Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mirage-crypto-ec.Dsa raise Message_too_long in sign, verify checks di… #108

Merged
merged 4 commits into from
Mar 11, 2021

Conversation

hannesm
Copy link
Member

@hannesm hannesm commented Mar 10, 2021

…gest length

Previously, only the x leftmost bits were used with x being the bit size of the
group order. This could lead to two inputs X and Y with the same signature,
especially bad for verify.

…gest length

Previously, only the x leftmost bits were used with x being the bit size of the
group order. This could lead to two inputs X and Y with the same signature,
especially bad for verify.
@hannesm hannesm merged commit e584532 into mirage:main Mar 11, 2021
@hannesm hannesm deleted the ecdsa branch March 11, 2021 09:16
kit-ty-kate pushed a commit to ocaml/opam-repository that referenced this pull request Mar 31, 2021
…ge-crypto-rng, mirage-crypto-rng-mirage and mirage-crypto-rng-async (0.9.0)

CHANGES:

- Elliptic curve support in the new package mirage-crypto-ec

  The arithmetic code is generated by
  [fiat-crypto](https://github.com/mit-plv/fiat-crypto), a development in Coq
  which includes proofs of constant time behaviour. The generation can be
  reproduced (see ec/native/GNUmakefile).

  The group operation implementations are taken from BoringSSL. The high-level
  mechanisms (signature DSA and key exchange ECDH) are implemented in OCaml.
  The ECDSA implementation (as our DSA one) uses a deterministic k (RFC 6979).

  The NIST curves P224 (SECP224R1), P256 (SECP256R1), P384 (SECP384R1), and
  P521 (SECP521R1) are supported (ECDH and ECDSA), in addition to Curve25519
  (X25519 and Ed25519).

  Performance of X25519 has been measured and is roughly the same as
  the hacl_x25519 and also the hacl opam package (see mirage/mirage-crypto#107 for numbers).

  Tests vectors are from RFCs and wycheproof.

  Import mirage/fiat repository (@pascutto @emillon @NathanReb @hannesm mirage/mirage-crypto#101)
  Check bounds of message (reported by @greg42, fixed by @hannesm mirage/mirage-crypto#108)
  Remove blinding, since constant time arithmetics is used (@hannesm mirage/mirage-crypto#106)
  Curve 25519 (X25519 & Ed25519) support (@hannesm mirage/mirage-crypto#107 imported from BoringSSL)

  Partially reviewed by @JasonGross @avsm @dinosaure
  Partially sponsored by Nitrokey GmbH
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant