1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 15:38:11 +00:00

ed25519-donna/modm: neg, sub added

This commit is contained in:
Dusan Klinec 2018-04-27 18:37:02 +02:00 committed by Pavol Rusnak
parent 5708a7257f
commit 6a20ba5586
3 changed files with 168 additions and 0 deletions

View File

@ -149,6 +149,33 @@ void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y)
reduce256_modm(r);
}
/* -x modulo m */
void neg256_modm(bignum256modm r, const bignum256modm x) {
bignum256modm_element_t b = 0, pb;
/* r = m - x */
pb = 0;
pb += x[0]; b = lt_modm(modm_m[0], pb); r[0] = (modm_m[0] - pb + (b << 30)); pb = b;
pb += x[1]; b = lt_modm(modm_m[1], pb); r[1] = (modm_m[1] - pb + (b << 30)); pb = b;
pb += x[2]; b = lt_modm(modm_m[2], pb); r[2] = (modm_m[2] - pb + (b << 30)); pb = b;
pb += x[3]; b = lt_modm(modm_m[3], pb); r[3] = (modm_m[3] - pb + (b << 30)); pb = b;
pb += x[4]; b = lt_modm(modm_m[4], pb); r[4] = (modm_m[4] - pb + (b << 30)); pb = b;
pb += x[5]; b = lt_modm(modm_m[5], pb); r[5] = (modm_m[5] - pb + (b << 30)); pb = b;
pb += x[6]; b = lt_modm(modm_m[6], pb); r[6] = (modm_m[6] - pb + (b << 30)); pb = b;
pb += x[7]; b = lt_modm(modm_m[7], pb); r[7] = (modm_m[7] - pb + (b << 30)); pb = b;
pb += x[8]; b = lt_modm(modm_m[8], pb); r[8] = (modm_m[8] - pb + (b << 16));
// if x==0, reduction is required
reduce256_modm(r);
}
/* subtraction x-y % m */
void sub256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
bignum256modm negy;
neg256_modm(negy, y);
add256_modm(r, x, negy);
}
/* multiplication modulo m */
void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) {
bignum256modm r1, q1;

View File

@ -31,6 +31,12 @@ void barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignu
/* addition modulo m */
void add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y);
/* -x modulo m */
void neg256_modm(bignum256modm r, const bignum256modm x);
/* subtraction x-y modulo m */
void sub256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y);
/* multiplication modulo m */
void mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y);

View File

@ -54,6 +54,7 @@
#include "secp256k1.h"
#include "nist256p1.h"
#include "ed25519-donna/ed25519.h"
#include "ed25519-donna/ed25519-donna.h"
#include "ed25519-donna/ed25519-keccak.h"
#include "script.h"
#include "rfc6979.h"
@ -3377,6 +3378,134 @@ START_TEST(test_ed25519_cosi) {
}
END_TEST
START_TEST(test_ed25519_modl_add)
{
char tests[][3][65] = {
{"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000",
},
{"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a",
"0000000000000000000000000000000000000000000000000000000000000000",
"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a"
},
{"0000000000000000000000000000000000000000000000000000000000000000",
"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a",
"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a"
},
{"0100000000000000000000000000000000000000000000000000000000000000",
"0200000000000000000000000000000000000000000000000000000000000000",
"0300000000000000000000000000000000000000000000000000000000000000"
},
{"e3d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
"0a00000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000"
},
{"f7bb3bf42b3e58e2edd06f173fc7bfbc7aaf657217946b75648447101136aa08",
"3c16b013109cc27ff39805be2abe04ba4cd6a8526a1d3023047693e950936c06",
"33d2eb073cda1a62e16975d56985c476c7850ec581b19b9868fadaf961c9160f"
},
};
unsigned char buff[32];
bignum256modm a={0}, b={0}, c={0};
for (size_t i = 0; i < (sizeof(tests) / sizeof(*tests)); i++) {
expand256_modm(a, fromhex(tests[i][0]), 32);
expand256_modm(b, fromhex(tests[i][1]), 32);
add256_modm(c, a, b);
contract256_modm(buff, c);
ck_assert_mem_eq(buff, fromhex(tests[i][2]), 32);
}
}
END_TEST
START_TEST(test_ed25519_modl_neg)
{
char tests[][2][65] = {
{"05d0f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
"e803000000000000000000000000000000000000000000000000000000000000"},
{"4d4df45c1a631258d69cf7a2def9de1400000000000000000000000000000010",
"a086010000000000000000000000000000000000000000000000000000000000"},
{"25958944a1b7d4073975ca48996a1d740d0ed98ceec366760c5358da681e9608",
"c83e6c1879ab3d509d272d5a458fc1a0f2f12673113c9989f3aca72597e16907"},
{"0100000000000000000000000000000000000000000000000000000000000000",
"ecd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010"},
{"ecd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
"0100000000000000000000000000000000000000000000000000000000000000"},
{"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000"},
};
unsigned char buff[32];
bignum256modm a={0}, b={0};
for (size_t i = 0; i < (sizeof(tests) / sizeof(*tests)); i++) {
expand256_modm(a, fromhex(tests[i][0]), 32);
neg256_modm(b, a);
contract256_modm((unsigned char *) buff, b);
ck_assert_mem_eq(buff, fromhex(tests[i][1]), 32);
}
}
END_TEST
START_TEST(test_ed25519_modl_sub)
{
char tests[][3][65] = {
{"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000000000000000000",
},
{"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a",
"53732f60e51ee3a48d21d2d526548c0dadbb79a185678fd7710613d0e76aad0c",
"8859d1d1deee0767a4ff1b72a3e0d0327573c69bbff5fc07cfa61414e6ef3b0e"
},
{"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a",
"0000000000000000000000000000000000000000000000000000000000000000",
"eef80ad5a9aad8b35b84f6a4eb3a7e2b222f403d455d8cdf40ad27e4cd5ae90a"
},
{"0000000000000000000000000000000000000000000000000000000000000000",
"39897fbebf137a34572b014b0638ac0186d17874e3cc142ebdfe24327f5b8509",
"b44a769e5a4f98237f71f657d8c132137a2e878b1c33ebd14201dbcd80a47a06"
},
{"0200000000000000000000000000000000000000000000000000000000000000",
"e3d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
"0c00000000000000000000000000000000000000000000000000000000000000"
},
{"e3d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010",
"0800000000000000000000000000000000000000000000000000000000000000",
"dbd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010"
},
};
unsigned char buff[32];
bignum256modm a={0}, b={0}, c={0};
for (size_t i = 0; i < (sizeof(tests) / sizeof(*tests)); i++) {
expand256_modm(a, fromhex(tests[i][0]), 32);
expand256_modm(b, fromhex(tests[i][1]), 32);
sub256_modm(c, a, b);
contract256_modm(buff, c);
ck_assert_mem_eq(buff, fromhex(tests[i][2]), 32);
}
}
END_TEST
static void test_bip32_ecdh_init_node(HDNode *node, const char *seed_str, const char *curve_name) {
hdnode_from_seed((const uint8_t *)seed_str, strlen(seed_str), curve_name, node);
hdnode_fill_public_key(node);
@ -4602,6 +4731,12 @@ Suite *test_suite(void)
tcase_add_test(tc, test_ed25519_cosi);
suite_add_tcase(s, tc);
tc = tcase_create("ed25519_modm");
tcase_add_test(tc, test_ed25519_modl_add);
tcase_add_test(tc, test_ed25519_modl_neg);
tcase_add_test(tc, test_ed25519_modl_sub);
suite_add_tcase(s, tc);
tc = tcase_create("script");
tcase_add_test(tc, test_output_script);
suite_add_tcase(s, tc);