diff --git a/ChangeLog b/ChangeLog index 29115e208..27acfaf3f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -49,6 +49,9 @@ Changes * Provide an empty implementation of mbedtls_pkcs5_pbes2() when MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 without PBES2. Fixed by Marcos Del Sol Vives. + * Add the order of the base point as N in the mbedtls_ecp_group structure + for Curve25519 (other curves had it already). Contributed by Nicholas + Wilson #481 = mbed TLS 2.8.0 branch released 2018-03-16 diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index b00ba4da8..d8c68233d 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -144,7 +144,7 @@ typedef struct mbedtls_mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */ mbedtls_mpi B; /*!< 1. B in the equation, or 2. unused */ mbedtls_ecp_point G; /*!< generator of the (sub)group used */ - mbedtls_mpi N; /*!< 1. the order of G, or 2. unused */ + mbedtls_mpi N; /*!< the order of G */ size_t pbits; /*!< number of bits in P */ size_t nbits; /*!< number of bits in 1. P, or 2. private keys */ unsigned int h; /*!< internal: 1 if the constants are static */ diff --git a/library/ecp_curves.c b/library/ecp_curves.c index df5ac3eea..f7860fdbc 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -670,7 +670,12 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp ) MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &grp->P, &grp->P, 19 ) ); grp->pbits = mbedtls_mpi_bitlen( &grp->P ); - /* Y intentionaly not set, since we use x/z coordinates. + /* N = 2^252 + 27742317777372353535851937790883648493 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &grp->N, 16, + "14DEF9DEA2F79CD65812631A5CF5D3ED" ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &grp->N, 252, 1 ) ); + + /* Y intentionally not set, since we use x/z coordinates. * This is used as a marker to identify Montgomery curves! */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.X, 9 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &grp->G.Z, 1 ) );