Skip to content

Commit

Permalink
Fix BN resizing issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@dufkan
dufkan committed Jul 6, 2021
1 parent 05cbf33 commit 62ea961
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 17 deletions.
8 changes: 6 additions & 2 deletions applet/src/main/java/applet/MainApplet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ private void sign(APDU apdu) {
signature.set_size((short) 64);
signature.from_byte_array((short) 64, (short) 0, ramArray, (short) 0);
signature.mod(curveOrder);
signature.shrink();
signature.deep_resize((short) 32);

// Compute signature s = r + ex
signature.mod_mult(privateKey, signature, curveOrder);
Expand All @@ -157,18 +157,22 @@ private void encodeEd25519(ECPoint point, byte[] buffer, short offset) {
point.getW(ramArray, (short) 0);

// Compute X
transformX.set_size((short) 32);
transformX.from_byte_array((short) 32, (short) 0, ramArray, (short) 1);
transformY.set_size((short) 32);
transformY.from_byte_array((short) 32, (short) 0, ramArray, (short) 33);
transformX.mod_sub(transformA3, curve.pBN);
transformX.mod_mult(transformX, transformC, curve.pBN);
transformY.mod_inv(curve.pBN);
transformX.mod_mult(transformX, transformY, curve.pBN);
transformX.deep_resize((short) 32);

boolean x_bit = transformX.is_odd();

// Compute Y
transformX.from_byte_array((short) 32, (short) 0, ramArray, (short) 1);
transformX.mod_sub(transformA3, curve.pBN);
transformY.set_size((short) 32);
transformY.copy(transformX);
transformX.decrement_one();
transformY.mod_add(Bignat_Helper.ONE, curve.pBN);
Expand Down Expand Up @@ -197,7 +201,7 @@ private void deterministicNonce(byte[] msg, short offset, short len) {
privateNonce.set_size((short) 64);
privateNonce.from_byte_array((short) 64, (short) 0, ramArray, (short) 0);
privateNonce.mod(curveOrder);
privateNonce.shrink();
privateNonce.deep_resize((short) 32);
}

private void randomNonce() {
Expand Down
32 changes: 17 additions & 15 deletions applet/src/test/java/tests/AppletTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,21 +62,23 @@ public void keygen_and_sign() throws Exception {

byte[] pubkeyBytes = keygen(cm);

byte[] data = new byte[32];
for(int i = 0; i < data.length; ++i)
data[i] = (byte) (0xff & i);
for(int j = 0; j < 256; ++j) {
byte[] data = new byte[32];
for (int i = 0; i < data.length; ++i)
data[i] = (byte) ((0xff & i) + j);

final CommandAPDU cmd = new CommandAPDU(Consts.CLA_ED25519, Consts.INS_SIGN,0, 0, data);
final ResponseAPDU responseAPDU = cm.transmit(cmd);
Assert.assertNotNull(responseAPDU);
Assert.assertEquals(0x9000, responseAPDU.getSW());
Assert.assertNotNull(responseAPDU.getBytes());
Assert.assertEquals(32 + 32, responseAPDU.getData().length);
EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519);
Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm()));
PublicKey pubKey = new EdDSAPublicKey(new EdDSAPublicKeySpec(pubkeyBytes, spec));
sgr.initVerify(pubKey);
sgr.update(data);
Assert.assertTrue(sgr.verify(responseAPDU.getData()));
final CommandAPDU cmd = new CommandAPDU(Consts.CLA_ED25519, Consts.INS_SIGN, 0, 0, data);
final ResponseAPDU responseAPDU = cm.transmit(cmd);
Assert.assertNotNull(responseAPDU);
Assert.assertEquals(0x9000, responseAPDU.getSW());
Assert.assertNotNull(responseAPDU.getBytes());
Assert.assertEquals(32 + 32, responseAPDU.getData().length);
EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519);
Signature sgr = new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm()));
PublicKey pubKey = new EdDSAPublicKey(new EdDSAPublicKeySpec(pubkeyBytes, spec));
sgr.initVerify(pubKey);
sgr.update(data);
Assert.assertTrue(sgr.verify(responseAPDU.getData()));
}
}
}

0 comments on commit 62ea961

Please sign in to comment.