From 9e43ee5b4ca3650ecd9c4ee8a1b77843b273d480 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 26 Aug 2014 14:55:08 -0400 Subject: [PATCH] Fix API for ed25519_ref10_open() This is another case where DJB likes sticking the whole signature prepended to the message, and I don't think that's the hottest idea. The unit tests still pass. --- src/common/crypto_ed25519.c | 20 ++------------------ src/ext/ed25519/ref10/ed25519_ref10.h | 4 ++-- src/ext/ed25519/ref10/open.c | 20 ++++++-------------- 3 files changed, 10 insertions(+), 34 deletions(-) diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c index 90a5fa970f..5486c8977a 100644 --- a/src/common/crypto_ed25519.c +++ b/src/common/crypto_ed25519.c @@ -80,24 +80,8 @@ ed25519_checksig(const ed25519_signature_t *signature, const uint8_t *msg, size_t len, const ed25519_public_key_t *pubkey) { - uint8_t *smtmp; - uint8_t *tmp; - uint64_t tmplen; - int r; - - tor_assert(len < SIZE_T_CEILING - 64); - tmplen = len + 64; - tmp = tor_malloc(tmplen); - smtmp = tor_malloc(tmplen); - memcpy(smtmp, signature->sig, 64); - memcpy(smtmp+64, msg, len); - - r = ed25519_ref10_open(tmp, &tmplen, smtmp, tmplen, pubkey->pubkey); - - tor_free(tmp); - tor_free(smtmp); - - return r; + return + ed25519_ref10_open(signature->sig, msg, len, pubkey->pubkey) < 0 ? -1 : 0; } /** Validate every signature among those in checkable, which contains diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h index 1f7946d04a..bd1e46133f 100644 --- a/src/ext/ed25519/ref10/ed25519_ref10.h +++ b/src/ext/ed25519/ref10/ed25519_ref10.h @@ -7,8 +7,8 @@ int ed25519_ref10_seckey(unsigned char *sk); int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk); int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk); int ed25519_ref10_open( - unsigned char *m,uint64_t *mlen, - const unsigned char *sm,uint64_t smlen, + const unsigned char *signature, + const unsigned char *m,uint64_t mlen, const unsigned char *pk); int ed25519_ref10_sign( unsigned char *sig, diff --git a/src/ext/ed25519/ref10/open.c b/src/ext/ed25519/ref10/open.c index 2d0d55ec01..790f668f94 100644 --- a/src/ext/ed25519/ref10/open.c +++ b/src/ext/ed25519/ref10/open.c @@ -6,8 +6,8 @@ #include "sc.h" int crypto_sign_open( - unsigned char *m,uint64_t *mlen, - const unsigned char *sm,uint64_t smlen, + const unsigned char *signature, + const unsigned char *m,uint64_t mlen, const unsigned char *pk ) { @@ -19,30 +19,22 @@ int crypto_sign_open( ge_p3 A; ge_p2 R; - if (smlen < 64) goto badsig; - if (sm[63] & 224) goto badsig; + if (signature[63] & 224) goto badsig; if (ge_frombytes_negate_vartime(&A,pk) != 0) goto badsig; memmove(pkcopy,pk,32); - memmove(rcopy,sm,32); - memmove(scopy,sm + 32,32); + memmove(rcopy,signature,32); + memmove(scopy,signature + 32,32); - memmove(m,sm,smlen); - memmove(m + 32,pkcopy,32); - crypto_hash_sha512(h,m,smlen); + crypto_hash_sha512_3(h, rcopy, 32, pkcopy, 32, m, mlen); sc_reduce(h); ge_double_scalarmult_vartime(&R,h,&A,scopy); ge_tobytes(rcheck,&R); if (crypto_verify_32(rcheck,rcopy) == 0) { - memmove(m,m + 64,smlen - 64); - memset(m + smlen - 64,0,64); - *mlen = smlen - 64; return 0; } badsig: - *mlen = -1; - memset(m,0,smlen); return -1; }