX_MIN_LEN || prefix->len > PIN_PREFIX_MAX_LEN) { return -1; } - if (secret_len == 0) { + if (secret_len == 0 || secret_len > SECRET_LEN_MAX) { return -1; } diff --git a/test/native/mocks/mbedtls/md.h b/test/native/mocks/mbedtls/md.h index e1ac68f..a7616ee 100644 --- a/test/native/mocks/mbedtls/md.h +++ b/test/native/mocks/mbedtls/md.h @@ -166,6 +166,19 @@ static inline int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsign memcpy(outer, k_opad, 64); memcpy(outer + 64, inner_hash, 32); sha256(outer, 64 + 32, output); + + volatile uint8_t *p; + p = k_ipad; + for (size_t i = 0; i < 64; i++) p[i] = 0; + p = k_opad; + for (size_t i = 0; i < 64; i++) p[i] = 0; + p = tk; + for (size_t i = 0; i < 32; i++) p[i] = 0; + p = inner; + for (size_t i = 0; i < sizeof(inner); i++) p[i] = 0; + p = inner_hash; + for (size_t i = 0; i < 32; i++) p[i] = 0; + return 0; } diff --git a/test/native/test_pin_prefix.c b/test/native/test_pin_prefix.c index f2bfef8..23d1351 100644 --- a/test/native/test_pin_prefix.c +++ b/test/native/test_pin_prefix.c @@ -172,6 +172,19 @@ static int test_zero_secret_len(void) { return 0; } +static int test_secret_len_too_large(void) { + TEST("secret length too large"); + + pin_prefix_t prefix = {.digits = {1, 2, 3, 4}, .len = 4}; + uint16_t word1, word2; + + if (pin_prefix_derive_words(&prefix, TEST_SECRET, 1025, &word1, &word2) == 0) + FAIL("should fail with secret length > 1024"); + + PASS(); + return 0; +} + static int test_bip39_get_word(void) { TEST("bip39_get_word"); @@ -348,6 +361,7 @@ int main(void) { failures += test_prefix_too_long(); failures += test_null_params(); failures += test_zero_secret_len(); + failures += test_secret_len_too_large(); failures += test_bip39_get_word(); failures += test_get_words(); failures += test_get_words_buffer_too_small(); From 86342e08e62e7b73fdb6d81af4aa0c2a9b157bea Mon Sep 17 00:00:00 2001 From: "William K. Santiago" Date: Fri, 23 Jan 2026 09:57:39 -0400 Subject: [PATCH 3/5] Simplify pin_prefix validation and use secure_memzero in mock --- main/pin_prefix.c | 26 ++++++-------------------- test/native/mocks/mbedtls/md.h | 18 +++++++----------- 2 files changed, 13 insertions(+), 31 deletions(-) diff --git a/main/pin_prefix.c b/main/pin_prefix.c index a54cbab..10d8a61 100644 --- a/main/pin_prefix.c +++ b/main/pin_prefix.c @@ -18,15 +18,12 @@ _Static_assert(sizeof(BIP39_WORDLIST) / sizeof(BIP39_WORDLIST[0]) == BIP39_WORD_ int pin_prefix_derive_words(const pin_prefix_t *prefix, const uint8_t *device_secret, size_t secret_len, uint16_t *word1_index, uint16_t *word2_index) { - if (!prefix || !device_secret || !word1_index || !word2_index) { + if (!prefix || !device_secret || !word1_index || !word2_index) return -1; - } - if (prefix->len < PIN_PREFIX_MIN_LEN || prefix->len > PIN_PREFIX_MAX_LEN) { + if (prefix->len < PIN_PREFIX_MIN_LEN || prefix->len > PIN_PREFIX_MAX_LEN) return -1; - } - if (secret_len == 0 || secret_len > SECRET_LEN_MAX) { + if (secret_len == 0 || secret_len > SECRET_LEN_MAX) return -1; - } uint8_t input[CONTEXT_LEN + PIN_PREFIX_MAX_LEN]; memcpy(input, ANTI_PHISHING_CONTEXT, CONTEXT_LEN); @@ -61,9 +58,8 @@ const char *bip39_get_word(uint16_t index) { int pin_prefix_get_words(const pin_prefix_t *prefix, const uint8_t *device_secret, size_t secret_len, char *word1, size_t word1_size, char *word2, size_t word2_size) { - if (!word1 || !word2 || word1_size == 0 || word2_size == 0) { + if (!word1 || !word2 || word1_size == 0 || word2_size == 0) return -1; - } uint16_t idx1, idx2; if (pin_prefix_derive_words(prefix, device_secret, secret_len, &idx1, &idx2) != 0) { @@ -88,15 +84,8 @@ int pin_prefix_get_words(const pin_prefix_t *prefix, const uint8_t *device_secre } int pin_prefix_set_digit(pin_prefix_t *prefix, uint8_t digit) { - if (!prefix) { - return -1; - } - if (digit > 9) { - return -1; - } - if (prefix->len >= PIN_PREFIX_MAX_LEN) { + if (!prefix || digit > 9 || prefix->len >= PIN_PREFIX_MAX_LEN) return -1; - } prefix->digits[prefix->len++] = digit; return 0; } @@ -108,8 +97,5 @@ void pin_prefix_clear(pin_prefix_t *prefix) { } bool pin_prefix_is_ready(const pin_prefix_t *prefix) { - if (!prefix) { - return false; - } - return prefix->len >= PIN_PREFIX_MIN_LEN; + return prefix && prefix->len >= PIN_PREFIX_MIN_LEN; } diff --git a/test/native/mocks/mbedtls/md.h b/test/native/mocks/mbedtls/md.h index a7616ee..06da503 100644 --- a/test/native/mocks/mbedtls/md.h +++ b/test/native/mocks/mbedtls/md.h @@ -5,6 +5,8 @@ #include #include +#include "crypto_asm.h" + typedef enum { MBEDTLS_MD_SHA256 = 6 } mbedtls_md_type_t; typedef struct mbedtls_md_info_t { @@ -167,17 +169,11 @@ static inline int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsign memcpy(outer + 64, inner_hash, 32); sha256(outer, 64 + 32, output); - volatile uint8_t *p; - p = k_ipad; - for (size_t i = 0; i < 64; i++) p[i] = 0; - p = k_opad; - for (size_t i = 0; i < 64; i++) p[i] = 0; - p = tk; - for (size_t i = 0; i < 32; i++) p[i] = 0; - p = inner; - for (size_t i = 0; i < sizeof(inner); i++) p[i] = 0; - p = inner_hash; - for (size_t i = 0; i < 32; i++) p[i] = 0; + secure_memzero(k_ipad, sizeof(k_ipad)); + secure_memzero(k_opad, sizeof(k_opad)); + secure_memzero(tk, sizeof(tk)); + secure_memzero(inner, sizeof(inner)); + secure_memzero(inner_hash, sizeof(inner_hash)); return 0; } From 6517e3b7c1a5b3339586ceb8316fccb0b1dfc912 Mon Sep 17 00:00:00 2001 From: "William K. Santiago" Date: Fri, 23 Jan 2026 10:02:32 -0400 Subject: [PATCH 4/5] Apply clang-format to fix CI formatting check --- main/bip39_wordlist.h | 2304 ++++----------------------------- test/native/test_pin_prefix.c | 13 +- 2 files changed, 263 insertions(+), 2054 deletions(-) diff --git a/main/bip39_wordlist.h b/main/bip39_wordlist.h index 763297a..8ef6a10 100644 --- a/main/bip39_wordlist.h +++ b/main/bip39_wordlist.h @@ -5,2054 +5,262 @@ #define BIP39_WORDLIST_H static const char *const BIP39_WORDLIST[2048] = { - "abandon", - "ability", - "able", - "about", - "above", - "absent", - "absorb", - "abstract", - "absurd", - "abuse", - "access", - "accident", - "account", - "accuse", - "achieve", - "acid", - "acoustic", - "acquire", - "across", - "act", - "action", - "actor", - "actress", - "actual", - "adapt", - "add", - "addict", - "address", - "adjust", - "admit", - "adult", - "advance", - "advice", - "aerobic", - "affair", - "afford", - "afraid", - "again", - "age", - "agent", - "agree", - "ahead", - "aim", - "air", - "airport", - "aisle", - "alarm", - "album", - "alcohol", - "alert", - "alien", - "all", - "alley", - "allow", - "almost", - "alone", - "alpha", - "already", - "also", - "alter", - "always", - "amateur", - "amazing", - "among", - "amount", - "amused", - "analyst", - "anchor", - "ancient", - "anger", - "angle", - "angry", - "animal", - "ankle", - "announce", - "annual", - "another", - "answer", - "antenna", - "antique", - "anxiety", - "any", - "apart", - "apology", - "appear", - "apple", - "approve", - "april", - "arch", - "arctic", - "area", - "arena", - "argue", - "arm", - "armed", - "armor", - "army", - "around", - "arrange", - "arrest", - "arrive", - "arrow", - "art", - "artefact", - "artist", - "artwork", - "ask", - "aspect", - "assault", - "asset", - "assist", - "assume", - "asthma", - "athlete", - "atom", - "attack", - "attend", - "attitude", - "attract", - "auction", - "audit", - "august", - "aunt", - "author", - "auto", - "autumn", - "average", - "avocado", - "avoid", - "awake", - "aware", - "away", - "awesome", - "awful", - "awkward", - "axis", - "baby", - "bachelor", - "bacon", - "badge", - "bag", - "balance", - "balcony", - "ball", - "bamboo", - "banana", - "banner", - "bar", - "barely", - "bargain", - "barrel", - "base", - "basic", - "basket", - "battle", - "beach", - "bean", - "beauty", - "because", - "become", - "beef", - "before", - "begin", - "behave", - "behind", - "believe", - "below", - "belt", - "bench", - "benefit", - "best", - "betray", - "better", - "between", - "beyond", - "bicycle", - "bid", - "bike", - "bind", - "biology", - "bird", - "birth", - "bitter", - "black", - "blade", - "blame", - "blanket", - "blast", - "bleak", - "bless", - "blind", - "blood", - "blossom", - "blouse", - "blue", - "blur", - "blush", - "board", - "boat", - "body", - "boil", - "bomb", - "bone", - "bonus", - "book", - "boost", - "border", - "boring", - "borrow", - "boss", - "bottom", - "bounce", - "box", - "boy", - "bracket", - "brain", - "brand", - "brass", - "brave", - "bread", - "breeze", - "brick", - "bridge", - "brief", - "bright", - "bring", - "brisk", - "broccoli", - "broken", - "bronze", - "broom", - "brother", - "brown", - "brush", - "bubble", - "buddy", - "budget", - "buffalo", - "build", - "bulb", - "bulk", - "bullet", - "bundle", - "bunker", - "burden", - "burger", - "burst", - "bus", - "business", - "busy", - "butter", - "buyer", - "buzz", - "cabbage", - "cabin", - "cable", - "cactus", - "cage", - "cake", - "call", - "calm", - "camera", - "camp", - "can", - "canal", - "cancel", - "candy", - "cannon", - "canoe", - "canvas", - "canyon", - "capable", - "capital", - "captain", - "car", - "carbon", - "card", - "cargo", - "carpet", - "carry", - "cart", - "case", - "cash", - "casino", - "castle", - "casual", - "cat", - "catalog", - "catch", - "category", - "cattle", - "caught", - "cause", - "caution", - "cave", - "ceiling", - "celery", - "cement", - "census", - "century", - "cereal", - "certain", - "chair", - "chalk", - "champion", - "change", - "chaos", - "chapter", - "charge", - "chase", - "chat", - "cheap", - "check", - "cheese", - "chef", - "cherry", - "chest", - "chicken", - "chief", - "child", - "chimney", - "choice", - "choose", - "chronic", - "chuckle", - "chunk", - "churn", - "cigar", - "cinnamon", - "circle", - "citizen", - "city", - "civil", - "claim", - "clap", - "clarify", - "claw", - "clay", - "clean", - "clerk", - "clever", - "click", - "client", - "cliff", - "climb", - "clinic", - "clip", - "clock", - "clog", - "close", - "cloth", - "cloud", - "clown", - "club", - "clump", - "cluster", - "clutch", - "coach", - "coast", - "coconut", - "code", - "coffee", - "coil", - "coin", - "collect", - "color", - "column", - "combine", - "come", - "comfort", - "comic", - "common", - "company", - "concert", - "conduct", - "confirm", - "congress", - "connect", - "consider", - "control", - "convince", - "cook", - "cool", - "copper", - "copy", - "coral", - "core", - "corn", - "correct", - "cost", - "cotton", - "couch", - "country", - "couple", - "course", - "cousin", - "cover", - "coyote", - "crack", - "cradle", - "craft", - "cram", - "crane", - "crash", - "crater", - "crawl", - "crazy", - "cream", - "credit", - "creek", - "crew", - "cricket", - "crime", - "crisp", - "critic", - "crop", - "cross", - "crouch", - "crowd", - "crucial", - "cruel", - "cruise", - "crumble", - "crunch", - "crush", - "cry", - "crystal", - "cube", - "culture", - "cup", - "cupboard", - "curious", - "current", - "curtain", - "curve", - "cushion", - "custom", - "cute", - "cycle", - "dad", - "damage", - "damp", - "dance", - "danger", - "daring", - "dash", - "daughter", - "dawn", - "day", - "deal", - "debate", - "debris", - "decade", - "december", - "decide", - "decline", - "decorate", - "decrease", - "deer", - "defense", - "define", - "defy", - "degree", - "delay", - "deliver", - "demand", - "demise", - "denial", - "dentist", - "deny", - "depart", - "depend", - "deposit", - "depth", - "deputy", - "derive", - "describe", - "desert", - "design", - "desk", - "despair", - "destroy", - "detail", - "detect", - "develop", - "device", - "devote", - "diagram", - "dial", - "diamond", - "diary", - "dice", - "diesel", - "diet", - "differ", - "digital", - "dignity", - "dilemma", - "dinner", - "dinosaur", - "direct", - "dirt", - "disagree", - "discover", - "disease", - "dish", - "dismiss", - "disorder", - "display", - "distance", - "divert", - "divide", - "divorce", - "dizzy", - "doctor", - "document", - "dog", - "doll", - "dolphin", - "domain", - "donate", - "donkey", - "donor", - "door", - "dose", - "double", - "dove", - "draft", - "dragon", - "drama", - "drastic", - "draw", - "dream", - "dress", - "drift", - "drill", - "drink", - "drip", - "drive", - "drop", - "drum", - "dry", - "duck", - "dumb", - "dune", - "during", - "dust", - "dutch", - "duty", - "dwarf", - "dynamic", - "eager", - "eagle", - "early", - "earn", - "earth", - "easily", - "east", - "easy", - "echo", - "ecology", - "economy", - "edge", - "edit", - "educate", - "effort", - "egg", - "eight", - "either", - "elbow", - "elder", - "electric", - "elegant", - "element", - "elephant", - "elevator", - "elite", - "else", - "embark", - "embody", - "embrace", - "emerge", - "emotion", - "employ", - "empower", - "empty", - "enable", - "enact", - "end", - "endless", - "endorse", - "enemy", - "energy", - "enforce", - "engage", - "engine", - "enhance", - "enjoy", - "enlist", - "enough", - "enrich", - "enroll", - "ensure", - "enter", - "entire", - "entry", - "envelope", - "episode", - "equal", - "equip", - "era", - "erase", - "erode", - "erosion", - "error", - "erupt", - "escape", - "essay", - "essence", - "estate", - "eternal", - "ethics", - "evidence", - "evil", - "evoke", - "evolve", - "exact", - "example", - "excess", - "exchange", - "excite", - "exclude", - "excuse", - "execute", - "exercise", - "exhaust", - "exhibit", - "exile", - "exist", - "exit", - "exotic", - "expand", - "expect", - "expire", - "explain", - "expose", - "express", - "extend", - "extra", - "eye", - "eyebrow", - "fabric", - "face", - "faculty", - "fade", - "faint", - "faith", - "fall", - "false", - "fame", - "family", - "famous", - "fan", - "fancy", - "fantasy", - "farm", - "fashion", - "fat", - "fatal", - "father", - "fatigue", - "fault", - "favorite", - "feature", - "february", - "federal", - "fee", - "feed", - "feel", - "female", - "fence", - "festival", - "fetch", - "fever", - "few", - "fiber", - "fiction", - "field", - "figure", - "file", - "film", - "filter", - "final", - "find", - "fine", - "finger", - "finish", - "fire", - "firm", - "first", - "fiscal", - "fish", - "fit", - "fitness", - "fix", - "flag", - "flame", - "flash", - "flat", - "flavor", - "flee", - "flight", - "flip", - "float", - "flock", - "floor", - "flower", - "fluid", - "flush", - "fly", - "foam", - "focus", - "fog", - "foil", - "fold", - "follow", - "food", - "foot", - "force", - "forest", - "forget", - "fork", - "fortune", - "forum", - "forward", - "fossil", - "foster", - "found", - "fox", - "fragile", - "frame", - "frequent", - "fresh", - "friend", - "fringe", - "frog", - "front", - "frost", - "frown", - "frozen", - "fruit", - "fuel", - "fun", - "funny", - "furnace", - "fury", - "future", - "gadget", - "gain", - "galaxy", - "gallery", - "game", - "gap", - "garage", - "garbage", - "garden", - "garlic", - "garment", - "gas", - "gasp", - "gate", - "gather", - "gauge", - "gaze", - "general", - "genius", - "genre", - "gentle", - "genuine", - "gesture", - "ghost", - "giant", - "gift", - "giggle", - "ginger", - "giraffe", - "girl", - "give", - "glad", - "glance", - "glare", - "glass", - "glide", - "glimpse", - "globe", - "gloom", - "glory", - "glove", - "glow", - "glue", - "goat", - "goddess", - "gold", - "good", - "goose", - "gorilla", - "gospel", - "gossip", - "govern", - "gown", - "grab", - "grace", - "grain", - "grant", - "grape", - "grass", - "gravity", - "great", - "green", - "grid", - "grief", - "grit", - "grocery", - "group", - "grow", - "grunt", - "guard", - "guess", - "guide", - "guilt", - "guitar", - "gun", - "gym", - "habit", - "hair", - "half", - "hammer", - "hamster", - "hand", - "happy", - "harbor", - "hard", - "harsh", - "harvest", - "hat", - "have", - "hawk", - "hazard", - "head", - "health", - "heart", - "heavy", - "hedgehog", - "height", - "hello", - "helmet", - "help", - "hen", - "hero", - "hidden", - "high", - "hill", - "hint", - "hip", - "hire", - "history", - "hobby", - "hockey", - "hold", - "hole", - "holiday", - "hollow", - "home", - "honey", - "hood", - "hope", - "horn", - "horror", - "horse", - "hospital", - "host", - "hotel", - "hour", - "hover", - "hub", - "huge", - "human", - "humble", - "humor", - "hundred", - "hungry", - "hunt", - "hurdle", - "hurry", - "hurt", - "husband", - "hybrid", - "ice", - "icon", - "idea", - "identify", - "idle", - "ignore", - "ill", - "illegal", - "illness", - "image", - "imitate", - "immense", - "immune", - "impact", - "impose", - "improve", - "impulse", - "inch", - "include", - "income", - "increase", - "index", - "indicate", - "indoor", - "industry", - "infant", - "inflict", - "inform", - "inhale", - "inherit", - "initial", - "inject", - "injury", - "inmate", - "inner", - "innocent", - "input", - "inquiry", - "insane", - "insect", - "inside", - "inspire", - "install", - "intact", - "interest", - "into", - "invest", - "invite", - "involve", - "iron", - "island", - "isolate", - "issue", - "item", - "ivory", - "jacket", - "jaguar", - "jar", - "jazz", - "jealous", - "jeans", - "jelly", - "jewel", - "job", - "join", - "joke", - "journey", - "joy", - "judge", - "juice", - "jump", - "jungle", - "junior", - "junk", - "just", - "kangaroo", - "keen", - "keep", - "ketchup", - "key", - "kick", - "kid", - "kidney", - "kind", - "kingdom", - "kiss", - "kit", - "kitchen", - "kite", - "kitten", - "kiwi", - "knee", - "knife", - "knock", - "know", - "lab", - "label", - "labor", - "ladder", - "lady", - "lake", - "lamp", - "language", - "laptop", - "large", - "later", - "latin", - "laugh", - "laundry", - "lava", - "law", - "lawn", - "lawsuit", - "layer", - "lazy", - "leader", - "leaf", - "learn", - "leave", - "lecture", - "left", - "leg", - "legal", - "legend", - "leisure", - "lemon", - "lend", - "length", - "lens", - "leopard", - "lesson", - "letter", - "level", - "liar", - "liberty", - "library", - "license", - "life", - "lift", - "light", - "like", - "limb", - "limit", - "link", - "lion", - "liquid", - "list", - "little", - "live", - "lizard", - "load", - "loan", - "lobster", - "local", - "lock", - "logic", - "lonely", - "long", - "loop", - "lottery", - "loud", - "lounge", - "love", - "loyal", - "lucky", - "luggage", - "lumber", - "lunar", - "lunch", - "luxury", - "lyrics", - "machine", - "mad", - "magic", - "magnet", - "maid", - "mail", - "main", - "major", - "make", - "mammal", - "man", - "manage", - "mandate", - "mango", - "mansion", - "manual", - "maple", - "marble", - "march", - "margin", - "marine", - "market", - "marriage", - "mask", - "mass", - "master", - "match", - "material", - "math", - "matrix", - "matter", - "maximum", - "maze", - "meadow", - "mean", - "measure", - "meat", - "mechanic", - "medal", - "media", - "melody", - "melt", - "member", - "memory", - "mention", - "menu", - "mercy", - "merge", - "merit", - "merry", - "mesh", - "message", - "metal", - "method", - "middle", - "midnight", - "milk", - "million", - "mimic", - "mind", - "minimum", - "minor", - "minute", - "miracle", - "mirror", - "misery", - "miss", - "mistake", - "mix", - "mixed", - "mixture", - "mobile", - "model", - "modify", - "mom", - "moment", - "monitor", - "monkey", - "monster", - "month", - "moon", - "moral", - "more", - "morning", - "mosquito", - "mother", - "motion", - "motor", - "mountain", - "mouse", - "move", - "movie", - "much", - "muffin", - "mule", - "multiply", - "muscle", - "museum", - "mushroom", - "music", - "must", - "mutual", - "myself", - "mystery", - "myth", - "naive", - "name", - "napkin", - "narrow", - "nasty", - "nation", - "nature", - "near", - "neck", - "need", - "negative", - "neglect", - "neither", - "nephew", - "nerve", - "nest", - "net", - "network", - "neutral", - "never", - "news", - "next", - "nice", - "night", - "noble", - "noise", - "nominee", - "noodle", - "normal", - "north", - "nose", - "notable", - "note", - "nothing", - "notice", - "novel", - "now", - "nuclear", - "number", - "nurse", - "nut", - "oak", - "obey", - "object", - "oblige", - "obscure", - "observe", - "obtain", - "obvious", - "occur", - "ocean", - "october", - "odor", - "off", - "offer", - "office", - "often", - "oil", - "okay", - "old", - "olive", - "olympic", - "omit", - "once", - "one", - "onion", - "online", - "only", - "open", - "opera", - "opinion", - "oppose", - "option", - "orange", - "orbit", - "orchard", - "order", - "ordinary", - "organ", - "orient", - "original", - "orphan", - "ostrich", - "other", - "outdoor", - "outer", - "output", - "outside", - "oval", - "oven", - "over", - "own", - "owner", - "oxygen", - "oyster", - "ozone", - "pact", - "paddle", - "page", - "pair", - "palace", - "palm", - "panda", - "panel", - "panic", - "panther", - "paper", - "parade", - "parent", - "park", - "parrot", - "party", - "pass", - "patch", - "path", - "patient", - "patrol", - "pattern", - "pause", - "pave", - "payment", - "peace", - "peanut", - "pear", - "peasant", - "pelican", - "pen", - "penalty", - "pencil", - "people", - "pepper", - "perfect", - "permit", - "person", - "pet", - "phone", - "photo", - "phrase", - "physical", - "piano", - "picnic", - "picture", - "piece", - "pig", - "pigeon", - "pill", - "pilot", - "pink", - "pioneer", - "pipe", - "pistol", - "pitch", - "pizza", - "place", - "planet", - "plastic", - "plate", - "play", - "please", - "pledge", - "pluck", - "plug", - "plunge", - "poem", - "poet", - "point", - "polar", - "pole", - "police", - "pond", - "pony", - "pool", - "popular", - "portion", - "position", - "possible", - "post", - "potato", - "pottery", - "poverty", - "powder", - "power", - "practice", - "praise", - "predict", - "prefer", - "prepare", - "present", - "pretty", - "prevent", - "price", - "pride", - "primary", - "print", - "priority", - "prison", - "private", - "prize", - "problem", - "process", - "produce", - "profit", - "program", - "project", - "promote", - "proof", - "property", - "prosper", - "protect", - "proud", - "provide", - "public", - "pudding", - "pull", - "pulp", - "pulse", - "pumpkin", - "punch", - "pupil", - "puppy", - "purchase", - "purity", - "purpose", - "purse", - "push", - "put", - "puzzle", - "pyramid", - "quality", - "quantum", - "quarter", - "question", - "quick", - "quit", - "quiz", - "quote", - "rabbit", - "raccoon", - "race", - "rack", - "radar", - "radio", - "rail", - "rain", - "raise", - "rally", - "ramp", - "ranch", - "random", - "range", - "rapid", - "rare", - "rate", - "rather", - "raven", - "raw", - "razor", - "ready", - "real", - "reason", - "rebel", - "rebuild", - "recall", - "receive", - "recipe", - "record", - "recycle", - "reduce", - "reflect", - "reform", - "refuse", - "region", - "regret", - "regular", - "reject", - "relax", - "release", - "relief", - "rely", - "remain", - "remember", - "remind", - "remove", - "render", - "renew", - "rent", - "reopen", - "repair", - "repeat", - "replace", - "report", - "require", - "rescue", - "resemble", - "resist", - "resource", - "response", - "result", - "retire", - "retreat", - "return", - "reunion", - "reveal", - "review", - "reward", - "rhythm", - "rib", - "ribbon", - "rice", - "rich", - "ride", - "ridge", - "rifle", - "right", - "rigid", - "ring", - "riot", - "ripple", - "risk", - "ritual", - "rival", - "river", - "road", - "roast", - "robot", - "robust", - "rocket", - "romance", - "roof", - "rookie", - "room", - "rose", - "rotate", - "rough", - "round", - "route", - "royal", - "rubber", - "rude", - "rug", - "rule", - "run", - "runway", - "rural", - "sad", - "saddle", - "sadness", - "safe", - "sail", - "salad", - "salmon", - "salon", - "salt", - "salute", - "same", - "sample", - "sand", - "satisfy", - "satoshi", - "sauce", - "sausage", - "save", - "say", - "scale", - "scan", - "scare", - "scatter", - "scene", - "scheme", - "school", - "science", - "scissors", - "scorpion", - "scout", - "scrap", - "screen", - "script", - "scrub", - "sea", - "search", - "season", - "seat", - "second", - "secret", - "section", - "security", - "seed", - "seek", - "segment", - "select", - "sell", - "seminar", - "senior", - "sense", - "sentence", - "series", - "service", - "session", - "settle", - "setup", - "seven", - "shadow", - "shaft", - "shallow", - "share", - "shed", - "shell", - "sheriff", - "shield", - "shift", - "shine", - "ship", - "shiver", - "shock", - "shoe", - "shoot", - "shop", - "short", - "shoulder", - "shove", - "shrimp", - "shrug", - "shuffle", - "shy", - "sibling", - "sick", - "side", - "siege", - "sight", - "sign", - "silent", - "silk", - "silly", - "silver", - "similar", - "simple", - "since", - "sing", - "siren", - "sister", - "situate", - "six", - "size", - "skate", - "sketch", - "ski", - "skill", - "skin", - "skirt", - "skull", - "slab", - "slam", - "sleep", - "slender", - "slice", - "slide", - "slight", - "slim", - "slogan", - "slot", - "slow", - "slush", - "small", - "smart", - "smile", - "smoke", - "smooth", - "snack", - "snake", - "snap", - "sniff", - "snow", - "soap", - "soccer", - "social", - "sock", - "soda", - "soft", - "solar", - "soldier", - "solid", - "solution", - "solve", - "someone", - "song", - "soon", - "sorry", - "sort", - "soul", - "sound", - "soup", - "source", - "south", - "space", - "spare", - "spatial", - "spawn", - "speak", - "special", - "speed", - "spell", - "spend", - "sphere", - "spice", - "spider", - "spike", - "spin", - "spirit", - "split", - "spoil", - "sponsor", - "spoon", - "sport", - "spot", - "spray", - "spread", - "spring", - "spy", - "square", - "squeeze", - "squirrel", - "stable", - "stadium", - "staff", - "stage", - "stairs", - "stamp", - "stand", - "start", - "state", - "stay", - "steak", - "steel", - "stem", - "step", - "stereo", - "stick", - "still", - "sting", - "stock", - "stomach", - "stone", - "stool", - "story", - "stove", - "strategy", - "street", - "strike", - "strong", - "struggle", - "student", - "stuff", - "stumble", - "style", - "subject", - "submit", - "subway", - "success", - "such", - "sudden", - "suffer", - "sugar", - "suggest", - "suit", - "summer", - "sun", - "sunny", - "sunset", - "super", - "supply", - "supreme", - "sure", - "surface", - "surge", - "surprise", - "surround", - "survey", - "suspect", - "sustain", - "swallow", - "swamp", - "swap", - "swarm", - "swear", - "sweet", - "swift", - "swim", - "swing", - "switch", - "sword", - "symbol", - "symptom", - "syrup", - "system", - "table", - "tackle", - "tag", - "tail", - "talent", - "talk", - "tank", - "tape", - "target", - "task", - "taste", - "tattoo", - "taxi", - "teach", - "team", - "tell", - "ten", - "tenant", - "tennis", - "tent", - "term", - "test", - "text", - "thank", - "that", - "theme", - "then", - "theory", - "there", - "they", - "thing", - "this", - "thought", - "three", - "thrive", - "throw", - "thumb", - "thunder", - "ticket", - "tide", - "tiger", - "tilt", - "timber", - "time", - "tiny", - "tip", - "tired", - "tissue", - "title", - "toast", - "tobacco", - "today", - "toddler", - "toe", - "together", - "toilet", - "token", - "tomato", - "tomorrow", - "tone", - "tongue", - "tonight", - "tool", - "tooth", - "top", - "topic", - "topple", - "torch", - "tornado", - "tortoise", - "toss", - "total", - "tourist", - "toward", - "tower", - "town", - "toy", - "track", - "trade", - "traffic", - "tragic", - "train", - "transfer", - "trap", - "trash", - "travel", - "tray", - "treat", - "tree", - "trend", - "trial", - "tribe", - "trick", - "trigger", - "trim", - "trip", - "trophy", - "trouble", - "truck", - "true", - "truly", - "trumpet", - "trust", - "truth", - "try", - "tube", - "tuition", - "tumble", - "tuna", - "tunnel", - "turkey", - "turn", - "turtle", - "twelve", - "twenty", - "twice", - "twin", - "twist", - "two", - "type", - "typical", - "ugly", - "umbrella", - "unable", - "unaware", - "uncle", - "uncover", - "under", - "undo", - "unfair", - "unfold", - "unhappy", - "uniform", - "unique", - "unit", - "universe", - "unknown", - "unlock", - "until", - "unusual", - "unveil", - "update", - "upgrade", - "uphold", - "upon", - "upper", - "upset", - "urban", - "urge", - "usage", - "use", - "used", - "useful", - "useless", - "usual", - "utility", - "vacant", - "vacuum", - "vague", - "valid", - "valley", - "valve", - "van", - "vanish", - "vapor", - "various", - "vast", - "vault", - "vehicle", - "velvet", - "vendor", - "venture", - "venue", - "verb", - "verify", - "version", - "very", - "vessel", - "veteran", - "viable", - "vibrant", - "vicious", - "victory", - "video", - "view", - "village", - "vintage", - "violin", - "virtual", - "virus", - "visa", - "visit", - "visual", - "vital", - "vivid", - "vocal", - "voice", - "void", - "volcano", - "volume", - "vote", - "voyage", - "wage", - "wagon", - "wait", - "walk", - "wall", - "walnut", - "want", - "warfare", - "warm", - "warrior", - "wash", - "wasp", - "waste", - "water", - "wave", - "way", - "wealth", - "weapon", - "wear", - "weasel", - "weather", - "web", - "wedding", - "weekend", - "weird", - "welcome", - "west", - "wet", - "whale", - "what", - "wheat", - "wheel", - "when", - "where", - "whip", - "whisper", - "wide", - "width", - "wife", - "wild", - "will", - "win", - "window", - "wine", - "wing", - "wink", - "winner", - "winter", - "wire", - "wisdom", - "wise", - "wish", - "witness", - "wolf", - "woman", - "wonder", - "wood", - "wool", - "word", - "work", - "world", - "worry", - "worth", - "wrap", - "wreck", - "wrestle", - "wrist", - "write", - "wrong", - "yard", - "year", - "yellow", - "you", - "young", - "youth", - "zebra", - "zero", - "zone", - "zoo", + "abandon", "ability", "able", "about", "above", "absent", "absorb", "abstract", + "absurd", "abuse", "access", "accident", "account", "accuse", "achieve", "acid", + "acoustic", "acquire", "across", "act", "action", "actor", "actress", "actual", + "adapt", "add", "addict", "address", "adjust", "admit", "adult", "advance", + "advice", "aerobic", "affair", "afford", "afraid", "again", "age", "agent", + "agree", "ahead", "aim", "air", "airport", "aisle", "alarm", "album", + "alcohol", "alert", "alien", "all", "alley", "allow", "almost", "alone", + "alpha", "already", "also", "alter", "always", "amateur", "amazing", "among", + "amount", "amused", "analyst", "anchor", "ancient", "anger", "angle", "angry", + "animal", "ankle", "announce", "annual", "another", "answer", "antenna", "antique", + "anxiety", "any", "apart", "apology", "appear", "apple", "approve", "april", + "arch", "arctic", "area", "arena", "argue", "arm", "armed", "armor", + "army", "around", "arrange", "arrest", "arrive", "arrow", "art", "artefact", + "artist", "artwork", "ask", "aspect", "assault", "asset", "assist", "assume", + "asthma", "athlete", "atom", "attack", "attend", "attitude", "attract", "auction", + "audit", "august", "aunt", "author", "auto", "autumn", "average", "avocado", + "avoid", "awake", "aware", "away", "awesome", "awful", "awkward", "axis", + "baby", "bachelor", "bacon", "badge", "bag", "balance", "balcony", "ball", + "bamboo", "banana", "banner", "bar", "barely", "bargain", "barrel", "base", + "basic", "basket", "battle", "beach", "bean", "beauty", "because", "become", + "beef", "before", "begin", "behave", "behind", "believe", "below", "belt", + "bench", "benefit", "best", "betray", "better", "between", "beyond", "bicycle", + "bid", "bike", "bind", "biology", "bird", "birth", "bitter", "black", + "blade", "blame", "blanket", "blast", "bleak", "bless", "blind", "blood", + "blossom", "blouse", "blue", "blur", "blush", "board", "boat", "body", + "boil", "bomb", "bone", "bonus", "book", "boost", "border", "boring", + "borrow", "boss", "bottom", "bounce", "box", "boy", "bracket", "brain", + "brand", "brass", "brave", "bread", "breeze", "brick", "bridge", "brief", + "bright", "bring", "brisk", "broccoli", "broken", "bronze", "broom", "brother", + "brown", "brush", "bubble", "buddy", "budget", "buffalo", "build", "bulb", + "bulk", "bullet", "bundle", "bunker", "burden", "burger", "burst", "bus", + "business", "busy", "butter", "buyer", "buzz", "cabbage", "cabin", "cable", + "cactus", "cage", "cake", "call", "calm", "camera", "camp", "can", + "canal", "cancel", "candy", "cannon", "canoe", "canvas", "canyon", "capable", + "capital", "captain", "car", "carbon", "card", "cargo", "carpet", "carry", + "cart", "case", "cash", "casino", "castle", "casual", "cat", "catalog", + "catch", "category", "cattle", "caught", "cause", "caution", "cave", "ceiling", + "celery", "cement", "census", "century", "cereal", "certain", "chair", "chalk", + "champion", "change", "chaos", "chapter", "charge", "chase", "chat", "cheap", + "check", "cheese", "chef", "cherry", "chest", "chicken", "chief", "child", + "chimney", "choice", "choose", "chronic", "chuckle", "chunk", "churn", "cigar", + "cinnamon", "circle", "citizen", "city", "civil", "claim", "clap", "clarify", + "claw", "clay", "clean", "clerk", "clever", "click", "client", "cliff", + "climb", "clinic", "clip", "clock", "clog", "close", "cloth", "cloud", + "clown", "club", "clump", "cluster", "clutch", "coach", "coast", "coconut", + "code", "coffee", "coil", "coin", "collect", "color", "column", "combine", + "come", "comfort", "comic", "common", "company", "concert", "conduct", "confirm", + "congress", "connect", "consider", "control", "convince", "cook", "cool", "copper", + "copy", "coral", "core", "corn", "correct", "cost", "cotton", "couch", + "country", "couple", "course", "cousin", "cover", "coyote", "crack", "cradle", + "craft", "cram", "crane", "crash", "crater", "crawl", "crazy", "cream", + "credit", "creek", "crew", "cricket", "crime", "crisp", "critic", "crop", + "cross", "crouch", "crowd", "crucial", "cruel", "cruise", "crumble", "crunch", + "crush", "cry", "crystal", "cube", "culture", "cup", "cupboard", "curious", + "current", "curtain", "curve", "cushion", "custom", "cute", "cycle", "dad", + "damage", "damp", "dance", "danger", "daring", "dash", "daughter", "dawn", + "day", "deal", "debate", "debris", "decade", "december", "decide", "decline", + "decorate", "decrease", "deer", "defense", "define", "defy", "degree", "delay", + "deliver", "demand", "demise", "denial", "dentist", "deny", "depart", "depend", + "deposit", "depth", "deputy", "derive", "describe", "desert", "design", "desk", + "despair", "destroy", "detail", "detect", "develop", "device", "devote", "diagram", + "dial", "diamond", "diary", "dice", "diesel", "diet", "differ", "digital", + "dignity", "dilemma", "dinner", "dinosaur", "direct", "dirt", "disagree", "discover", + "disease", "dish", "dismiss", "disorder", "display", "distance", "divert", "divide", + "divorce", "dizzy", "doctor", "document", "dog", "doll", "dolphin", "domain", + "donate", "donkey", "donor", "door", "dose", "double", "dove", "draft", + "dragon", "drama", "drastic", "draw", "dream", "dress", "drift", "drill", + "drink", "drip", "drive", "drop", "drum", "dry", "duck", "dumb", + "dune", "during", "dust", "dutch", "duty", "dwarf", "dynamic", "eager", + "eagle", "early", "earn", "earth", "easily", "east", "easy", "echo", + "ecology", "economy", "edge", "edit", "educate", "effort", "egg", "eight", + "either", "elbow", "elder", "electric", "elegant", "element", "elephant", "elevator", + "elite", "else", "embark", "embody", "embrace", "emerge", "emotion", "employ", + "empower", "empty", "enable", "enact", "end", "endless", "endorse", "enemy", + "energy", "enforce", "engage", "engine", "enhance", "enjoy", "enlist", "enough", + "enrich", "enroll", "ensure", "enter", "entire", "entry", "envelope", "episode", + "equal", "equip", "era", "erase", "erode", "erosion", "error", "erupt", + "escape", "essay", "essence", "estate", "eternal", "ethics", "evidence", "evil", + "evoke", "evolve", "exact", "example", "excess", "exchange", "excite", "exclude", + "excuse", "execute", "exercise", "exhaust", "exhibit", "exile", "exist", "exit", + "exotic", "expand", "expect", "expire", "explain", "expose", "express", "extend", + "extra", "eye", "eyebrow", "fabric", "face", "faculty", "fade", "faint", + "faith", "fall", "false", "fame", "family", "famous", "fan", "fancy", + "fantasy", "farm", "fashion", "fat", "fatal", "father", "fatigue", "fault", + "favorite", "feature", "february", "federal", "fee", "feed", "feel", "female", + "fence", "festival", "fetch", "fever", "few", "fiber", "fiction", "field", + "figure", "file", "film", "filter", "final", "find", "fine", "finger", + "finish", "fire", "firm", "first", "fiscal", "fish", "fit", "fitness", + "fix", "flag", "flame", "flash", "flat", "flavor", "flee", "flight", + "flip", "float", "flock", "floor", "flower", "fluid", "flush", "fly", + "foam", "focus", "fog", "foil", "fold", "follow", "food", "foot", + "force", "forest", "forget", "fork", "fortune", "forum", "forward", "fossil", + "foster", "found", "fox", "fragile", "frame", "frequent", "fresh", "friend", + "fringe", "frog", "front", "frost", "frown", "frozen", "fruit", "fuel", + "fun", "funny", "furnace", "fury", "future", "gadget", "gain", "galaxy", + "gallery", "game", "gap", "garage", "garbage", "garden", "garlic", "garment", + "gas", "gasp", "gate", "gather", "gauge", "gaze", "general", "genius", + "genre", "gentle", "genuine", "gesture", "ghost", "giant", "gift", "giggle", + "ginger", "giraffe", "girl", "give", "glad", "glance", "glare", "glass", + "glide", "glimpse", "globe", "gloom", "glory", "glove", "glow", "glue", + "goat", "goddess", "gold", "good", "goose", "gorilla", "gospel", "gossip", + "govern", "gown", "grab", "grace", "grain", "grant", "grape", "grass", + "gravity", "great", "green", "grid", "grief", "grit", "grocery", "group", + "grow", "grunt", "guard", "guess", "guide", "guilt", "guitar", "gun", + "gym", "habit", "hair", "half", "hammer", "hamster", "hand", "happy", + "harbor", "hard", "harsh", "harvest", "hat", "have", "hawk", "hazard", + "head", "health", "heart", "heavy", "hedgehog", "height", "hello", "helmet", + "help", "hen", "hero", "hidden", "high", "hill", "hint", "hip", + "hire", "history", "hobby", "hockey", "hold", "hole", "holiday", "hollow", + "home", "honey", "hood", "hope", "horn", "horror", "horse", "hospital", + "host", "hotel", "hour", "hover", "hub", "huge", "human", "humble", + "humor", "hundred", "hungry", "hunt", "hurdle", "hurry", "hurt", "husband", + "hybrid", "ice", "icon", "idea", "identify", "idle", "ignore", "ill", + "illegal", "illness", "image", "imitate", "immense", "immune", "impact", "impose", + "improve", "impulse", "inch", "include", "income", "increase", "index", "indicate", + "indoor", "industry", "infant", "inflict", "inform", "inhale", "inherit", "initial", + "inject", "injury", "inmate", "inner", "innocent", "input", "inquiry", "insane", + "insect", "inside", "inspire", "install", "intact", "interest", "into", "invest", + "invite", "involve", "iron", "island", "isolate", "issue", "item", "ivory", + "jacket", "jaguar", "jar", "jazz", "jealous", "jeans", "jelly", "jewel", + "job", "join", "joke", "journey", "joy", "judge", "juice", "jump", + "jungle", "junior", "junk", "just", "kangaroo", "keen", "keep", "ketchup", + "key", "kick", "kid", "kidney", "kind", "kingdom", "kiss", "kit", + "kitchen", "kite", "kitten", "kiwi", "knee", "knife", "knock", "know", + "lab", "label", "labor", "ladder", "lady", "lake", "lamp", "language", + "laptop", "large", "later", "latin", "laugh", "laundry", "lava", "law", + "lawn", "lawsuit", "layer", "lazy", "leader", "leaf", "learn", "leave", + "lecture", "left", "leg", "legal", "legend", "leisure", "lemon", "lend", + "length", "lens", "leopard", "lesson", "letter", "level", "liar", "liberty", + "library", "license", "life", "lift", "light", "like", "limb", "limit", + "link", "lion", "liquid", "list", "little", "live", "lizard", "load", + "loan", "lobster", "local", "lock", "logic", "lonely", "long", "loop", + "lottery", "loud", "lounge", "love", "loyal", "lucky", "luggage", "lumber", + "lunar", "lunch", "luxury", "lyrics", "machine", "mad", "magic", "magnet", + "maid", "mail", "main", "major", "make", "mammal", "man", "manage", + "mandate", "mango", "mansion", "manual", "maple", "marble", "march", "margin", + "marine", "market", "marriage", "mask", "mass", "master", "match", "material", + "math", "matrix", "matter", "maximum", "maze", "meadow", "mean", "measure", + "meat", "mechanic", "medal", "media", "melody", "melt", "member", "memory", + "mention", "menu", "mercy", "merge", "merit", "merry", "mesh", "message", + "metal", "method", "middle", "midnight", "milk", "million", "mimic", "mind", + "minimum", "minor", "minute", "miracle", "mirror", "misery", "miss", "mistake", + "mix", "mixed", "mixture", "mobile", "model", "modify", "mom", "moment", + "monitor", "monkey", "monster", "month", "moon", "moral", "more", "morning", + "mosquito", "mother", "motion", "motor", "mountain", "mouse", "move", "movie", + "much", "muffin", "mule", "multiply", "muscle", "museum", "mushroom", "music", + "must", "mutual", "myself", "mystery", "myth", "naive", "name", "napkin", + "narrow", "nasty", "nation", "nature", "near", "neck", "need", "negative", + "neglect", "neither", "nephew", "nerve", "nest", "net", "network", "neutral", + "never", "news", "next", "nice", "night", "noble", "noise", "nominee", + "noodle", "normal", "north", "nose", "notable", "note", "nothing", "notice", + "novel", "now", "nuclear", "number", "nurse", "nut", "oak", "obey", + "object", "oblige", "obscure", "observe", "obtain", "obvious", "occur", "ocean", + "october", "odor", "off", "offer", "office", "often", "oil", "okay", + "old", "olive", "olympic", "omit", "once", "one", "onion", "online", + "only", "open", "opera", "opinion", "oppose", "option", "orange", "orbit", + "orchard", "order", "ordinary", "organ", "orient", "original", "orphan", "ostrich", + "other", "outdoor", "outer", "output", "outside", "oval", "oven", "over", + "own", "owner", "oxygen", "oyster", "ozone", "pact", "paddle", "page", + "pair", "palace", "palm", "panda", "panel", "panic", "panther", "paper", + "parade", "parent", "park", "parrot", "party", "pass", "patch", "path", + "patient", "patrol", "pattern", "pause", "pave", "payment", "peace", "peanut", + "pear", "peasant", "pelican", "pen", "penalty", "pencil", "people", "pepper", + "perfect", "permit", "person", "pet", "phone", "photo", "phrase", "physical", + "piano", "picnic", "picture", "piece", "pig", "pigeon", "pill", "pilot", + "pink", "pioneer", "pipe", "pistol", "pitch", "pizza", "place", "planet", + "plastic", "plate", "play", "please", "pledge", "pluck", "plug", "plunge", + "poem", "poet", "point", "polar", "pole", "police", "pond", "pony", + "pool", "popular", "portion", "position", "possible", "post", "potato", "pottery", + "poverty", "powder", "power", "practice", "praise", "predict", "prefer", "prepare", + "present", "pretty", "prevent", "price", "pride", "primary", "print", "priority", + "prison", "private", "prize", "problem", "process", "produce", "profit", "program", + "project", "promote", "proof", "property", "prosper", "protect", "proud", "provide", + "public", "pudding", "pull", "pulp", "pulse", "pumpkin", "punch", "pupil", + "puppy", "purchase", "purity", "purpose", "purse", "push", "put", "puzzle", + "pyramid", "quality", "quantum", "quarter", "question", "quick", "quit", "quiz", + "quote", "rabbit", "raccoon", "race", "rack", "radar", "radio", "rail", + "rain", "raise", "rally", "ramp", "ranch", "random", "range", "rapid", + "rare", "rate", "rather", "raven", "raw", "razor", "ready", "real", + "reason", "rebel", "rebuild", "recall", "receive", "recipe", "record", "recycle", + "reduce", "reflect", "reform", "refuse", "region", "regret", "regular", "reject", + "relax", "release", "relief", "rely", "remain", "remember", "remind", "remove", + "render", "renew", "rent", "reopen", "repair", "repeat", "replace", "report", + "require", "rescue", "resemble", "resist", "resource", "response", "result", "retire", + "retreat", "return", "reunion", "reveal", "review", "reward", "rhythm", "rib", + "ribbon", "rice", "rich", "ride", "ridge", "rifle", "right", "rigid", + "ring", "riot", "ripple", "risk", "ritual", "rival", "river", "road", + "roast", "robot", "robust", "rocket", "romance", "roof", "rookie", "room", + "rose", "rotate", "rough", "round", "route", "royal", "rubber", "rude", + "rug", "rule", "run", "runway", "rural", "sad", "saddle", "sadness", + "safe", "sail", "salad", "salmon", "salon", "salt", "salute", "same", + "sample", "sand", "satisfy", "satoshi", "sauce", "sausage", "save", "say", + "scale", "scan", "scare", "scatter", "scene", "scheme", "school", "science", + "scissors", "scorpion", "scout", "scrap", "screen", "script", "scrub", "sea", + "search", "season", "seat", "second", "secret", "section", "security", "seed", + "seek", "segment", "select", "sell", "seminar", "senior", "sense", "sentence", + "series", "service", "session", "settle", "setup", "seven", "shadow", "shaft", + "shallow", "share", "shed", "shell", "sheriff", "shield", "shift", "shine", + "ship", "shiver", "shock", "shoe", "shoot", "shop", "short", "shoulder", + "shove", "shrimp", "shrug", "shuffle", "shy", "sibling", "sick", "side", + "siege", "sight", "sign", "silent", "silk", "silly", "silver", "similar", + "simple", "since", "sing", "siren", "sister", "situate", "six", "size", + "skate", "sketch", "ski", "skill", "skin", "skirt", "skull", "slab", + "slam", "sleep", "slender", "slice", "slide", "slight", "slim", "slogan", + "slot", "slow", "slush", "small", "smart", "smile", "smoke", "smooth", + "snack", "snake", "snap", "sniff", "snow", "soap", "soccer", "social", + "sock", "soda", "soft", "solar", "soldier", "solid", "solution", "solve", + "someone", "song", "soon", "sorry", "sort", "soul", "sound", "soup", + "source", "south", "space", "spare", "spatial", "spawn", "speak", "special", + "speed", "spell", "spend", "sphere", "spice", "spider", "spike", "spin", + "spirit", "split", "spoil", "sponsor", "spoon", "sport", "spot", "spray", + "spread", "spring", "spy", "square", "squeeze", "squirrel", "stable", "stadium", + "staff", "stage", "stairs", "stamp", "stand", "start", "state", "stay", + "steak", "steel", "stem", "step", "stereo", "stick", "still", "sting", + "stock", "stomach", "stone", "stool", "story", "stove", "strategy", "street", + "strike", "strong", "struggle", "student", "stuff", "stumble", "style", "subject", + "submit", "subway", "success", "such", "sudden", "suffer", "sugar", "suggest", + "suit", "summer", "sun", "sunny", "sunset", "super", "supply", "supreme", + "sure", "surface", "surge", "surprise", "surround", "survey", "suspect", "sustain", + "swallow", "swamp", "swap", "swarm", "swear", "sweet", "swift", "swim", + "swing", "switch", "sword", "symbol", "symptom", "syrup", "system", "table", + "tackle", "tag", "tail", "talent", "talk", "tank", "tape", "target", + "task", "taste", "tattoo", "taxi", "teach", "team", "tell", "ten", + "tenant", "tennis", "tent", "term", "test", "text", "thank", "that", + "theme", "then", "theory", "there", "they", "thing", "this", "thought", + "three", "thrive", "throw", "thumb", "thunder", "ticket", "tide", "tiger", + "tilt", "timber", "time", "tiny", "tip", "tired", "tissue", "title", + "toast", "tobacco", "today", "toddler", "toe", "together", "toilet", "token", + "tomato", "tomorrow", "tone", "tongue", "tonight", "tool", "tooth", "top", + "topic", "topple", "torch", "tornado", "tortoise", "toss", "total", "tourist", + "toward", "tower", "town", "toy", "track", "trade", "traffic", "tragic", + "train", "transfer", "trap", "trash", "travel", "tray", "treat", "tree", + "trend", "trial", "tribe", "trick", "trigger", "trim", "trip", "trophy", + "trouble", "truck", "true", "truly", "trumpet", "trust", "truth", "try", + "tube", "tuition", "tumble", "tuna", "tunnel", "turkey", "turn", "turtle", + "twelve", "twenty", "twice", "twin", "twist", "two", "type", "typical", + "ugly", "umbrella", "unable", "unaware", "uncle", "uncover", "under", "undo", + "unfair", "unfold", "unhappy", "uniform", "unique", "unit", "universe", "unknown", + "unlock", "until", "unusual", "unveil", "update", "upgrade", "uphold", "upon", + "upper", "upset", "urban", "urge", "usage", "use", "used", "useful", + "useless", "usual", "utility", "vacant", "vacuum", "vague", "valid", "valley", + "valve", "van", "vanish", "vapor", "various", "vast", "vault", "vehicle", + "velvet", "vendor", "venture", "venue", "verb", "verify", "version", "very", + "vessel", "veteran", "viable", "vibrant", "vicious", "victory", "video", "view", + "village", "vintage", "violin", "virtual", "virus", "visa", "visit", "visual", + "vital", "vivid", "vocal", "voice", "void", "volcano", "volume", "vote", + "voyage", "wage", "wagon", "wait", "walk", "wall", "walnut", "want", + "warfare", "warm", "warrior", "wash", "wasp", "waste", "water", "wave", + "way", "wealth", "weapon", "wear", "weasel", "weather", "web", "wedding", + "weekend", "weird", "welcome", "west", "wet", "whale", "what", "wheat", + "wheel", "when", "where", "whip", "whisper", "wide", "width", "wife", + "wild", "will", "win", "window", "wine", "wing", "wink", "winner", + "winter", "wire", "wisdom", "wise", "wish", "witness", "wolf", "woman", + "wonder", "wood", "wool", "word", "work", "world", "worry", "worth", + "wrap", "wreck", "wrestle", "wrist", "write", "wrong", "yard", "year", + "yellow", "you", "young", "youth", "zebra", "zero", "zone", "zoo", }; #endif diff --git a/test/native/test_pin_prefix.c b/test/native/test_pin_prefix.c index 23d1351..8474fd5 100644 --- a/test/native/test_pin_prefix.c +++ b/test/native/test_pin_prefix.c @@ -17,10 +17,9 @@ return 1; \ } while (0) -static const uint8_t TEST_SECRET[32] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, - 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20}; +static const uint8_t TEST_SECRET[32] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20}; static int test_derive_words_basic(void) { TEST("derive words basic"); @@ -67,9 +66,11 @@ static int test_different_prefix_different_words(void) { pin_prefix_t prefix2 = {.digits = {5, 6, 7, 8}, .len = 4}; uint16_t word1_a, word2_a, word1_b, word2_b; - if (pin_prefix_derive_words(&prefix1, TEST_SECRET, sizeof(TEST_SECRET), &word1_a, &word2_a) != 0) + if (pin_prefix_derive_words(&prefix1, TEST_SECRET, sizeof(TEST_SECRET), &word1_a, &word2_a) != + 0) FAIL("first derive failed"); - if (pin_prefix_derive_words(&prefix2, TEST_SECRET, sizeof(TEST_SECRET), &word1_b, &word2_b) != 0) + if (pin_prefix_derive_words(&prefix2, TEST_SECRET, sizeof(TEST_SECRET), &word1_b, &word2_b) != + 0) FAIL("second derive failed"); if (word1_a == word1_b && word2_a == word2_b) From 8c193f64ce541e969779a01fc0d6e9089c8a9162 Mon Sep 17 00:00:00 2001 From: "William K. Santiago" Date: Fri, 23 Jan 2026 10:15:41 -0400 Subject: [PATCH 5/5] Add NULL checks and secure cleanup on error paths --- main/pin_prefix.c | 9 +++++++-- test/native/CMakeLists.txt | 2 +- test/native/mocks/mbedtls/md.h | 6 +++++- test/native/test_pin_prefix.c | 1 - 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/main/pin_prefix.c b/main/pin_prefix.c index 10d8a61..d2269b4 100644 --- a/main/pin_prefix.c +++ b/main/pin_prefix.c @@ -31,8 +31,13 @@ int pin_prefix_derive_words(const pin_prefix_t *prefix, const uint8_t *device_se size_t input_len = CONTEXT_LEN + prefix->len; uint8_t hmac_out[HMAC_OUTPUT_SIZE]; - int ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), device_secret, - secret_len, input, input_len, hmac_out); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + if (!md_info) { + secure_memzero(input, sizeof(input)); + secure_memzero(hmac_out, sizeof(hmac_out)); + return -1; + } + int ret = mbedtls_md_hmac(md_info, device_secret, secret_len, input, input_len, hmac_out); secure_memzero(input, sizeof(input)); diff --git a/test/native/CMakeLists.txt b/test/native/CMakeLists.txt index d6f3cfd..f205916 100644 --- a/test/native/CMakeLists.txt +++ b/test/native/CMakeLists.txt @@ -166,7 +166,7 @@ target_include_directories(test_anti_glitch PRIVATE ) target_compile_definitions(test_anti_glitch PRIVATE NATIVE_TEST=1) -add_executable(test_pin_prefix test_pin_prefix.c) +add_executable(test_pin_prefix test_pin_prefix.c ${MAIN_DIR}/pin_prefix.c) target_include_directories(test_pin_prefix PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/mocks ${MAIN_DIR} diff --git a/test/native/mocks/mbedtls/md.h b/test/native/mocks/mbedtls/md.h index 06da503..d5c6e07 100644 --- a/test/native/mocks/mbedtls/md.h +++ b/test/native/mocks/mbedtls/md.h @@ -158,8 +158,12 @@ static inline int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsign k_opad[i] ^= key[i]; } uint8_t inner[64 + 1024]; - if (ilen > 1024) + if (ilen > 1024) { + memset(k_ipad, 0, sizeof(k_ipad)); + memset(k_opad, 0, sizeof(k_opad)); + memset(tk, 0, sizeof(tk)); return -1; + } memcpy(inner, k_ipad, 64); memcpy(inner + 64, input, ilen); uint8_t inner_hash[32]; diff --git a/test/native/test_pin_prefix.c b/test/native/test_pin_prefix.c index 8474fd5..1744784 100644 --- a/test/native/test_pin_prefix.c +++ b/test/native/test_pin_prefix.c @@ -7,7 +7,6 @@ #include "crypto_asm.h" #include "pin_prefix.h" -#include "pin_prefix.c" #define TEST(name) printf(" TEST: %s\n", name) #define PASS() printf(" PASS\n")