status-im
/
status-keycard
mirror of https://github.com/status-im/status-keycard.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

output 256-bit s

This commit is contained in:
Michele Balistreri 2020-06-23 16:38:43 +03:00
parent 392a661300
commit 65ab8d30bf
No known key found for this signature in database
GPG Key ID: E9567DA33A4F791A
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/java/im/status/keycard/SECP256k1.java
View File

@ -174,8 +174,7 @@ public class SECP256k1 {
short signSchnorr(ECPrivateKey privKey, byte[] pubKey, short pubOff, byte[] data, short dataOff, short dataLen, byte[] output, short outOff) {
output[outOff++] = TLV_SCHNORR_SIGNATURE;
output[outOff++] = (byte) 0x81;
output[outOff++] = (byte) (Crypto.KEY_PUB_SIZE + MULT_OUT_SIZE);
output[outOff++] = (byte) (Crypto.KEY_PUB_SIZE + SECP256K1_BYTE_SIZE);
crypto.random.generateData(tmp, SCHNORR_K_OUT_OFF, SECP256K1_BYTE_SIZE);
Util.arrayFillNonAtomic(tmp, SCHNORR_E_OUT_OFF, (short)(TMP_LEN - SCHNORR_E_OUT_OFF), (byte) 0x00);
@ -195,9 +194,11 @@ public class SECP256k1 {
divideResBy2();
crypto.addBig(tmp, SCHNORR_RES_64_OFF, MULT_OUT_SIZE, tmp, SCHNORR_K_OUT_OFF, SECP256K1_BYTE_SIZE, output, (short) (outOff + Crypto.KEY_PUB_SIZE));
secp256k1Mod(output, (short) (outOff + Crypto.KEY_PUB_SIZE));
return (short) (3 + Crypto.KEY_PUB_SIZE + MULT_OUT_SIZE);
crypto.addBig(tmp, SCHNORR_RES_64_OFF, MULT_OUT_SIZE, tmp, SCHNORR_K_OUT_OFF, SECP256K1_BYTE_SIZE, tmp, SCHNORR_RES_64_OFF);
secp256k1Mod(tmp, SCHNORR_RES_64_OFF);
Util.arrayCopyNonAtomic(tmp, SCHNORR_RES_32_OFF, output, (short) (outOff + Crypto.KEY_PUB_SIZE), SECP256K1_BYTE_SIZE);
return (short) (2 + Crypto.KEY_PUB_SIZE + SECP256K1_BYTE_SIZE);
}
private void divideResBy2() {

11
src/test/java/im/status/keycard/KeycardTest.java
View File

@ -1064,15 +1064,14 @@ public class KeycardTest {
private void verifySchnorr(byte[] m, byte[] sig) throws Exception {
byte[] p = extractPublicKeyFromSignature(sig);
byte[] rawSig = extractSignature(sig);
int off = sig[4] + 5 + 3;
byte[] rawSig = Arrays.copyOfRange(sig, off, sig.length);
byte[] r = Arrays.copyOf(rawSig, 65);
byte[] r = Arrays.copyOfRange(rawSig, 2, 67);
byte[] rawS = Arrays.copyOfRange(rawSig, 67, rawSig.length);
System.out.println("p = " + Hex.toHexString(p));
System.out.println("r = " + Hex.toHexString(r));
System.out.println("s = " + Hex.toHexString(Arrays.copyOfRange(rawSig, 65, rawSig.length)));
System.out.println("s = " + Hex.toHexString(rawS));
MessageDigest dg = MessageDigest.getInstance("SHA256");
dg.update(r);
@ -1084,7 +1083,7 @@ public class KeycardTest {
ECPoint P = ecSpec.getCurve().decodePoint(p);
ECPoint G = ecSpec.getG();
BigInteger s = new BigInteger(1, Arrays.copyOfRange(rawSig, 65, rawSig.length));
BigInteger s = new BigInteger(1, rawS);
ECPoint R = G.multiply(s).subtract(P.multiply(e));
System.out.println("R = " + Hex.toHexString(R.getEncoded(false)));