Update curve25519_mul, to align with RFC 7748.

b18472f8 · Niels Möller · dbd02e30 · b18472f8 · b18472f8
Commit b18472f8 authored Apr 25, 2016 by Niels Möller
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

ChangeLog ChangeLog +5 -0

curve25519-mul.c curve25519-mul.c +4 -0

No files found.
--- a/ChangeLog
+++ b/ChangeLog
+2016-04-25  Niels Möller  <nisse@lysator.liu.se>
+
+	* curve25519-mul.c (curve25519_mul): Ignore top bit of the input x
+	coordinate, as erquired by RFC 7748.
+
 2016-03-15  Niels Möller  <nisse@lysator.liu.se>

 	* twofish.c (gf_multiply): Change return value to uint32_t, to

--- a/curve25519-mul.c
+++ b/curve25519-mul.c
@@ -72,7 +72,11 @@ curve25519_mul (uint8_t *q, const uint8_t *n, const uint8_t *p)
  itch = ecc->p.size * 12;
  scratch = gmp_alloc_limbs (itch);

+  /* Note that 255 % GMP_NUMB_BITS == 0 isn't supported, so x1 always
+     holds at least 256 bits. */
  mpn_set_base256_le (x1, ecc->p.size, p, CURVE25519_SIZE);
+  /* Clear bit 255, as required by RFC 7748. */
+  x1[255/GMP_NUMB_BITS] &= ~((mp_limb_t) 1 << (255 % GMP_NUMB_BITS));

  /* Initialize, x2 = x1, z2 = 1 */
  mpn_copyi (x2, x1, ecc->p.size);