testsuite error on git git master - t-cv25519

NIIBE Yutaka gniibe at fsij.org
Fri Feb 12 06:21:02 CET 2016


On 02/11/2016 07:20 PM, Andreas Metzler wrote:
> git master currently produces a testsuite error on t-cv25519:
[...]
> The breakage was introduced by
> 23b72901f8a5ba9a78485b235c7a917fbc8faae0
> "ecc: input validation on ECDH."

Thank you for reporting.

The commit was wrong for Curve25519.  I fixed it.

Perhaps, the vector in RFC-7748 is intentional.


Reading the RFC again:

    https://datatracker.ietf.org/doc/rfc7748/

It only addressed the most significant bit.

In another (expired) document, there is a section for point
validation:

    https://datatracker.ietf.org/doc/draft-ietf-tls-curve25519/

and I was confused that point validation is ok to be implemented.


Well, I found an article about point validation on Curve25519.


http://vnhacker.blogspot.jp/2015/09/why-not-validating-curve25519-public.html

For libgcrypt implementation, it fails (segfaults) for point infinity when
it tries to get X-coordinate.  So, it's on safer side.
-- 



More information about the Gcrypt-devel mailing list