Don't normalize when deriving ECDSA public keys

diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index d4cfaa72cf9a0c325033d91563c04cae75e016fd..237062eb7489e615c1a544e8a6220a94a224b867 100644 (file)
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -174,7 +174,7 @@ GNUNET_CRYPTO_ecdsa_key_get_public (
   struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 {
   BENCHMARK_START (ecdsa_key_get_public);
-  GNUNET_TWEETNACL_scalarmult_le_ed25519_base (pub->q_y, priv->d);
+  GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (pub->q_y, priv->d);
   BENCHMARK_END (ecdsa_key_get_public);
 }
 

diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c
index c3471ae661ee506fe48ded3e2d5e4db61b0bbf5c..f01667adbd455f3e282388708fc1dd359ecc9bc9 100644 (file)
--- a/src/util/tweetnacl-gnunet.c
+++ b/src/util/tweetnacl-gnunet.c
@@ -429,7 +429,7 @@ GNUNET_TWEETNACL_sign_pk_from_seed (u8 *pk, const u8 *seed)
 }
 
 void
-GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 *pk, const u8 *s)
+GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (u8 *pk, const u8 *s)
 {
   u8 d[64];
   gf p[4];
@@ -437,9 +437,8 @@ GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 *pk, const u8 *s)
   // Treat s as little endian.
   for (u32 i = 0; i < 32; i++)
     d[i] = s[31 - i];
-  d[0] &= 248;
-  d[31] &= 127;
-  d[31] |= 64;
+
+  // For GNUnet, we don't normalize d
 
   scalarbase (p, d);
   pack (pk, p);

diff --git a/src/util/tweetnacl-gnunet.h b/src/util/tweetnacl-gnunet.h
index 2b2dc8e638a5336f2415c73eb6117451f9a7e503..d052d8824779de68b7434912f22400813352e301 100644 (file)
--- a/src/util/tweetnacl-gnunet.h
+++ b/src/util/tweetnacl-gnunet.h
@@ -49,6 +49,6 @@ GNUNET_TWEETNACL_sign_detached (uint8_t *sig,
                                 const uint8_t *sk);
 
 void
-GNUNET_TWEETNACL_scalarmult_le_ed25519_base (uint8_t *pk, const uint8_t *s);
+GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (uint8_t *pk, const uint8_t *s);
 
 #endif