From: Sergey Matveev Date: Sun, 2 Aug 2020 12:50:34 +0000 (+0300) Subject: Fixed VKO cofactor bug X-Git-Tag: v4.3.0^0 X-Git-Url: http://www.git.cypherpunks.ru/?p=gogost.git;a=commitdiff_plain;h=589425e6516d75e5c233d72369e39a6a293740b2 Fixed VKO cofactor bug --- diff --git a/VERSION b/VERSION index cf78d5b..8089590 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -4.2.4 +4.3.0 diff --git a/gost3410/2012_test.go b/gost3410/2012_test.go index 422ed7c..5924184 100644 --- a/gost3410/2012_test.go +++ b/gost3410/2012_test.go @@ -126,6 +126,7 @@ func TestStdVector2(t *testing.T) { }), nil, nil, + nil, ) if err != nil { t.FailNow() @@ -322,6 +323,7 @@ func TestGCL3Vectors(t *testing.T) { bytes2big(y), nil, nil, + nil, ) if err != nil { t.FailNow() diff --git a/gost3410/curve.go b/gost3410/curve.go index 696beab..a3685ce 100644 --- a/gost3410/curve.go +++ b/gost3410/curve.go @@ -25,6 +25,7 @@ var ( bigInt1 *big.Int = big.NewInt(1) bigInt2 *big.Int = big.NewInt(2) bigInt3 *big.Int = big.NewInt(3) + bigInt4 *big.Int = big.NewInt(4) ) type Curve struct { @@ -33,6 +34,8 @@ type Curve struct { P *big.Int // Characteristic of the underlying prime field Q *big.Int // Elliptic curve subgroup order + Co *big.Int // Cofactor + // Equation coefficients of the elliptic curve in canonical form A *big.Int B *big.Int @@ -55,7 +58,7 @@ type Curve struct { edT *big.Int } -func NewCurve(p, q, a, b, x, y, e, d *big.Int) (*Curve, error) { +func NewCurve(p, q, a, b, x, y, e, d, co *big.Int) (*Curve, error) { c := Curve{ Name: "unknown", P: p, @@ -85,6 +88,11 @@ func NewCurve(p, q, a, b, x, y, e, d *big.Int) (*Curve, error) { c.E = e c.D = d } + if co == nil { + c.Co = bigInt1 + } else { + c.Co = co + } return &c, nil } diff --git a/gost3410/params.go b/gost3410/params.go index 196ff2f..ebbb9af 100644 --- a/gost3410/params.go +++ b/gost3410/params.go @@ -61,6 +61,7 @@ var ( }), nil, nil, + nil, ) if err != nil { panic(err) @@ -109,6 +110,7 @@ var ( }), nil, nil, + nil, ) if err != nil { panic(err) @@ -157,6 +159,7 @@ var ( }), nil, nil, + nil, ) if err != nil { panic(err) @@ -205,6 +208,7 @@ var ( }), nil, nil, + nil, ) if err != nil { panic(err) @@ -253,6 +257,7 @@ var ( }), nil, nil, + nil, ) if err != nil { panic(err) @@ -318,6 +323,7 @@ var ( 0x2B, 0x9D, 0xF6, 0x28, 0x97, 0x00, 0x9A, 0xF7, 0xE5, 0x22, 0xC3, 0x2D, 0x6D, 0xC7, 0xBF, 0xFB, }), + bigInt4, ) if err != nil { panic(err) @@ -408,6 +414,7 @@ var ( }), nil, nil, + nil, ) if err != nil { panic(err) @@ -480,6 +487,7 @@ var ( }), nil, nil, + nil, ) if err != nil { panic(err) @@ -561,6 +569,7 @@ var ( 0x91, 0xA0, 0xCF, 0xC2, 0xBC, 0x2A, 0x22, 0xB4, 0xCA, 0x30, 0x2D, 0xBB, 0x33, 0xEE, 0x75, 0x50, }), + bigInt4, ) if err != nil { panic(err) diff --git a/gost3410/vko.go b/gost3410/vko.go index 1ac5ea3..e373e4a 100644 --- a/gost3410/vko.go +++ b/gost3410/vko.go @@ -24,6 +24,7 @@ func (prv *PrivateKey) KEK(pub *PublicKey, ukm *big.Int) ([]byte, error) { if err != nil { return nil, err } + ukm = ukm.Mul(ukm, prv.C.Co) if ukm.Cmp(bigInt1) != 0 { keyX, keyY, err = prv.C.Exp(ukm, keyX, keyY) if err != nil { diff --git a/install.texi b/install.texi index c7b52c7..cd6c450 100644 --- a/install.texi +++ b/install.texi @@ -1,7 +1,7 @@ @node Download @unnumbered Download -@set VERSION 4.2.4 +@set VERSION 4.3.0 Preferable way is to download tarball with the signature from website and, for example, run tests with benchmarks: diff --git a/news.texi b/news.texi index 7d139e1..68ee906 100644 --- a/news.texi +++ b/news.texi @@ -3,6 +3,11 @@ @table @strong +@anchor{Release 4.3.0} +@item 4.3.0 + @strong{Fixed} nasty bug with Edwards curves using in 34.10-VKO + functions: curve's cofactor has not been used. + @anchor{Release 4.2.4} @item 4.2.4 @code{gost3410.PrivateKeyReverseDigest} reversed digests and