Are we ready for 1.7 ?
wk at gnupg.org
Fri Apr 8 08:53:15 CEST 2016
On Fri, 8 Apr 2016 04:34, gniibe at fsij.org said:
> For (2), I think that it is GnuPG (the user of libgcrypt) which should
> check/validate the input. I'll post to gnupg-devel.
> def decodeScalar25519(k):
> k_list = [ord(b) for b in k]
> k_list &= 248
> k_list &= 127
> k_list |= 64
> return decodeLittleEndian(k_list, 255)
> Currently, in libgcrypt, this tweak is done in key generation. This
> tweak of scalar value is not included in the computation of
> gcry_mpi_ec_mul_point itself. (I did implemented so, following the
I don't fully understand. gcry_mpi_ec_mul_point does not do any
decoding at all. This should be done by _gcry_ecc_mont_decodepoint for
> Even if our key generation does the tweak, I think that it is good to
> also include the tweak of scalar value in gcry_mpi_ec_mul_point, so
> that the routine will be compatible to crypto_scalarmult, for the sake
> of least surprise by programmers.
Our processing model is a but different so that a 1-1 relationship with
other code is not necessary needed. But I may have not understand the
issue. A patch may help me to understand it better.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel