mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
experiment: Handle S=0 in EdDSA by SOS("0").
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
parent
aa4b138f4d
commit
d080720939
@ -188,6 +188,22 @@ mpi_read (iobuf_t inp, unsigned int *ret_nread, int secure)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Return an object for SOS which represents MPI(0). */
|
||||||
|
static gcry_mpi_t
|
||||||
|
sos_zero (void)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* We don't do gcry_mpi_set_opaque (NULL, NULL, 0), becase it may
|
||||||
|
* cause undefined behavior. We use a kind of cork stopper to avoid
|
||||||
|
* undefined behavior.
|
||||||
|
*/
|
||||||
|
byte *buf = gcry_xcalloc (1, 1);
|
||||||
|
gcry_mpi_t a = gcry_mpi_set_opaque (NULL, buf, 1);
|
||||||
|
gcry_mpi_set_flag (a, GCRYMPI_FLAG_USER2);
|
||||||
|
return a;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Read an external representation of an SOS and return the opaque MPI
|
/* Read an external representation of an SOS and return the opaque MPI
|
||||||
with GCRYMPI_FLAG_USER2. The external format is a 16-bit unsigned
|
with GCRYMPI_FLAG_USER2. The external format is a 16-bit unsigned
|
||||||
value stored in network byte order giving information for the
|
value stored in network byte order giving information for the
|
||||||
@ -222,7 +238,12 @@ sos_read (iobuf_t inp, unsigned int *ret_nread, int secure)
|
|||||||
goto leave;
|
goto leave;
|
||||||
++nread;
|
++nread;
|
||||||
nbits |= c;
|
nbits |= c;
|
||||||
if (nbits > MAX_EXTERN_MPI_BITS)
|
if (nbits == 0)
|
||||||
|
{
|
||||||
|
*ret_nread = nread;
|
||||||
|
return sos_zero ();
|
||||||
|
}
|
||||||
|
else if (nbits > MAX_EXTERN_MPI_BITS)
|
||||||
{
|
{
|
||||||
log_error ("mpi too large (%u bits)\n", nbits);
|
log_error ("mpi too large (%u bits)\n", nbits);
|
||||||
goto leave;
|
goto leave;
|
||||||
@ -231,8 +252,6 @@ sos_read (iobuf_t inp, unsigned int *ret_nread, int secure)
|
|||||||
nbytes = (nbits + 7) / 8;
|
nbytes = (nbits + 7) / 8;
|
||||||
if (nbytes)
|
if (nbytes)
|
||||||
buf = secure ? gcry_xmalloc_secure (nbytes) : gcry_xmalloc (nbytes);
|
buf = secure ? gcry_xmalloc_secure (nbytes) : gcry_xmalloc (nbytes);
|
||||||
else
|
|
||||||
buf = NULL;
|
|
||||||
p = buf;
|
p = buf;
|
||||||
for (i = 0; i < nbytes; i++)
|
for (i = 0; i < nbytes; i++)
|
||||||
{
|
{
|
||||||
@ -2378,9 +2397,12 @@ parse_signature (IOBUF inp, int pkttype, unsigned long pktlen,
|
|||||||
}
|
}
|
||||||
if (!sig->data[i])
|
if (!sig->data[i])
|
||||||
rc = GPG_ERR_INV_PACKET;
|
rc = GPG_ERR_INV_PACKET;
|
||||||
if (!pktlen && sig->pubkey_algo == PUBKEY_ALGO_EDDSA)
|
if (i == 0 && !pktlen && sig->pubkey_algo == PUBKEY_ALGO_EDDSA)
|
||||||
/* Allow the R part only. */
|
{
|
||||||
break;
|
/* Accept the case: R part only, missing S. */
|
||||||
|
sig->data[1] = sos_zero ();
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
14
g10/pkglue.c
14
g10/pkglue.c
@ -319,15 +319,11 @@ pk_verify (pubkey_algo_t pkalgo, gcry_mpi_t hash,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/*
|
else if (gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE)
|
||||||
* When data[1] is NULL or [0], parse the signature into R and S
|
&& ((p = gcry_mpi_get_opaque (s, &nbits)) == NULL
|
||||||
* parts.
|
|| nbits == 0
|
||||||
*/
|
|| ((nbits+7)/8 == 1 && p[0] == 0)))
|
||||||
else if (!s
|
/* When data[1] is MPI(0), parse the signature into R and S parts. */
|
||||||
|| (gcry_mpi_get_flag (s, GCRYMPI_FLAG_OPAQUE)
|
|
||||||
&& ((p = gcry_mpi_get_opaque (s, &nbits)) == NULL
|
|
||||||
|| nbits == 0
|
|
||||||
|| ((nbits+7)/8 == 1 && p[0] == 0))))
|
|
||||||
openpgp_ecc_parse_signature (pkalgo, r, &r, &s);
|
openpgp_ecc_parse_signature (pkalgo, r, &r, &s);
|
||||||
else
|
else
|
||||||
rc = 0;
|
rc = 0;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user