Changeset d7d1dcb5


Ignore:
Timestamp:
Mar 12, 2019 12:55:58 PM (23 months ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
1f861c1
Parents:
91c59df
Message:

Crypto: Ed25519 check for S < L as in RFC 8032

Location:
core/java/src/net/i2p/crypto/eddsa
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • core/java/src/net/i2p/crypto/eddsa/EdDSABlinding.java

    r91c59df rd7d1dcb5  
    2222    private static final byte[] ONE = Utils.hexToBytes("0100000000000000000000000000000000000000000000000000000000000000");
    2323    private static final Field FIELD = EdDSANamedCurveTable.getByName("Ed25519").getCurve().getField();
    24     private static final BigInteger ORDER = new BigInteger("2").pow(252).add(new BigInteger("27742317777372353535851937790883648493"));
     24    public static final BigInteger ORDER = new BigInteger("2").pow(252).add(new BigInteger("27742317777372353535851937790883648493"));
    2525
    2626    private EdDSABlinding() {}

  • core/java/src/net/i2p/crypto/eddsa/EdDSAEngine.java

    r91c59df rd7d1dcb5  
    22
    33import java.io.ByteArrayOutputStream;
     4import java.math.BigInteger;
    45import java.nio.ByteBuffer;
    56import java.security.InvalidAlgorithmParameterException;
     
    1920import net.i2p.crypto.eddsa.math.GroupElement;
    2021import net.i2p.crypto.eddsa.math.ScalarOps;
     22import net.i2p.crypto.eddsa.math.bigint.BigIntegerLittleEndianEncoding;
    2123
    2224/**
     
    301303
    302304        byte[] Sbyte = Arrays.copyOfRange(sigBytes, b/8, b/4);
     305        // RFC 8032
     306        BigInteger Sbigint = (new BigIntegerLittleEndianEncoding()).toBigInteger(Sbyte);
     307        if (Sbigint.compareTo(EdDSABlinding.ORDER) >= 0)
     308            return false;
     309
    303310        // R = SB - H(Rbar,Abar,M)A
    304311        GroupElement R = key.getParams().getB().doubleScalarMultiplyVariableTime(
Note: See TracChangeset for help on using the changeset viewer.