1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 18:15:18 -07:00

Add crypto_core_ed25519_from_string() and crypto_core_ed25519_from_string_ro()

This commit is contained in:
Frank Denis 2020-03-30 17:19:36 +02:00
parent 1cedeee7fe
commit 5fdd12fa97
5 changed files with 98 additions and 5 deletions

View File

@ -156,7 +156,9 @@ _crypto_box_seedbytes 1 1
_crypto_box_zerobytes 0 1
_crypto_core_ed25519_add 0 1
_crypto_core_ed25519_bytes 0 1
_crypto_core_ed25519_from_hash 0 1
_crypto_core_ed25519_from_hash 0 0
_crypto_core_ed25519_from_string 0 1
_crypto_core_ed25519_from_string_ro 0 1
_crypto_core_ed25519_from_uniform 0 1
_crypto_core_ed25519_hashbytes 0 1
_crypto_core_ed25519_is_valid_point 0 1

File diff suppressed because one or more lines are too long

View File

@ -1,7 +1,9 @@
#include <stdint.h>
#include <string.h>
#include "crypto_core_ed25519.h"
#include "crypto_hash_sha512.h"
#include "private/common.h"
#include "private/ed25519_ref10.h"
#include "randombytes.h"
@ -78,13 +80,88 @@ crypto_core_ed25519_from_hash(unsigned char *p, const unsigned char *h)
return 0;
}
#define HASH_BYTES crypto_hash_sha512_BYTES
#define HASH_BLOCKBYTES 128U
#define HASH_L 48U
static int
_string_to_points(unsigned char * const px, size_t n, const char *suite,
size_t suite_len, const char *ctx, const unsigned char *msg,
size_t msg_len)
{
crypto_hash_sha512_state st;
unsigned char empty_block[128] = { 0 };
unsigned char u0[HASH_BYTES], u[2 * HASH_BYTES];
unsigned char t[4] = { 0U, n * HASH_L, 0U, 0 };
size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U;
size_t i, j;
if (n > 2U || suite_len > 0xff || ctx_len > 0xff - suite_len) {
return -1;
}
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, empty_block, sizeof empty_block);
crypto_hash_sha512_update(&st, msg, msg_len);
t[3] = (unsigned char) suite_len + ctx_len;
crypto_hash_sha512_update(&st, t, 4U);
crypto_hash_sha512_update(&st, (const unsigned char *) suite, suite_len);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_final(&st, u0);
for (i = 0U; i < n * HASH_BYTES; i += HASH_BYTES) {
memcpy(&u[i], u0, HASH_BYTES);
for (j = 0U; i > 0U && j < HASH_BYTES; j++) {
u[i + j] ^= u[i + j - HASH_BYTES];
}
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, &u[i], HASH_BYTES);
t[2]++;
crypto_hash_sha512_update(&st, t + 2U, 2U);
crypto_hash_sha512_update(&st, (const unsigned char *) suite,
suite_len);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_final(&st, &u[i]);
}
for (i = 0U; i < n; i++) {
memset(u0, 0U, HASH_BYTES - HASH_L);
memcpy(u0 + HASH_BYTES - HASH_L, &u[i * HASH_L], HASH_L);
ge25519_from_hash(&px[i * crypto_core_ed25519_BYTES], u0);
}
return 0;
}
int
crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES],
const char *ctx, const unsigned char *msg,
size_t msg_len)
{
return _string_to_points(p, 1, "edwards25519_XMD:SHA-512_ELL2_NU_",
sizeof "edwards25519_XMD:SHA-512_ELL2_NU_" - 1U, ctx,
msg, msg_len);
}
int
crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES],
const char *ctx, const unsigned char *msg,
size_t msg_len)
{
unsigned char px[2 * crypto_core_ed25519_BYTES];
if (_string_to_points(px, 2, "edwards25519_XMD:SHA-512_ELL2_RO_",
sizeof "edwards25519_XMD:SHA-512_ELL2_RO_" - 1U, ctx,
msg, msg_len) != 0) {
return -1;
}
return crypto_core_ed25519_add(p, &px[0], &px[crypto_core_ed25519_BYTES]);
}
void
crypto_core_ed25519_random(unsigned char *p)
{
unsigned char h[crypto_core_ed25519_HASHBYTES];
unsigned char h[crypto_core_ed25519_UNIFORMBYTES];
randombytes_buf(h, sizeof h);
(void) crypto_core_ed25519_from_hash(p, h);
(void) crypto_core_ed25519_from_uniform(p, h);
}
void

View File

@ -48,7 +48,19 @@ int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
SODIUM_EXPORT
int crypto_core_ed25519_from_hash(unsigned char *p, const unsigned char *h)
__attribute__ ((nonnull));
__attribute__ ((nonnull)) __attribute__ ((deprecated));
SODIUM_EXPORT
int crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES],
const char *ctx, const unsigned char *msg,
size_t msg_len)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT
int crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES],
const char *ctx, const unsigned char *msg,
size_t msg_len)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT
void crypto_core_ed25519_random(unsigned char *p)

View File

@ -191,6 +191,8 @@ crypto_box_zerobytes
crypto_core_ed25519_add
crypto_core_ed25519_bytes
crypto_core_ed25519_from_hash
crypto_core_ed25519_from_string
crypto_core_ed25519_from_string_ro
crypto_core_ed25519_from_uniform
crypto_core_ed25519_hashbytes
crypto_core_ed25519_is_valid_point