Home GnuPG
Diffusion libgcrypt 8472b71812e7

ecc: Fix corner cases for X25519.
8472b71812e7Unpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

ecc: Fix corner cases for X25519.

* cipher/ecc.c (ecc_encrypt_raw): For invalid input, returns
GPG_ERR_INV_DATA instead of aborting with log_fatal.  For X25519,
it's not an error, thus, let it return 0.
(ecc_decrypt_raw): Use the flag PUBKEY_FLAG_DJB_TWEAK to distinguish
X25519, not by the name of the curve.
(ecc_decrypt_raw): For invalid input, returns GPG_ERR_INV_DATA instead
of aborting with log_fatal.  For X25519, it's not an error by its
definition, but we deliberately let it return the error to detect
looks-like-encrypted-message.
* tests/t-cv25519.c: Add points to record the issue.

For X25519 ECDH, this change introduces incompatibility to
crypto_scalarmult with the input which makes shared secret to be 0.
For crypto_scalarmult, the result is 0. In libgcrypt, it's an error
of GPG_ERR_INV_DATA (we consider the input is invalid).

  • Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance
gniibeAuthored on Apr 13 2016, 3:10 AM
Parents
rCb6d2a25a275a: cipher: Buffer data from gcry_cipher_authenticate in OCB mode.
Branches
Unknown
Tags
Unknown

Event Timeline

NIIBE Yutaka <gniibe@fsij.org> committed rC8472b71812e7: ecc: Fix corner cases for X25519. (authored by NIIBE Yutaka <gniibe@fsij.org>).Apr 13 2016, 3:26 AM

Changes (2)

PathSize
cipher/
tests/

rC8472b71812e7

View Options

cipher/ecc.c

Loading...
View Options

tests/t-cv25519.c

Loading...