ECDH loads parameters as signed

NIIBE Yutaka gniibe at fsij.org
Tue Oct 30 03:17:35 CET 2018


Hello,

Ján Jančár <jancar.jj at gmail.com> wrote:
> while trying to get libgcrypt to do ECDH I think I came up to a bug, or
> at least a bit of unexpected behavior.

Sorry for late response.  Frankly speaking, I don't understand what you
try to solve.

I would agree that it might be good idea to use unsigned representation,
if it were now the time we start writing new code.

> This means that if keys are generated, then exported into unsigned MPIs
> from the S-exps, then again built into S-exps using the unsigned
> notation %M, and passed into ecc_encrypt_raw/ecc_decrypt_raw, they will
> still be considered signed if their highest bit is set.

Isn't it a thing of... "Don't do that, then."?

IIUC, your proposed change will break existing keys with
PUBKEY_FLAG_PARAM, represented by %m (signed).  See the function
ecc_generate in libgcrypt/cipher/ecc.c.
-- 



More information about the Gcrypt-devel mailing list