Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
openpgp: serialize correct bitlength for generated ECC keys
Rather than rounding the `type || X || Y` byte sequence to the next 8-bit boundary, packet.NewECDSAPublicKey() now rounds the X and Y coordinates individually, then adds the bitlength 3 of type 4 (compressed). For NIST P-256, this leads to a bit length of 515, rather than 520. GnuPG calculates 515 as well, and https://tools.ietf.org/html/rfc6637#section-6 explicitly states that "the exact size of the MPI payload is 515 bits for 'Curve P-256,'" so the new formula is consistent. Fixes golang/go#23460 Change-Id: I64b340d1c761bfd795a1a64dc2f7a831c8b2ff32 Reviewed-on: https://go-review.googlesource.com/87995 Reviewed-by: Adam Langley <agl@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Adam Langley <agl@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
- Loading branch information