ECDH loads parameters as signed
Ján Jančár
jancar.jj at gmail.com
Wed Oct 31 12:10:52 CET 2018
On 31/10/2018 00:32, Ján Jančár wrote:
>
>
> On 29/10/2018 17:44, Werner Koch wrote:
>> On Mon, 29 Oct 2018 15:41, jancar.jj at gmail.com said:
>>
>>> Any updates on this? Such exporting and loading parameters back should
>>> work. The same problem appears in ECDSA.
>>
>> I considered to include this in 1.8.4 but given that I have seen no
>> further comments your patch first needs closer investigations. We need
>> to check the history to see why the code was written this way. Even if
>> your issue is a bug (in the sense of a wrong/different implementation)
>> we can't simply change it and risk that other applications break.
>
> The use of sexp_extract_param with the signed prefix was introduced in
> 6bd5d18c, which moved the sexp parsing from gcry_pk_encrypt to
> ecc_encrypt_raw. Previously the keyparams S-exp was parsed using a loop and:
>
> gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_STD);
>
> as in 6bd5d18c: cipher/pubkey.c (sexp_elements_extract_ecc).
>
> However, before 6bd5d18c, which introduced eddsa, this was done using:
Sorry, the eddsa introduction should have been commit 63cd34744,
mis-copied the id.
Cheers,
Ján Jančár
More information about the Gcrypt-devel
mailing list