From e1e1e9ac34ab70c3a1f2344361c7e04e5f15c3bd Mon Sep 17 00:00:00 2001 From: Dennis Brentjes Date: Sun, 21 May 2017 14:27:55 +0200 Subject: Removes bias from generating random curve points. --- libcmix-crypto/ed25519/gcrypt/gcrypt_ed25519.c | 56 +++++++++++++------------- 1 file changed, 29 insertions(+), 27 deletions(-) (limited to 'libcmix-crypto/ed25519/gcrypt/gcrypt_ed25519.c') diff --git a/libcmix-crypto/ed25519/gcrypt/gcrypt_ed25519.c b/libcmix-crypto/ed25519/gcrypt/gcrypt_ed25519.c index c8913cf..bcaca51 100644 --- a/libcmix-crypto/ed25519/gcrypt/gcrypt_ed25519.c +++ b/libcmix-crypto/ed25519/gcrypt/gcrypt_ed25519.c @@ -306,58 +306,60 @@ GroupElement DEF(get_group_element)(bool secure) { (void) secure; size_t parse_error_offset; gcry_error_t error; - + + gcry_mpi_point_t point = gcry_mpi_point_new(0); gcry_mpi_t a = NULL; void* bytes = NULL; + char* encoded_point = NULL; do { - gcry_free(bytes); - gcry_mpi_release(a); - bytes = gcry_random_bytes_secure(nr_bytes, GCRY_VERY_STRONG_RANDOM); - TRACE(__FILE__, __LINE__, bytes); - error = gcry_mpi_scan(&a, GCRYMPI_FMT_USG, bytes, nr_bytes, &parse_error_offset); - TRACE(__FILE__,__LINE__, a); - check(error); - } while(gcry_mpi_cmp_ui(a, 0) == 0 || gcry_mpi_cmp(a, p) != -1); - - char* encoded_point = (char*) calloc(nr_bytes+1, sizeof(char)); - TRACE(__FILE__, __LINE__, encoded_point) - gcry_mpi_point_t point = gcry_mpi_point_new(0); - do { + do { + gcry_free(bytes); + gcry_mpi_release(a); + bytes = gcry_random_bytes_secure(nr_bytes, GCRY_VERY_STRONG_RANDOM); + TRACE(__FILE__, __LINE__, bytes); + error = gcry_mpi_scan(&a, GCRYMPI_FMT_USG, bytes, nr_bytes, &parse_error_offset); + TRACE(__FILE__,__LINE__, a); + check(error); + } while(gcry_mpi_cmp_ui(a, 0) == 0 || gcry_mpi_cmp(a, p) != -1); + + char* encoded_point = (char*) calloc(nr_bytes+1, sizeof(char)); + TRACE(__FILE__, __LINE__, encoded_point) + + free(encoded_point); + encoded_point = (char*) calloc(nr_bytes+1, sizeof(char)); encoded_point[0] = 0x40; - + unsigned int byte_size = (unsigned) ceil(gcry_mpi_get_nbits(a) / 8.0); gcry_mpi_print(GCRYMPI_FMT_USG, (unsigned char*) encoded_point + 1, 32, NULL, a); - + for(int i = 0; i < 16; i++) { char temp = encoded_point[i+1]; encoded_point[i+1] = encoded_point[32-i]; encoded_point[32-i] = temp; } - + gcry_mpi_t encoded_mpi = gcry_mpi_new(0); TRACE(__FILE__, __LINE__, encoded_mpi) gcry_mpi_set_opaque_copy(encoded_mpi, encoded_point, (nr_bytes + 1) * sizeof(char) * 8); - + error = gcry_mpi_ec_decode_point(point, encoded_mpi, ctx); check(error); - + gcry_mpi_release(encoded_mpi); - + if(!gcry_mpi_ec_curve_point(point, ctx)) { gcry_mpi_point_release(point); point = gcry_mpi_point_new(0); - - gcry_mpi_add_ui(a, a, 1); } - + } while(!gcry_mpi_ec_curve_point(point, ctx)); - + gcry_mpi_release(a); gcry_free(bytes); free(encoded_point); - + TRACE(__FILE__, __LINE__, point); - + return point; } @@ -526,4 +528,4 @@ void DEF(deinitialize)(void) { gcry_ctx_release(ctx); } -LINK_IMPLEMENTATION \ No newline at end of file +LINK_IMPLEMENTATION -- cgit v1.2.3-70-g09d2