ECDH loads parameters as signed
gniibe at fsij.org
Tue Oct 30 03:17:35 CET 2018
Ján Jančár <jancar.jj at gmail.com> wrote:
> while trying to get libgcrypt to do ECDH I think I came up to a bug, or
> at least a bit of unexpected behavior.
Sorry for late response. Frankly speaking, I don't understand what you
try to solve.
I would agree that it might be good idea to use unsigned representation,
if it were now the time we start writing new code.
> This means that if keys are generated, then exported into unsigned MPIs
> from the S-exps, then again built into S-exps using the unsigned
> notation %M, and passed into ecc_encrypt_raw/ecc_decrypt_raw, they will
> still be considered signed if their highest bit is set.
Isn't it a thing of... "Don't do that, then."?
IIUC, your proposed change will break existing keys with
PUBKEY_FLAG_PARAM, represented by %m (signed). See the function
ecc_generate in libgcrypt/cipher/ecc.c.
More information about the Gcrypt-devel