diff options
| author | George Kadianakis <desnacked@riseup.net> | 2017-04-25 15:19:41 +0300 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-06-27 17:17:58 -0400 |
| commit | 559658ff1ca1492543ad60d10b7101c70a62eaa2 (patch) | |
| tree | aff61610becaeb0ae6702277907f7f2cace9f483 /src/ext/ed25519/donna | |
| parent | 39b5dca7201bb3f30606be199f4d234c86fcaded (diff) | |
| download | tor-559658ff1ca1492543ad60d10b7101c70a62eaa2.tar.gz tor-559658ff1ca1492543ad60d10b7101c70a62eaa2.zip | |
ed25519: Add func that checks for torsion component in pubkeys.
See https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html .
Diffstat (limited to 'src/ext/ed25519/donna')
| -rw-r--r-- | src/ext/ed25519/donna/ed25519_donna_tor.h | 5 | ||||
| -rw-r--r-- | src/ext/ed25519/donna/ed25519_tor.c | 27 |
2 files changed, 32 insertions, 0 deletions
diff --git a/src/ext/ed25519/donna/ed25519_donna_tor.h b/src/ext/ed25519/donna/ed25519_donna_tor.h index d225407b1c..7d7b8c0625 100644 --- a/src/ext/ed25519/donna/ed25519_donna_tor.h +++ b/src/ext/ed25519/donna/ed25519_donna_tor.h @@ -30,4 +30,9 @@ int ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp, int ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out, const unsigned char *inp, int signbit); + +int +ed25519_donna_scalarmult_with_group_order(unsigned char *out, + const unsigned char *pubkey); + #endif diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c index 9537ae66a1..bd11027efa 100644 --- a/src/ext/ed25519/donna/ed25519_tor.c +++ b/src/ext/ed25519/donna/ed25519_tor.c @@ -340,5 +340,32 @@ ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out, return 0; } +/* Do the scalar multiplication of <b>pubkey</b> with the group order + * <b>modm_m</b>. Place the result in <b>out</b> which must be at least 32 + * bytes long. */ +int +ed25519_donna_scalarmult_with_group_order(unsigned char *out, + const unsigned char *pubkey) +{ + static const bignum256modm ALIGN(16) zero = { 0 }; + unsigned char pkcopy[32]; + ge25519 ALIGN(16) Point, Result; + + /* No "ge25519_unpack", negate the public key and unpack it back. + * See ed25519_donna_blind_public_key() */ + memcpy(pkcopy, pubkey, 32); + pkcopy[31] ^= (1<<7); + if (!ge25519_unpack_negative_vartime(&Point, pkcopy)) { + return -1; /* error: bail out */ + } + + /* There is no regular scalarmult function so we have to do: + * Result = l*P + 0*B */ + ge25519_double_scalarmult_vartime(&Result, &Point, modm_m, zero); + ge25519_pack(out, &Result); + + return 0; +} + #include "test-internals.c" |