Are we ready for 1.7 ?

[Werner Koch]

On Fri,  8 Apr 2016 04:34, gniibe at fsij.org said:

> For (2), I think that it is GnuPG (the user of libgcrypt) which should
> check/validate the input.  I'll post to gnupg-devel.

Okay.

>     def decodeScalar25519(k):
>        k_list = [ord(b) for b in k]
>        k_list[0] &= 248
>        k_list[31] &= 127
>        k_list[31] |= 64
>        return decodeLittleEndian(k_list, 255)
>
> Currently, in libgcrypt, this tweak is done in key generation.  This
> tweak of scalar value is not included in the computation of
> gcry_mpi_ec_mul_point itself.  (I did implemented so, following the

I don't fully understand.  gcry_mpi_ec_mul_point does not do any
decoding at all.  This should be done by _gcry_ecc_mont_decodepoint for
Curve25519.

> Even if our key generation does the tweak, I think that it is good to
> also include the tweak of scalar value in gcry_mpi_ec_mul_point, so
> that the routine will be compatible to crypto_scalarmult, for the sake
> of least surprise by programmers.

Our processing model is a but different so that a 1-1 relationship with
other code is not necessary needed.  But I may have not understand the
issue.  A patch may help me to understand it better.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.