From a66cf99b74c74e04bc53bd370c31997600ba3c23 Mon Sep 17 00:00:00 2001 From: matejcik Date: Tue, 2 Oct 2018 16:09:12 +0200 Subject: [PATCH] cosi: fix bug in signing code, make tests pass --- trezorlib/cosi.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/trezorlib/cosi.py b/trezorlib/cosi.py index fe1333728..e3f0e6321 100644 --- a/trezorlib/cosi.py +++ b/trezorlib/cosi.py @@ -94,12 +94,13 @@ def sign_with_privkey( """ b = _ed25519.b h = _ed25519.H(privkey) - a = int.from_bytes(h, "little") # curvepoint preparation: - # 1. clear lowest three and highest bit + # 1. take lowest b bits of h + a = int.from_bytes(h[: b // 8], "little") + # 2. clear lowest three and highest bit bitmask = 1 + 2 + 4 + (1 << b - 1) a &= ~bitmask - # 2. set next-highest bit + # 3. set next-highest bit a |= 1 << b - 2 S = (nonce + _ed25519.Hint(global_commit + global_pubkey + digest) * a) % _ed25519.l