56 lines
1.8 KiB
Diff
56 lines
1.8 KiB
Diff
From ae3801a0e5cce276c270973214385c86048d5f7b Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
|
|
Date: Sat, 13 Mar 2021 16:42:21 +0100
|
|
Subject: [PATCH] Similar fix for eddsa.
|
|
|
|
* eddsa-hash.c (_eddsa_hash): Ensure result is canonically
|
|
reduced. Two of the three call sites need that.
|
|
|
|
(cherry picked from commit d9b564e4b3b3a5691afb9328c7342b3f7ca64288)
|
|
---
|
|
ChangeLog | 3 +++
|
|
eddsa-hash.c | 10 +++++++---
|
|
2 files changed, 10 insertions(+), 3 deletions(-)
|
|
|
|
#diff --git a/ChangeLog b/ChangeLog
|
|
#index 5f8a22c2..ce330831 100644
|
|
#--- a/ChangeLog
|
|
#+++ b/ChangeLog
|
|
#@@ -1,5 +1,8 @@
|
|
# 2021-03-13 Niels Möller <nisse@lysator.liu.se>
|
|
#
|
|
#+ * eddsa-hash.c (_eddsa_hash): Ensure result is canonically
|
|
#+ reduced. Two of the three call sites need that.
|
|
#+
|
|
# * ecc-gostdsa-verify.c (ecc_gostdsa_verify): Use ecc_mod_mul_canonical
|
|
# to compute the scalars used for ecc multiplication.
|
|
#
|
|
--- a/eddsa-hash.c
|
|
+++ b/eddsa-hash.c
|
|
@@ -44,13 +44,14 @@
|
|
#include "ecc-internal.h"
|
|
#include "nettle-internal.h"
|
|
|
|
-/* Convert hash digest to integer, and reduce modulo q, to m->size
|
|
- limbs. Needs space for 2*m->size + 1 at rp. */
|
|
+/* Convert hash digest to integer, and reduce canonically modulo q.
|
|
+ Needs space for 2*m->size + 1 at rp. */
|
|
void
|
|
_eddsa_hash (const struct ecc_modulo *m,
|
|
mp_limb_t *rp, size_t digest_size, const uint8_t *digest)
|
|
{
|
|
mp_size_t nlimbs = (8*digest_size + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS;
|
|
+ mp_limb_t cy;
|
|
|
|
mpn_set_base256_le (rp, nlimbs, digest, digest_size);
|
|
|
|
@@ -75,4 +76,8 @@ _eddsa_hash (const struct ecc_modulo *m,
|
|
assert (hi == 0);
|
|
}
|
|
m->mod (m, rp);
|
|
+ mpn_copyi (rp + m->size, rp, m->size);
|
|
+ /* Ensure canonical reduction. */
|
|
+ cy = mpn_sub_n (rp, rp + m->size, m->m, m->size);
|
|
+ cnd_copy (cy, rp, rp + m->size, m->size);
|
|
}
|