arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-06-26 18:02:35 +00:00
Code Issues Releases Wiki Activity

crypto: make ecdsa_recover_pub_from_sig faster

Browse Source
This commit is contained in:
Ondřej Vejpustek 2020-06-12 14:07:30 +02:00 committed by Pavol Rusnak
parent b6c8cbc24c
commit 76849f0bd6
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
crypto/ecdsa.c
View File

@ -999,19 +999,22 @@ int ecdsa_recover_pub_from_sig(const ecdsa_curve *curve, uint8_t *pub_key,
} }
// e = -digest // e = -digest
bn_read_be(digest, &e); bn_read_be(digest, &e);
bn_subtractmod(&curve->order, &e, &e, &curve->order);
bn_fast_mod(&e, &curve->order);
bn_mod(&e, &curve->order); bn_mod(&e, &curve->order);
// r := r^-1 bn_subtract(&curve->order, &e, &e);
// r = r^-1
bn_inverse(&r, &curve->order); bn_inverse(&r, &curve->order);
// cp := s * R = s * k *G // e = -digest * r^-1
bn_multiply(&r, &e, &curve->order);
bn_mod(&e, &curve->order);
// s = s * r^-1
bn_multiply(&r, &s, &curve->order);
bn_mod(&s, &curve->order);
// cp = s * r^-1 * k * G
point_multiply(curve, &s, &cp, &cp); point_multiply(curve, &s, &cp, &cp);
// cp2 := -digest * G // cp2 = -digest * r^-1 * G
scalar_multiply(curve, &e, &cp2); scalar_multiply(curve, &e, &cp2);
// cp := (s * k - digest) * G = (r*priv) * G = r * Pub // cp = (s * r^-1 * k - digest * r^-1) * G = Pub
point_add(curve, &cp2, &cp); point_add(curve, &cp2, &cp);
// cp := r^{-1} * r * Pub = Pub
point_multiply(curve, &r, &cp, &cp);
pub_key[0] = 0x04; pub_key[0] = 0x04;
bn_write_be(&cp.x, pub_key + 1); bn_write_be(&cp.x, pub_key + 1);
bn_write_be(&cp.y, pub_key + 33); bn_write_be(&cp.y, pub_key + 33);