summaryrefslogtreecommitdiff
path: root/src/util
diff options
context:
space:
mode:
authorMartin Schanzenbach <mschanzenbach@posteo.de>2020-05-26 00:42:31 +0200
committerMartin Schanzenbach <mschanzenbach@posteo.de>2020-05-26 00:42:31 +0200
commite54d6f691dc71cd428e33f770a68a3224ba5c31f (patch)
tree9ca4989578b843a0f830ad8285800f9baf332450 /src/util
parent24be68238b375f02018b1ed904b443f65eef9513 (diff)
parent5a69caa07f3f334a76a61f13d8336608b3c5d5e9 (diff)
Merge branch 'master' of ssh://gnunet.org/gnunet
Diffstat (limited to 'src/util')
-rw-r--r--src/util/crypto_ecc.c10
-rw-r--r--src/util/test_crypto_ecdsa.c9
2 files changed, 18 insertions, 1 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 96d546185..e1608ae55 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -544,10 +544,18 @@ void
GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
{
BENCHMARK_START (eddsa_key_create);
+ /*
+ * We do not clamp for EdDSA, since all functions that use the private key do
+ * their own clamping (just like in libsodium). What we call "private key"
+ * here, actually corresponds to the seed in libsodium.
+ *
+ * (Contrast this to ECDSA, where functions using the private key can't clamp
+ * due to properties needed for GNS. That is a worse/unsafer API, but
+ * required for the GNS constructions to work.)
+ */
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
pk,
sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
- // FIXME: should we not do the clamping here? Or is this done elsewhere?
BENCHMARK_END (eddsa_key_create);
}
diff --git a/src/util/test_crypto_ecdsa.c b/src/util/test_crypto_ecdsa.c
index cfa236d6d..7908590a8 100644
--- a/src/util/test_crypto_ecdsa.c
+++ b/src/util/test_crypto_ecdsa.c
@@ -107,6 +107,7 @@ testDeriveSignVerify (void)
struct GNUNET_CRYPTO_EcdsaPrivateKey *dpriv;
struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
struct GNUNET_CRYPTO_EcdsaPublicKey dpub;
+ struct GNUNET_CRYPTO_EcdsaPublicKey dpub2;
dpriv = GNUNET_CRYPTO_ecdsa_private_key_derive (&key,
"test-derive",
@@ -117,9 +118,17 @@ testDeriveSignVerify (void)
"test-derive",
"test-CTX",
&dpub);
+ GNUNET_CRYPTO_ecdsa_key_get_public (dpriv, &dpub2);
purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
+ if (0 != GNUNET_memcmp (&dpub.q_y, &dpub2.q_y))
+ {
+ fprintf (stderr, "%s", "key derivation failed\n");
+ GNUNET_free (dpriv);
+ return GNUNET_SYSERR;
+ }
+
if (GNUNET_SYSERR ==
GNUNET_CRYPTO_ecdsa_sign_ (dpriv,
&purp,