ecc: Fix X25519 computation on Curve25519.
authorNIIBE Yutaka <gniibe@fsij.org>
Tue, 12 Apr 2016 00:58:12 +0000 (09:58 +0900)
committerNIIBE Yutaka <gniibe@fsij.org>
Tue, 12 Apr 2016 00:58:12 +0000 (09:58 +0900)
commitee7e1a0e835f8ffcfbcba2a44abab8632db8fed5
treef5db0011b4d734d86d1b46c8e3f9371d412b5f1b
parent7fbdb99b8c56360adfd1fb4e7f4c95e0f8aa34de
ecc: Fix X25519 computation on Curve25519.

* cipher/ecc.c (ecc_encrypt_raw): Tweak of bits when
PUBKEY_FLAG_DJB_TWEAK is enabled.
(ecc_decrypt_raw): Return 0 when PUBKEY_FLAG_DJB_TWEAK is enabled.
* tests/t-cv25519.c (test_cv): Update by using gcry_pk_encrypt.

--

X25519 function is not a plain scalar multiplication, but does
two things; the scalar bits are tweaked before applying scalar
multiplication and X0 function is applied to the result of
scalar multiplication.

In libgcrypt, _gcry_mpi_ec_mul_point is a plain scalar multiplication
and those two things are done in functions for ECDH with X25519.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
cipher/ecc.c
tests/t-cv25519.c