summaryrefslogtreecommitdiff
path: root/src/common/crypto_ed25519.c
AgeCommit message (Collapse)Author
2018-06-20Update copyrights to 2018.Nick Mathewson
2018-04-06refactor: Remove unnecessary `#include "crypto.h"` throughout codebase.Isis Lovecruft
* FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06crypto: Alphabetise some #includes in /src/common/crypto*.Isis Lovecruft
* FIXES part of #24658: https://bugs.torproject.org/24658
2018-04-06crypto: Refactor (P)RNG functionality into new crypto_rand module.Isis Lovecruft
* ADD new /src/common/crypto_rand.[ch] module. * ADD new /src/common/crypto_util.[ch] module (contains the memwipe() function, since all crypto_* modules need this). * FIXES part of #24658: https://bugs.torproject.org/24658
2018-03-26Merge branch 'bug24658-rm-curve25519-header' into bug24658-mergeNick Mathewson
2018-02-07Fix wide lines from typo-fix patch.Nick Mathewson
2018-02-07Fix spelling mistakes corresponding to ticket #23650Deepesh Pathak
2018-02-03Include crypto_digest.h in order to solve dependency issues.Fernando Fernandez Mancera
Included crypto_digest.h in some files in order to solve xof+digest module dependency issues. Removed crypto.h where it isn't needed anymore. Follows #24658. Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
2017-11-17Make all the crypto free() functions macros that clear their targetsNick Mathewson
2017-09-28Move around some LCOV_EXCLs in src/commonNick Mathewson
Apparently, my compiler now generates coverage markers for label-only lines, so we need to exclude those too if they are meant to be unreachable.
2017-09-15Run our #else/#endif annotator on our source code.Nick Mathewson
2017-08-08Remove a needless memwipe.Nick Mathewson
The interior of ctx here is already wiped by crypto_digest_free(). This memwipe call only wiped the pointer itself, which isn't sensitive.
2017-06-28ed25519: Check retval of unpack_negative_vartime in donna.George Kadianakis
2017-06-27no newlines in log messages.Nick Mathewson
2017-06-27ed25519: Add func that checks for torsion component in pubkeys.George Kadianakis
See https://lists.torproject.org/pipermail/tor-dev/2017-April/012213.html .
2017-03-31Make crypto_ed25519.c no longer depend on opensslNick Mathewson
Now it calls through our own crypto API.
2017-03-15Run the copyright update script.Nick Mathewson
2017-01-30Make a bunch of signature/digest-checking functions mockableNick Mathewson
2016-12-14Merge branch 'dgoulet_ticket19043_030_03_squashed'Nick Mathewson
2016-12-14prop224: Add unittests handling v3 ESTABLISH_INTRO cells.George Kadianakis
Test for both v2 and v3 ESTABLISH_INTRO handling.
2016-12-08Add an ed25519_copy; use it in a couple of places dgoulet suggested.Nick Mathewson
2016-11-10Helper function to see if an ed25519 pk is set.Nick Mathewson
2016-10-17Write a bunch of module documentation.Nick Mathewson
This commit adds or improves the module-level documenation for: buffers.c circuitstats.c command.c connection_edge.c control.c cpuworker.c crypto_curve25519.c crypto_curve25519.h crypto_ed25519.c crypto_format.c dircollate.c dirserv.c dns.c dns_structs.h fp_pair.c geoip.c hibernate.c keypin.c ntmain.c onion.c onion_fast.c onion_ntor.c onion_tap.c periodic.c protover.c protover.h reasons.c rephist.c replaycache.c routerlist.c routerparse.c routerset.c statefile.c status.c tor_main.c workqueue.c In particular, I've tried to explain (for each documented module) what each module does, what's in it, what the big idea is, why it belongs in Tor, and who calls it. In a few cases, I've added TODO notes about refactoring opportunities. I've also renamed an argument, and fixed a few DOCDOC comments.
2016-08-23Introduce ed25519_{sign,checksig}_prefixed functions().George Kadianakis
2016-05-25Use calloc, not malloc(a*b), in ed25519 batch signature check fnNick Mathewson
[Not a triggerable bug unless somebody is going to go checking millions+ of signatures in a single go.]
2016-05-16Do not leak the 'tag' when trying to read a truncated ed25519 key fileNick Mathewson
Fix for bug 18956.
2016-05-16Mark unreachable lines in crypto_ed25519.cNick Mathewson
2016-03-26Fix all doxygen warnings (other than missing docs)Nick Mathewson
2016-02-27Update the copyright year.Nick Mathewson
2016-02-27Add a brief file-level description for everything in src/commonNick Mathewson
2015-12-23Always test both ed25519 backends.Nick Mathewson
Part of #16794
2015-12-08Always hash crypto_strongest_rand() along with some prngNick Mathewson
(before using it for anything besides feeding the PRNG) Part of #17694
2015-10-21Fix a memory leak; bug 17398.Nick Mathewson
2015-08-12Use ed25519-donna's batch verification support when applicable.Yawning Angel
The code was always in our Ed25519 wrappers, so enable it when using the ed25519-donna backend, and deal with the mocking related crypto_rand silliness. Implements feature 16533.
2015-07-31Move formatting functions around.Nick Mathewson
The base64 and base32 functions used to be in crypto.c; crypto_format.h had no header; some general-purpose functions were in crypto_curve25519.c. This patch makes a {crypto,util}_format.[ch], and puts more functions there. Small modules are beautiful!
2015-07-15Add more EINVAL errno setting on key read failuresNick Mathewson
Teor found these. This is for part of #16582.
2015-07-06Integrate and enable ed25519-donna.Yawning Angel
The runtime sanity checking is slightly different from the optimized basepoint stuff in that it uses a given implementation's self tests if available, and checks if signing/verification works with a test vector from the IETF EdDSA draft. The unit tests include a new testcase that will fuzz donna against ref0, including the blinding and curve25519 key conversion routines. If this is something that should be done at runtime (No?), the code can be stolen from there. Note: Integrating batch verification is not done yet.
2015-05-28Implement ed25519-signed descriptorsNick Mathewson
Now that we have ed25519 keys, we can sign descriptors with them and check those signatures as documented in proposal 220.
2015-05-28prop220: Implement certificates and key storage/creationNick Mathewson
For prop220, we have a new ed25519 certificate type. This patch implements the code to create, parse, and validate those, along with code for routers to maintain their own sets of certificates and keys. (Some parts of master identity key encryption are done, but the implementation of that isn't finished)
2015-01-02Bump copyright dates to 2015, in case someday this matters.Nick Mathewson
2014-10-28Add another year to our copyright dates.Nick Mathewson
Because in 95 years, we or our successors will surely care about enforcing the BSD license terms on this code. Right?
2014-09-25Comments and tweaks based on review by asnNick Mathewson
Add some documentation Rename "derive" -> "blind" Check for failure on randombytes().
2014-09-25More documentation for ed25519 stuff.Nick Mathewson
2014-09-25Draft implementation for ed25519 key blinding, as in prop224Nick Mathewson
This implementation allows somebody to add a blinding factor to a secret key, and a corresponding blinding factor to the public key. Robert Ransom came up with this idea, I believe. Nick Hopper proved a scheme like this secure. The bugs are my own.
2014-09-25Add curve25519->ed25519 key conversion per proposal 228Nick Mathewson
For proposal 228, we need to cross-certify our identity with our curve25519 key, so that we can prove at descriptor-generation time that we own that key. But how can we sign something with a key that is only for doing Diffie-Hellman? By converting it to the corresponding ed25519 point. See the ALL-CAPS warning in the documentation. According to djb (IIUC), it is safe to use these keys in the ways that ntor and prop228 are using them, but it might not be safe if we start providing crazy oracle access. (Unit tests included. What kind of a monster do you take me for?)
2014-09-25Support for writing ed25519 public/private components to disk.Nick Mathewson
This refactors the "== type:tag ==" code from crypto_curve25519.c
2014-09-25Restore the operation of extra_strong in ed25519_secret_key_generateNick Mathewson
2014-09-25Another ed25519 tweak: store secret keys in expanded formatNick Mathewson
This will be needed/helpful for the key blinding of prop224, I believe.
2014-09-25Fix API for ed25519_ref10_open()Nick Mathewson
This is another case where DJB likes sticking the whole signature prepended to the message, and I don't think that's the hottest idea. The unit tests still pass.
2014-09-25Tweak ed25519 ref10 signing interface to use less space.Nick Mathewson
Unit tests still pass.