curve25519-donna-c64: don't read an extra byte when expanding a 32-byte number into polynomial form
Reported by Michael Holmwood.
This commit is contained in:
Frank Denis
parent
df021fba2b
commit
d3e716aa49
@ -226,7 +226,7 @@ fexpand(limb *output, const u8 *in) {
|
|||||||
output[1] = (U8TO64(in+6) >> 3) & 0x7ffffffffffff;
|
output[1] = (U8TO64(in+6) >> 3) & 0x7ffffffffffff;
|
||||||
output[2] = (U8TO64(in+12) >> 6) & 0x7ffffffffffff;
|
output[2] = (U8TO64(in+12) >> 6) & 0x7ffffffffffff;
|
||||||
output[3] = (U8TO64(in+19) >> 1) & 0x7ffffffffffff;
|
output[3] = (U8TO64(in+19) >> 1) & 0x7ffffffffffff;
|
||||||
output[4] = (U8TO64(in+25) >> 4) & 0x7ffffffffffff;
|
output[4] = (U8TO64(in+24) >> 12) & 0x7ffffffffffff;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Take a fully reduced polynomial form number and contract it into a
|
/* Take a fully reduced polynomial form number and contract it into a
|
||||||
|
|||||||
@ -2,12 +2,12 @@
|
|||||||
#define TEST_NAME "scalarmult6"
|
#define TEST_NAME "scalarmult6"
|
||||||
#include "cmptest.h"
|
#include "cmptest.h"
|
||||||
|
|
||||||
unsigned char bobsk[32]
|
unsigned char bobsk_[crypto_scalarmult_SCALARBYTES]
|
||||||
= { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f,
|
= { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f,
|
||||||
0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18,
|
0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18,
|
||||||
0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb };
|
0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb };
|
||||||
|
|
||||||
unsigned char alicepk[32]
|
unsigned char alicepk_[crypto_scalarmult_SCALARBYTES]
|
||||||
= { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
|
= { 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d,
|
||||||
0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
|
0xdc, 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38,
|
||||||
0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a };
|
0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a };
|
||||||
@ -16,10 +16,24 @@ unsigned char k[32];
|
|||||||
|
|
||||||
int main(void)
|
int main(void)
|
||||||
{
|
{
|
||||||
int i;
|
unsigned char *k;
|
||||||
|
unsigned char *bobsk;
|
||||||
|
unsigned char *alicepk;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
k = sodium_malloc(crypto_scalarmult_BYTES);
|
||||||
|
bobsk = sodium_malloc(crypto_scalarmult_SCALARBYTES);
|
||||||
|
alicepk = sodium_malloc(crypto_scalarmult_SCALARBYTES);
|
||||||
|
assert(k != NULL && bobsk != NULL && alicepk != NULL);
|
||||||
|
|
||||||
|
memcpy(bobsk, bobsk_, crypto_scalarmult_SCALARBYTES);
|
||||||
|
memcpy(alicepk, alicepk_, crypto_scalarmult_SCALARBYTES);
|
||||||
|
|
||||||
crypto_scalarmult(k, bobsk, alicepk);
|
crypto_scalarmult(k, bobsk, alicepk);
|
||||||
|
|
||||||
|
sodium_free(alicepk);
|
||||||
|
sodium_free(bobsk);
|
||||||
|
|
||||||
for (i = 0; i < 32; ++i) {
|
for (i = 0; i < 32; ++i) {
|
||||||
if (i > 0) {
|
if (i > 0) {
|
||||||
printf(",");
|
printf(",");
|
||||||
@ -31,5 +45,7 @@ int main(void)
|
|||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
sodium_free(k);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user