testsuite error on git git master - t-cv25519
NIIBE Yutaka
gniibe at fsij.org
Fri Feb 12 06:21:02 CET 2016
On 02/11/2016 07:20 PM, Andreas Metzler wrote:
> git master currently produces a testsuite error on t-cv25519:
[...]
> The breakage was introduced by
> 23b72901f8a5ba9a78485b235c7a917fbc8faae0
> "ecc: input validation on ECDH."
Thank you for reporting.
The commit was wrong for Curve25519. I fixed it.
Perhaps, the vector in RFC-7748 is intentional.
Reading the RFC again:
https://datatracker.ietf.org/doc/rfc7748/
It only addressed the most significant bit.
In another (expired) document, there is a section for point
validation:
https://datatracker.ietf.org/doc/draft-ietf-tls-curve25519/
and I was confused that point validation is ok to be implemented.
Well, I found an article about point validation on Curve25519.
http://vnhacker.blogspot.jp/2015/09/why-not-validating-curve25519-public.html
For libgcrypt implementation, it fails (segfaults) for point infinity when
it tries to get X-coordinate. So, it's on safer side.
--
More information about the Gcrypt-devel
mailing list