diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2016-04-06 18:05:38 +0900 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2016-04-06 18:05:38 +0900 |
| commit | 6f386ceae86a058e26294f744750f1ed2a95e604 (patch) | |
| tree | 0be6b7efd2bc8532bc38356f5c5c142ea1886cbb /cipher/ecc-eddsa.c | |
| parent | 862cf19a119427dd7ee7959a36c72d905f5ea5ca (diff) | |
| download | libgcrypt-6f386ceae86a058e26294f744750f1ed2a95e604.tar.gz | |
ecc: Positive values in computation.
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make sure
coefficients A and B are positive.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): For negation, do
"P - T" instead of "-T", so that the result will be positive.
(_gcry_ecc_eddsa_verify): Likewise.
* cipher/ecc.c (ecc_check_secret_key): Use _gcry_ecc_fill_in_curve
instead of _gcry_ecc_update_curve_param.
* mpi/ec.c (ec_subm): Make sure the result will be positive.
(dup_point_edwards, sub_points_edwards, _gcry_mpi_ec_curve_point): Use
mpi_sub instead of mpi_neg.
(add_points_edwards): Simply use ec_addm.
* tests/t-mpi-point.c (test_curve): Define curves with positive
coefficients.
--
We keep the coefficients of domain_parms in ecc-curves.c, so that
keygrip computations won't change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'cipher/ecc-eddsa.c')
| -rw-r--r-- | cipher/ecc-eddsa.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/cipher/ecc-eddsa.c b/cipher/ecc-eddsa.c index 2a52b78b..f91f8489 100644 --- a/cipher/ecc-eddsa.c +++ b/cipher/ecc-eddsa.c @@ -251,7 +251,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec) mpi_mulm (t, x, x, ec->p); mpi_mulm (t, t, v, ec->p); /* -t == u ? x = x * sqrt(-1) */ - mpi_neg (t, t); + mpi_sub (t, ec->p, t); if (!mpi_cmp (t, u)) { static gcry_mpi_t m1; /* Fixme: this is not thread-safe. */ @@ -263,7 +263,7 @@ _gcry_ecc_eddsa_recover_x (gcry_mpi_t x, gcry_mpi_t y, int sign, mpi_ec_t ec) mpi_mulm (t, x, x, ec->p); mpi_mulm (t, t, v, ec->p); /* -t == u ? x = x * sqrt(-1) */ - mpi_neg (t, t); + mpi_sub (t, ec->p, t); if (!mpi_cmp (t, u)) rc = GPG_ERR_INV_OBJ; } @@ -835,7 +835,7 @@ _gcry_ecc_eddsa_verify (gcry_mpi_t input, ECC_public_key *pkey, _gcry_mpi_ec_mul_point (&Ia, s, &pkey->E.G, ctx); _gcry_mpi_ec_mul_point (&Ib, h, &Q, ctx); - _gcry_mpi_neg (Ib.x, Ib.x); + _gcry_mpi_sub (Ib.x, ctx->p, Ib.x); _gcry_mpi_ec_add_points (&Ia, &Ia, &Ib, ctx); rc = _gcry_ecc_eddsa_encodepoint (&Ia, ctx, s, h, 0, &tbuf, &tlen); if (rc) |