|
|
|
@ -170,24 +170,24 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify(mp_obj_t public_key,
|
|
|
|
|
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
|
|
|
|
|
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
|
|
|
|
|
if (pk.len != 33 && pk.len != 65) {
|
|
|
|
|
mp_raise_ValueError("Invalid length of public key");
|
|
|
|
|
return mp_const_false;
|
|
|
|
|
}
|
|
|
|
|
if (sig.len != 64 && sig.len != 65) {
|
|
|
|
|
mp_raise_ValueError("Invalid length of signature");
|
|
|
|
|
return mp_const_false;
|
|
|
|
|
}
|
|
|
|
|
int offset = sig.len - 64;
|
|
|
|
|
if (dig.len != 32) {
|
|
|
|
|
mp_raise_ValueError("Invalid length of digest");
|
|
|
|
|
return mp_const_false;
|
|
|
|
|
}
|
|
|
|
|
secp256k1_ecdsa_signature ec_sig;
|
|
|
|
|
if (!secp256k1_ecdsa_signature_parse_compact(
|
|
|
|
|
ctx, &ec_sig, (const uint8_t *)sig.buf + offset)) {
|
|
|
|
|
mp_raise_ValueError("Invalid signature");
|
|
|
|
|
return mp_const_false;
|
|
|
|
|
}
|
|
|
|
|
secp256k1_pubkey ec_pk;
|
|
|
|
|
if (!secp256k1_ec_pubkey_parse(ctx, &ec_pk, (const uint8_t *)pk.buf,
|
|
|
|
|
pk.len)) {
|
|
|
|
|
mp_raise_ValueError("Invalid public key");
|
|
|
|
|
return mp_const_false;
|
|
|
|
|
}
|
|
|
|
|
return mp_obj_new_bool(1 == secp256k1_ecdsa_verify(ctx, &ec_sig,
|
|
|
|
|
(const uint8_t *)dig.buf,
|
|
|
|
@ -199,7 +199,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_3(mod_trezorcrypto_secp256k1_zkp_verify_obj,
|
|
|
|
|
/// def verify_recover(signature: bytes, digest: bytes) -> bytes:
|
|
|
|
|
/// '''
|
|
|
|
|
/// Uses signature of the digest to verify the digest and recover the public
|
|
|
|
|
/// key. Returns public key on success, None on failure.
|
|
|
|
|
/// key. Returns public key on success, None if the signature is invalid.
|
|
|
|
|
/// '''
|
|
|
|
|
STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify_recover(
|
|
|
|
|
mp_obj_t signature, mp_obj_t digest) {
|
|
|
|
@ -208,14 +208,14 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify_recover(
|
|
|
|
|
mp_get_buffer_raise(signature, &sig, MP_BUFFER_READ);
|
|
|
|
|
mp_get_buffer_raise(digest, &dig, MP_BUFFER_READ);
|
|
|
|
|
if (sig.len != 65) {
|
|
|
|
|
mp_raise_ValueError("Invalid length of signature");
|
|
|
|
|
return mp_const_none;
|
|
|
|
|
}
|
|
|
|
|
if (dig.len != 32) {
|
|
|
|
|
mp_raise_ValueError("Invalid length of digest");
|
|
|
|
|
return mp_const_none;
|
|
|
|
|
}
|
|
|
|
|
int recid = ((const uint8_t *)sig.buf)[0] - 27;
|
|
|
|
|
if (recid >= 8) {
|
|
|
|
|
mp_raise_ValueError("Invalid recid in signature");
|
|
|
|
|
return mp_const_none;
|
|
|
|
|
}
|
|
|
|
|
bool compressed = (recid >= 4);
|
|
|
|
|
recid &= 3;
|
|
|
|
@ -223,7 +223,7 @@ STATIC mp_obj_t mod_trezorcrypto_secp256k1_zkp_verify_recover(
|
|
|
|
|
secp256k1_ecdsa_recoverable_signature ec_sig;
|
|
|
|
|
if (!secp256k1_ecdsa_recoverable_signature_parse_compact(
|
|
|
|
|
ctx, &ec_sig, (const uint8_t *)sig.buf + 1, recid)) {
|
|
|
|
|
mp_raise_ValueError("Invalid signature");
|
|
|
|
|
return mp_const_none;
|
|
|
|
|
}
|
|
|
|
|
secp256k1_pubkey pk;
|
|
|
|
|
if (!secp256k1_ecdsa_recover(ctx, &pk, &ec_sig, (const uint8_t *)dig.buf)) {
|
|
|
|
|