ecc: Positive values in computation.

* cipher/ecc-curves.c (_gcry_ecc_fill_in_curve): Make sure
coefficients A and B are positive.
* cipher/ecc-eddsa.c (_gcry_ecc_eddsa_recover_x): For negation, do
"P - T" instead of "-T", so that the result will be positive.
(_gcry_ecc_eddsa_verify): Likewise.
* cipher/ecc.c (ecc_check_secret_key): Use _gcry_ecc_fill_in_curve
instead of _gcry_ecc_update_curve_param.
* mpi/ec.c (ec_subm): Make sure the result will be positive.
(dup_point_edwards, sub_points_edwards, _gcry_mpi_ec_curve_point): Use
mpi_sub instead of mpi_neg.
(add_points_edwards): Simply use ec_addm.
* tests/t-mpi-point.c (test_curve): Define curves with positive
coefficients.

--

We keep the coefficients of domain_parms in ecc-curves.c, so that
keygrip computations won't change.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/tests/t-mpi-point.c b/tests/t-mpi-point.c
index 55c6b666..84da7ccb 100644
--- a/tests/t-mpi-point.c
+++ b/tests/t-mpi-point.c
@@ -130,8 +130,8 @@ static struct
     {
       "Ed25519",
       "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
-      "-0x01",
-      "-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
+      "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEC",
+      "0x52036CEE2B6FFE738CC740797779E89800700A4D4141D8AB75EB4DCA135978A3",
       "0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
       "0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
       "0x6666666666666666666666666666666666666666666666666666666666666658",