Update curve25519_mul, to align with RFC 7748.

author Niels Möller <nisse@lysator.liu.se>

Mon, 25 Apr 2016 19:48:52 +0000 (21:48 +0200)

committer Niels Möller <nisse@lysator.liu.se>

Mon, 25 Apr 2016 19:48:52 +0000 (21:48 +0200)
author Niels Möller <nisse@lysator.liu.se>
Mon, 25 Apr 2016 19:48:52 +0000 (21:48 +0200)
committer Niels Möller <nisse@lysator.liu.se>
Mon, 25 Apr 2016 19:48:52 +0000 (21:48 +0200)
diff --git a/ChangeLog b/ChangeLog

index d068636c46f3be4f0bf9c9a510570321a9ab7e37..a3adb58d556de855cbdd4c8587eec5afd6667621 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2016-04-25  Niels Möller  <nisse@lysator.liu.se>
+
+       * curve25519-mul.c (curve25519_mul): Ignore top bit of the input x
+       coordinate, as erquired by RFC 7748.
+
  2016-03-15  Niels Möller  <nisse@lysator.liu.se>
  
         * twofish.c (gf_multiply): Change return value to uint32_t, to
diff --git a/curve25519-mul.c b/curve25519-mul.c

index adb20cbc62af6a2c1387ab1e1ffcaec4094c90a2..f5127d7794010f14f97f55d3dc5f874d9c332e9f 100644 (file)
--- a/curve25519-mul.c
+++ b/curve25519-mul.c
@@ -72,7 +72,11 @@ curve25519_mul (uint8_t *q, const uint8_t *n, const uint8_t *p)
    itch = ecc->p.size * 12;
    scratch = gmp_alloc_limbs (itch);
  
+  /* Note that 255 % GMP_NUMB_BITS == 0 isn't supported, so x1 always
+     holds at least 256 bits. */
    mpn_set_base256_le (x1, ecc->p.size, p, CURVE25519_SIZE);
+  /* Clear bit 255, as required by RFC 7748. */
+  x1[255/GMP_NUMB_BITS] &= ~((mp_limb_t) 1 << (255 % GMP_NUMB_BITS));
  
    /* Initialize, x2 = x1, z2 = 1 */
    mpn_copyi (x2, x1, ecc->p.size);
author	Niels Möller <nisse@lysator.liu.se>
	Mon, 25 Apr 2016 19:48:52 +0000 (21:48 +0200)
committer	Niels Möller <nisse@lysator.liu.se>
	Mon, 25 Apr 2016 19:48:52 +0000 (21:48 +0200)
ChangeLog		patch \| blob \| blame \| history
curve25519-mul.c		patch \| blob \| blame \| history