From: Niels Möller Date: Mon, 25 Apr 2016 19:48:52 +0000 (+0200) Subject: Update curve25519_mul, to align with RFC 7748. X-Git-Tag: nettle_3.3_release_20161001~53^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b18472f886a673c2f823fc69cb4994942badeef1;p=thirdparty%2Fnettle.git Update curve25519_mul, to align with RFC 7748. --- diff --git a/ChangeLog b/ChangeLog index d068636c..a3adb58d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2016-04-25 Niels Möller + + * curve25519-mul.c (curve25519_mul): Ignore top bit of the input x + coordinate, as erquired by RFC 7748. + 2016-03-15 Niels Möller * twofish.c (gf_multiply): Change return value to uint32_t, to diff --git a/curve25519-mul.c b/curve25519-mul.c index adb20cbc..f5127d77 100644 --- a/curve25519-mul.c +++ b/curve25519-mul.c @@ -72,7 +72,11 @@ curve25519_mul (uint8_t *q, const uint8_t *n, const uint8_t *p) itch = ecc->p.size * 12; scratch = gmp_alloc_limbs (itch); + /* Note that 255 % GMP_NUMB_BITS == 0 isn't supported, so x1 always + holds at least 256 bits. */ mpn_set_base256_le (x1, ecc->p.size, p, CURVE25519_SIZE); + /* Clear bit 255, as required by RFC 7748. */ + x1[255/GMP_NUMB_BITS] &= ~((mp_limb_t) 1 << (255 % GMP_NUMB_BITS)); /* Initialize, x2 = x1, z2 = 1 */ mpn_copyi (x2, x1, ecc->p.size);