Return-Path: <gniibe@fsij.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 477201200EC
 for <openpgp@ietfa.amsl.com>; Mon,  2 Dec 2019 18:39:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level: 
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001]
 autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
 header.d=fsij.org
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id FIYA6-DYLQ-Y for <openpgp@ietfa.amsl.com>;
 Mon,  2 Dec 2019 18:39:47 -0800 (PST)
Received: from akagi.fsij.org (akagi.fsij.org
 [IPv6:2001:4b98:dc0:41:216:3eff:fe1a:6542])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 38893120052
 for <openpgp@ietf.org>; Mon,  2 Dec 2019 18:39:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=fsij.org;
 s=main; h=Content-Type:MIME-Version:Message-ID:Date:References:In-Reply-To:
 Subject:To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=CRt2HdsUmxYr9KjGDOTPV+mpF7RJetL9aVbw6IWpl/g=; b=mBqOkKsIEkXBsHEThhx7DDLlnU
 3LXHv730lc6S2oKak6ytpG8w8pGgwFfKQXgh6zlciKg8kNnltBBg2kTZG/N1b6nsHlQY7fHmfJfO+
 jj16caTXZDGSLsVzk1vsmTXxW5puN9a4tKj5qpo9k9yYrgdRxVodHx0VC46zJWOFJm5DKcslaHnNn
 vzlX9Qw33PzN0/ycHRsw8PpK55KnmbGBxFM/YvRfUV1PdnlJ1yMUG4AigfAPDH51bqwiZy/i+ccjJ
 7RnFuvb3K/x38bpXQb/keFA3LMb8jGJiPZukgTIxhQJEHWOUBN1mY/0zVxj92XvmWqeJHsar69CsI
 ayOmmZCw==;
Received: from 140.200.232.153.ap.dti.ne.jp ([153.232.200.140]
 helo=iwagami.gniibe.org)
 by akagi.fsij.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <gniibe@fsij.org>)
 id 1iby6I-000651-UG; Tue, 03 Dec 2019 03:39:44 +0100
Received: by iwagami.gniibe.org (sSMTP sendmail emulation);
 Tue, 03 Dec 2019 11:39:38 +0900
From: NIIBE Yutaka <gniibe@fsij.org>
To: IETF OpenPGP <openpgp@ietf.org>
In-Reply-To: <87tv7pwdcb.fsf@jumper.gniibe.org>
References: <87a79kmhd1.fsf@iwagami.gniibe.org>
 <1572452632.29750.0@smtp.gmail.com> <87tv7pwdcb.fsf@jumper.gniibe.org>
Date: Tue, 03 Dec 2019 11:39:38 +0900
Message-ID: <87k17eb09h.fsf@iwagami.gniibe.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/FMlhSoh5E4jB2o42IybfjYJYI0s>
Subject: Re: [openpgp] EdDSA problem and possible change about ECC
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>,
 <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>,
 <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Dec 2019 02:39:49 -0000

--=-=-=
Content-Type: text/plain

Hello,

Attached are example EdDSA public and secret key with malformed MPI.

In secret part and siganature (R and S), it starts by zero octet and it
says it's 256-bit.

With modified GnuPG (which can show malformed MPI representation),
gpg -v --list-packet shows:

==========================
# off=0 ctb=94 tag=5 hlen=2 plen=88
:secret key packet:
	version 4, algo 22, created 1541067011, expires 0
	pkey[0]: 092B06010401DA470F01 ed25519 (1.3.6.1.4.1.11591.15.1)
	pkey[1]: 4000001F8BEA42B3C74C50AA3589B1AA065F196857DB97A75E4A54953F093E6772
	skey[2]: 0000000000000000000000000000000000000000000000000000000000000024
	checksum: 07b6
	keyid: 603315C930792940
# off=90 ctb=b4 tag=13 hlen=2 plen=35
:user ID packet: "ECC Test Key <ecc-test@example.org>"
# off=127 ctb=88 tag=2 hlen=2 plen=148
:signature packet: algo 22, keyid 603315C930792940
	version 4, created 1541115112, md5len 0, sigclass 0x13
	digest algo 8, begin of digest c0 f0
	hashed subpkt 33 len 21 (issuer fpr v4 F2C1264E292A298AEB4BC348603315C930792940)
	hashed subpkt 2 len 4 (sig created 2018-11-01)
	hashed subpkt 27 len 1 (key flags: 03)
	hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
	hashed subpkt 34 len 2 (pref-aead-algos: 2 1)
	hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
	hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
	hashed subpkt 30 len 1 (features: 07)
	hashed subpkt 23 len 1 (keyserver preferences: 80)
	subpkt 16 len 8 (issuer key ID 603315C930792940)
	data: 00A594ACA396212AD2800C8ED426449ECABC4B561000E12B96D8EFE3BDBED153
	data: 00112F614291A5C8E5548B6CACEBABA1DB95394DAC15461C21EC9AB037A77D07
==========================

In my opinion, those data (secret part, signature) are better to be
defined as non-MPI.

Once, I thought that it is also good for the public part (the point
representation in pkey[1]) to be defined as non-MPI.  However, this part
is used for fingerprint computation, so, I realized that changing the
definition is not easy.

-- 

--=-=-=
Content-Type: application/pgp-keys
Content-Disposition: attachment; filename=ecc-test-key-sos-1-pub.asc
Content-Transfer-Encoding: base64

LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptRE1FVzlyUkF4WUpLd1lCQkFI
YVJ3OEJBUWRBQUFBZmkrcENzOGRNVUtvMWliR3FCbDhaYUZmYmw2ZGVTbFNWClB3aytaM0swSTBW
RFF5QlVaWE4wSUV0bGVTQThaV05qTFhSbGMzUkFaWGhoYlhCc1pTNXZjbWMraUpRRUV4WUkKQUR3
V0lRVHl3U1pPS1NvcGl1dEx3MGhnTXhYSk1Ia3BRQVVDVzl1TTZBSWJBd1VMQ1FnSEFnTWlBZ0VH
RlFvSgpDQXNDQkJZQ0F3RUNIZ2NDRjRBQUNna1FZRE1WeVRCNUtVREE4QUVBQUtXVXJLT1dJU3JT
Z0F5TzFDWkVuc3E4ClMxWVFBT0VybHRqdjQ3MiswVk1CQUFBUkwyRkNrYVhJNVZTTGJLenJxNkhi
bFRsTnJCVkdIQ0hzbXJBM3AzMEgKPXljWWIKLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxPQ0st
LS0tLQo=
--=-=-=
Content-Type: application/pgp-keys
Content-Disposition: attachment; filename=ecc-test-key-sos-1-sec.asc
Content-Transfer-Encoding: base64

LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbEZnRVc5clJBeFlKS3dZQkJB
SGFSdzhCQVFkQUFBQWZpK3BDczhkTVVLbzFpYkdxQmw4WmFGZmJsNmRlU2xTVgpQd2srWjNJQUFR
QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBSkFlMnRDTkZRME1nClZH
VnpkQ0JMWlhrZ1BHVmpZeTEwWlhOMFFHVjRZVzF3YkdVdWIzSm5Qb2lVQkJNV0NBQThGaUVFOHNF
bVRpa3EKS1lyclM4TklZRE1WeVRCNUtVQUZBbHZiak9nQ0d3TUZDd2tJQndJRElnSUJCaFVLQ1Fn
TEFnUVdBZ01CQWg0SApBaGVBQUFvSkVHQXpGY2t3ZVNsQXdQQUJBQUNsbEt5amxpRXEwb0FNanRR
bVJKN0t2RXRXRUFEaEs1Ylk3K085CnZ0RlRBUUFBRVM5aFFwR2x5T1ZVaTJ5czY2dWgyNVU1VGF3
VlJod2g3SnF3TjZkOUJ3PT0KPWIwYTgKLS0tLS1FTkQgUEdQIFBSSVZBVEUgS0VZIEJMT0NLLS0t
LS0K
--=-=-=--