[PATCH] ECC sign & verify

NIIBE Yutaka gniibe at fsij.org
Fri Apr 25 02:39:20 CEST 2014


I'm currently testing GnuPG development version with ECC.

When I tested existing ecc.test of GnuPG (with secret key import),
I found this problem.  While decryption works, signing doesn't.

In the test, ecc_sign is called with no curve name but explicit curve
parameters, and fails as (ctx.flags & PUBKEY_FLAG_PARAM) == 0.

In ecc_sign, it tries to extract paramerters from KEYPARMS, only when
(ctx.flags & PUBKEY_FLAG_PARAM) is on.  However, there is it makes no
sense to check ctx.flags here, since it is not dependent on the key
(but data to be signed).

On the other hand, ecc_decrypt_raw, it tries to extract paramerters
from KEYPARMS, and then tries curve name (with no checking
of (ctx.flags & PUBKEY_FLAG_PARAM)).

If it's really needed, we could add something like:

  l1 = sexp_find_token (keyparms, "flags", 0);
  if (l1)
      rc = _gcry_pk_util_parse_flaglist (l1, &ctx.flags, NULL);
      sexp_release (l1);
      l1 = NULL;
      if (rc)
	goto leave;

But, I think that "(flags param)" only makes sense for key generation.

Here's a patch to show the problem.  It works for me.

diff --git a/cipher/ecc.c b/cipher/ecc.c
index 6a60785..f7a16ec 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -810,13 +810,9 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
    * Extract the key.
-  if ((ctx.flags & PUBKEY_FLAG_PARAM))
-    rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d",
-                             &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n,
-                             &mpi_q, &sk.d, NULL);
-  else
-    rc = sexp_extract_param (keyparms, NULL, "/q?+d",
-                             &mpi_q, &sk.d, NULL);
+  rc = sexp_extract_param (keyparms, NULL, "-p?a?b?g?n?/q?+d",
+                           &sk.E.p, &sk.E.a, &sk.E.b, &mpi_g, &sk.E.n,
+                           &mpi_q, &sk.d, NULL);
   if (rc)
     goto leave;
   if (mpi_g)

More information about the Gcrypt-devel mailing list