1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 07:28:10 +00:00

return back normalization of signatures

This commit is contained in:
Pavol Rusnak 2015-08-03 21:31:15 +02:00
parent 9255595c97
commit d659fd49a5
4 changed files with 20 additions and 4 deletions

View File

@ -734,6 +734,13 @@ int ecdsa_sign_digest(const ecdsa_curve *curve, const uint8_t *priv_key, const u
}
if (result == 0) {
// if S > order/2 => S = -S
if (bn_is_less(&curve->order_half, &k)) {
bn_subtract(&curve->order, &k, &k);
if (pby) {
*pby = !*pby;
}
}
// we are done, R.x and k is the result signature
bn_write_be(&R.x, sig);
bn_write_be(&k, sig + 32);

View File

@ -35,10 +35,11 @@ typedef struct {
typedef struct {
bignum256 prime; // prime order of the finite field
curve_point G; // initial curve point
bignum256 order; // order of G
bignum256 a; // coefficient 'a' of the elliptic curve
bignum256 prime; // prime order of the finite field
curve_point G; // initial curve point
bignum256 order; // order of G
bignum256 order_half; // order of G divided by 2
bignum256 a; // coefficient 'a' of the elliptic curve
#if USE_PRECOMPUTED_CP
const curve_point cp[64][8];

View File

@ -37,6 +37,10 @@ const ecdsa_curve nist256p1 = {
/*.val =*/{0x3c632551, 0xee72b0b, 0x3179e84f, 0x39beab69, 0x3fffffbc, 0x3fffffff, 0xfff, 0x3fffc000, 0xffff}
},
/* order_half */ {
/*.val =*/{0x3e3192a8, 0x27739585, 0x38bcf427, 0x1cdf55b4, 0x3fffffde, 0x3fffffff, 0x7ff, 0x3fffe000, 0x7fff}
},
/* a */ {
/*.val =*/{0x3ffffffc, 0x3fffffff, 0x3fffffff, 0x3f, 0x0, 0x0, 0x1000, 0x3fffc000, 0xffff}
}

View File

@ -37,6 +37,10 @@ const ecdsa_curve secp256k1 = {
/*.val =*/{0x10364141, 0x3f497a33, 0x348a03bb, 0x2bb739ab, 0x3ffffeba, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0xffff}
},
/* order_half */ {
/*.val =*/{0x281b20a0, 0x3fa4bd19, 0x3a4501dd, 0x15db9cd5, 0x3fffff5d, 0x3fffffff, 0x3fffffff, 0x3fffffff, 0x7fff}
},
/* a */ {
/*.val =*/{0}
}