output 256-bit s

2025-01-27 05:54:51 +00:00 · 2020-06-23 16:38:43 +03:00 · 2020-06-23 16:38:43 +03:00 · 65ab8d30bf
commit 65ab8d30bf
parent 392a661300
2 changed files with 11 additions and 11 deletions
--- a/src/main/java/im/status/keycard/SECP256k1.java
+++ b/src/main/java/im/status/keycard/SECP256k1.java
@ -174,8 +174,7 @@ public class SECP256k1 {
  short signSchnorr(ECPrivateKey privKey, byte[] pubKey, short pubOff, byte[] data, short dataOff, short dataLen, byte[] output, short outOff) {
    output[outOff++] = TLV_SCHNORR_SIGNATURE;
-    output[outOff++] = (byte) 0x81;
+    output[outOff++] = (byte) (Crypto.KEY_PUB_SIZE  + SECP256K1_BYTE_SIZE);
    output[outOff++] = (byte) (Crypto.KEY_PUB_SIZE  + MULT_OUT_SIZE);
    crypto.random.generateData(tmp, SCHNORR_K_OUT_OFF, SECP256K1_BYTE_SIZE);
    Util.arrayFillNonAtomic(tmp, SCHNORR_E_OUT_OFF, (short)(TMP_LEN - SCHNORR_E_OUT_OFF), (byte) 0x00);
@ -195,9 +194,11 @@ public class SECP256k1 {
    divideResBy2();
-    crypto.addBig(tmp, SCHNORR_RES_64_OFF, MULT_OUT_SIZE, tmp, SCHNORR_K_OUT_OFF, SECP256K1_BYTE_SIZE, output, (short) (outOff + Crypto.KEY_PUB_SIZE));
+    crypto.addBig(tmp, SCHNORR_RES_64_OFF, MULT_OUT_SIZE, tmp, SCHNORR_K_OUT_OFF, SECP256K1_BYTE_SIZE, tmp, SCHNORR_RES_64_OFF);
-    secp256k1Mod(output, (short) (outOff + Crypto.KEY_PUB_SIZE));
+    secp256k1Mod(tmp, SCHNORR_RES_64_OFF);
-    return (short) (3 + Crypto.KEY_PUB_SIZE  + MULT_OUT_SIZE);
+    Util.arrayCopyNonAtomic(tmp, SCHNORR_RES_32_OFF, output, (short) (outOff + Crypto.KEY_PUB_SIZE), SECP256K1_BYTE_SIZE);
    return (short) (2 + Crypto.KEY_PUB_SIZE  + SECP256K1_BYTE_SIZE);
  }
  private void divideResBy2() {
--- a/src/test/java/im/status/keycard/KeycardTest.java
+++ b/src/test/java/im/status/keycard/KeycardTest.java
@ -1064,15 +1064,14 @@ public class KeycardTest {
  private void verifySchnorr(byte[] m, byte[] sig) throws Exception {
    byte[] p = extractPublicKeyFromSignature(sig);
    byte[] rawSig = extractSignature(sig);
-    int off = sig[4] + 5 + 3;
+    byte[] r = Arrays.copyOfRange(rawSig, 2, 67);
-    byte[] rawSig = Arrays.copyOfRange(sig, off, sig.length);
+    byte[] rawS = Arrays.copyOfRange(rawSig, 67, rawSig.length);
    byte[] r = Arrays.copyOf(rawSig, 65);
    System.out.println("p = " + Hex.toHexString(p));
    System.out.println("r = " + Hex.toHexString(r));
-    System.out.println("s = " + Hex.toHexString(Arrays.copyOfRange(rawSig, 65, rawSig.length)));
+    System.out.println("s = " + Hex.toHexString(rawS));
    MessageDigest dg = MessageDigest.getInstance("SHA256");
    dg.update(r);
@ -1084,7 +1083,7 @@ public class KeycardTest {
    ECPoint P = ecSpec.getCurve().decodePoint(p);
    ECPoint G = ecSpec.getG();
-    BigInteger s = new BigInteger(1, Arrays.copyOfRange(rawSig, 65, rawSig.length));
+    BigInteger s = new BigInteger(1, rawS);
    ECPoint R = G.multiply(s).subtract(P.multiply(e));
    System.out.println("R = " + Hex.toHexString(R.getEncoded(false)));