kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 01:55:02 -07:00
Code Releases Wiki Activity

ed25519ph-ctx

Browse Source
This commit is contained in:
Frank Denis 2023-09-08 20:13:32 +02:00
parent 8f453f41f8
commit 31107fb7ee
8 changed files with 114 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dist-build/emscripten-symbols.def
View File

@ -505,6 +505,7 @@ _crypto_sign_bytes 1 1
_crypto_sign_detached 1 1
_crypto_sign_ed25519 0 1
_crypto_sign_ed25519_bytes 0 1
_crypto_sign_ed25519_contextbytes_max 0 1
_crypto_sign_ed25519_detached 0 1
_crypto_sign_ed25519_keypair 0 1
_crypto_sign_ed25519_messagebytes_max 0 1
@ -519,6 +520,8 @@ _crypto_sign_ed25519_sk_to_pk 0 1
_crypto_sign_ed25519_sk_to_seed 0 1
_crypto_sign_ed25519_verify_detached 0 1
_crypto_sign_ed25519ph_final_create 0 1
_crypto_sign_ed25519ph_ctx_final_create 0 1
_crypto_sign_ed25519ph_ctx_final_verify 0 1
_crypto_sign_ed25519ph_final_verify 0 1
_crypto_sign_ed25519ph_init 0 1
_crypto_sign_ed25519ph_statebytes 0 1

2
dist-build/emscripten.sh
View File

File diff suppressed because one or more lines are too long

14
src/libsodium/crypto_sign/ed25519/ref10/open.c
View File

@ -16,7 +16,9 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *pk,
int prehashed)
const char *ctx,
size_t ctxlen,
unsigned char prehashed)
{
crypto_hash_sha512_state hs;
unsigned char h[64];
@ -25,6 +27,12 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
ge25519_p3 A;
ge25519_p3 sb_ah;
ge25519_p2 sb_ah_p2;
unsigned char ctxlen_u8;
if (ctxlen > crypto_sign_ed25519_CONTEXTBYTES_MAX) {
return -1;
}
ctxlen_u8 = (unsigned char) ctxlen;
ACQUIRE_FENCE;
#ifdef ED25519_COMPAT
@ -48,7 +56,7 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
ge25519_has_small_order(&expected_r) != 0) {
return -1;
}
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed);
_crypto_sign_ed25519_ref10_hinit(&hs, ctx, ctxlen_u8, prehashed);
crypto_hash_sha512_update(&hs, sig, 32);
crypto_hash_sha512_update(&hs, pk, 32);
crypto_hash_sha512_update(&hs, m, mlen);
@ -68,7 +76,7 @@ crypto_sign_ed25519_verify_detached(const unsigned char *sig,
unsigned long long mlen,
const unsigned char *pk)
{
return _crypto_sign_ed25519_verify_detached(sig, m, mlen, pk, 0);
return _crypto_sign_ed25519_verify_detached(sig, m, mlen, pk, NULL, 0, 0);
}
int

37
src/libsodium/crypto_sign/ed25519/ref10/sign.c
View File

@ -9,18 +9,30 @@
#include "utils.h"
void
_crypto_sign_ed25519_ref10_hinit(crypto_hash_sha512_state *hs, int prehashed)
_crypto_sign_ed25519_ref10_hinit(crypto_hash_sha512_state *hs,
const char *ctx, unsigned char ctxlen_u8,
unsigned char prehashed)
{
static const unsigned char DOM2PREFIX[32 + 2] = {
static const unsigned char DOM2PREFIX[32] = {
'S', 'i', 'g', 'E', 'd', '2', '5', '5', '1', '9', ' ',
'n', 'o', ' ',
'E', 'd', '2', '5', '5', '1', '9', ' ',
'c', 'o', 'l', 'l', 'i', 's', 'i', 'o', 'n', 's', 1, 0
'c', 'o', 'l', 'l', 'i', 's', 'i', 'o', 'n', 's'
};
crypto_hash_sha512_init(hs);
if (prehashed) {
if (prehashed || ctx != NULL) {
unsigned char ph_ctxlen[2];
ph_ctxlen[0] = prehashed;
ph_ctxlen[1] = ctxlen_u8;
crypto_hash_sha512_update(hs, DOM2PREFIX, sizeof DOM2PREFIX);
crypto_hash_sha512_update(hs, ph_ctxlen, 2U);
if (ctx != NULL) {
crypto_hash_sha512_update(hs, (const unsigned char *) ctx,
(size_t) ctxlen_u8);
}
}
}
@ -49,15 +61,23 @@ _crypto_sign_ed25519_synthetic_r_hv(crypto_hash_sha512_state *hs,
int
_crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p,
const unsigned char *m, unsigned long long mlen,
const unsigned char *sk, int prehashed)
const unsigned char *sk,
const char *ctx, size_t ctxlen,
unsigned char prehashed)
{
crypto_hash_sha512_state hs;
unsigned char az[64];
unsigned char nonce[64];
unsigned char hram[64];
ge25519_p3 R;
unsigned char ctxlen_u8;
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed);
if (ctxlen > crypto_sign_ed25519_CONTEXTBYTES_MAX) {
return -1;
}
ctxlen_u8 = (unsigned char) ctxlen;
_crypto_sign_ed25519_ref10_hinit(&hs, ctx, ctxlen_u8, prehashed);
crypto_hash_sha512(az, sk, 32);
#ifdef ED25519_NONDETERMINISTIC
@ -75,7 +95,7 @@ _crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p,
ge25519_scalarmult_base(&R, nonce);
ge25519_p3_tobytes(sig, &R);
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed);
_crypto_sign_ed25519_ref10_hinit(&hs, ctx, ctxlen_u8, prehashed);
crypto_hash_sha512_update(&hs, sig, 64);
crypto_hash_sha512_update(&hs, m, mlen);
crypto_hash_sha512_final(&hs, hram);
@ -98,7 +118,8 @@ crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p,
const unsigned char *m, unsigned long long mlen,
const unsigned char *sk)
{
return _crypto_sign_ed25519_detached(sig, siglen_p, m, mlen, sk, 0);
return _crypto_sign_ed25519_detached(sig, siglen_p, m, mlen, sk,
NULL, 0U, 0);
}
int

10
src/libsodium/crypto_sign/ed25519/ref10/sign_ed25519_ref10.h
View File

@ -4,17 +4,21 @@
#include "private/quirks.h"
void _crypto_sign_ed25519_ref10_hinit(crypto_hash_sha512_state *hs,
int prehashed);
const char *ctx, unsigned char ctxlen_u8,
unsigned char prehashed);
int _crypto_sign_ed25519_detached(unsigned char *sig,
unsigned long long *siglen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *sk, int prehashed);
const unsigned char *sk,
const char *ctx, size_t ctxlen,
unsigned char prehashed);
int _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *pk,
int prehashed);
const char *ctx, size_t ctxlen,
unsigned char prehashed);
#endif

43
src/libsodium/crypto_sign/ed25519/sign_ed25519.c
View File

@ -41,6 +41,12 @@ crypto_sign_ed25519_messagebytes_max(void)
return crypto_sign_ed25519_MESSAGEBYTES_MAX;
}
size_t
crypto_sign_ed25519_contextbytes_max(void)
{
return crypto_sign_ed25519_CONTEXTBYTES_MAX;
}
int
crypto_sign_ed25519_sk_to_seed(unsigned char *seed, const unsigned char *sk)
{
@ -81,7 +87,24 @@ crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
crypto_hash_sha512_final(&state->hs, ph);
return _crypto_sign_ed25519_detached(sig, siglen_p, ph, sizeof ph, sk, 1);
return _crypto_sign_ed25519_detached(sig, siglen_p, ph, sizeof ph, sk,
NULL, 0U, 1);
}
int
crypto_sign_ed25519ph_ctx_final_create(crypto_sign_ed25519ph_state *state,
unsigned char *sig,
unsigned long long *siglen_p,
const unsigned char *sk,
const char *ctx,
size_t ctxlen)
{
unsigned char ph[crypto_hash_sha512_BYTES];
crypto_hash_sha512_final(&state->hs, ph);
return _crypto_sign_ed25519_detached(sig, siglen_p, ph, sizeof ph, sk,
ctx, ctxlen, 1);
}
int
@ -93,5 +116,21 @@ crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
crypto_hash_sha512_final(&state->hs, ph);
return _crypto_sign_ed25519_verify_detached(sig, ph, sizeof ph, pk, 1);
return _crypto_sign_ed25519_verify_detached(sig, ph, sizeof ph, pk,
NULL, 0U, 1);
}
int
crypto_sign_ed25519ph_ctx_final_verify(crypto_sign_ed25519ph_state *state,
const unsigned char *sig,
const unsigned char *pk,
const char *ctx,
size_t ctxlen)
{
unsigned char ph[crypto_hash_sha512_BYTES];
crypto_hash_sha512_final(&state->hs, ph);
return _crypto_sign_ed25519_verify_detached(sig, ph, sizeof ph, pk,
ctx, ctxlen, 1);
}

19
src/libsodium/include/sodium/crypto_sign_ed25519.h
View File

@ -39,6 +39,10 @@ size_t crypto_sign_ed25519_secretkeybytes(void);
SODIUM_EXPORT
size_t crypto_sign_ed25519_messagebytes_max(void);
#define crypto_sign_ed25519_CONTEXTBYTES_MAX 255
SODIUM_EXPORT
size_t crypto_sign_ed25519_contextbytes_max(void);
SODIUM_EXPORT
int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p,
const unsigned char *m, unsigned long long mlen,
@ -111,12 +115,27 @@ int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
const unsigned char *sk)
__attribute__ ((nonnull(1, 2, 4)));
SODIUM_EXPORT
int crypto_sign_ed25519ph_ctx_final_create(crypto_sign_ed25519ph_state *state,
unsigned char *sig,
unsigned long long *siglen_p,
const unsigned char *sk,
const char *ctx, size_t ctxlen)
__attribute__ ((nonnull(1, 2, 4, 5)));
SODIUM_EXPORT
int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
const unsigned char *sig,
const unsigned char *pk)
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_sign_ed25519ph_ctx_final_verify(crypto_sign_ed25519ph_state *state,
const unsigned char *sig,
const unsigned char *pk,
const char *ctx, size_t ctxlen)
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
#ifdef __cplusplus
}
#endif

3
test/symbols/all-symbols.txt
View File

@ -543,6 +543,7 @@ crypto_sign_bytes
crypto_sign_detached
crypto_sign_ed25519
crypto_sign_ed25519_bytes
crypto_sign_ed25519_contextbytes_max
crypto_sign_ed25519_detached
crypto_sign_ed25519_keypair
crypto_sign_ed25519_messagebytes_max
@ -557,6 +558,8 @@ crypto_sign_ed25519_sk_to_pk
crypto_sign_ed25519_sk_to_seed
crypto_sign_ed25519_verify_detached
crypto_sign_ed25519ph_final_create
crypto_sign_ed25519ph_final_ctx_create
crypto_sign_ed25519ph_final_ctx_verify
crypto_sign_ed25519ph_final_verify
crypto_sign_ed25519ph_init
crypto_sign_ed25519ph_statebytes