diff options
-rw-r--r-- | cipher/ecc.c | 28 | ||||
-rw-r--r-- | tests/t-ed448.c | 10 |
2 files changed, 30 insertions, 8 deletions
diff --git a/cipher/ecc.c b/cipher/ecc.c index 7b3ebd54..24b6febb 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -702,6 +702,11 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_SIGN, 0); ctx.flags |= flags; + if (ec->model == MPI_EC_EDWARDS && ec->dialect == ECC_DIALECT_SAFECURVE) + ctx.flags |= PUBKEY_FLAG_EDDSA; + /* Clear hash algo for EdDSA. */ + if ((ctx.flags & PUBKEY_FLAG_EDDSA)) + ctx.hash_algo = GCRY_MD_NONE; /* Extract the data. */ rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx); @@ -710,6 +715,15 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms) if (DBG_CIPHER) log_mpidump ("ecc_sign data", data); + /* Hash algo is determined by curve in EdDSA. Fill it if not specified. */ + if ((ctx.flags & PUBKEY_FLAG_EDDSA) && !ctx.hash_algo) + { + if (ec->dialect == ECC_DIALECT_ED25519) + ctx.hash_algo = GCRY_MD_SHA512; + else if (ec->dialect == ECC_DIALECT_SAFECURVE) + ctx.hash_algo = GCRY_MD_SHAKE256; + } + sig_r = mpi_new (0); sig_s = mpi_new (0); if ((ctx.flags & PUBKEY_FLAG_EDDSA)) @@ -793,6 +807,11 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) _gcry_pk_util_init_encoding_ctx (&ctx, PUBKEY_OP_VERIFY, ecc_get_nbits (s_keyparms)); ctx.flags |= flags; + if (ec->model == MPI_EC_EDWARDS && ec->dialect == ECC_DIALECT_SAFECURVE) + ctx.flags |= PUBKEY_FLAG_EDDSA; + /* Clear hash algo for EdDSA. */ + if ((ctx.flags & PUBKEY_FLAG_EDDSA)) + ctx.hash_algo = GCRY_MD_NONE; /* Extract the data. */ rc = _gcry_pk_util_data_to_mpi (s_data, &data, &ctx); @@ -801,6 +820,15 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) if (DBG_CIPHER) log_mpidump ("ecc_verify data", data); + /* Hash algo is determined by curve in EdDSA. Fill it if not specified. */ + if ((ctx.flags & PUBKEY_FLAG_EDDSA) && !ctx.hash_algo) + { + if (ec->dialect == ECC_DIALECT_ED25519) + ctx.hash_algo = GCRY_MD_SHA512; + else if (ec->dialect == ECC_DIALECT_SAFECURVE) + ctx.hash_algo = GCRY_MD_SHAKE256; + } + /* * Extract the signature value. */ diff --git a/tests/t-ed448.c b/tests/t-ed448.c index 6380143b..1f445ffc 100644 --- a/tests/t-ed448.c +++ b/tests/t-ed448.c @@ -270,14 +270,11 @@ one_test (int testno, int ph, const char *sk, const char *pk, if ((err = gcry_sexp_build (&s_msg, NULL, ph ? "(data" - " (flags prehash eddsa)" - " (hash-algo shake256)" + " (flags prehash)" " (label %b)" " (value %b))" : "(data" - " (flags eddsa)" - " (hash-algo shake256)" " (label %b)" " (value %b))", (int)buflen2, buffer2, @@ -293,13 +290,10 @@ one_test (int testno, int ph, const char *sk, const char *pk, if ((err = gcry_sexp_build (&s_msg, NULL, ph ? "(data" - " (flags prehash eddsa)" - " (hash-algo shake256)" + " (flags prehash)" " (value %b))" : "(data" - " (flags eddsa)" - " (hash-algo shake256)" " (value %b))", (int)buflen, buffer))) { fail ("error building s-exp for test %d, %s: %s", |