diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index c11f681d..cb759b48 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -78,9 +78,8 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) #define HASH_L 48U static int -_string_to_points(unsigned char * const px, size_t n, const char *suite, - size_t suite_len, const char *ctx, const unsigned char *msg, - size_t msg_len) +_string_to_points(unsigned char * const px, size_t n, + const char *ctx, const unsigned char *msg, size_t msg_len) { crypto_hash_sha512_state st; unsigned char empty_block[128] = { 0 }; @@ -89,32 +88,25 @@ _string_to_points(unsigned char * const px, size_t n, const char *suite, size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U; size_t i, j; - /* LCOV_EXCL_START */ - if (n > 2U || suite_len > 0xff) { - abort(); + if (n > 2U) { + abort(); /* LCOV_EXCL_LINE */ } - /* LCOV_EXCL_END */ - if (ctx_len > 0xff - suite_len) { + if (ctx_len > (size_t) 0xff) { crypto_hash_sha512_init(&st); - crypto_hash_sha512_update(&st, "H2C-OVERSIZE-DST-", + crypto_hash_sha512_update(&st, + (const unsigned char *) "H2C-OVERSIZE-DST-", sizeof "H2C-OVERSIZE-DST-" - 1U); - crypto_hash_sha512_update(&st, (const unsigned char *) suite, suite_len); crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len); crypto_hash_sha512_final(&st, u0); ctx = (const char *) u0; ctx_len = HASH_BYTES; - /* LCOV_EXCL_START */ - if (ctx_len > 0xff - suite_len) { - abort(); - } - /* LCOV_EXCL_END */ + COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff); } crypto_hash_sha512_init(&st); crypto_hash_sha512_update(&st, empty_block, sizeof empty_block); crypto_hash_sha512_update(&st, msg, msg_len); - t[3] = (unsigned char) suite_len + ctx_len; + t[3] = (unsigned char) ctx_len; crypto_hash_sha512_update(&st, t, 4U); - crypto_hash_sha512_update(&st, (const unsigned char *) suite, suite_len); crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len); crypto_hash_sha512_final(&st, u0); @@ -127,8 +119,6 @@ _string_to_points(unsigned char * const px, size_t n, const char *suite, crypto_hash_sha512_update(&st, &u[i], HASH_BYTES); t[2]++; crypto_hash_sha512_update(&st, t + 2U, 2U); - crypto_hash_sha512_update(&st, (const unsigned char *) suite, - suite_len); crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len); crypto_hash_sha512_final(&st, &u[i]); } @@ -145,9 +135,7 @@ crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES], const char *ctx, const unsigned char *msg, size_t msg_len) { - return _string_to_points(p, 1, "edwards25519_XMD:SHA-512_ELL2_NU_", - sizeof "edwards25519_XMD:SHA-512_ELL2_NU_" - 1U, ctx, - msg, msg_len); + return _string_to_points(p, 1, ctx, msg, msg_len); } int @@ -157,9 +145,7 @@ crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES], { unsigned char px[2 * crypto_core_ed25519_BYTES]; - if (_string_to_points(px, 2, "edwards25519_XMD:SHA-512_ELL2_RO_", - sizeof "edwards25519_XMD:SHA-512_ELL2_RO_" - 1U, ctx, - msg, msg_len) != 0) { + if (_string_to_points(px, 2, ctx, msg, msg_len) != 0) { return -1; } return crypto_core_ed25519_add(p, &px[0], &px[crypto_core_ed25519_BYTES]); diff --git a/test/default/core_ed25519_h2c.c b/test/default/core_ed25519_h2c.c index 4ac70a6b..9e7ddcab 100644 --- a/test/default/core_ed25519_h2c.c +++ b/test/default/core_ed25519_h2c.c @@ -52,7 +52,7 @@ main(void) char * expected_y_hex, *y_hex; char * oversized_ctx; size_t i, j; - size_t oversized_ctx_len = 250U; + size_t oversized_ctx_len = 500U; expected_yr = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES); expected_y = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES); @@ -68,13 +68,15 @@ main(void) } if (test_data[i].ro == 0) { if (crypto_core_ed25519_from_string( - y, "TESTGEN", (const unsigned char *) test_data[i].msg, + y, "edwards25519_XMD:SHA-512_ELL2_NU_TESTGEN", + (const unsigned char *) test_data[i].msg, strlen(test_data[i].msg)) != 0) { printf("crypto_core_ed25519_from_string() failed\n"); } } else { if (crypto_core_ed25519_from_string_ro( - y, "TESTGEN", (const unsigned char *) test_data[i].msg, + y, "edwards25519_XMD:SHA-512_ELL2_RO_TESTGEN", + (const unsigned char *) test_data[i].msg, strlen(test_data[i].msg)) != 0) { printf("crypto_core_ed25519_from_string_ro() failed\n"); } diff --git a/test/default/core_ed25519_h2c.exp b/test/default/core_ed25519_h2c.exp index f3dae4de..d7b4089c 100644 --- a/test/default/core_ed25519_h2c.exp +++ b/test/default/core_ed25519_h2c.exp @@ -1,3 +1,3 @@ -NU with oversized context: b811f71786d032196a8a07d90393084ac4dbec5506590cd96be0f5a92f084298 -RO with oversized context: 5948dc10765f78b8f183377a7af622b205ce8bb62de98254c203b512a9ef966b +NU with oversized context: 313ed6e43b04d526ed4fb68296bed3db383dfd750e5b0d14b25bc696bef4831e +RO with oversized context: ac65cbab76476936d64678978d83fa5544dba1b190c72e6566c631e27b54bdd1 OK