From b32afc8e701d3d3eece91f2594eea650d4a025fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Tue, 23 Sep 2014 20:33:12 +0200
Subject: [PATCH] Changed ecc_hash argument type from struct ecc_curve to
 struct ecc_modulo.

---
 ChangeLog                     |  7 +++++++
 ecc-ecdsa-sign.c              |  2 +-
 ecc-ecdsa-verify.c            |  2 +-
 ecc-hash.c                    | 16 +++++++---------
 ecc-internal.h                |  2 +-
 testsuite/ecdsa-sign-test.c   |  4 ++--
 testsuite/ecdsa-verify-test.c |  4 ++--
 7 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c50ee4b0..e64889ef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2014-09-23  Niels Möller  <nisse@lysator.liu.se>
 
+	* ecc-hash.c (ecc_hash): Changed argument type from struct
+	ecc_curve to struct ecc_modulo. Updated callers.
+	* testsuite/ecdsa-sign-test.c (test_main): Updated curve25519
+	signature s. Changed since the hash value is truncated a few bits
+	more, to match the size of q.
+	* testsuite/ecdsa-verify-test.c (test_main): Likewise.
+
 	* testsuite/ecc-modinv-test.c (zero_p): New function, checking for
 	zero modulo p.
 	(test_modulo): Use zero_p. Switch to dynamic allocation. Updated
diff --git a/ecc-ecdsa-sign.c b/ecc-ecdsa-sign.c
index 57e05a41..3b9e9cc1 100644
--- a/ecc-ecdsa-sign.c
+++ b/ecc-ecdsa-sign.c
@@ -86,7 +86,7 @@ ecc_ecdsa_sign (const struct ecc_curve *ecc,
   ecc->q.invert (&ecc->q, kinv, kp, tp); /* NOTE: Also clobbers hp */
   
   /* Process hash digest */
-  ecc_hash (ecc, hp, length, digest);
+  ecc_hash (&ecc->q, hp, length, digest);
 
   ecc_modq_mul (ecc, tp, zp, rp);
   ecc_modq_add (ecc, hp, hp, tp);
diff --git a/ecc-ecdsa-verify.c b/ecc-ecdsa-verify.c
index a60c89d6..d7f5b684 100644
--- a/ecc-ecdsa-verify.c
+++ b/ecc-ecdsa-verify.c
@@ -111,7 +111,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
   ecc->q.invert (&ecc->q, sinv, sp, sinv + 2*ecc->p.size);
 
   /* u1 = h / s, P1 = u1 * G */
-  ecc_hash (ecc, hp, length, digest);
+  ecc_hash (&ecc->q, hp, length, digest);
   ecc_modq_mul (ecc, u1, hp, sinv);
 
   /* u2 = r / s, P2 = u2 * Y */
diff --git a/ecc-hash.c b/ecc-hash.c
index 780d0a66..4e830a51 100644
--- a/ecc-hash.c
+++ b/ecc-hash.c
@@ -44,23 +44,21 @@
 /* NOTE: We don't considered the hash value to be secret, so it's ok
    if the running time of this conversion depends on h.
 
-   Requires ecc->size + 1 limbs, the extra limb may be needed for
+   Requires m->size + 1 limbs, the extra limb may be needed for
    unusual limb sizes.
 */
 
-/* FIXME: Take a struct ecc_modulo * as argument, and it would make
-   more sense to pass q than p. */
 void
-ecc_hash (const struct ecc_curve *ecc,
+ecc_hash (const struct ecc_modulo *m,
 	  mp_limb_t *hp,
 	  size_t length, const uint8_t *digest)
 {
-  if (length > ((size_t) ecc->p.bit_size + 7) / 8)
-    length = (ecc->p.bit_size + 7) / 8;
+  if (length > ((size_t) m->bit_size + 7) / 8)
+    length = (m->bit_size + 7) / 8;
 
-  mpn_set_base256 (hp, ecc->p.size + 1, digest, length);
+  mpn_set_base256 (hp, m->size + 1, digest, length);
 
-  if (8 * length > ecc->p.bit_size)
+  if (8 * length > m->bit_size)
     /* We got a few extra bits, at the low end. Discard them. */
-    mpn_rshift (hp, hp, ecc->p.size + 1, 8*length - ecc->p.bit_size);
+    mpn_rshift (hp, hp, m->size + 1, 8*length - m->bit_size);
 }
diff --git a/ecc-internal.h b/ecc-internal.h
index c07fdcfc..04ca9668 100644
--- a/ecc-internal.h
+++ b/ecc-internal.h
@@ -237,7 +237,7 @@ ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp,
 		void *ctx, nettle_random_func *random, mp_limb_t *scratch);
 
 void
-ecc_hash (const struct ecc_curve *ecc,
+ecc_hash (const struct ecc_modulo *m,
 	  mp_limb_t *hp,
 	  size_t length, const uint8_t *digest);
 
diff --git a/testsuite/ecdsa-sign-test.c b/testsuite/ecdsa-sign-test.c
index f111b38c..ac08b52c 100644
--- a/testsuite/ecdsa-sign-test.c
+++ b/testsuite/ecdsa-sign-test.c
@@ -168,6 +168,6 @@ test_main (void)
 		   "ae760d5331496119 5d967fd881e3b0f5"), /* h */
 	      " 515c3a485f57432 0daf3353a0d08110"
 	      "64157c556296de09 4132f74865961b37", /* r */
-	      " 9ddd3e2fa87328c 372e28ac7a1c0c65"
-	      "697196d643238fd0 c4caa4d1d88a62fe"); /* s */
+	      "  78f23367291b01 3fc430fb09322d95"
+	      "4384723649868d8e 88effc7ac8b141d7"); /* s */
 }
diff --git a/testsuite/ecdsa-verify-test.c b/testsuite/ecdsa-verify-test.c
index 4e0fd80f..54e489f2 100644
--- a/testsuite/ecdsa-verify-test.c
+++ b/testsuite/ecdsa-verify-test.c
@@ -156,6 +156,6 @@ test_main (void)
 		   "ae760d5331496119 5d967fd881e3b0f5"), /* h */
 	      " 515c3a485f57432 0daf3353a0d08110"
 	      "64157c556296de09 4132f74865961b37", /* r */
-	      " 9ddd3e2fa87328c 372e28ac7a1c0c65"
-	      "697196d643238fd0 c4caa4d1d88a62fe"); /* s */
+	      "  78f23367291b01 3fc430fb09322d95"
+	      "4384723649868d8e 88effc7ac8b141d7"); /* s */
 }
-- 
GitLab