1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 20:15:19 -07:00

Don't force include the suite ID in tags

This commit is contained in:
Frank Denis 2020-03-31 14:33:40 +02:00
parent 89eb497efa
commit 5f39c3ce09
3 changed files with 18 additions and 30 deletions

View File

@ -78,9 +78,8 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
#define HASH_L 48U
static int
_string_to_points(unsigned char * const px, size_t n, const char *suite,
size_t suite_len, const char *ctx, const unsigned char *msg,
size_t msg_len)
_string_to_points(unsigned char * const px, size_t n,
const char *ctx, const unsigned char *msg, size_t msg_len)
{
crypto_hash_sha512_state st;
unsigned char empty_block[128] = { 0 };
@ -89,32 +88,25 @@ _string_to_points(unsigned char * const px, size_t n, const char *suite,
size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U;
size_t i, j;
/* LCOV_EXCL_START */
if (n > 2U || suite_len > 0xff) {
abort();
if (n > 2U) {
abort(); /* LCOV_EXCL_LINE */
}
/* LCOV_EXCL_END */
if (ctx_len > 0xff - suite_len) {
if (ctx_len > (size_t) 0xff) {
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, "H2C-OVERSIZE-DST-",
crypto_hash_sha512_update(&st,
(const unsigned char *) "H2C-OVERSIZE-DST-",
sizeof "H2C-OVERSIZE-DST-" - 1U);
crypto_hash_sha512_update(&st, (const unsigned char *) suite, suite_len);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_final(&st, u0);
ctx = (const char *) u0;
ctx_len = HASH_BYTES;
/* LCOV_EXCL_START */
if (ctx_len > 0xff - suite_len) {
abort();
}
/* LCOV_EXCL_END */
COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff);
}
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, empty_block, sizeof empty_block);
crypto_hash_sha512_update(&st, msg, msg_len);
t[3] = (unsigned char) suite_len + ctx_len;
t[3] = (unsigned char) ctx_len;
crypto_hash_sha512_update(&st, t, 4U);
crypto_hash_sha512_update(&st, (const unsigned char *) suite, suite_len);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_final(&st, u0);
@ -127,8 +119,6 @@ _string_to_points(unsigned char * const px, size_t n, const char *suite,
crypto_hash_sha512_update(&st, &u[i], HASH_BYTES);
t[2]++;
crypto_hash_sha512_update(&st, t + 2U, 2U);
crypto_hash_sha512_update(&st, (const unsigned char *) suite,
suite_len);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_final(&st, &u[i]);
}
@ -145,9 +135,7 @@ crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES],
const char *ctx, const unsigned char *msg,
size_t msg_len)
{
return _string_to_points(p, 1, "edwards25519_XMD:SHA-512_ELL2_NU_",
sizeof "edwards25519_XMD:SHA-512_ELL2_NU_" - 1U, ctx,
msg, msg_len);
return _string_to_points(p, 1, ctx, msg, msg_len);
}
int
@ -157,9 +145,7 @@ crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES],
{
unsigned char px[2 * crypto_core_ed25519_BYTES];
if (_string_to_points(px, 2, "edwards25519_XMD:SHA-512_ELL2_RO_",
sizeof "edwards25519_XMD:SHA-512_ELL2_RO_" - 1U, ctx,
msg, msg_len) != 0) {
if (_string_to_points(px, 2, ctx, msg, msg_len) != 0) {
return -1;
}
return crypto_core_ed25519_add(p, &px[0], &px[crypto_core_ed25519_BYTES]);

View File

@ -52,7 +52,7 @@ main(void)
char * expected_y_hex, *y_hex;
char * oversized_ctx;
size_t i, j;
size_t oversized_ctx_len = 250U;
size_t oversized_ctx_len = 500U;
expected_yr = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
expected_y = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
@ -68,13 +68,15 @@ main(void)
}
if (test_data[i].ro == 0) {
if (crypto_core_ed25519_from_string(
y, "TESTGEN", (const unsigned char *) test_data[i].msg,
y, "edwards25519_XMD:SHA-512_ELL2_NU_TESTGEN",
(const unsigned char *) test_data[i].msg,
strlen(test_data[i].msg)) != 0) {
printf("crypto_core_ed25519_from_string() failed\n");
}
} else {
if (crypto_core_ed25519_from_string_ro(
y, "TESTGEN", (const unsigned char *) test_data[i].msg,
y, "edwards25519_XMD:SHA-512_ELL2_RO_TESTGEN",
(const unsigned char *) test_data[i].msg,
strlen(test_data[i].msg)) != 0) {
printf("crypto_core_ed25519_from_string_ro() failed\n");
}

View File

@ -1,3 +1,3 @@
NU with oversized context: b811f71786d032196a8a07d90393084ac4dbec5506590cd96be0f5a92f084298
RO with oversized context: 5948dc10765f78b8f183377a7af622b205ce8bb62de98254c203b512a9ef966b
NU with oversized context: 313ed6e43b04d526ed4fb68296bed3db383dfd750e5b0d14b25bc696bef4831e
RO with oversized context: ac65cbab76476936d64678978d83fa5544dba1b190c72e6566c631e27b54bdd1
OK