mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-21 23:18:13 +00:00
use canonical signatures (if S > Order/2: S = Order - S)
This commit is contained in:
parent
7e41c2a568
commit
9205c0d952
10
bignum.c
10
bignum.c
@ -510,7 +510,7 @@ void bn_divmod58(bignum256 *a, uint32_t *r)
|
||||
*r = rem;
|
||||
}
|
||||
|
||||
#if 0
|
||||
#if BN_PRINT
|
||||
void bn_print(const bignum256 *a)
|
||||
{
|
||||
printf("%04x", a->val[8] & 0x0000FFFF);
|
||||
@ -523,4 +523,12 @@ void bn_print(const bignum256 *a)
|
||||
printf("%08x", (a->val[1] << 2) | ((a->val[0] & 0x30000000) >> 28));
|
||||
printf("%07x", a->val[0] & 0x0FFFFFFF);
|
||||
}
|
||||
|
||||
void bn_print_raw(const bignum256 *a)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i <= 8; i++) {
|
||||
printf("0x%08x, ", a->val[i]);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
3
bignum.h
3
bignum.h
@ -91,8 +91,9 @@ void bn_substract_noprime(const bignum256 *a, const bignum256 *b, bignum256 *res
|
||||
|
||||
void bn_divmod58(bignum256 *a, uint32_t *r);
|
||||
|
||||
#if 0
|
||||
#if BN_PRINT
|
||||
void bn_print(const bignum256 *a);
|
||||
void bn_print_raw(const bignum256 *a);
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
5
ecdsa.c
5
ecdsa.c
@ -256,6 +256,11 @@ int ecdsa_sign(const uint8_t *priv_key, const uint8_t *msg, uint32_t msg_len, ui
|
||||
return 3;
|
||||
}
|
||||
|
||||
// if S > order/2 => S = -S
|
||||
if (bn_is_less(&order256k1_half, &k)) {
|
||||
bn_substract_noprime(&order256k1, &k, &k);
|
||||
}
|
||||
|
||||
// we are done, R.x and k is the result signature
|
||||
bn_write_be(&R.x, sig);
|
||||
bn_write_be(&k, sig + 32);
|
||||
|
@ -24,8 +24,7 @@
|
||||
#include "secp256k1.h"
|
||||
|
||||
const bignum256 prime256k1 = {
|
||||
.val = {0x3ffffc2f, 0x3ffffffb, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0xffff}
|
||||
};
|
||||
.val = {0x3ffffc2f, 0x3ffffffb, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0xffff}};
|
||||
|
||||
const curve_point G256k1 = {
|
||||
.x = { .val = {0x16f81798, 0x27ca056c, 0x1ce28d95, 0x26ff36cb, 0x70b0702, 0x18a573a, 0xbbac55a, 0x199fbe77, 0x79be}},
|
||||
@ -34,6 +33,9 @@ const curve_point G256k1 = {
|
||||
const bignum256 order256k1 = {
|
||||
.val = {0x10364141, 0x3f497a33, 0x348a03bb, 0x2bb739ab, 0x3ffffeba, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0xffff}};
|
||||
|
||||
const bignum256 order256k1_half = {
|
||||
.val = {0x281b20a0, 0x3fa4bd19, 0x3a4501dd, 0x15db9cd5, 0x3fffff5d, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x00007fff}};
|
||||
|
||||
const bignum256 three_over_two256k1 = {
|
||||
.val = {0x3ffffe19, 0x3ffffffd, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x7fff}};
|
||||
|
||||
|
@ -42,6 +42,9 @@ extern const curve_point G256k1;
|
||||
// secp256k1 order of G
|
||||
extern const bignum256 order256k1;
|
||||
|
||||
// secp256k1 order of G / 2
|
||||
extern const bignum256 order256k1_half;
|
||||
|
||||
// 3/2 in G_p
|
||||
extern const bignum256 three_over_two256k1;
|
||||
|
||||
|
6
tests.c
6
tests.c
@ -208,6 +208,12 @@ START_TEST(test_rfc6979)
|
||||
ck_assert_int_eq(res, 0);
|
||||
bn_write_be(&k, buf);
|
||||
ck_assert_mem_eq(buf, fromhex("38aa22d72376b4dbc472e06c3ba403ee0a394da63fc58d88686c611aba98d6b3"), 32);
|
||||
|
||||
SHA256_Raw((uint8_t *)"There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!", 207, buf);
|
||||
res = generate_k_rfc6979(&k, fromhex("e91671c46231f833a6406ccbea0e3e392c76c167bac1cb013f6f1013980455c2"), buf);
|
||||
ck_assert_int_eq(res, 0);
|
||||
bn_write_be(&k, buf);
|
||||
ck_assert_mem_eq(buf, fromhex("1f4b84c23a86a221d233f2521be018d9318639d5b8bbd6374a8a59232d16ad3d"), 32);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user