mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-27 01:48:17 +00:00
Merge pull request #24 from jhoenicke/master
Always check for validity in ecdsa_read_pubkey.
This commit is contained in:
commit
38cfebdbfe
16
ecdsa.c
16
ecdsa.c
@ -460,20 +460,12 @@ int ecdsa_read_pubkey(const uint8_t *pub_key, curve_point *pub)
|
|||||||
if (pub_key[0] == 0x04) {
|
if (pub_key[0] == 0x04) {
|
||||||
bn_read_be(pub_key + 1, &(pub->x));
|
bn_read_be(pub_key + 1, &(pub->x));
|
||||||
bn_read_be(pub_key + 33, &(pub->y));
|
bn_read_be(pub_key + 33, &(pub->y));
|
||||||
#if USE_PUBKEY_VALIDATE
|
|
||||||
return ecdsa_validate_pubkey(pub);
|
return ecdsa_validate_pubkey(pub);
|
||||||
#else
|
|
||||||
return 1;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
if (pub_key[0] == 0x02 || pub_key[0] == 0x03) { // compute missing y coords
|
if (pub_key[0] == 0x02 || pub_key[0] == 0x03) { // compute missing y coords
|
||||||
bn_read_be(pub_key + 1, &(pub->x));
|
bn_read_be(pub_key + 1, &(pub->x));
|
||||||
uncompress_coords(pub_key[0], &(pub->x), &(pub->y));
|
uncompress_coords(pub_key[0], &(pub->x), &(pub->y));
|
||||||
#if USE_PUBKEY_VALIDATE
|
|
||||||
return ecdsa_validate_pubkey(pub);
|
return ecdsa_validate_pubkey(pub);
|
||||||
#else
|
|
||||||
return 1;
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
// error
|
// error
|
||||||
return 0;
|
return 0;
|
||||||
@ -483,12 +475,10 @@ int ecdsa_read_pubkey(const uint8_t *pub_key, curve_point *pub)
|
|||||||
// - pub is not the point at infinity.
|
// - pub is not the point at infinity.
|
||||||
// - pub->x and pub->y are in range [0,p-1].
|
// - pub->x and pub->y are in range [0,p-1].
|
||||||
// - pub is on the curve.
|
// - pub is on the curve.
|
||||||
// - n*pub is the point at infinity.
|
|
||||||
|
|
||||||
int ecdsa_validate_pubkey(const curve_point *pub)
|
int ecdsa_validate_pubkey(const curve_point *pub)
|
||||||
{
|
{
|
||||||
bignum256 y_2, x_3_b;
|
bignum256 y_2, x_3_b;
|
||||||
curve_point temp;
|
|
||||||
|
|
||||||
if (point_is_infinity(pub)) {
|
if (point_is_infinity(pub)) {
|
||||||
return 0;
|
return 0;
|
||||||
@ -514,12 +504,6 @@ int ecdsa_validate_pubkey(const curve_point *pub)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
point_multiply(&order256k1, pub, &temp);
|
|
||||||
|
|
||||||
if (!point_is_infinity(&temp)) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user