secp160r1 incorrect signatures on ARM Cortex M0

[J08nY]

micro-ecc computes a wrong signature on secp160r1 on ARM Cortex M0.

The compile-time settings are:

-DuECC_SUPPORTS_secp160r1=1
-DuECC_SUPPORTS_secp192r1=0
-DuECC_SUPPORTS_secp224r1=0
-DuECC_SUPPORTS_secp256r1=0
-DuECC_SUPPORTS_secp256k1=0
-DuECC_SUPPORT_COMPRESSED_POINT=0
-DuECC_OPTIMIZATION_LEVEL=3
-DuECC_SQUARE_FUNC=1
-fomit-frame-pointer

with arm-none-eabi-gcc version 13.1.0 and optimization level -O3 (but also reproduced with levels [s, 1, 2]).

For a pubkey of: (1248267197097365432264186274468065254236796158617, 518980666782735319294616719874128744577850778311)

and a hash of cdfd35e9983ed989984e026546b241803bebd02b, it produces a signature of:
(1012199123568660032231186032600072213159176233822, 416085392951447075179638451199529832674058226010), which is invalid.

When compiled to target the host (x86_64) it produces valid signatures. Other curves also work correctly.

[mrx23dot]

Yeah it's essential to be portable.

What if you turn -DuECC_OPTIMIZATION_LEVEL=0 ?

[J08nY]

I vaguely remember that the optimization level was important for the error to show up (i.e. the error did not show up with optimization level 0).