diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2020-06-18 12:58:18 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2020-06-18 13:50:58 +0900 |
commit | a6177e1bc948a7af052d62bcd62aa6b5825bfaff (patch) | |
tree | 05b83d8b43a7c7df98c80c5797db57ea20d026b6 | |
parent | f2847d56cce2afdd993f797812a673495a41c234 (diff) | |
download | libgcrypt-a6177e1bc948a7af052d62bcd62aa6b5825bfaff.tar.gz |
ecc: For Ed448, it's only for EdDSA.
* cipher/ecc.c (ecc_sign): Ed448 is only for EdDSA.
Hash algo is determined by the curve.
(ecc_verify): Likewise.
* tests/t-ed448.c (one_test): Don't specify (flags eddsa).
Don't specify hash-algo.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-rw-r--r-- | cipher/ecc.c | 28 | ||||
-rw-r--r-- | tests/t-ed448.c | 10 |
2 files changed, 30 insertions, 8 deletions
diff --git a/cipher/ecc.c b/cipher/ecc.c index 7b3ebd54..24b6febb 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -702,6 +702,11 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN, 0); ctx.flags |= flags; + if (ec->model == MPI_EC_EDWARDS && ec->dialect == ECC_DIALECT_SAFECURVE) + ctx.flags |= PUBKEY_FLAG_EDDSA; + /* Clear hash algo for EdDSA. */ + if ((ctx.flags & PUBKEY_FLAG_EDDSA)) + ctx.hash_algo = GCRY_MD_NONE; /* Extract the data. */ rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx); @@ -710,6 +715,15 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) if (DBG_CIPHER) log_mpidump ("ecc_sign data", data); + /* Hash algo is determined by curve in EdDSA. Fill it if not specified. */ + if ((ctx.flags & PUBKEY_FLAG_EDDSA) && !ctx.hash_algo) + { + if (ec->dialect == ECC_DIALECT_ED25519) + ctx.hash_algo = GCRY_MD_SHA512; + else if (ec->dialect == ECC_DIALECT_SAFECURVE) + ctx.hash_algo = GCRY_MD_SHAKE256; + } + sig_r = mpi_new (0); sig_s = mpi_new (0); if ((ctx.flags & PUBKEY_FLAG_EDDSA)) @@ -793,6 +807,11 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_VERIFY, ecc_get_nbits (s_keyparms)); ctx.flags |= flags; + if (ec->model == MPI_EC_EDWARDS && ec->dialect == ECC_DIALECT_SAFECURVE) + ctx.flags |= PUBKEY_FLAG_EDDSA; + /* Clear hash algo for EdDSA. */ + if ((ctx.flags & PUBKEY_FLAG_EDDSA)) + ctx.hash_algo = GCRY_MD_NONE; /* Extract the data. */ rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx); @@ -801,6 +820,15 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) if (DBG_CIPHER) log_mpidump ("ecc_verify data", data); + /* Hash algo is determined by curve in EdDSA. Fill it if not specified. */ + if ((ctx.flags & PUBKEY_FLAG_EDDSA) && !ctx.hash_algo) + { + if (ec->dialect == ECC_DIALECT_ED25519) + ctx.hash_algo = GCRY_MD_SHA512; + else if (ec->dialect == ECC_DIALECT_SAFECURVE) + ctx.hash_algo = GCRY_MD_SHAKE256; + } + /* * Extract the signature value. */ diff --git a/tests/t-ed448.c b/tests/t-ed448.c index 6380143b..1f445ffc 100644 --- a/tests/t-ed448.c +++ b/tests/t-ed448.c @@ -270,14 +270,11 @@ one_test (int testno, int ph, const char *sk, const char *pk, if ((err = gcry_sexp_build (&s_msg, NULL, ph ? "(data" - " (flags prehash eddsa)" - " (hash-algo shake256)" + " (flags prehash)" " (label %b)" " (value %b))" : "(data" - " (flags eddsa)" - " (hash-algo shake256)" " (label %b)" " (value %b))", (int)buflen2, buffer2, @@ -293,13 +290,10 @@ one_test (int testno, int ph, const char *sk, const char *pk, if ((err = gcry_sexp_build (&s_msg, NULL, ph ? "(data" - " (flags prehash eddsa)" - " (hash-algo shake256)" + " (flags prehash)" " (value %b))" : "(data" - " (flags eddsa)" - " (hash-algo shake256)" " (value %b))", (int)buflen, buffer))) { fail ("error building s-exp for test %d, %s: %s", |