aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_ecc.c
Commit message (Collapse)AuthorAge
* replace Christian's FIXME with an explanationFlorian Dold2020-05-26
|
* Fix #6070Florian Dold2020-05-06
| | | | | | | | Use same endianess for EdSA and ECDSA private keys. The encoding of (R,S) of ECDSA signatures is still big-endian, to match RFC 6967. This is different from the (R,S) of EdDSA, which is little-endian according to RFC 8032.
* move from tweetnacl (+custom hacks) -> only sodiumFlorian Dold2020-05-06
|
* fixing #6149Christian Grothoff2020-04-11
|
* fix sign api for to address #6164Christian Grothoff2020-04-08
|
* improve comments (#6164)Christian Grothoff2020-04-07
|
* constChristian Grothoff2020-04-07
|
* Don't normalize when deriving ECDSA public keysFlorian Dold2020-01-06
|
* Fix ECDSA/ECDH key exchangeFlorian Dold2020-01-06
| | | | | Libgcrypt interprets the private key as little endian, while tweetnacl interprets it as big endian. This caused the key exchange to fail.
* fix #3795/5968/5398Christian Grothoff2019-12-07
|
* DCE / GNUNET_TWEETNACL prefix for exported symbolsFlorian Dold2019-11-26
|
* use Curve25519 for ECDH and tweetnacl where we canFlorian Dold2019-11-26
| | | | | | | | | | | | This leads to some performance improvements and makes it easier to write software that interoperates with GNUnet / GNU Taler. It also avoids using the rather inconvenient libgcrypt APIs. We still need to keep libgcrypt though, as we need it for RSA, ECDSA and some other primitives. This change is still behind a #define NEW_CRYPTO, as it is a breaking change for both EdDSA (removing the superfluous additional hash) and for ECDHE (using Curve25519 instead of Ed25519).
* make bfix happyChristian Grothoff2019-11-15
|
* tighten formatting rulesChristian Grothoff2019-10-31
|
* global reindent, now with uncrustify hook enabledChristian Grothoff2019-10-05
|
* reduce scopeChristian Grothoff2019-10-05
|
* style fixChristian Grothoff2019-10-05
|
* uncrustify as demanded.ng02019-09-08
|
* report purpose when sig verification failsChristian Grothoff2019-07-28
|
* add option to display private keysChristian Grothoff2019-06-14
|
* introduce GNUNET_memcmp() and GNUNET_is_zero()Christian Grothoff2019-04-06
|
* ref bugnoteChristian Grothoff2019-02-24
|
* geq redefinition breaks texi2pdf, instead just avoid @geqChristian Grothoff2019-02-24
|
* src: for every AGPL3.0 file, add SPDX identifier.ng02019-01-14
|
* benchmark collection awk scriptsFlorian Dold2018-08-18
|
* missing filesFlorian Dold2018-08-18
|
* basic benchmarkingFlorian Dold2018-08-18
|
* remove crypto_bug.cChristian Grothoff2018-06-09
|
* paragraph for gnunet devs that don't know how to use the webpsyc://loupsycedyglgamf.onion/~lynX2018-06-07
|
* glitch in the license text detected by hyazinthe, thank you!psyc://loupsycedyglgamf.onion/~lynX2018-06-07
|
* first batch of license fixes (boring)psyc://loupsycedyglgamf.onion/~lynX2018-06-05
|
* Niibe writes:Christian Grothoff2018-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sorry, I was not reading the code of GNUnet well. I overlooked how the eddsa_d_to_a function was written and its intention. I read it again. Indeed, the eddsa_d_to_a function tries to handle the case where gcry_mpi_print returns rawmpilen < 32, putting "left pad" by DIGEST. The problem is: DIGEST is not cleared (although comment says so). I think that the stack had zero-byte for some reason on your 32-bit machine. Here is the correction. Clear DIGEST, as comment says. diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 8d9091b23..280603234 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -1273,24 +1273,15 @@ eddsa_d_to_a (gcry_mpi_t d) b = 256 / 8; /* number of bytes in `d` */ + memset (hvec, 0, sizeof hvec); /* Note that we clear DIGEST so we can use it as input to left pad the key with zeroes for hashing. */ - memset (hvec, 0, sizeof hvec); + memset (digest, 0, sizeof digest); rawmpilen = sizeof (rawmpi); GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, rawmpi, rawmpilen, &rawmpilen, d)); - if (rawmpilen < 32) - { - memmove (rawmpi + 32 - rawmpilen, - rawmpi, - rawmpilen); - memset (rawmpi, - 0, - 32 - rawmpilen); - rawmpilen = 32; - } hvec[0].data = digest; hvec[0].off = 0; hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0; --
* add patch from Niibe Yutaka forChristian Grothoff2018-05-28
| | | | #5328
* work-around for crypto bug (to be documented more)Christian Grothoff2018-05-17
|
* deduplicate code in crypto_eccChristian Grothoff2018-05-17
|
* trying again to fix test_service timeout on v6 failureChristian Grothoff2018-01-04
|
* add -P option to gnunet-eccChristian Grothoff2017-11-01
|
* util: add component name to LOG macros; util/client: log incoming message ↵tg(x)2017-02-24
| | | | type/size/source for gnunet-logread
* introducing GNUNET_CRYPTO_ecdhe_create2() to avoid malloc nonsenseChristian Grothoff2017-02-15
|
* -deduplicate string constantSree Harsha Totakura2016-01-21
|
* -fix (C) noticesChristian Grothoff2016-01-19
|
* - Add ecdsa ecdh functionsMartin Schanzenbach2016-01-04
| | | | | - Update identity token to encrypted protocol
* adding bin_to_point and point_to_bin functions for GNUNET_CRYPTO_ecc APIChristian Grothoff2015-09-05
|
* fix #3869: outdated FSF addressChristian Grothoff2015-06-30
|
* make libextractor actually optional, both for GNUnet and GNUnet-taler buildsChristian Grothoff2015-05-30
|
* adding --enable-taler-wallet configure option to build a reduced version of ↵Christian Grothoff2015-05-28
| | | | libgnunetutil with only the parts needed by GNU Taler wallets
* -use flag to disable key generation test for libgcrypt > 1.7Christian Grothoff2015-05-22
|
* -use faster Eddsa key genChristian Grothoff2015-05-19
|
* ecdh-eddsa implementation now worksChristian Grothoff2015-05-15
|
* towards using EdDSA-ECDHE instead of ECDSA-ECDHE combined cryptosystem (API ↵Christian Grothoff2015-05-13
| | | | only)
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-19 03:30:16 +0000