[PATCH] Truncate hash values for ECDSA signature scheme
Dmitry Eremin-Solenikov
dbaryshkov at gmail.com
Tue Dec 17 12:38:04 CET 2013
On Tue, Dec 17, 2013 at 12:57 PM, Werner Koch <wk at gnupg.org> wrote:
> On Mon, 16 Dec 2013 17:34, dbaryshkov at gmail.com said:
>
>> @@ -164,6 +173,7 @@ _gcry_ecc_ecdsa_verify (gcry_mpi_t input, ECC_public_key *pkey,
>
>> + if (abits > nbits)
>> + {
>> + mpi_rshift (h1, input, abits - nbits);
>> + mpi_mulm (h1, h1, h, pkey->E.n);
>> + }
>> + else
>> + mpi_mulm (h1, input, h, pkey->E.n);
>
> Either move this to ecc.c:ecc_verify or move the opaque code handling
> used there to here.
What about Ed25519 and truncation of hashes?
--
With best wishes
Dmitry
More information about the Gcrypt-devel
mailing list