1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-20 02:25:14 -07:00

curve25519-donna-c64: don't read an extra byte when expanding a 32-byte number into polynomial form

Reported by Michael Holmwood.
This commit is contained in:
Frank Denis 2014-11-20 11:22:24 -08:00
parent df021fba2b
commit d3e716aa49
2 changed files with 20 additions and 4 deletions

View File

@ -226,7 +226,7 @@ fexpand(limb *output, const u8 *in) {
output[1] = (U8TO64(in+6) >> 3) & 0x7ffffffffffff; output[1] = (U8TO64(in+6) >> 3) & 0x7ffffffffffff;
output[2] = (U8TO64(in+12) >> 6) & 0x7ffffffffffff; output[2] = (U8TO64(in+12) >> 6) & 0x7ffffffffffff;
output[3] = (U8TO64(in+19) >> 1) & 0x7ffffffffffff; output[3] = (U8TO64(in+19) >> 1) & 0x7ffffffffffff;
output[4] = (U8TO64(in+25) >> 4) & 0x7ffffffffffff; output[4] = (U8TO64(in+24) >> 12) & 0x7ffffffffffff;
} }
/* Take a fully reduced polynomial form number and contract it into a /* Take a fully reduced polynomial form number and contract it into a

View File

@ -2,12 +2,12 @@
#define TEST_NAME "scalarmult6" #define TEST_NAME "scalarmult6"
#include "cmptest.h" #include "cmptest.h"
unsigned char bobsk[32] unsigned char bobsk_[crypto_scalarmult_SCALARBYTES]
= { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f, = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f,
0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18,
0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb }; 0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb };
unsigned char alicepk[32] unsigned char alicepk_[crypto_scalarmult_SCALARBYTES]
= { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, = { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a }; 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a };
@ -16,10 +16,24 @@ unsigned char k[32];
int main(void) int main(void)
{ {
int i; unsigned char *k;
unsigned char *bobsk;
unsigned char *alicepk;
int i;
k = sodium_malloc(crypto_scalarmult_BYTES);
bobsk = sodium_malloc(crypto_scalarmult_SCALARBYTES);
alicepk = sodium_malloc(crypto_scalarmult_SCALARBYTES);
assert(k != NULL && bobsk != NULL && alicepk != NULL);
memcpy(bobsk, bobsk_, crypto_scalarmult_SCALARBYTES);
memcpy(alicepk, alicepk_, crypto_scalarmult_SCALARBYTES);
crypto_scalarmult(k, bobsk, alicepk); crypto_scalarmult(k, bobsk, alicepk);
sodium_free(alicepk);
sodium_free(bobsk);
for (i = 0; i < 32; ++i) { for (i = 0; i < 32; ++i) {
if (i > 0) { if (i > 0) {
printf(","); printf(",");
@ -31,5 +45,7 @@ int main(void)
printf("\n"); printf("\n");
} }
} }
sodium_free(k);
return 0; return 0;
} }