arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-13 19:18:56 +00:00
Code Issues Releases Wiki Activity

Validating of public key curve point.

Browse Source
This commit is contained in:
Ondrej Mikle 2014-07-07 14:38:14 +02:00
parent aa27534856
commit 03fee34550
2 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
ecdsa.c
View File

@ -459,17 +459,60 @@ int ecdsa_read_pubkey(const uint8_t *pub_key, curve_point *pub)
if (pub_key[0] == 0x04) {
bn_read_be(pub_key + 1, &(pub->x));
bn_read_be(pub_key + 33, &(pub->y));
return 1;
return ecdsa_validate_pubkey(pub);
}
if (pub_key[0] == 0x02 || pub_key[0] == 0x03) { // compute missing y coords
bn_read_be(pub_key + 1, &(pub->x));
uncompress_coords(pub_key[0], &(pub->x), &(pub->y));
return 1;
return ecdsa_validate_pubkey(pub);
}
// error
return 0;
}
// Verifies that:
// - pub is not the point at infinity.
// - pub->x and pub->y are in range [0,p-1].
// - pub is on the curve.
// - n*pub is the point at infinity.
int ecdsa_validate_pubkey(const curve_point *pub)
{
bignum256 y_2, x_3_b;
curve_point temp;
if (point_is_infinity(pub)) {
return 0;
}
if (!bn_is_less(&(pub->x), &prime256k1) || !bn_is_less(&(pub->y), &prime256k1)) {
return 0;
}
memcpy(&y_2, &(pub->y), sizeof(bignum256));
memcpy(&x_3_b, &(pub->x), sizeof(bignum256));
// y^2
bn_multiply(&(pub->y), &y_2, &prime256k1);
// x^3 + b
bn_multiply(&(pub->x), &x_3_b, &prime256k1);
bn_multiply(&(pub->x), &x_3_b, &prime256k1);
bn_addmodi(&x_3_b, 7, &prime256k1);
if (!bn_is_equal(&x_3_b, &y_2)) {
return 0;
}
point_copy(pub, &temp);
point_multiply(&order256k1, pub, &temp);
if (!point_is_infinity(&temp)) {
return 0;
}
return 1;
}
// uses secp256k1 curve
// pub_key - 65 bytes uncompressed key
// signature - 64 bytes signature

1
ecdsa.h
View File

@ -53,6 +53,7 @@ void ecdsa_get_address(const uint8_t *pub_key, uint8_t version, char *addr);
void ecdsa_get_wif(const uint8_t *priv_key, uint8_t version, char *wif);
int ecdsa_address_decode(const char *addr, uint8_t *out);
int ecdsa_read_pubkey(const uint8_t *pub_key, curve_point *pub);
int ecdsa_validate_pubkey(const curve_point *pub);
int ecdsa_verify(const uint8_t *pub_key, const uint8_t *sig, const uint8_t *msg, uint32_t msg_len);
int ecdsa_verify_double(const uint8_t *pub_key, const uint8_t *sig, const uint8_t *msg, uint32_t msg_len);
int ecdsa_verify_digest(const uint8_t *pub_key, const uint8_t *sig, const uint8_t *digest);