[PATCH] Truncate hash values for ECDSA signature scheme
Dmitry Eremin-Solenikov
dbaryshkov at gmail.com
Thu Dec 19 00:06:06 CET 2013
Hello,
On Tue, Dec 17, 2013 at 5:53 PM, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 17 Dec 2013 12:37, dbaryshkov at gmail.com said:
>
>> if (mpi_is_opaque(input))
>> {
>> abuf = mpi_get_opaque (input, &abits);
>> rc = _gcry_mpi_scan (&hash, GCRYMPI_FMT_USG, abuf, (abits+7)/8, NULL);
>> }
>> else
>> {
>> hash = mpi_copy(input)
>> abits = mpi_get_nbits(input);
>> }
>> if (abits > qbits)
>> mpi_rshift (hash, hash, abits - qbits);
>>
>> This would be more correct, isn't it?
>
> Yes.
I was wrong, this code is incorrect. I think I now understand how to handle
different cases wrt. hash truncation. I will post new patch iteration after
the Weekend.
--
With best wishes
Dmitry
More information about the Gcrypt-devel
mailing list