From e8533c8a41e3fb29e51200d643382c8d5f882e5e Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Mon, 6 Jan 2020 14:16:24 +0100 Subject: [PATCH] Don't normalize when deriving ECDSA public keys --- src/util/crypto_ecc.c | 2 +- src/util/tweetnacl-gnunet.c | 7 +++---- src/util/tweetnacl-gnunet.h | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index d4cfaa72c..237062eb7 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c @@ -174,7 +174,7 @@ GNUNET_CRYPTO_ecdsa_key_get_public ( struct GNUNET_CRYPTO_EcdsaPublicKey *pub) { BENCHMARK_START (ecdsa_key_get_public); - GNUNET_TWEETNACL_scalarmult_le_ed25519_base (pub->q_y, priv->d); + GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (pub->q_y, priv->d); BENCHMARK_END (ecdsa_key_get_public); } diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c index c3471ae66..f01667adb 100644 --- a/src/util/tweetnacl-gnunet.c +++ b/src/util/tweetnacl-gnunet.c @@ -429,7 +429,7 @@ GNUNET_TWEETNACL_sign_pk_from_seed (u8 *pk, const u8 *seed) } void -GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 *pk, const u8 *s) +GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (u8 *pk, const u8 *s) { u8 d[64]; gf p[4]; @@ -437,9 +437,8 @@ GNUNET_TWEETNACL_scalarmult_le_ed25519_base (u8 *pk, const u8 *s) // Treat s as little endian. for (u32 i = 0; i < 32; i++) d[i] = s[31 - i]; - d[0] &= 248; - d[31] &= 127; - d[31] |= 64; + + // For GNUnet, we don't normalize d scalarbase (p, d); pack (pk, p); diff --git a/src/util/tweetnacl-gnunet.h b/src/util/tweetnacl-gnunet.h index 2b2dc8e63..d052d8824 100644 --- a/src/util/tweetnacl-gnunet.h +++ b/src/util/tweetnacl-gnunet.h @@ -49,6 +49,6 @@ GNUNET_TWEETNACL_sign_detached (uint8_t *sig, const uint8_t *sk); void -GNUNET_TWEETNACL_scalarmult_le_ed25519_base (uint8_t *pk, const uint8_t *s); +GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (uint8_t *pk, const uint8_t *s); #endif -- 2.25.1