Don't normalize when deriving ECDSA public keys

author: Florian Dold <florian.dold@gmail.com> 2020-01-06 14:16:24 +0100
committer: Florian Dold <florian.dold@gmail.com> 2020-01-06 14:16:24 +0100
commit: e8533c8a41e3fb29e51200d643382c8d5f882e5e (patch)
tree: 1b45c807840a5d9ac2cb17678756fe0ec5a574fa /src/util/tweetnacl-gnunet.c
parent: 1ad2fb331548adf635e9cff8786b468e54666371 (diff)
download: gnunet-e8533c8a41e3fb29e51200d643382c8d5f882e5e.tar.gz
gnunet-e8533c8a41e3fb29e51200d643382c8d5f882e5e.zip
1 files changed, 3 insertions, 4 deletions
diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c
index c3471ae66..f01667adb 100644
--- a/src/util/tweetnacl-gnunet.c
+++ b/src/util/tweetnacl-gnunet.c
@@ -429,7 +429,7 @@ GNUNET_TWEETNACL_sign_pk_from_seed (u8 *pk, const u8 *seed)
 }
 void
-GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 *pk, const u8 *s)
+GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (u8 *pk, const u8 *s)
 {
  u8 d[64];
  gf p[4];
@@ -437,9 +437,8 @@ GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 *pk, const u8 *s)
  // Treat s as little endian.
  for (u32 i = 0; i < 32; i++)
    d[i] = s[31 - i];
-  d[0] &= 248;
-  d[31] &= 127;
+  // For GNUnet, we don't normalize d
-  d[31] |= 64;
  scalarbase (p, d);
  pack (pk, p);
author	Florian Dold <florian.dold@gmail.com>	2020-01-06 14:16:24 +0100
committer	Florian Dold <florian.dold@gmail.com>	2020-01-06 14:16:24 +0100
commit	e8533c8a41e3fb29e51200d643382c8d5f882e5e (patch)
tree	1b45c807840a5d9ac2cb17678756fe0ec5a574fa /src/util/tweetnacl-gnunet.c
parent	1ad2fb331548adf635e9cff8786b468e54666371 (diff)
download	gnunet-e8533c8a41e3fb29e51200d643382c8d5f882e5e.tar.gz gnunet-e8533c8a41e3fb29e51200d643382c8d5f882e5e.zip

diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c index c3471ae66..f01667adb 100644 --- a/src/util/tweetnacl-gnunet.c +++ b/src/util/tweetnacl-gnunet.c
@@ -429,7 +429,7 @@ GNUNET_TWEETNACL_sign_pk_from_seed (u8 pk, const u8 seed)
429	}	429	}
430		430
431	void	431	void
432	GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 pk, const u8 s)	432	GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (u8 pk, const u8 s)
433	{	433	{
434	u8 d[64];	434	u8 d[64];
435	gf p[4];	435	gf p[4];
@@ -437,9 +437,8 @@ GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 pk, const u8 s)
437	// Treat s as little endian.	437	// Treat s as little endian.
438	for (u32 i = 0; i < 32; i++)	438	for (u32 i = 0; i < 32; i++)
439	d[i] = s[31 - i];	439	d[i] = s[31 - i];
440	d[0] &= 248;	440
441	d[31] &= 127;	441	// For GNUnet, we don't normalize d
442	d[31] \|= 64;
443		442
444	scalarbase (p, d);	443	scalarbase (p, d);
445	pack (pk, p);	444	pack (pk, p);