mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-22 06:18:07 +00:00
add check that pub.y != res.y
This commit is contained in:
parent
3589cf5cbf
commit
8423c7abfd
8
bignum.c
8
bignum.c
@ -93,6 +93,14 @@ int bn_is_less(const bignum256 *a, const bignum256 *b)
|
||||
return 0;
|
||||
}
|
||||
|
||||
int bn_is_equal(const bignum256 *a, const bignum256 *b) {
|
||||
int i;
|
||||
for (i = 0; i < 9; i++) {
|
||||
if (a->val[i] != b->val[i]) return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
int bn_bitlen(const bignum256 *a) {
|
||||
int i = 8, j;
|
||||
while (i >= 0 && a->val[i] == 0) i--;
|
||||
|
2
bignum.h
2
bignum.h
@ -63,6 +63,8 @@ int bn_is_zero(const bignum256 *a);
|
||||
|
||||
int bn_is_less(const bignum256 *a, const bignum256 *b);
|
||||
|
||||
int bn_is_equal(const bignum256 *a, const bignum256 *b);
|
||||
|
||||
int bn_bitlen(const bignum256 *a);
|
||||
|
||||
void bn_lshift(bignum256 *a);
|
||||
|
11
ecdsa.c
11
ecdsa.c
@ -396,11 +396,18 @@ int ecdsa_verify(const uint8_t *pub_key, const uint8_t *sig, const uint8_t *msg,
|
||||
scalar_multiply(&z, &res);
|
||||
}
|
||||
|
||||
// TODO both pub and res can be infinity, can have y = 0 OR can be equal
|
||||
// both pub and res can be infinity, can have y = 0 OR can be equal -> false negative
|
||||
for (i = 0; i < 9; i++) {
|
||||
for (j = 0; j < 30; j++) {
|
||||
if (i == 8 && (s.val[i] >> j) == 0) break;
|
||||
if (s.val[i] & (1u << j)) {
|
||||
bn_mod(&(pub.y), &prime256k1);
|
||||
bn_mod(&(res.y), &prime256k1);
|
||||
if (bn_is_equal(&(pub.y), &(res.y))) {
|
||||
// this is not a failure, but a very inprobable case
|
||||
// that we don't handle because of its inprobability
|
||||
return 4;
|
||||
}
|
||||
point_add(&pub, &res);
|
||||
}
|
||||
point_double(&pub);
|
||||
@ -413,7 +420,7 @@ int ecdsa_verify(const uint8_t *pub_key, const uint8_t *sig, const uint8_t *msg,
|
||||
// signature does not match
|
||||
for (i = 0; i < 9; i++) {
|
||||
if (res.x.val[i] != r.val[i]) {
|
||||
return 4;
|
||||
return 5;
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user