[PATCH] ecc: store EdDSA session key in secure memory

Werner Koch wk at gnupg.org
Fri Jun 2 11:08:52 CEST 2017

On Thu, 19 Jan 2017 17:22, jo.vanbulck at cs.kuleuven.be said:

> Regarding the function _gcry_ecc_eddsa_sign (cipher/ecc-eddsa.c), I am
> wondering why the long-term secret key 'a' is stored in secure memory,
> whereas the derived session key 'r' is not. This seems particularly
> important in the case of EdDSA as the function _gcry_mpi_ec_mul_point
> (mpi/ec.c) attempts to provide side-channel protection by using
> constant time operations for scalars residing in secure memory.

I applied your patch and released Libgcrypt 1.7.7 a few minutes ago.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170602/e0f4e557/attachment.sig>

More information about the Gcrypt-devel mailing list