[PATCH] Curve25519 patch revised
NIIBE Yutaka
gniibe at fsij.org
Fri Aug 8 02:49:22 CEST 2014
On 2014-08-07 at 11:36 +0200, Werner Koch wrote:
> On Thu, 7 Aug 2014 07:47, gniibe at fsij.org said:
>
> > Here is the patch keeping compute_keygrip untouched.
> >
> > OK to commit?
>
> Yes.
Sorry, the version I sent yesterday had mistakes and a bug:
* Typo in log_printmpi message.
* Fix of compute_keygrip to be compatible.
Yesterday, I just reverted the patch of compute_keygrip,
but as _gcry_ecc_update_curve_param changed, it should be fixed.
* I forgot to revert the keygrip values in tests/keygrip.c.
Here's the change over yesterday's patch.
I committed & pushed, after "make check" confirmation.
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 8eb7ba4..8bdbd56 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -1168,7 +1168,7 @@ ecc_encrypt_raw (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t keyparms)
log_printmpi ("ecc_encrypt b", pk.E.b);
log_printpnt ("ecc_encrypt g", &pk.E.G, NULL);
log_printmpi ("ecc_encrypt n", pk.E.n);
- log_printmpi ("ecc_encrypt n", pk.E.h);
+ log_printmpi ("ecc_encrypt h", pk.E.h);
log_printmpi ("ecc_encrypt q", mpi_q);
}
if (!pk.E.p || !pk.E.a || !pk.E.b || !pk.E.G.x || !pk.E.n || !pk.E.h || !mpi_q)
@@ -1467,8 +1467,8 @@ ecc_get_nbits (gcry_sexp_t parms)
static gpg_err_code_t
compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms)
{
-#define N_COMPONENTS 6
- static const char names[N_COMPONENTS+1] = "pabgnq";
+#define N_COMPONENTS 7
+ static const char names[N_COMPONENTS] = "pabgnhq";
gpg_err_code_t rc;
gcry_sexp_t l1;
gcry_mpi_t values[N_COMPONENTS];
@@ -1496,24 +1496,24 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms)
if ((flags & PUBKEY_FLAG_PARAM))
{
if ((flags & PUBKEY_FLAG_EDDSA))
- rc = sexp_extract_param (keyparms, NULL, "p?a?b?g?n?/q",
+ rc = sexp_extract_param (keyparms, NULL, "p?a?b?g?n?h?/q",
&values[0], &values[1], &values[2],
&values[3], &values[4], &values[5],
- NULL);
+ &values[6], NULL);
else
- rc = sexp_extract_param (keyparms, NULL, "p?a?b?g?n?q",
+ rc = sexp_extract_param (keyparms, NULL, "p?a?b?g?n?h?q",
&values[0], &values[1], &values[2],
&values[3], &values[4], &values[5],
- NULL);
+ &values[6], NULL);
}
else
{
if ((flags & PUBKEY_FLAG_EDDSA))
rc = sexp_extract_param (keyparms, NULL, "/q",
- &values[5], NULL);
+ &values[6], NULL);
else
rc = sexp_extract_param (keyparms, NULL, "q",
- &values[5], NULL);
+ &values[6], NULL);
}
if (rc)
goto leave;
@@ -1530,7 +1530,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms)
rc = _gcry_ecc_update_curve_param (curvename,
&model, &dialect,
&values[0], &values[1], &values[2],
- &values[3], &values[4]);
+ &values[3], &values[4], &values[5]);
if (rc)
goto leave;
}
@@ -1568,7 +1568,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms)
if ((flags & PUBKEY_FLAG_EDDSA))
{
if (dialect == ECC_DIALECT_ED25519)
- rc = _gcry_ecc_eddsa_ensure_compact (values[5], 256);
+ rc = _gcry_ecc_eddsa_ensure_compact (values[6], 256);
else
rc = GPG_ERR_NOT_IMPLEMENTED;
if (rc)
@@ -1580,6 +1580,9 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms)
{
char buf[30];
+ if (idx == 5)
+ continue; /* Skip cofactor. */
+
if (mpi_is_opaque (values[idx]))
{
const unsigned char *raw;
diff --git a/tests/keygrip.c b/tests/keygrip.c
index 717535d..3ef1de1 100644
--- a/tests/keygrip.c
+++ b/tests/keygrip.c
@@ -112,7 +112,7 @@ static struct
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
- "\xE6\xBA\x0B\x38\xFC\xD0\x5C\x74\x47\x4C\x8E\x92\xD5\xCA\xE4\x69\xED\xEB\xC9\x1F"
+ "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{
GCRY_PK_ECDSA,
@@ -125,7 +125,7 @@ static struct
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
- "\xE6\xBA\x0B\x38\xFC\xD0\x5C\x74\x47\x4C\x8E\x92\xD5\xCA\xE4\x69\xED\xEB\xC9\x1F"
+ "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{
GCRY_PK_ECDSA,
@@ -138,7 +138,7 @@ static struct
" (n #00FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551#)"
" (h #000000000000000000000000000000000000000000000000000000000000000001#)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
- "\xE6\xBA\x0B\x38\xFC\xD0\x5C\x74\x47\x4C\x8E\x92\xD5\xCA\xE4\x69\xED\xEB\xC9\x1F"
+ "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{
GCRY_PK_ECDSA,
@@ -146,7 +146,7 @@ static struct
" (ecdsa"
" (curve secp256r1)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
- "\xE6\xBA\x0B\x38\xFC\xD0\x5C\x74\x47\x4C\x8E\x92\xD5\xCA\xE4\x69\xED\xEB\xC9\x1F"
+ "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{
GCRY_PK_ECC,
@@ -154,7 +154,7 @@ static struct
" (ecc"
" (curve secp256r1)"
" (q #04C8A4CEC2E9A9BC8E173531A67B0840DF345C32E261ADD780E6D83D56EFADFD5DE872F8B854819B59543CE0B7F822330464FBC4E6324DADDCD9D059554F63B344#)))",
- "\xE6\xBA\x0B\x38\xFC\xD0\x5C\x74\x47\x4C\x8E\x92\xD5\xCA\xE4\x69\xED\xEB\xC9\x1F"
+ "\xE6\xDF\x94\x2D\xBD\x8C\x77\x05\xA3\xDD\x41\x6E\xFC\x04\x01\xDB\x31\x0E\x99\xB6"
},
{ /* Ed25519 standard */
GCRY_PK_ECC,
@@ -165,8 +165,8 @@ static struct
" 1CC662926E7EFF4982B7FB8B928E61CD74CCDD85277CC57196C3AD20B611085F"
" 47BD24842905C049257673B3F5249524E0A41FAA17B25B818D0F97E625F1A1D0#)"
" ))",
- "\x9F\x7F\xED\x00\x5C\x18\x7C\x07\x01\x7D"
- "\xFC\xF2\xA2\xD4\xD1\xCE\x11\x59\x4F\x72"
+ "\x0C\xCA\xB2\xFD\x48\x9A\x33\x40\x2C\xE8"
+ "\xE0\x4A\x1F\xB2\x45\xEA\x80\x3D\x0A\xF1"
},
{ /* Ed25519+EdDSA */
GCRY_PK_ECC,
@@ -175,8 +175,8 @@ static struct
" (curve Ed25519)(flags eddsa)"
" (q #773E72848C1FD5F9652B29E2E7AF79571A04990E96F2016BF4E0EC1890C2B7DB#)"
" ))",
- "\x06\xCC\xA3\x1F\x4D\x23\x08\xF7\x91\xA2"
- "\x48\xF7\x0E\x41\x4A\x70\x76\xC2\xA4\x95"
+ "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
+ "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
},
{ /* Ed25519+EdDSA (with compression prefix) */
GCRY_PK_ECC,
@@ -198,8 +198,8 @@ static struct
" 629ad237d1ed04dcd4abe1711dd699a1cf51b1584c4de7a4ef8b8a640180b26f"
" 5bb7c29018ece0f46b01f2960e99041a5779afe7e2292b65f9d51f8c84723e77#)"
" ))",
- "\x06\xCC\xA3\x1F\x4D\x23\x08\xF7\x91\xA2"
- "\x48\xF7\x0E\x41\x4A\x70\x76\xC2\xA4\x95"
+ "\x9D\xB6\xC6\x4A\x38\x83\x0F\x49\x60\x70"
+ "\x17\x89\x47\x55\x20\xBE\x8C\x82\x1F\x47"
}
};
--
More information about the Gcrypt-devel
mailing list