| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
* doc/gcrypt.texi: Replace -2 with -3
* cipher/ecc-curves.c: Replace -2 with -3
--
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_get_param_sexp): Simplify.
* cipher/pubkey.c (map_algo): Also map EDDSA to ECC.
* tests/curves.c (check_get_params): Add simple param lookup tests by
for all curves.
--
There is no actual need to compute affine ccordinates given that we
already got them in the curve parameter table. Thus most code could
be removed and thus won't run into the problem getting an Y coordinate
for a Montgomery curve.
EDDSA was not mapped to ECC: The map function was written a year
before EDDSA and I obviously forgot to add it.
GnuPG-bug-id: 5490
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Fill-up or remove
preceding ZEROs correctly, fixing the third argument of mpi_set_opaque.
--
Reported-by: Vladimir Lomov <lomov.vl@yandex.ru>
GnuPG-bug-id: 5267
Fixes-commit: 361a0588489cf4a539da8debd1771024a1faa218
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_get_curve): Support Ed25519 keys with
parameter {p,a,b,g,n}.
--
Fixes-commit: 6f8b1d4cb798375e6d830fd6b73c71da93ee5f3f
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_get_curve): Flatten.
--
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Accept private
key with removed zeros.
--
We have existing keys of Ed25519, which was created by implementations
before SOS clarification. We should support those keys and
implementations with no SOS support.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (gcry_ecc_get_curve): Handle G, differently.
* cipher/ecc-misc.c (_gcry_ecc_sec_decodepoint): Support compressed
representation of EC point. Rename from _gcry_ecc_os2ec.
* cipher/ecc-sm2.c (_gcry_ecc_sm2_decrypt) Follow the change.
* cipher/ecc.c (ecc_decrypt_raw): Likewise.
* mpi/ec.c (_gcry_mpi_ec_set_point): Likewise.
* src/ec-context.h: API change _gcry_ecc_sec_decodepoint from
_gcry_ecc_os2ec.
* tests/basic.c (check_pubkey): Use compressed representation
for two public keys of NIST P192 and NIST P256.
GnuPG-bug-id: 4951
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Add one only for
Edwards case.
Fixes-commit: 3386aaf84d4d89b6ff931533df2ff82ed3f7c7f9
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (curve_aliases): Add Ed448.
(domain_parms): Add domain parameters for Ed448.
* tests/curves.c (N_CURVES): Increment.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Fix point/scalar
length condition.
* cipher/ecc-eddsa.c (eddsa_encodempi): The second argument is NBITS.
(eddsa_encode_x_y): Likewise.
(_gcry_ecc_eddsa_encodepoint): Follow the change.
(_gcry_ecc_eddsa_ensure_compact): Likewise.
(_gcry_ecc_eddsa_decodepoint): Likewise.
(_gcry_ecc_eddsa_sign): Likewise. Remove restriction of 256 bits.
--
In EdDSA with Ed448, point size / scalar size is 57-byte with last
octet which represents sign.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
* cipher/ecc-curves.c (cipher/ecc-curves.c): It's NBITS of 'p'.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Add FLAGS.
Use opaque MPI for Ed25519/EdDSA, too.
(_gcry_mpi_ec_internal_new): Follow the change.
(_gcry_mpi_ec_new): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_get_curve): Parse as unsigned value.
GnuPG-bug-id: 4964
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
--
We should not have an algo for a not implemented curve. Further X25519
needs to be an alias for Curve25519 and not a separate entry for a
non-existent curve parameter.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
| |
--
Fixes-commit: c750b784d2bee0a32be72bcfb818e0a7683fa914
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Initialize E->G poing
--
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parms): Add sm2p256v1 for SM2.
* tests/curves.c (N_CURVES): Update N_CURVES for SM2.
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parms): rename GOST 2012 curves to contain
curve bit size
(curve_aliases): rename curves, provide backwards-compatible
aliases, add new OIDs and two new curves.
* cipher/ecc-curves.c (curve_aliases): add new OIDs and aliases for
* tests/basic.c (check_pubkey): use new name for GOST2012 512-bit test
curve.
* tests/benchmark.c (ecc_bench): use new name for GOST2012 512-bit test
curve.
--
Rename old GOST2012 curves to specifically mention that they are 512-bit
curves, add new OIDs for old curves and add two new curves.
Signed-off-by: Paul Wolneykien <manowar@altlinux.org>
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parms): Add X448.
* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Support X448.
* mpi/ec.c (ec_addm_448, ec_subm_448, ec_mulm_448): New.
(ec_mul2_448, ec_pow2_448): New.
(field_table): Add for X448.
(curve448_bad_points): New.
(bad_points_table): New.
(ec_p_init): Use bad_points_table.
* tests/Makefile.am (t-x448): Add.
* tests/curves.c (N_CURVES): Update.
* tests/t-x448.c: New.
--
Note that it uses new practice of ECC_DIALECT_SAFECURVE (that is:
native for the algorithm; fixed-size and little-endian) for its point
representation and secret representation. It uses new practice in
public key, secret key, and ephemeral key in ECDH.
In future, when it will be applied to EdDSA, it will use new practice
also in "s" (integer) in signature, as well as "r" (point) in
signature.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/mpi.h (ECC_DIALECT_SAFECURVE): New.
* cipher/ecc-misc.c (_gcry_ecc_dialect2str): Support the new dialect.
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Support opaque
MPI handling of secret 'd' for ECC_DIALECT_SAFECURVE.
* cipher/ecc.c (nist_generate_key): Support opaque secret for
ECC_DIALECT_SAFECURVE.
(test_ecdh_only_keys): Likewise.
(ecc_generate): Support native point representation for
ECC_DIALECT_SAFECURVE.
(ecc_encrypt_raw): Support opaque MPI handling of secret and
native point representation for ECC_DIALECT_SAFECURVE.
(ecc_decrypt_raw): Support native point representation for
ECC_DIALECT_SAFECURVE.
(_gcry_pk_ecc_get_sexp): Likewise.
--
Possibly, in future, when we will change Ed25519 support
by ECC_DIALECT_SAFECURVE, for backward compatibility, we
will add left-padding zeros in mpi_ec_setup_elliptic_curve.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_from_keyparam): Add OPAQUE argument.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parms): Same string length for NIST
P-521.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-misc.c (_gcry_ecc_compute_public): Don't need G and d.
Use ec->G and ec->d.
* cipher/ecc-curves.c (_gcry_ecc_get_mpi): Follow the change.
(_gcry_ecc_get_point): Likewise.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_compute_h_d): Don't need d,
but use ec->d.
(_gcry_ecc_eddsa_sign): Follow the change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_mpi_ec_internal_new): Fix debug output.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Fill curve
parameters by NBITS.
(_gcry_mpi_ec_internal_new): Show "EdDSA".
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
| |
* src/ec-context.h (struct mpi_ec_ctx_s): Add NAME.
* cipher/ecc-curves.c (mpi_ec_setup_elliptic_curve): Initialize NAME.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Handle params for
key generation.
(_gcry_mpi_ec_internal_new): Remove duplication for handling of flags.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_get_elliptic_curve): Don't set *r_flags.
(_gcry_mpi_ec_internal_new): Add r_flags argument.
Parse the flag list.
Output to debug channel when DBG_CIPHER.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (mpi_ec_get_elliptic_curve)
(mpi_ec_setup_elliptic_curve): Factor out from _gcry_mpi_ec_new.
(_gcry_mpi_ec_internal_new): New.
(_gcry_mpi_ec_new): Rewrite using mpi_ec_get_elliptic_curve and
mpi_ec_setup_elliptic_curve.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-common.h (elliptic_curve_t): Use unsigned int for H.
* src/ec-context.h (struct mpi_ec_ctx_s): Ditto.
* cipher/ecc-curves.c (ecc_domain_parms_t): Ditto.
(domain_parms): Update for the cofactors.
(_gcry_ecc_fill_in_curve): H is no longer MPI, but unsigned int.
(_gcry_ecc_get_curve): Remove handling for H.
(_gcry_mpi_ec_new): In KEYPARM, cofactor is still MPI.
(_gcry_ecc_get_param_sexp): H is no longer MPI, but unsigned int.
(_gcry_ecc_get_mpi): Keep the API, returning MPI for "h".
(_gcry_ecc_set_mpi): Likewise.
* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Fix for unsigned int.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise.
* cipher/ecc-misc.c (_gcry_ecc_curve_free): Likewise.
* cipher/ecc.c (nist_generate_key, test_ecdh_only_keys): Likewise.
(test_ecdh_only_keys, ecc_generate, ecc_check_secret_key): Likewise.
(ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Likewise.
(_gcry_pk_ecc_get_sexp): Likewise.
* mpi/ec.c (ec_deinit): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Remove H.
* cipher/ecc.c (compute_keygrip): Don't get H, since it's not
used in the computation.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (point_from_keyparam): Possibly supporting
Montgomery curve, use _gcry_mpi_ec_decode_point.
(_gcry_ecc_set_mpi): Likewise.
* cipher/ecc.c (ecc_check_secret_key): Likewise.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Recover g_y
for Curve25519.
--
GnuPG-bug-id: 4712
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parms): Revert g_y for cv25519.
* tests/keygrip.c: Add test case for cv25519.
--
Note that the regression is only in master and not in 1.8.
Regression-due-to: c3f39b6b55db618f77e983125072081c15bfbdd6
GnuPG-bug-id: 4712
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* configure.ac: Add ecc-ecdh.lo.
* cipher/Makefile.am: Add ecc-ecdh.c.
* cipher/ecc-common.h (reverse_buffer): Expose.
* cipher/ecc-eddsa.c (reverse_buffer): Expose.
* cipher/ecc-curves.c (domain_parms): Fix as the errata of RFC.
* cipher/ecc-ecdh.c: New.
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): Fix for other curves
than Curve25519.
* src/gcrypt-int.h (_gcry_ecc_mul_point): New.
* src/gcrypt.h.in (enum gcry_ecc_curves): New.
(gcry_ecc_mul_point): new.
* src/libgcrypt.def (gcry_ecc_mul_point): New.
* src/libgcrypt.vers (gcry_ecc_mul_point): New.
* src/visibility.h (gcry_ecc_mul_point): New.
* src/visibility.c (gcry_ecc_mul_point): New.
* tests/t-cv25519.c (test_cv_hl): Rename from test_cv.
(test_cv_x25519): New.
(test_cv): Call both of test_cv_hl and test_cv_x25519.
--
Add new API gcry_ecc_mul_point for direct use of X25519 function.
"Direct use" means, its inputs and output are binary octet in native
format, while no lengths check inside. It's a responsibility of
caller.
We can use gcry_pk_encrypt for implementing X25519, but the API of
gcry_pk_encrypt uses SEXP format, which is a bit cumbersome.
GnuPG-bug-id: 4293
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
| |
--
|
| |
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_get_mpi): Fix c+p error
--
GnuPG-bug-id: 4208
Signed-off-by: Werner Koch <wk@gnupg.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Don't use mpi_add
since it resizes to have more limbs.
* mpi/ec.c (point_resize): Fix for Edwards curve.
(ec_p_init): Support Edwards curve.
(_gcry_mpi_ec_get_affine): Use the methods.
(dup_point_edwards, add_points_edwards, sub_points_edwards): Ditto.
(_gcry_mpi_ec_mul_point): Resize MPIs of point to fixed size.
(_gcry_mpi_ec_curve_point): Use the methods.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make sure
coefficients A and B are positive.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): For negation, do
"P - T" instead of "-T", so that the result will be positive.
(_gcry_ecc_eddsa_verify): Likewise.
* cipher/ecc.c (ecc_check_secret_key): Use _gcry_ecc_fill_in_curve
instead of _gcry_ecc_update_curve_param.
* mpi/ec.c (ec_subm): Make sure the result will be positive.
(dup_point_edwards, sub_points_edwards, _gcry_mpi_ec_curve_point): Use
mpi_sub instead of mpi_neg.
(add_points_edwards): Simply use ec_addm.
* tests/t-mpi-point.c (test_curve): Define curves with positive
coefficients.
--
We keep the coefficients of domain_parms in ecc-curves.c, so that
keygrip computations won't change.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c: Unmark curve P-192 for FIPS.
* cipher/ecc.c: Add ECDSA self test.
* cipher/pubkey-util.c (_gcry_pk_util_init_encoding_ctx): Use SHA-2
in FIPS mode.
* tests/fipsdrv.c: Add support for ECDSA signatures.
--
Enable ECC in FIPS mode.
According to NIST SP 800-131A, curve P-192 and SHA-1 are disallowed
for key pair generation and signature generation after 2013.
Thanks to Jan Matejek for the patch.
Signed-off-by: Vitezslav Cizek <vcizek@suse.com>
Minor source code re-formatting by -wk.
|
| |
|
|
|
|
| |
* cipher/ecc.c (check_secret_key): Y1 should not be NULL when check.
(ecc_check_secret_key): Support Montgomery curve.
* mpi/ec.c (_gcry_mpi_ec_curve_point): Fix condition.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (curve_aliases, domain_parms): Add Curve25519.
* tests/curves.c (N_CURVES): It's 22 now.
* src/cipher.h (PUBKEY_FLAG_DJB_TWEAK): New.
* cipher/ecc-common.h (_gcry_ecc_mont_decodepoint): New.
* cipher/ecc-misc.c (_gcry_ecc_mont_decodepoint): New.
* cipher/ecc.c (nist_generate_key): Handle the case of
PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
(test_ecdh_only_keys, check_secret_key): Likewise.
(ecc_generate): Support Curve25519 which is Montgomery curve with flag
PUBKEY_FLAG_DJB_TWEAK and PUBKEY_FLAG_COMP.
(ecc_encrypt_raw): Get flags from KEYPARMS and handle
PUBKEY_FLAG_DJB_TWEAK and Montgomery curve.
(ecc_decrypt_raw): Likewise.
(compute_keygrip): Handle the case of PUBKEY_FLAG_DJB_TWEAK.
* cipher/pubkey-util.c (_gcry_pk_util_parse_flaglist):
PUBKEY_FLAG_EDDSA implies PUBKEY_FLAG_DJB_TWEAK.
Parse "djb-tweak" for PUBKEY_FLAG_DJB_TWEAK.
--
With PUBKEY_FLAG_DJB_TWEAK, secret key has msb set and it should be
always multiple by cofactor.
|
| |
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Support
MPI_EC_MONTGOMERY.
* cipher/ecc.c (test_ecdh_only_keys): New.
(nist_generate_key): Call test_ecdh_only_keys for MPI_EC_MONTGOMERY.
(check_secret_key): Handle Montgomery curve of x-coordinate only.
* mpi/ec.c (_gcry_mpi_ec_mul_point): Resize points before the loop.
Simplify, using pointers of Q1, Q2, PRD, and SUM.
--
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* src/ec-context.h (mpi_ec_ctx_s): Add cofactor 'h'.
* cipher/ecc-common.h (elliptic_curve_t): Add cofactor 'h'.
(_gcry_ecc_update_curve_param): New API adding cofactor.
* cipher/ecc-curves.c (ecc_domain_parms_t): Add cofactor 'h'.
(ecc_domain_parms_t domain_parms): Add cofactors.
(_gcry_ecc_fill_in_curve, _gcry_ecc_update_curve_param)
(_gcry_ecc_get_curve, _gcry_mpi_ec_new, _gcry_ecc_get_param_sexp)
(_gcry_ecc_get_mpi): Handle cofactor.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise.
* cipher/ecc-misc.c (_gcry_ecc_curve_free)
(_gcry_ecc_curve_copy): Likewise.
* cipher/ecc.c (nist_generate_key, ecc_generate)
(ecc_check_secret_key, ecc_sign, ecc_verify, ecc_encrypt_raw)
(ecc_decrypt_raw, _gcry_pk_ecc_get_sexp, _gcry_pubkey_spec_ecc):
Likewise.
(compute_keygrip): Handle cofactor, but skip it for its computation.
* mpi/ec.c (ec_deinit): Likewise.
* tests/t-mpi-point.c (context_param): Likewise.
(test_curve): Add cofactors.
* tests/curves.c (sample_key_1, sample_key_2): Add cofactors.
* tests/keygrip.c (key_grips): Add cofactors.
--
We keep compatibility of compute_keygrip in cipher/ecc.c.
|
| |
|
|
|
|
|
|
|
|
| |
* cipher/ecc.c (ecc_generate): Check the "comp" flag for EdDSA.
* cipher/ecc-eddsa.c (eddsa_encode_x_y): Add arg WITH_PREFIX.
(_gcry_ecc_eddsa_encodepoint): Ditto.
(_gcry_ecc_eddsa_ensure_compact): Handle the 0x40 compression prefix.
(_gcry_ecc_eddsa_decodepoint): Ditto.
* tests/keygrip.c: Check an compresssed with prefix Ed25519 key.
* tests/t-ed25519.inp: Ditto.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (_gcry_ecc_update_curve_param): Release passed mpi
values.
* cipher/ecc.c (compute_keygrip): Fix potential memory leak in error
path.
* cipher/ecc.c (_gcry_ecc_get_curve): Release temporary mpi.
--
==11657== 252 (80 direct, 172 indirect) bytes in 4 blocks are definitely lost in loss record 8 of 8
==11657== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==11657== by 0x404178F: _gcry_private_malloc (stdmem.c:113)
==11657== by 0x403CED1: do_malloc.constprop.4 (global.c:768)
==11657== by 0x403DD01: _gcry_xmalloc (global.c:790)
==11657== by 0x409EAE0: _gcry_mpi_alloc (mpiutil.c:84)
==11657== by 0x409C4E4: _gcry_mpi_scan (mpicoder.c:466)
==11657== by 0x404009C: _gcry_sexp_nth_mpi (sexp.c:796)
==11657== by 0x40410B5: _gcry_sexp_vextract_param (sexp.c:2327)
==11657== by 0x4041396: _gcry_sexp_extract_param (sexp.c:2378)
==11657== by 0x407B895: compute_keygrip (ecc.c:1492)
==11657== by 0x404BBE8: _gcry_pk_get_keygrip (pubkey.c:674)
==11657== by 0x403B1BF: gcry_pk_get_keygrip (visibility.c:1056)
==16502== 144 (60 direct, 84 indirect) bytes in 3 blocks are definitely lost in loss record 3 of 7
==16502== at 0x4028A28: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==16502== by 0x404B4DE: _gcry_private_malloc (stdmem.c:113)
==16502== by 0x404667B: do_malloc (global.c:768)
==16502== by 0x40466E7: _gcry_malloc (global.c:790)
==16502== by 0x4046A55: _gcry_xmalloc (global.c:944)
==16502== by 0x40CD25B: _gcry_mpi_alloc (mpiutil.c:84)
==16502== by 0x40CAC3E: _gcry_mpi_scan (mpicoder.c:548)
==16502== by 0x40A72B2: scanval (ecc-curves.c:432)
==16502== by 0x40A7B0D: _gcry_ecc_get_curve (ecc-curves.c:685)
==16502== by 0x4058164: _gcry_pk_get_curve (pubkey.c:747)
==16502== by 0x4043E14: gcry_pk_get_curve (visibility.c:1067)
==16502== by 0x8048934: check_matching (curves.c:124)
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parmss): Add two GOST R 34.10-2012 curves
proposed/pending to standardization by TC26 (Russian cryptography
technical comitee).
* cipher/ecc-curves.c (curve_alias): Add OID aliases.
* tests/curves.c: Increase N_CURVES.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* cipher/ecc-curves.c (domain_parms): Add 3 curves defined in rfc4357.
* cipher/ecc-curves.c (curve_aliases): Add OID and Xch aliases for GOST
curves.
* tests/curves.c (N_CURVES): Update value.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* src/mpi.h (MPI_EC_TWISTEDEDWARDS): Rename to MPI_EC_EDWARDS. CHnage
all users.
* cipher/ecc-curves.c (domain_parms): Add parameters for Curve3617 as
comment.
* mpi/ec.c (dup_point_twistededwards): Rename to dup_point_edwards.
(add_points_twistededwards): Rename to add_points_edwards.
Signed-off-by: Werner Koch <wk@gnupg.org>
|
