From 54fc34ea683167260ec5df3dc94a7c544b08325c Mon Sep 17 00:00:00 2001 From: Nicholas Wilson Date: Mon, 16 May 2016 15:15:45 +0100 Subject: [PATCH 1/3] Include order of Curve25519 base point in curve data --- include/mbedtls/ecp.h | 2 +- library/ecp_curves.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b00ba4da8..d8c68233d 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -144,7 +144,7 @@ typedef struct mbedtls_mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */ mbedtls_mpi B; /*!< 1. B in the equation, or 2. unused */ mbedtls_ecp_point G; /*!< generator of the (sub)group used */ - mbedtls_mpi N; /*!< 1. the order of G, or 2. unused */ + mbedtls_mpi N; /*!< the order of G */ size_t pbits; /*!< number of bits in P */ size_t nbits; /*!< number of bits in 1. P, or 2. private keys */ unsigned int h; /*!< internal: 1 if the constants are static */ diff --git a/library/ecp_curves.c b/library/ecp_curves.c index df5ac3eea..5b38a8772 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -670,6 +670,11 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp ) MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) ); grp->pbits = mbedtls_mpi_bitlen( &grp->P ); + /* N = 2^252 + 27742317777372353535851937790883648493 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16, + "14DEF9DEA2F79CD65812631A5CF5D3ED" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); + /* Y intentionaly not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); From fff308e2faa9d3ae489bd8c285162267bb05d570 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Mar 2018 11:13:05 +0200 Subject: [PATCH 2/3] Add a ChangeLog entry for Curve22519 N --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 453364454..6f56fae51 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,9 @@ Changes * Improve testing in configurations that omit certain hashes or public-key algorithms. Includes contributions by Gert van Dijk. * Improve negative testing of X.509 parsing. + * Add the order of the base point as N in the mbedtls_ecp_group structure + for Curve25519 (other curves had it already). Contributed by Nicholas + Wilson #481 = mbed TLS 2.8.0 branch released 2018-03-16 From 18b78435dc3883ad0aae000662a28f74ccfd7375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Mar 2018 11:14:06 +0200 Subject: [PATCH 3/3] Fix a typo in a comment --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 5b38a8772..f7860fdbc 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -675,7 +675,7 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp ) "14DEF9DEA2F79CD65812631A5CF5D3ED" ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); - /* Y intentionaly not set, since we use x/z coordinates. + /* Y intentionally not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );