diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-09-25 15:03:55 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-09-25 15:08:32 -0400 |
| commit | 46cda485bce60894d3128dcd42831a8c6cc7bcb4 (patch) | |
| tree | d275ffaf6c369520474a34a10d287840d823b5aa /src/ext/ed25519/ref10 | |
| parent | 6dbd451b9f7542b16f64415a57a1af26723f8645 (diff) | |
| download | tor-46cda485bce60894d3128dcd42831a8c6cc7bcb4.tar.gz tor-46cda485bce60894d3128dcd42831a8c6cc7bcb4.zip | |
Comments and tweaks based on review by asn
Add some documentation
Rename "derive" -> "blind"
Check for failure on randombytes().
Diffstat (limited to 'src/ext/ed25519/ref10')
| -rw-r--r-- | src/ext/ed25519/ref10/blinding.c | 9 | ||||
| -rw-r--r-- | src/ext/ed25519/ref10/crypto_hash_sha512.h | 7 | ||||
| -rw-r--r-- | src/ext/ed25519/ref10/ed25519_ref10.h | 4 | ||||
| -rw-r--r-- | src/ext/ed25519/ref10/keypair.c | 5 | ||||
| -rw-r--r-- | src/ext/ed25519/ref10/open.c | 2 | ||||
| -rw-r--r-- | src/ext/ed25519/ref10/sign.c | 1 |
6 files changed, 20 insertions, 8 deletions
diff --git a/src/ext/ed25519/ref10/blinding.c b/src/ext/ed25519/ref10/blinding.c index f0154e098f..4d9a9cbbe7 100644 --- a/src/ext/ed25519/ref10/blinding.c +++ b/src/ext/ed25519/ref10/blinding.c @@ -19,7 +19,7 @@ gettweak(unsigned char *out, const unsigned char *param) out[31] |= 64; } -int ed25519_ref10_derive_secret_key(unsigned char *out, +int ed25519_ref10_blind_secret_key(unsigned char *out, const unsigned char *inp, const unsigned char *param) { @@ -40,7 +40,7 @@ int ed25519_ref10_derive_secret_key(unsigned char *out, return 0; } -int ed25519_ref10_derive_public_key(unsigned char *out, +int ed25519_ref10_blind_public_key(unsigned char *out, const unsigned char *inp, const unsigned char *param) { @@ -58,7 +58,8 @@ int ed25519_ref10_derive_public_key(unsigned char *out, * strongly that I'm about to code my own ge_scalarmult_vartime). */ /* We negate the public key first, so that we can pass it to - * frombytes_negate_vartime, which negates it again. */ + * frombytes_negate_vartime, which negates it again. If there were a + * "ge_frombytes", we'd use that, but there isn't. */ memcpy(pkcopy, inp, 32); pkcopy[31] ^= (1<<7); ge_frombytes_negate_vartime(&A, pkcopy); @@ -69,7 +70,7 @@ int ed25519_ref10_derive_public_key(unsigned char *out, memwipe(tweak, 0, sizeof(tweak)); memwipe(&A, 0, sizeof(A)); memwipe(&Aprime, 0, sizeof(Aprime)); - memwipe(&pkcopy, 0, sizeof(pkcopy)); + memwipe(pkcopy, 0, sizeof(pkcopy)); return 0; } diff --git a/src/ext/ed25519/ref10/crypto_hash_sha512.h b/src/ext/ed25519/ref10/crypto_hash_sha512.h index c819b8d0d3..0278571522 100644 --- a/src/ext/ed25519/ref10/crypto_hash_sha512.h +++ b/src/ext/ed25519/ref10/crypto_hash_sha512.h @@ -1,8 +1,12 @@ /* Added for Tor. */ #include <openssl/sha.h> + +/* Set 'out' to the 512-bit SHA512 hash of the 'len'-byte string in 'inp' */ #define crypto_hash_sha512(out, inp, len) \ SHA512((inp), (len), (out)) +/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1', + * concatenated with the 'len2'-byte string in 'inp2'. */ #define crypto_hash_sha512_2(out, inp1, len1, inp2, len2) \ do { \ SHA512_CTX sha_ctx_; \ @@ -12,6 +16,9 @@ SHA512_Final((out), &sha_ctx_); \ } while(0) +/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1', + * concatenated with the 'len2'-byte string in 'inp2', concatenated with + * the 'len3'-byte string in 'len3'. */ #define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3) \ do { \ SHA512_CTX sha_ctx_; \ diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h index f4a76e621c..8c77b0e56b 100644 --- a/src/ext/ed25519/ref10/ed25519_ref10.h +++ b/src/ext/ed25519/ref10/ed25519_ref10.h @@ -20,10 +20,10 @@ int ed25519_ref10_sign( int ed25519_ref10_pubkey_from_curve25519_pubkey(unsigned char *out, const unsigned char *inp, int signbit); -int ed25519_ref10_derive_secret_key(unsigned char *out, +int ed25519_ref10_blind_secret_key(unsigned char *out, const unsigned char *inp, const unsigned char *param); -int ed25519_ref10_derive_public_key(unsigned char *out, +int ed25519_ref10_blind_public_key(unsigned char *out, const unsigned char *inp, const unsigned char *param); diff --git a/src/ext/ed25519/ref10/keypair.c b/src/ext/ed25519/ref10/keypair.c index e861998071..7ddbaa971e 100644 --- a/src/ext/ed25519/ref10/keypair.c +++ b/src/ext/ed25519/ref10/keypair.c @@ -1,4 +1,4 @@ -/* Modified for Tor: new API, 32-byte secret keys. */ +/* Modified for Tor: new API, 64-byte secret keys. */ #include <string.h> #include "randombytes.h" #include "crypto_sign.h" @@ -10,7 +10,8 @@ crypto_sign_seckey(unsigned char *sk) { unsigned char seed[32]; - randombytes(seed,32); + if (randombytes(seed,32) < 0) + return -1; crypto_sign_seckey_expand(sk, seed); diff --git a/src/ext/ed25519/ref10/open.c b/src/ext/ed25519/ref10/open.c index 790f668f94..0e7abba138 100644 --- a/src/ext/ed25519/ref10/open.c +++ b/src/ext/ed25519/ref10/open.c @@ -1,3 +1,4 @@ +/* (Modified by Tor to verify signature separately from message) */ #include <string.h> #include "crypto_sign.h" #include "crypto_hash_sha512.h" @@ -5,6 +6,7 @@ #include "ge.h" #include "sc.h" +/* 'signature' must be 64-bytes long. */ int crypto_sign_open( const unsigned char *signature, const unsigned char *m,uint64_t mlen, diff --git a/src/ext/ed25519/ref10/sign.c b/src/ext/ed25519/ref10/sign.c index c11fca9122..e37b0d192d 100644 --- a/src/ext/ed25519/ref10/sign.c +++ b/src/ext/ed25519/ref10/sign.c @@ -1,3 +1,4 @@ +/* (Modified by Tor to generate detached signatures.) */ #include <string.h> #include "crypto_sign.h" #include "crypto_hash_sha512.h" |