nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-24 04:13:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tweak ed25519 ref10 signing interface to use less space.

Browse Source 
Unit tests still pass.
This commit is contained in:
Nick Mathewson 2014-08-26 12:47:27 -04:00
parent e5a1cf9937
commit e0097a8839
4 changed files with 30 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/common/crypto_ed25519.c
View File

@ -59,29 +59,13 @@ ed25519_sign(ed25519_signature_t *signature_out,
const uint8_t *msg, size_t len,
const ed25519_keypair_t *keypair)
{
uint8_t keys[64];
uint8_t *tmp;
uint64_t tmplen;
/* XXXX Make crypto_sign in ref10 friendlier so we don't need this stupid
* copying. */
tor_assert(len < SIZE_T_CEILING - 64);
tmplen = ((uint64_t)len) + 64;
tmp = tor_malloc(tmplen);
memcpy(keys, keypair->seckey.seckey, 32);
memcpy(keys+32, keypair->pubkey.pubkey, 32);
if (ed25519_ref10_sign(tmp, &tmplen, msg, len, keys) < 0) {
tor_free(tmp);
if (ed25519_ref10_sign(signature_out->sig, msg, len,
keypair->seckey.seckey,
keypair->pubkey.pubkey) < 0) {
return -1;
}
memcpy(signature_out->sig, tmp, 64);
memwipe(keys, 0, sizeof(keys));
tor_free(tmp);
return 0;
}

19
src/ext/ed25519/ref10/crypto_hash_sha512.h
View File

@ -2,3 +2,22 @@
#include <openssl/sha.h>
#define crypto_hash_sha512(out, inp, len) \
SHA512((inp), (len), (out))
#define crypto_hash_sha512_2(out, inp1, len1, inp2, len2) \
do { \
SHA512_CTX sha_ctx_; \
SHA512_Init(&sha_ctx_); \
SHA512_Update(&sha_ctx_, (inp1), (len1)); \
SHA512_Update(&sha_ctx_, (inp2), (len2)); \
SHA512_Final((out), &sha_ctx_); \
} while(0)
#define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3) \
do { \
SHA512_CTX sha_ctx_; \
SHA512_Init(&sha_ctx_); \
SHA512_Update(&sha_ctx_, (inp1), (len1)); \
SHA512_Update(&sha_ctx_, (inp2), (len2)); \
SHA512_Update(&sha_ctx_, (inp3), (len3)); \
SHA512_Final((out), &sha_ctx_); \
} while(0)

4
src/ext/ed25519/ref10/ed25519_ref10.h
View File

@ -11,8 +11,8 @@ int ed25519_ref10_open(
const unsigned char *sm,uint64_t smlen,
const unsigned char *pk);
int ed25519_ref10_sign(
unsigned char *sm,uint64_t *smlen,
unsigned char *sig,
const unsigned char *m,uint64_t mlen,
const unsigned char *sk);
const unsigned char *sk, const unsigned char *pk);
#endif

19
src/ext/ed25519/ref10/sign.c
View File

@ -5,37 +5,30 @@
#include "sc.h"
int crypto_sign(
unsigned char *sm,uint64_t *smlen,
unsigned char *sig,
const unsigned char *m,uint64_t mlen,
const unsigned char *sk
const unsigned char *sk,const unsigned char *pk
)
{
unsigned char pk[32];
unsigned char az[64];
unsigned char nonce[64];
unsigned char hram[64];
ge_p3 R;
memmove(pk,sk + 32,32);
crypto_hash_sha512(az,sk,32);
az[0] &= 248;
az[31] &= 63;
az[31] |= 64;
*smlen = mlen + 64;
memmove(sm + 64,m,mlen);
memmove(sm + 32,az + 32,32);
crypto_hash_sha512(nonce,sm + 32,mlen + 32);
memmove(sm + 32,pk,32);
crypto_hash_sha512_2(nonce, az+32, 32, m, mlen);
sc_reduce(nonce);
ge_scalarmult_base(&R,nonce);
ge_p3_tobytes(sm,&R);
ge_p3_tobytes(sig,&R);
crypto_hash_sha512(hram,sm,mlen + 64);
crypto_hash_sha512_3(hram, sig, 32, pk, 32, m, mlen);
sc_reduce(hram);
sc_muladd(sm + 32,hram,az,nonce);
sc_muladd(sig + 32,hram,az,nonce);
return 0;
}