Comments and tweaks based on review by asn

Add some documentation

Rename "derive" -> "blind"

Check for failure on randombytes().
This commit is contained in:
Nick Mathewson 2014-09-25 15:03:55 -04:00
parent 6dbd451b9f
commit 46cda485bc
8 changed files with 36 additions and 12 deletions

View File

@ -128,7 +128,13 @@ curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
return 0;
}
/** DOCDOC */
/** Write the <b>datalen</b> bytes from <b>data</b> to the file named
* <b>fname</b> in the tagged-data format. This format contains a
* 32-byte header, followed by the data itself. The header is the
* NUL-padded string "== <b>typestring</b>: <b>tag</b> ==". The length
* of <b>typestring</b> and <b>tag</b> must therefore be no more than
* 24.
**/
int
crypto_write_tagged_contents_to_file(const char *fname,
const char *typestring,
@ -159,7 +165,11 @@ crypto_write_tagged_contents_to_file(const char *fname,
return r;
}
/** DOCDOC */
/** Read a tagged-data file from <b>fname</b> into the
* <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
* typestring matches <b>typestring</b>; store the tag into a newly allocated
* string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
* data on success. */
ssize_t
crypto_read_tagged_contents_from_file(const char *fname,
const char *typestring,

View File

@ -138,6 +138,8 @@ ed25519_checksig_batch(int *okay_out,
}
#if 0
/* This is how we'd do it if we were using ed25519_donna. I'll keep this
* code around here in case we ever do that. */
const uint8_t **ms;
size_t *lens;
const uint8_t **pks;
@ -249,7 +251,7 @@ ed25519_keypair_blind(ed25519_keypair_t *out,
{
ed25519_public_key_t pubkey_check;
ed25519_ref10_derive_secret_key(out->seckey.seckey,
ed25519_ref10_blind_secret_key(out->seckey.seckey,
inp->seckey.seckey, param);
ed25519_public_blind(&pubkey_check, &inp->pubkey, param);
@ -272,7 +274,7 @@ ed25519_public_blind(ed25519_public_key_t *out,
const ed25519_public_key_t *inp,
const uint8_t *param)
{
ed25519_ref10_derive_public_key(out->pubkey, inp->pubkey, param);
ed25519_ref10_blind_public_key(out->pubkey, inp->pubkey, param);
return 0;
}

View File

@ -19,7 +19,7 @@ gettweak(unsigned char *out, const unsigned char *param)
out[31] |= 64;
}
int ed25519_ref10_derive_secret_key(unsigned char *out,
int ed25519_ref10_blind_secret_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param)
{
@ -40,7 +40,7 @@ int ed25519_ref10_derive_secret_key(unsigned char *out,
return 0;
}
int ed25519_ref10_derive_public_key(unsigned char *out,
int ed25519_ref10_blind_public_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param)
{
@ -58,7 +58,8 @@ int ed25519_ref10_derive_public_key(unsigned char *out,
* strongly that I'm about to code my own ge_scalarmult_vartime). */
/* We negate the public key first, so that we can pass it to
* frombytes_negate_vartime, which negates it again. */
* frombytes_negate_vartime, which negates it again. If there were a
* "ge_frombytes", we'd use that, but there isn't. */
memcpy(pkcopy, inp, 32);
pkcopy[31] ^= (1<<7);
ge_frombytes_negate_vartime(&A, pkcopy);
@ -69,7 +70,7 @@ int ed25519_ref10_derive_public_key(unsigned char *out,
memwipe(tweak, 0, sizeof(tweak));
memwipe(&A, 0, sizeof(A));
memwipe(&Aprime, 0, sizeof(Aprime));
memwipe(&pkcopy, 0, sizeof(pkcopy));
memwipe(pkcopy, 0, sizeof(pkcopy));
return 0;
}

View File

@ -1,8 +1,12 @@
/* Added for Tor. */
#include <openssl/sha.h>
/* Set 'out' to the 512-bit SHA512 hash of the 'len'-byte string in 'inp' */
#define crypto_hash_sha512(out, inp, len) \
SHA512((inp), (len), (out))
/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
* concatenated with the 'len2'-byte string in 'inp2'. */
#define crypto_hash_sha512_2(out, inp1, len1, inp2, len2) \
do { \
SHA512_CTX sha_ctx_; \
@ -12,6 +16,9 @@
SHA512_Final((out), &sha_ctx_); \
} while(0)
/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
* concatenated with the 'len2'-byte string in 'inp2', concatenated with
* the 'len3'-byte string in 'len3'. */
#define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3) \
do { \
SHA512_CTX sha_ctx_; \

View File

@ -20,10 +20,10 @@ int ed25519_ref10_sign(
int ed25519_ref10_pubkey_from_curve25519_pubkey(unsigned char *out,
const unsigned char *inp,
int signbit);
int ed25519_ref10_derive_secret_key(unsigned char *out,
int ed25519_ref10_blind_secret_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param);
int ed25519_ref10_derive_public_key(unsigned char *out,
int ed25519_ref10_blind_public_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param);

View File

@ -1,4 +1,4 @@
/* Modified for Tor: new API, 32-byte secret keys. */
/* Modified for Tor: new API, 64-byte secret keys. */
#include <string.h>
#include "randombytes.h"
#include "crypto_sign.h"
@ -10,7 +10,8 @@ crypto_sign_seckey(unsigned char *sk)
{
unsigned char seed[32];
randombytes(seed,32);
if (randombytes(seed,32) < 0)
return -1;
crypto_sign_seckey_expand(sk, seed);

View File

@ -1,3 +1,4 @@
/* (Modified by Tor to verify signature separately from message) */
#include <string.h>
#include "crypto_sign.h"
#include "crypto_hash_sha512.h"
@ -5,6 +6,7 @@
#include "ge.h"
#include "sc.h"
/* 'signature' must be 64-bytes long. */
int crypto_sign_open(
const unsigned char *signature,
const unsigned char *m,uint64_t mlen,

View File

@ -1,3 +1,4 @@
/* (Modified by Tor to generate detached signatures.) */
#include <string.h>
#include "crypto_sign.h"
#include "crypto_hash_sha512.h"