Niels Möller | 25 Apr 21:43 2016
Picon
Picon
Picon

Curve25519 and RFC 7748

Hi,

Nikos pointed out to me that there's a slight difference between
curve25519 as implemented by Nettle and the spec in RFC 7748.

As far as I see, the difference is that RFC 7748 says that bit 255 of an
encoded x coordinates is ignored. Or more precisely, the high bit of the
31:st octet in the x input string is cleared before convertion into an
integer. While nettle's curve25519_mul includes it in the computation,
with the usual wrap-around, 2^255 = 19 (mod p). I don't see any
difference in handling scalars. Do you agree?

So I'm considering this change,

diff --git a/curve25519-mul.c b/curve25519-mul.c
index adb20cb..f5127d7 100644
--- a/curve25519-mul.c
+++ b/curve25519-mul.c
 <at>  <at>  -72,7 +72,11  <at>  <at>  curve25519_mul (uint8_t *q, const uint8_t *n, const uint8_t *p)
   itch = ecc->p.size * 12;
   scratch = gmp_alloc_limbs (itch);

+  /* Note that 255 % GMP_NUMB_BITS == 0 isn't supported, so x1 always
+     holds at least 256 bits. */
   mpn_set_base256_le (x1, ecc->p.size, p, CURVE25519_SIZE);
+  /* Clear bit 255, as required by RFC 7748. */
+  x1[255/GMP_NUMB_BITS] &= ~((mp_limb_t) 1 << (255 % GMP_NUMB_BITS));

   /* Initialize, x2 = x1, z2 = 1 */
   mpn_copyi (x2, x1, ecc->p.size);
(Continue reading)

Nikos Mavrogiannopoulos | 10 Mar 18:10 2016
Picon

mini-gmp builds enhancements

The attached patches fix compilation issues with mini-gmp, add a gitlab
build rule, and prevent the symbols defined in gmp-glue.h from being
exported into nettle's ABI.

The latter was to avoid abidiff differences to hogweed's ABI when built
with different gmp versions. For that I renamed the gmp-glue _nettle_*
symbols to _inettle_*.

regards,
Nikos
_______________________________________________
nettle-bugs mailing list
nettle-bugs <at> lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Nikos Mavrogiannopoulos | 29 Feb 13:29 2016
Picon
Gravatar

patch to use gitlab runners with libasan and libubsan

Hello,
 I've now completed enabling the undefined sanitizer for gnutls, and
may be a good idea to use it for nettle to.  The following patch
enables running the test suite of nettle under libasan (to detect any
invalid memory accesses/writes), and the undefined sanitizer.

I've run a test build, and the libasan build succeeds but the libubsan
builds fail:
https://gitlab.com/gnutls/nettle/builds/773956

Its complaints are not that critical for the targetted platforms but
may be nice not to rely on undefined behavior.

regards,
Nikos
_______________________________________________
nettle-bugs mailing list
nettle-bugs <at> lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Nikos Mavrogiannopoulos | 18 Feb 11:06 2016
Picon
Gravatar

dll file names

Hello,
 The attached patch corrects the name used for the windows dlls. With
the current naming, it is not possible to update an existing version
of nettle by dropping the new files in place and the patch fixes that.

regards,
Nikos
_______________________________________________
nettle-bugs mailing list
nettle-bugs <at> lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Hanno Böck | 13 Feb 11:13 2016
Picon
Gravatar

abort / assert issues in sexp-conv

Hi,

I did a quick fuzzing test of the command line tools coming with nettle.

echo "]"|sexp-conv
will cause an abort call and
echo "{MiM}"|sexp-conv
causes an assert:
sexp-conv: /var/tmp/portage/dev-libs/nettle-3.2/work/nettle-3.2/tools/input.c:128:
sexp_input_start_coding: Assertion `!input->coding' failed.

Not sure how relevant these tools are, but usually abort/assert calls
are debugging tools for situations in a software that should never
happen on normal operations.

--

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...
GPG: BBB51E42
_______________________________________________
nettle-bugs mailing list
nettle-bugs <at> lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Nikos Mavrogiannopoulos | 9 Feb 14:31 2016
Picon

backporting ecc patches

Hello Niels,
 Do you plan a backport of the carry propagation fix in secp384 [0] for
nettle 2.7.1? My limited understanding of the 3.2 assembly file
wouldn't work out of the box in 2.7 due to the change from ecc_curve to
ecc_modulus.

The fix for the secp256r1 issue [1] looks quite trivial to backport if
p->m is replaced by ecc->p. Is my understanding correct?

regards,
Nikos

[0]. https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c90
1dbd84a12e52b918a09cd7

[1]. https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985
e3872e4550137209e3ce4d

_______________________________________________
nettle-bugs mailing list
nettle-bugs <at> lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Girish Kumar | 7 Feb 16:19 2016

cross compiling nettle-3.2 for armv7 on linux

Hi All,

I am cross compiling nettle-3.2  for armv7 on linux. But I  am getting following error.
Could you please help me on this

nettle_deps = $(shell find $(LTOP)/nettle-3.2 -type f)
$(OBJS)/nettle/nettle.configured: $(nettle_deps)
     <at> rm -rf $(OBJS)/nettle;
     <at> mkdir -p $(OBJS)/nettle;
     <at> cd $(OBJS)/nettle;\
    declare -x PATH=$(CCPATH):$(PATH);\
    declare -x ac_cv_func_malloc_0_nonnull="yes";\
    declare -x ac_cv_func_realloc_0_nonnull="yes";\
    declare -x CFLAGS="$(PLATFORM_CFLAGS) ";\
    declare -x LDFLAGS="$(PLATFORM_LDFLAGS) -L$(CROSSLIBS) -L$(BUILT_LIBS)";\
    declare -x CPPFLAGS="$(PLATFORM_CPPFLAGS) -I$(CROSSINCS) -I$(BUILT_INCLUDES) ";\
    $(LTOP)/nettle-3.2/configure --prefix=$(BUILT_BASE) --host=$(CCPREFIX)  --disable-static&> $(OBJS)/nettle/configure.out
     <at> touch $(OBJS)/nettle/nettle.configured

$(RAMDISK_LIB)/nettle.so: $(OBJS)/nettle/nettle.configured
     <at> cd $(OBJS)/nettle;\
    declare -x HOSTCC=`which gcc`;\
    declare -x PATH=$(CCPATH):$(PATH);\
    declare -x CFLAGS="$(PLATFORM_CFLAGS) ";\
    declare -x LDFLAGS="$(PLATFORM_LDFLAGS) -L$(CROSSLIBS) -L$(BUILT_LIBS)";\
    declare -x CPPFLAGS="$(PLATFORM_CPPFLAGS) -I$(CROSSINCS) -I$(BUILT_INCLUDES) ";\
    $(MAKE) &> $(OBJS)/nettle/make.out;\
    $(MAKE) install  &> $(OBJS)/nettle/install.out
checking build system compiler gcc... no
checking build system compiler cc... no
(Continue reading)

Niels Möller | 28 Jan 21:30 2016
Picon
Picon
Picon

ANNOUNCE: Nettle-3.2

I'm happy to announce a new release of GNU Nettle, a low-level
cryptographics library. This is mainly a bug fix release, with few new
features.

The Nettle home page can be found at
https://www.lysator.liu.se/~nisse/nettle/, and the manual at
https://www.lysator.liu.se/~nisse/nettle/nettle.html.

NEWS for the Nettle 3.2 release

	Bug fixes:

	* The SHA3 implementation is updated according to the FIPS 202
	  standard. It is not interoperable with earlier versions of
	  Nettle. Thanks to Nikos Mavrogiannopoulos. To easily
	  differentiate at compile time, sha3.h defines the constant
	  NETTLE_SHA3_FIPS202.

	* Fix corner-case carry propagation bugs affecting elliptic
	  curve operations on the curves secp_256r1 and secp_384r1 on
	  certain platforms, including x86_64. Reported by Hanno Böck.

	New features:

	* New functions for RSA private key operations, identified by
	  the "_tr" suffix, with better resistance to side channel
	  attacks and to hardware or software failures which could
	  break the CRT optimization. See the Nettle manual for
	  details. Initial patch by Nikos Mavrogiannopoulos.

(Continue reading)

Niels Möller | 26 Jan 22:50 2016
Picon
Picon
Picon

Re: nettle-pbkdf2 dumps core when executed with an unknown option

dongsheng zhang <dongsheng.zhang <at> oracle.com> writes:

> Will a newer version of nettle with the fix be released soon please?

Your bug report was very timely, a new relase, nettle-3.2, is planned
this week.

Regards,
/Niels

--

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list
nettle-bugs <at> lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Niels Möller | 26 Jan 19:44 2016
Picon
Picon
Picon

Re: nettle-pbkdf2 dumps core when executed with an unknown option

dongsheng zhang <dongsheng.zhang <at> oracle.com> writes:

> We have found that nettle-pbkdf2 dumps core when executed with an
> unknown option.

Thanks for the bug report. There was a missing "case '?':" in the option
handling, and a similar bug also in nettle-hash. Fix checked in now, the
programs should display a usage message and exit. (Some of the other
programs just call exit (EXIT_FAILURE) in this situation, and some lack
usage messages, so it's not completely consistent).

Regards,
/Niels

--

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list
nettle-bugs <at> lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Niels Möller | 23 Jan 21:19 2016
Picon
Picon
Picon

Nettle-3.2 plans

Now I think the documentation of the new RSA tr functions is in
reasonable shape, and I'd like to get a release out real soon now.

I've put a release candidate at
https://www.lysator.liu.se/~nisse/archive/nettle-3.2rc1.tar.gz, and I've
updated the release planning at
https://www.lysator.liu.se/~nisse/nettle/plan.html.

I've spent the day doing tests on various emulated systems. The ARM and
PPC emulators have completed the tests with no issues, MIPS and M68K
emulators still working hard. Currently, I'm doing tests on gnu/linux
and freebsd (the sparc solaris systems I used to do some testing on have
been powered down).

If no last minute problems are discovered, I plan to make the release
earliest on Wednesday evening (January 27). 

All testing is highly appreciated. In particular, if Mac, Windows, or
some more obscure systems are important to you, now is the time to test.
As a reminder, non-GNU make programs are not really supported.

Review of the NEWS file and the new RSA material in the
manual would also be very nice.

Regards,
/Niels

--

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
(Continue reading)


Gmane