mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-22 23:48:12 +00:00
pave the way for RFC6979
This commit is contained in:
parent
3f737896a4
commit
df79a330e6
31
ecdsa.c
31
ecdsa.c
@ -484,6 +484,27 @@ void read_32byte_big_endian(uint8_t *in_number, bignum256 *out_number)
|
|||||||
out_number->val[8] = temp;
|
out_number->val[8] = temp;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// generate random K for signing
|
||||||
|
void generate_k_random(bignum256 *k) {
|
||||||
|
int i;
|
||||||
|
for (;;) {
|
||||||
|
for (i = 0; i < 8; i++) {
|
||||||
|
k->val[i] = random32() & 0x3FFFFFFF;
|
||||||
|
}
|
||||||
|
k->val[8] = random32() & 0xFFFF;
|
||||||
|
// if k is too big or too small, we don't like it
|
||||||
|
if (k->val[5] == 0x3FFFFFFF && k->val[6] == 0x3FFFFFFF && k->val[7] == 0x3FFFFFFF && k->val[8] == 0xFFFF) continue;
|
||||||
|
if (k->val[5] == 0x0 && k->val[6] == 0x0 && k->val[7] == 0x0 && k->val[8] == 0x0) continue;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// generate K in a deterministic way, according to RFC6979
|
||||||
|
// http://tools.ietf.org/html/rfc6979
|
||||||
|
void generate_k_rfc6979(bignum256 *k, uint8_t *priv_key, uint8_t *hash) {
|
||||||
|
// TODO
|
||||||
|
}
|
||||||
|
|
||||||
// uses secp256k1 curve
|
// uses secp256k1 curve
|
||||||
// priv_key is a 32 byte big endian stored number
|
// priv_key is a 32 byte big endian stored number
|
||||||
// msg is a data to be signed
|
// msg is a data to be signed
|
||||||
@ -492,7 +513,7 @@ void read_32byte_big_endian(uint8_t *in_number, bignum256 *out_number)
|
|||||||
// sig_len is the pointer to a uint that will contain resulting signature length. note that ((*sig_len) == sig[1]+2)
|
// sig_len is the pointer to a uint that will contain resulting signature length. note that ((*sig_len) == sig[1]+2)
|
||||||
void ecdsa_sign(uint8_t *priv_key, uint8_t *msg, uint32_t msg_len, uint8_t *sig, uint32_t *sig_len)
|
void ecdsa_sign(uint8_t *priv_key, uint8_t *msg, uint32_t msg_len, uint8_t *sig, uint32_t *sig_len)
|
||||||
{
|
{
|
||||||
uint32_t i;
|
int i;
|
||||||
uint8_t hash[32];
|
uint8_t hash[32];
|
||||||
curve_point R;
|
curve_point R;
|
||||||
bignum256 k, z;
|
bignum256 k, z;
|
||||||
@ -505,13 +526,7 @@ void ecdsa_sign(uint8_t *priv_key, uint8_t *msg, uint32_t msg_len, uint8_t *sig,
|
|||||||
read_32byte_big_endian(hash, &z);
|
read_32byte_big_endian(hash, &z);
|
||||||
for (;;) {
|
for (;;) {
|
||||||
// generate random number k
|
// generate random number k
|
||||||
for (i = 0; i < 8; i++) {
|
generate_k_random(&k);
|
||||||
k.val[i] = random32() & 0x3FFFFFFF;
|
|
||||||
}
|
|
||||||
k.val[8] = random32() & 0xFFFF;
|
|
||||||
// if k is too big or too small, we don't like it
|
|
||||||
if (k.val[5] == 0x3FFFFFFF && k.val[6] == 0x3FFFFFFF && k.val[7] == 0x3FFFFFFF && k.val[8] == 0xFFFF) continue;
|
|
||||||
if (k.val[5] == 0x0 && k.val[6] == 0x0 && k.val[7] == 0x0 && k.val[8] == 0x0) continue;
|
|
||||||
// compute k*G
|
// compute k*G
|
||||||
scalar_multiply(&k, &R);
|
scalar_multiply(&k, &R);
|
||||||
// r = (rx mod n)
|
// r = (rx mod n)
|
||||||
|
Loading…
Reference in New Issue
Block a user