arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-03 12:00:59 +00:00
Code Issues Releases Wiki Activity

Added modulus to bn_subtractmod

Browse Source
This commit is contained in:
Jochen Hoenicke 2015-03-15 13:24:50 +01:00
parent 62b95ee414
commit d4788bddfd
3 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bignum.c
View File

@ -626,14 +626,15 @@ void bn_addmodi(bignum256 *a, uint32_t b, const bignum256 *prime) {
bn_mod(a, prime); bn_mod(a, prime);
} }
// res = a - b // res = a - b mod prime. More exactly res = a + (2*prime - b).
// b < 2*prime; result not normalized // precondition: 0 <= b < 2*prime, 0 <= a < prime
void bn_subtractmod(const bignum256 *a, const bignum256 *b, bignum256 *res) // res < 3*prime
void bn_subtractmod(const bignum256 *a, const bignum256 *b, bignum256 *res, const bignum256 *prime)
{ {
int i; int i;
uint32_t temp = 0; uint32_t temp = 0;
for (i = 0; i < 9; i++) { for (i = 0; i < 9; i++) {
temp += a->val[i] + 2u * prime256k1.val[i] - b->val[i]; temp += a->val[i] + 2u * prime->val[i] - b->val[i];
res->val[i] = temp & 0x3FFFFFFF; res->val[i] = temp & 0x3FFFFFFF;
temp >>= 30; temp >>= 30;
} }

2
bignum.h
View File

@ -73,7 +73,7 @@ void bn_addmod(bignum256 *a, const bignum256 *b, const bignum256 *prime);
void bn_addmodi(bignum256 *a, uint32_t b, const bignum256 *prime); void bn_addmodi(bignum256 *a, uint32_t b, const bignum256 *prime);
void bn_subtractmod(const bignum256 *a, const bignum256 *b, bignum256 *res); void bn_subtractmod(const bignum256 *a, const bignum256 *b, bignum256 *res, const bignum256 *prime);
void bn_subtract(const bignum256 *a, const bignum256 *b, bignum256 *res); void bn_subtract(const bignum256 *a, const bignum256 *b, bignum256 *res);

20
ecdsa.c
View File

@ -63,24 +63,24 @@ void point_add(const curve_point *cp1, curve_point *cp2)
return; return;
} }
bn_subtractmod(&(cp2->x), &(cp1->x), &inv); bn_subtractmod(&(cp2->x), &(cp1->x), &inv, &prime256k1);
bn_inverse(&inv, &prime256k1); bn_inverse(&inv, &prime256k1);
bn_subtractmod(&(cp2->y), &(cp1->y), &lambda); bn_subtractmod(&(cp2->y), &(cp1->y), &lambda, &prime256k1);
bn_multiply(&inv, &lambda, &prime256k1); bn_multiply(&inv, &lambda, &prime256k1);
memcpy(&xr, &lambda, sizeof(bignum256)); memcpy(&xr, &lambda, sizeof(bignum256));
bn_multiply(&xr, &xr, &prime256k1); bn_multiply(&xr, &xr, &prime256k1);
temp = 0; temp = 1;
for (i = 0; i < 9; i++) { for (i = 0; i < 9; i++) {
temp += xr.val[i] + 3u * prime256k1.val[i] - cp1->x.val[i] - cp2->x.val[i]; temp += 0x3FFFFFFF + xr.val[i] + 2u * prime256k1.val[i] - cp1->x.val[i] - cp2->x.val[i];
xr.val[i] = temp & 0x3FFFFFFF; xr.val[i] = temp & 0x3FFFFFFF;
temp >>= 30; temp >>= 30;
} }
bn_fast_mod(&xr, &prime256k1); bn_fast_mod(&xr, &prime256k1);
bn_subtractmod(&(cp1->x), &xr, &yr); bn_subtractmod(&(cp1->x), &xr, &yr, &prime256k1);
// no need to fast_mod here // no need to fast_mod here
// bn_fast_mod(&yr); // bn_fast_mod(&yr);
bn_multiply(&lambda, &yr, &prime256k1); bn_multiply(&lambda, &yr, &prime256k1);
bn_subtractmod(&yr, &(cp1->y), &yr); bn_subtractmod(&yr, &(cp1->y), &yr, &prime256k1);
bn_fast_mod(&yr, &prime256k1); bn_fast_mod(&yr, &prime256k1);
memcpy(&(cp2->x), &xr, sizeof(bignum256)); memcpy(&(cp2->x), &xr, sizeof(bignum256));
memcpy(&(cp2->y), &yr, sizeof(bignum256)); memcpy(&(cp2->y), &yr, sizeof(bignum256));
@ -111,18 +111,18 @@ void point_double(curve_point *cp)
bn_multiply(&(cp->x), &lambda, &prime256k1); bn_multiply(&(cp->x), &lambda, &prime256k1);
memcpy(&xr, &lambda, sizeof(bignum256)); memcpy(&xr, &lambda, sizeof(bignum256));
bn_multiply(&xr, &xr, &prime256k1); bn_multiply(&xr, &xr, &prime256k1);
temp = 0; temp = 1;
for (i = 0; i < 9; i++) { for (i = 0; i < 9; i++) {
temp += xr.val[i] + 3u * prime256k1.val[i] - 2u * cp->x.val[i]; temp += 0x3FFFFFFF + xr.val[i] + 2u * (prime256k1.val[i] - cp->x.val[i]);
xr.val[i] = temp & 0x3FFFFFFF; xr.val[i] = temp & 0x3FFFFFFF;
temp >>= 30; temp >>= 30;
} }
bn_fast_mod(&xr, &prime256k1); bn_fast_mod(&xr, &prime256k1);
bn_subtractmod(&(cp->x), &xr, &yr); bn_subtractmod(&(cp->x), &xr, &yr, &prime256k1);
// no need to fast_mod here // no need to fast_mod here
// bn_fast_mod(&yr); // bn_fast_mod(&yr);
bn_multiply(&lambda, &yr, &prime256k1); bn_multiply(&lambda, &yr, &prime256k1);
bn_subtractmod(&yr, &(cp->y), &yr); bn_subtractmod(&yr, &(cp->y), &yr, &prime256k1);
bn_fast_mod(&yr, &prime256k1); bn_fast_mod(&yr, &prime256k1);
memcpy(&(cp->x), &xr, sizeof(bignum256)); memcpy(&(cp->x), &xr, sizeof(bignum256));
memcpy(&(cp->y), &yr, sizeof(bignum256)); memcpy(&(cp->y), &yr, sizeof(bignum256));