diff options
author | George Kadianakis <desnacked@riseup.net> | 2016-08-23 14:53:01 +0300 |
---|---|---|
committer | George Kadianakis <desnacked@riseup.net> | 2016-08-23 14:53:01 +0300 |
commit | b8bfdf638e9448ecda9dda1a2c02d7bbf4778341 (patch) | |
tree | 7f169f62b8a272a68fb3b326010f81193cef90b9 /src/common | |
parent | 261f4c3f6f028cf4becff1077c08735e308d7d43 (diff) | |
download | tor-b8bfdf638e9448ecda9dda1a2c02d7bbf4778341.tar.gz tor-b8bfdf638e9448ecda9dda1a2c02d7bbf4778341.zip |
Introduce ed25519_{sign,checksig}_prefixed functions().
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/crypto_ed25519.c | 95 | ||||
-rw-r--r-- | src/common/crypto_ed25519.h | 11 |
2 files changed, 106 insertions, 0 deletions
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c index 84c3eece6d..817c1a271b 100644 --- a/src/common/crypto_ed25519.c +++ b/src/common/crypto_ed25519.c @@ -184,9 +184,43 @@ ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong) return 0; } +/* Return a heap-allocated array that contains <b>msg</b> prefixed by the + * string <b>prefix_str</b>. Set <b>final_msg_len_out</b> to the size of the + * final array. If an error occured, return NULL. It's the resonsibility of the + * caller to free the returned array. */ +static uint8_t * +get_prefixed_msg(const uint8_t *msg, size_t msg_len, + const char *prefix_str, + size_t *final_msg_len_out) +{ + size_t prefixed_msg_len, prefix_len; + uint8_t *prefixed_msg; + + tor_assert(prefix_str); + tor_assert(final_msg_len_out); + + prefix_len = strlen(prefix_str); + + /* msg_len + strlen(prefix_str) must not overflow. */ + if (msg_len > SIZE_T_CEILING - prefix_len) { + return NULL; + } + + prefixed_msg_len = msg_len + prefix_len; + prefixed_msg = tor_malloc_zero(prefixed_msg_len); + + memcpy(prefixed_msg, prefix_str, prefix_len); + memcpy(prefixed_msg + prefix_len, msg, msg_len); + + *final_msg_len_out = prefixed_msg_len; + return prefixed_msg; +} + /** * Set <b>signature_out</b> to a signature of the <b>len</b>-byte message * <b>msg</b>, using the secret and public key in <b>keypair</b>. + * + * Return 0 if we successfuly signed the message, otherwise return -1. */ int ed25519_sign(ed25519_signature_t *signature_out, @@ -203,6 +237,37 @@ ed25519_sign(ed25519_signature_t *signature_out, } /** + * Like ed25519_sign(), but also prefix <b>msg</b> with <b>prefix_str</b> + * before signing. <b>prefix_str</b> must be a NUL-terminated string. + */ +int +ed25519_sign_prefixed(ed25519_signature_t *signature_out, + const uint8_t *msg, size_t msg_len, + const char *prefix_str, + const ed25519_keypair_t *keypair) +{ + int retval; + size_t prefixed_msg_len; + uint8_t *prefixed_msg; + + tor_assert(prefix_str); + + prefixed_msg = get_prefixed_msg(msg, msg_len, prefix_str, + &prefixed_msg_len); + if (!prefixed_msg) { + log_warn(LD_GENERAL, "Failed to get prefixed msg."); + return -1; + } + + retval = ed25519_sign(signature_out, + prefixed_msg, prefixed_msg_len, + keypair); + tor_free(prefixed_msg); + + return retval; +} + +/** * Check whether if <b>signature</b> is a valid signature for the * <b>len</b>-byte message in <b>msg</b> made with the key <b>pubkey</b>. * @@ -217,6 +282,36 @@ ed25519_checksig(const ed25519_signature_t *signature, get_ed_impl()->open(signature->sig, msg, len, pubkey->pubkey) < 0 ? -1 : 0; } +/** + * Like ed2519_checksig(), but also prefix <b>msg</b> with <b>prefix_str</b> + * before verifying signature. <b>prefix_str</b> must be a NUL-terminated + * string. + */ +int +ed25519_checksig_prefixed(const ed25519_signature_t *signature, + const uint8_t *msg, size_t msg_len, + const char *prefix_str, + const ed25519_public_key_t *pubkey) +{ + int retval; + size_t prefixed_msg_len; + uint8_t *prefixed_msg; + + prefixed_msg = get_prefixed_msg(msg, msg_len, prefix_str, + &prefixed_msg_len); + if (!prefixed_msg) { + log_warn(LD_GENERAL, "Failed to get prefixed msg."); + return -1; + } + + retval = ed25519_checksig(signature, + prefixed_msg, prefixed_msg_len, + pubkey); + tor_free(prefixed_msg); + + return retval; +} + /** Validate every signature among those in <b>checkable</b>, which contains * exactly <b>n_checkable</b> elements. If <b>okay_out</b> is non-NULL, set * the i'th element of <b>okay_out</b> to 1 if the i'th element of diff --git a/src/common/crypto_ed25519.h b/src/common/crypto_ed25519.h index 44c2ad9775..31afc49ccc 100644 --- a/src/common/crypto_ed25519.h +++ b/src/common/crypto_ed25519.h @@ -55,6 +55,17 @@ int ed25519_checksig(const ed25519_signature_t *signature, const uint8_t *msg, size_t len, const ed25519_public_key_t *pubkey); +int +ed25519_sign_prefixed(ed25519_signature_t *signature_out, + const uint8_t *msg, size_t len, + const char *prefix_str, + const ed25519_keypair_t *keypair); +int +ed25519_checksig_prefixed(const ed25519_signature_t *signature, + const uint8_t *msg, size_t len, + const char *prefix_str, + const ed25519_public_key_t *pubkey); + /** * A collection of information necessary to check an Ed25519 signature. Used * for batch verification. |