ECDSA sign: cleanup comments and variables

Remove mod at end as mulmod does this. Change mp_add to mp_addmod_ct to keep the size of numbers to less than order for mp_mulmod.
2025-07-29 18:27:29 +02:00 · 2021-01-27 09:39:11 +10:00
parent 9c34ecc130
commit c739b4d474
1 changed files with 21 additions and 18 deletions
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@ -5544,43 +5544,46 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng,
               if (err != MP_OKAY) break;

               if (mp_iszero(r) == MP_NO) {
+                   mp_int* ep = &pubkey->k;
+                   mp_int* kp = &pubkey->k;
+                   mp_int* x  = &key->k;
+
                   /* find s = (e + xr)/k
                             = b.(e/k.b + x.r/k.b) */

-                   /* k = k.b */
-                   err = mp_mulmod(&pubkey->k, b, curve->order, &pubkey->k);
+                   /* k' = k.b */
+                   err = mp_mulmod(&pubkey->k, b, curve->order, kp);
                   if (err != MP_OKAY) break;

-                   /* k = 1/k.b */
-                   err = mp_invmod(&pubkey->k, curve->order, &pubkey->k);
+                   /* k' = 1/k.b
+                         = 1/k' */
+                   err = mp_invmod(kp, curve->order, kp);
                   if (err != MP_OKAY) break;

                   /* s = x.r */
-                   err = mp_mulmod(&key->k, r, curve->order, s);
+                   err = mp_mulmod(x, r, curve->order, s);
                   if (err != MP_OKAY) break;

-                   /* s = x.r/k.b */
-                   err = mp_mulmod(&pubkey->k, s, curve->order, s);
+                   /* s = x.r/k.b
+                        = k'.s */
+                   err = mp_mulmod(kp, s, curve->order, s);
                   if (err != MP_OKAY) break;

-                   /* e = e/k.b */
-                   err = mp_mulmod(&pubkey->k, e, curve->order, &pubkey->k);
+                   /* e' = e/k.b
+                         = e.k' */
+                   err = mp_mulmod(kp, e, curve->order, ep);
                   if (err != MP_OKAY) break;

-                   /* s = e/k.b + x.r/k.b
-                        = (e + x.r)/k.b */
-                   err = mp_add(&pubkey->k, s, s);
+                   /* s = e/k.b + x.r/k.b = (e + x.r)/k.b
+                        = e' + s */
+                   err = mp_addmod_ct(ep, s, curve->order, s);
                   if (err != MP_OKAY) break;

-                   /* s = b.(e + x.r)/k.b
-                        = (e + x.r)/k */
+                   /* s = b.(e + x.r)/k.b = (e + x.r)/k
+                        = b.s */
                   err = mp_mulmod(s, b, curve->order, s);
                   if (err != MP_OKAY) break;

-                   /* s = (e + xr)/k */
-                   err = mp_mod(s, curve->order, s);
-                   if (err != MP_OKAY) break;
-
                   if (mp_iszero(s) == MP_NO) {
                       /* sign successful */
                       break;