commit e54d6f691dc71cd428e33f770a68a3224ba5c31f
parent 24be68238b375f02018b1ed904b443f65eef9513
Author: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Tue, 26 May 2020 00:42:31 +0200
Merge branch 'master' of ssh://gnunet.org/gnunet
Diffstat:
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
@@ -544,10 +544,18 @@ void
GNUNET_CRYPTO_eddsa_key_create (struct GNUNET_CRYPTO_EddsaPrivateKey *pk)
{
BENCHMARK_START (eddsa_key_create);
+ /*
+ * We do not clamp for EdDSA, since all functions that use the private key do
+ * their own clamping (just like in libsodium). What we call "private key"
+ * here, actually corresponds to the seed in libsodium.
+ *
+ * (Contrast this to ECDSA, where functions using the private key can't clamp
+ * due to properties needed for GNS. That is a worse/unsafer API, but
+ * required for the GNS constructions to work.)
+ */
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
pk,
sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey));
- // FIXME: should we not do the clamping here? Or is this done elsewhere?
BENCHMARK_END (eddsa_key_create);
}
diff --git a/src/util/test_crypto_ecdsa.c b/src/util/test_crypto_ecdsa.c
@@ -107,6 +107,7 @@ testDeriveSignVerify (void)
struct GNUNET_CRYPTO_EcdsaPrivateKey *dpriv;
struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
struct GNUNET_CRYPTO_EcdsaPublicKey dpub;
+ struct GNUNET_CRYPTO_EcdsaPublicKey dpub2;
dpriv = GNUNET_CRYPTO_ecdsa_private_key_derive (&key,
"test-derive",
@@ -117,9 +118,17 @@ testDeriveSignVerify (void)
"test-derive",
"test-CTX",
&dpub);
+ GNUNET_CRYPTO_ecdsa_key_get_public (dpriv, &dpub2);
purp.size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose));
purp.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_TEST);
+ if (0 != GNUNET_memcmp (&dpub.q_y, &dpub2.q_y))
+ {
+ fprintf (stderr, "%s", "key derivation failed\n");
+ GNUNET_free (dpriv);
+ return GNUNET_SYSERR;
+ }
+
if (GNUNET_SYSERR ==
GNUNET_CRYPTO_ecdsa_sign_ (dpriv,
&purp,
