curve25519-donna-c64: don't read an extra byte when expanding a 32-byte number into polynomial form

Reported by Michael Holmwood.
2014-11-20 11:22:24 -08:00 · 2014-11-20 11:22:24 -08:00 · d3e716aa49
commit d3e716aa49
parent df021fba2b
2 changed files with 20 additions and 4 deletions
--- a/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c
+++ b/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c
@ -226,7 +226,7 @@ fexpand(limb *output, const u8 *in) {
  output[1] = (U8TO64(in+6) >> 3) & 0x7ffffffffffff;
  output[2] = (U8TO64(in+12) >> 6) & 0x7ffffffffffff;
  output[3] = (U8TO64(in+19) >> 1) & 0x7ffffffffffff;
-  output[4] = (U8TO64(in+25) >> 4) & 0x7ffffffffffff;
+  output[4] = (U8TO64(in+24) >> 12) & 0x7ffffffffffff;
 }

 /* Take a fully reduced polynomial form number and contract it into a
--- a/test/default/scalarmult6.c
+++ b/test/default/scalarmult6.c
@ -2,12 +2,12 @@
 #define TEST_NAME "scalarmult6"
 #include "cmptest.h"

-unsigned char bobsk[32]
+unsigned char bobsk_[crypto_scalarmult_SCALARBYTES]
    = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f,
        0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18,
        0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb };

-unsigned char alicepk[32]
+unsigned char alicepk_[crypto_scalarmult_SCALARBYTES]
    = { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
        0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
        0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a };
@ -16,10 +16,24 @@ unsigned char k[32];

 int main(void)
 {
-    int i;
+    unsigned char *k;
+    unsigned char *bobsk;
+    unsigned char *alicepk;
+    int            i;
+
+    k = sodium_malloc(crypto_scalarmult_BYTES);
+    bobsk = sodium_malloc(crypto_scalarmult_SCALARBYTES);
+    alicepk = sodium_malloc(crypto_scalarmult_SCALARBYTES);
+    assert(k != NULL && bobsk != NULL && alicepk != NULL);
+
+    memcpy(bobsk, bobsk_, crypto_scalarmult_SCALARBYTES);
+    memcpy(alicepk, alicepk_, crypto_scalarmult_SCALARBYTES);

    crypto_scalarmult(k, bobsk, alicepk);

+    sodium_free(alicepk);
+    sodium_free(bobsk);
+
    for (i = 0; i < 32; ++i) {
        if (i > 0) {
            printf(",");
@ -31,5 +45,7 @@ int main(void)
            printf("\n");
        }
    }
+    sodium_free(k);
+
    return 0;
 }