1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-22 22:38:08 +00:00

crypto: make ecdsa_recover_pub_from_sig faster

This commit is contained in:
Ondřej Vejpustek 2020-06-12 14:07:30 +02:00 committed by Pavol Rusnak
parent b6c8cbc24c
commit 76849f0bd6

View File

@ -999,19 +999,22 @@ int ecdsa_recover_pub_from_sig(const ecdsa_curve *curve, uint8_t *pub_key,
}
// e = -digest
bn_read_be(digest, &e);
bn_subtractmod(&curve->order, &e, &e, &curve->order);
bn_fast_mod(&e, &curve->order);
bn_mod(&e, &curve->order);
// r := r^-1
bn_subtract(&curve->order, &e, &e);
// r = r^-1
bn_inverse(&r, &curve->order);
// cp := s * R = s * k *G
// e = -digest * r^-1
bn_multiply(&r, &e, &curve->order);
bn_mod(&e, &curve->order);
// s = s * r^-1
bn_multiply(&r, &s, &curve->order);
bn_mod(&s, &curve->order);
// cp = s * r^-1 * k * G
point_multiply(curve, &s, &cp, &cp);
// cp2 := -digest * G
// cp2 = -digest * r^-1 * G
scalar_multiply(curve, &e, &cp2);
// cp := (s * k - digest) * G = (r*priv) * G = r * Pub
// cp = (s * r^-1 * k - digest * r^-1) * G = Pub
point_add(curve, &cp2, &cp);
// cp := r^{-1} * r * Pub = Pub
point_multiply(curve, &r, &cp, &cp);
pub_key[0] = 0x04;
bn_write_be(&cp.x, pub_key + 1);
bn_write_be(&cp.y, pub_key + 33);