Fix ECDSA/ECDH key exchange

Libgcrypt interprets the private key as little endian, while tweetnacl interprets it as big endian. This caused the key exchange to fail.
author: Florian Dold <florian.dold@gmail.com> 2020-01-06 14:02:40 +0100
committer: Florian Dold <florian.dold@gmail.com> 2020-01-06 14:02:40 +0100
commit: 1ad2fb331548adf635e9cff8786b468e54666371 (patch)
tree: 1eeafe3a8aa5a32ea78ead24fe742110133e0805 /src/util/tweetnacl-gnunet.c
parent: 2111817ee190b99561f067277c3b081da27e2afa (diff)
download: gnunet-1ad2fb331548adf635e9cff8786b468e54666371.tar.gz
gnunet-1ad2fb331548adf635e9cff8786b468e54666371.zip
1 files changed, 19 insertions, 2 deletions
diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c
index 1c27730a4..c3471ae66 100644
--- a/src/util/tweetnacl-gnunet.c
+++ b/src/util/tweetnacl-gnunet.c
@@ -424,8 +424,25 @@ GNUNET_TWEETNACL_sign_pk_from_seed (u8 *pk, const u8 *seed)
  d[31] &= 127;
  d[31] |= 64;
-  scalarbase (p,d);
+  scalarbase (p, d);
-  pack (pk,p);
+  pack (pk, p);
+}
+void
+GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 *pk, const u8 *s)
+{
+  u8 d[64];
+  gf p[4];
+  // Treat s as little endian.
+  for (u32 i = 0; i < 32; i++)
+    d[i] = s[31 - i];
+  d[0] &= 248;
+  d[31] &= 127;
+  d[31] |= 64;
+  scalarbase (p, d);
+  pack (pk, p);
 }
 void
author	Florian Dold <florian.dold@gmail.com>	2020-01-06 14:02:40 +0100
committer	Florian Dold <florian.dold@gmail.com>	2020-01-06 14:02:40 +0100
commit	1ad2fb331548adf635e9cff8786b468e54666371 (patch)
tree	1eeafe3a8aa5a32ea78ead24fe742110133e0805 /src/util/tweetnacl-gnunet.c
parent	2111817ee190b99561f067277c3b081da27e2afa (diff)
download	gnunet-1ad2fb331548adf635e9cff8786b468e54666371.tar.gz gnunet-1ad2fb331548adf635e9cff8786b468e54666371.zip

diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c index 1c27730a4..c3471ae66 100644 --- a/src/util/tweetnacl-gnunet.c +++ b/src/util/tweetnacl-gnunet.c
@@ -424,8 +424,25 @@ GNUNET_TWEETNACL_sign_pk_from_seed (u8 pk, const u8 seed)
424	d[31] &= 127;	424	d[31] &= 127;
425	d[31] \|= 64;	425	d[31] \|= 64;
426		426
427	scalarbase (p,d);	427	scalarbase (p, d);
428	pack (pk,p);	428	pack (pk, p);
		429	}
		430
		431	void
		432	GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 pk, const u8 s)
		433	{
		434	u8 d[64];
		435	gf p[4];
		436
		437	// Treat s as little endian.
		438	for (u32 i = 0; i < 32; i++)
		439	d[i] = s[31 - i];
		440	d[0] &= 248;
		441	d[31] &= 127;
		442	d[31] \|= 64;
		443
		444	scalarbase (p, d);
		445	pack (pk, p);
429	}	446	}
430		447
431	void	448	void