mirror of
https://github.com/trezor/trezor-firmware.git
synced 2025-01-18 11:21:11 +00:00
57 lines
2.3 KiB
C
57 lines
2.3 KiB
C
/*
|
|
* Copyright 2013 The Android Open Source Project
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are met:
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* * Neither the name of Google Inc. nor the names of its contributors may
|
|
* be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
|
* EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
|
|
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <string.h>
|
|
|
|
#include "p256_ecdsa.h"
|
|
#include "p256.h"
|
|
|
|
int p256_ecdsa_verify(const p256_int* key_x, const p256_int* key_y,
|
|
const p256_int* message,
|
|
const p256_int* r, const p256_int* s) {
|
|
p256_int u, v;
|
|
|
|
// Check public key.
|
|
if (!p256_is_valid_point(key_x, key_y)) return 0;
|
|
|
|
// Check r and s are != 0 % n.
|
|
p256_mod(&SECP256r1_n, r, &u);
|
|
p256_mod(&SECP256r1_n, s, &v);
|
|
if (p256_is_zero(&u) || p256_is_zero(&v)) return 0;
|
|
|
|
p256_modinv_vartime(&SECP256r1_n, s, &v);
|
|
p256_modmul(&SECP256r1_n, message, 0, &v, &u); // message / s % n
|
|
p256_modmul(&SECP256r1_n, r, 0, &v, &v); // r / s % n
|
|
|
|
p256_points_mul_vartime(&u, &v,
|
|
key_x, key_y,
|
|
&u, &v);
|
|
|
|
p256_mod(&SECP256r1_n, &u, &u); // (x coord % p) % n
|
|
return p256_cmp(r, &u) == 0;
|
|
}
|
|
|