Fixed uncompress_coords for NIST curve

The bn_sqrti was broken. It didn't handle primes where all bits are set in the lowest limb.
8 years ago · 533c3beb63
parent b34be66a9c
commit 533c3beb63
2 changed files with 2 additions and 2 deletions
--- a/bignum.c
+++ b/bignum.c
@ -371,7 +371,7 @@ void bn_sqrt(bignum256 *x, const bignum256 *prime)
 	bn_zero(&res); res.val[0] = 1;
 	// compute p = (prime+1)/4
 	memcpy(&p, prime, sizeof(bignum256));
-	p.val[0] += 1;
+	bn_addi(&p, 1);
 	bn_rshift(&p);
 	bn_rshift(&p);
 	for (i = 0; i < 9; i++) {
--- a/ecdsa.c
+++ b/ecdsa.c
@ -862,7 +862,7 @@ int ecdsa_address_decode(const char *addr, uint8_t *out)

 void uncompress_coords(const ecdsa_curve *curve, uint8_t odd, const bignum256 *x, bignum256 *y)
 {
-	// y^2 = x^3 + 0*x + 7
+	// y^2 = x^3 + a*x + b
 	memcpy(y, x, sizeof(bignum256));         // y is x
 	bn_multiply(x, y, &curve->prime);        // y is x^2
 	bn_subi(y, -curve->a, &curve->prime);    // y is x^2 + a