arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add ed25519PrivateKey::Validate body (GH #764) 

We also clamp the private key and recalculate the public key. Note: we already know some IETF keys fail to validate because they are not clamped as specified in Bernsteain's paper or the RFCs (derp....)
pull/769/head
Jeffrey Walton 2018-12-26 19:34:41 -05:00
parent 21cd665a1c
commit 5202b6312f
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
1 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
xed25519.cpp
View File

@ -264,6 +264,15 @@ bool x25519::Validate(RandomNumberGenerator &rng, unsigned int level) const
return false; return false;
if (level >= 2 && IsSmallOrder(m_pk) == true) if (level >= 2 && IsSmallOrder(m_pk) == true)
return false; return false;
if (level >= 3)
{
SecByteBlock sk(m_sk, SECRET_KEYLENGTH), pk(PUBLIC_KEYLENGTH);
ClampKeys(pk, sk);
if (VerifyBufsEqual(pk, m_pk, PUBLIC_KEYLENGTH) == false || VerifyBufsEqual(sk, m_sk, SECRET_KEYLENGTH) == false)
{
return false;
}
}
return true; return true;
} }
@ -372,7 +381,24 @@ bool ed25519PrivateKey::IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const
bool ed25519PrivateKey::Validate(RandomNumberGenerator &rng, unsigned int level) const bool ed25519PrivateKey::Validate(RandomNumberGenerator &rng, unsigned int level) const
{ {
CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(level); CRYPTOPP_UNUSED(rng);
CRYPTOPP_ASSERT(IsClamped(m_sk) == true);
CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false);
if (level >= 1 && IsClamped(m_sk) == false)
return false;
if (level >= 2 && IsSmallOrder(m_pk) == true)
return false;
if (level >= 3)
{
SecByteBlock sk(m_sk, SECRET_KEYLENGTH), pk(PUBLIC_KEYLENGTH);
ClampKeys(pk, sk);
if (VerifyBufsEqual(pk, m_pk, PUBLIC_KEYLENGTH) == false || VerifyBufsEqual(sk, m_sk, SECRET_KEYLENGTH) == false)
{
return false;
}
}
return true; return true;
} }