ecc: Use opaque bytes by MPI (was: An octet sequence as an MPI)
Niibe Yutaka
gniibe at fsij.org
Fri Oct 25 06:13:14 CEST 2019
Hello,
In master, I clean up the code of ECC. Now, for point representation
(in public key, in secret key, and in ephemeral key), it uses an opaque
bytes internally.
We have public API:
gcry_mpi_ec_get_mpi
gcry_mpi_ec_set_mpi
which is questionable these days (it's useful when we do experiment on
ECC domain parameters). I don't touch here.
For the public API gcry_mpi_ec_decode_point, it supports both
cases of an opaque bytes and normal MPI.
I found that for EdDSA, while the 0x40 prefix is used in public key
and secret key, in r of signature, there is no prefix. The places
where we still have problems are:
EdDSA r of signature: It's native point representation in little
endian with no prefix. Zero-byte at the beginnings may be removed,
thus we have left-pad-zero handling for input. For input, no prefix
is allowed.
EdDSA s of signature: It's native little endian. Zero-byte at the
beginnings may be removed, thus we have left-pad-zero handling for
input.
EdDSA private key bytes: It's fixed-length bytes. Zero-byte at the
beginnings may be removed, thus we have left-pad-zero handling, for
input.
I don't change those, for now.
--
More information about the Gcrypt-devel
mailing list