aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_ecc.c
Commit message (Collapse)AuthorAge
* introduce GNUNET_memcmp() and GNUNET_is_zero()Christian Grothoff2019-04-06
|
* ref bugnoteChristian Grothoff2019-02-24
|
* geq redefinition breaks texi2pdf, instead just avoid @geqChristian Grothoff2019-02-24
|
* src: for every AGPL3.0 file, add SPDX identifier.ng02019-01-14
|
* benchmark collection awk scriptsFlorian Dold2018-08-18
|
* missing filesFlorian Dold2018-08-18
|
* basic benchmarkingFlorian Dold2018-08-18
|
* remove crypto_bug.cChristian Grothoff2018-06-09
|
* paragraph for gnunet devs that don't know how to use the webpsyc://loupsycedyglgamf.onion/~lynX2018-06-07
|
* glitch in the license text detected by hyazinthe, thank you!psyc://loupsycedyglgamf.onion/~lynX2018-06-07
|
* first batch of license fixes (boring)psyc://loupsycedyglgamf.onion/~lynX2018-06-05
|
* Niibe writes:Christian Grothoff2018-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Sorry, I was not reading the code of GNUnet well. I overlooked how the eddsa_d_to_a function was written and its intention. I read it again. Indeed, the eddsa_d_to_a function tries to handle the case where gcry_mpi_print returns rawmpilen < 32, putting "left pad" by DIGEST. The problem is: DIGEST is not cleared (although comment says so). I think that the stack had zero-byte for some reason on your 32-bit machine. Here is the correction. Clear DIGEST, as comment says. diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 8d9091b23..280603234 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -1273,24 +1273,15 @@ eddsa_d_to_a (gcry_mpi_t d) b = 256 / 8; /* number of bytes in `d` */ + memset (hvec, 0, sizeof hvec); /* Note that we clear DIGEST so we can use it as input to left pad the key with zeroes for hashing. */ - memset (hvec, 0, sizeof hvec); + memset (digest, 0, sizeof digest); rawmpilen = sizeof (rawmpi); GNUNET_assert (0 == gcry_mpi_print (GCRYMPI_FMT_USG, rawmpi, rawmpilen, &rawmpilen, d)); - if (rawmpilen < 32) - { - memmove (rawmpi + 32 - rawmpilen, - rawmpi, - rawmpilen); - memset (rawmpi, - 0, - 32 - rawmpilen); - rawmpilen = 32; - } hvec[0].data = digest; hvec[0].off = 0; hvec[0].len = b > rawmpilen ? (b - rawmpilen) : 0; --
* add patch from Niibe Yutaka forChristian Grothoff2018-05-28
| | | | #5328
* work-around for crypto bug (to be documented more)Christian Grothoff2018-05-17
|
* deduplicate code in crypto_eccChristian Grothoff2018-05-17
|
* trying again to fix test_service timeout on v6 failureChristian Grothoff2018-01-04
|
* add -P option to gnunet-eccChristian Grothoff2017-11-01
|
* util: add component name to LOG macros; util/client: log incoming message ↵tg(x)2017-02-24
| | | | type/size/source for gnunet-logread
* introducing GNUNET_CRYPTO_ecdhe_create2() to avoid malloc nonsenseChristian Grothoff2017-02-15
|
* -deduplicate string constantSree Harsha Totakura2016-01-21
|
* -fix (C) noticesChristian Grothoff2016-01-19
|
* - Add ecdsa ecdh functionsMartin Schanzenbach2016-01-04
| | | | | - Update identity token to encrypted protocol
* adding bin_to_point and point_to_bin functions for GNUNET_CRYPTO_ecc APIChristian Grothoff2015-09-05
|
* fix #3869: outdated FSF addressChristian Grothoff2015-06-30
|
* make libextractor actually optional, both for GNUnet and GNUnet-taler buildsChristian Grothoff2015-05-30
|
* adding --enable-taler-wallet configure option to build a reduced version of ↵Christian Grothoff2015-05-28
| | | | libgnunetutil with only the parts needed by GNU Taler wallets
* -use flag to disable key generation test for libgcrypt > 1.7Christian Grothoff2015-05-22
|
* -use faster Eddsa key genChristian Grothoff2015-05-19
|
* ecdh-eddsa implementation now worksChristian Grothoff2015-05-15
|
* towards using EdDSA-ECDHE instead of ECDSA-ECDHE combined cryptosystem (API ↵Christian Grothoff2015-05-13
| | | | only)
* -also cover private key caseChristian Grothoff2015-03-19
|
* -get test to work, but with ecdsa instead of eddsaChristian Grothoff2015-03-19
|
* -bringing copyright tags up to FSF standardChristian Grothoff2015-02-07
|
* adding GNUNET_CRYPTO_eddsa_private_key_from_stringChristian Grothoff2015-01-28
|
* 1.Removed GNUNET_CRYPTO_compute_finger_identitySupriti Singh2014-04-07
| | | | | | | 2.Removed myself as the first element of the trail. 3.Multiple entries in the routing table. 4.Put/Get/Monitor from old DHT added back in clients file.
* Adding function GNUNET_CRYPTO_compute_finger_identitySupriti Singh2014-02-18
|
* Computing finger identity using libgcrypt functions.Supriti Singh2014-02-07
|
* -Modified struct PeerTrailSetupMessage.Supriti Singh2014-01-27
| | | | | | | | -Modified struct PeerTrailSetupResultMessage. -Added stubs for find_predecessor. -Added comments to understand the flow.
* - remove adjustFlorian Dold2014-01-20
|
* - make mpi scan/print publicFlorian Dold2014-01-20
| | | | | - secretsharing key generation and decryption fixed
* -move tcp session check into extra checks conditionChristian Grothoff2013-12-13
|
* -doxChristian Grothoff2013-12-06
|
* - add peer cmpBart Polot2013-12-05
|
* -remove noparam, as suggested by Werner KochChristian Grothoff2013-11-13
|
* -fix #3095Christian Grothoff2013-11-08
|
* -addressing final crypto fixmeChristian Grothoff2013-11-05
|
* Werner Koch wrote:Christian Grothoff2013-11-05
| | | | | | | | | | | | | Hi, find attached a changed diff to crypto_ecc.c with the final Libgcrypt interface. Use commit b9fd398 or later for your tests. Shalom-Salam, Werner
* Werner Koch wrote:Christian Grothoff2013-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hi, find attach the patch which makes all 3 test cases work with Ed25519. There are some minor hacks in the test cases to allow enabling of Libgcrypt debugging and also some minor output style changes. There is one FIXME in the code: /* FIXME: mpi_print creates an unsigned integer - is that intended or should we convert it to a signed integer (2-compl)? */ mpi_print (xbuf, sizeof (xbuf), result_x); X may be positive or negative but GCRYMPI_FMT_USG ignores the sign. Thus this is not what we actually want. Should we change it to 2-comp (GCRYMPI_FMT_STD) so that we have a proper value? Given that the curve is 255 bit this should alwas fit int the 256 bit buffer. Another option would be to use the EdDSA method for the sign but that is optimized to easily recover x and would be more work. Or we store the sign in the high bit. t all depends on what you want to write into the protocol specs. I would also like to revert the way we distinguish between Ed25519 with and without ECDSA: The way we do it right now is by assuming the Ed25519 is always used with EdDSA unless a flag has been set. This is a bit surprising and requiring the "(flags eddsa)" would be a less surprising interface. Salam-Shalom, Werner
* -eddsa not yet in gcryptChristian Grothoff2013-10-11
|
* separating ECC crypto into functions/structs for ECDHE, ECDSA and EDDSAChristian Grothoff2013-10-10
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-28 03:58:12 +0000