Testing ECC signatures

Dmitry Eremin-Solenikov dbaryshkov at gmail.com
Wed Sep 25 22:44:22 CEST 2013


On 25/09/13 22:51, Werner Koch wrote:
> On Wed, 25 Sep 2013 18:51, dbaryshkov at gmail.com said:
> 
>> "random-override" value (like it is done for several RSA padding modes).
>> However I see no simple way to pass that further to ecc_sign (in my
>> case) function.
> 
> For ECC I suggest to use the rfc6979 flag, which creates deterministic
> signatures.

I should think about applicability of rfc6979 to GOST signature algorithms.

>> interface changes to
>> move S-Exp processing directly to algorithms (if I understood
>> correctly andthat is
>> the way the code base currently moves)?
> 
> Yes, that is what I am working on.

OK, I will just wait for the interface changes. I don't want to change
internal pkey/ecc interfaces, if you are going to change that in
observable future.

> In general I don't like the idea of having a feature to override random,
> because that could easily slip into the real code path.  But sometimes
> these things are required for certification purposes.

Yes, I see your point. However adding such feature will make testing easier.

-- 
With best wishes
Dmitry



More information about the Gcrypt-devel mailing list