diff options
author | Werner Koch <wk@gnupg.org> | 2013-10-29 14:36:58 +0100 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2013-10-29 14:38:53 +0100 |
commit | c284f15db99e9cb135612de710199abb23baafd3 (patch) | |
tree | 8b7c22b68faecb6f882df91e89bca23e03cca2a9 /cipher/ecc.c | |
parent | 39ccf743a11ca349ecf00d086fef53135cc4fbe0 (diff) | |
download | libgcrypt-c284f15db99e9cb135612de710199abb23baafd3.tar.gz |
ecc: Finish Ed25519/ECDSA hack.
* cipher/ecc.c (ecc_generate): Fix Ed25519/ECDSA case.
(ecc_verify): Implement ED25519/ECDSA uncompression.
--
With this change Ed25519 may be used with ECDSA while using the
Ed25519 standard compression technique.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'cipher/ecc.c')
-rw-r--r-- | cipher/ecc.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/cipher/ecc.c b/cipher/ecc.c index 5a528298..752dfc10 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -498,7 +498,7 @@ ecc_generate (const gcry_sexp_t genparms, gcry_sexp_t *r_skey) if (_gcry_mpi_ec_get_affine (x, y, &sk.E.G, ctx)) log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "G"); base = _gcry_ecc_ec2os (x, y, sk.E.p); - if (sk.E.dialect == ECC_DIALECT_ED25519 && !ed25519_with_ecdsa) + if (sk.E.dialect == ECC_DIALECT_ED25519) { unsigned char *encpk; unsigned int encpklen; @@ -978,7 +978,22 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms) else { point_init (&pk.Q); - rc = _gcry_ecc_os2ec (&pk.Q, mpi_q); + if (pk.E.dialect == ECC_DIALECT_ED25519) + { + mpi_ec_t ec; + + /* Fixme: Factor the curve context setup out of eddsa_verify + and ecdsa_verify. So that we don't do it twice. */ + ec = _gcry_mpi_ec_p_internal_new (pk.E.model, pk.E.dialect, + pk.E.p, pk.E.a, pk.E.b); + + rc = _gcry_ecc_eddsa_decodepoint (mpi_q, ec, &pk.Q, NULL, NULL); + _gcry_mpi_ec_free (ec); + } + else + { + rc = _gcry_ecc_os2ec (&pk.Q, mpi_q); + } if (rc) goto leave; |