From d01c49df021ef5965a877536e64501dc2079cccb Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 10 Apr 2020 09:41:47 +0200 Subject: [PATCH] H2C: convert DST encoding to suffix free https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/241 --- src/libsodium/crypto_core/ed25519/core_ed25519.c | 13 ++++++++----- test/default/core_ed25519_h2c.c | 16 ++++++++-------- test/default/core_ed25519_h2c.exp | 4 ++-- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index cb759b48..623ab3b1 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -84,7 +84,8 @@ _string_to_points(unsigned char * const px, size_t n, crypto_hash_sha512_state st; unsigned char empty_block[128] = { 0 }; unsigned char u0[HASH_BYTES], u[2 * HASH_BYTES]; - unsigned char t[4] = { 0U, n * HASH_L, 0U, 0 }; + unsigned char t[3] = { 0U, n * HASH_L, 0U}; + unsigned char ctx_len_u8; size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U; size_t i, j; @@ -102,12 +103,13 @@ _string_to_points(unsigned char * const px, size_t n, ctx_len = HASH_BYTES; COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff); } + ctx_len_u8 = (unsigned char) ctx_len; crypto_hash_sha512_init(&st); crypto_hash_sha512_update(&st, empty_block, sizeof empty_block); crypto_hash_sha512_update(&st, msg, msg_len); - t[3] = (unsigned char) ctx_len; - crypto_hash_sha512_update(&st, t, 4U); + crypto_hash_sha512_update(&st, t, 3U); crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len); + crypto_hash_sha512_update(&st, &ctx_len_u8, 1U); crypto_hash_sha512_final(&st, u0); for (i = 0U; i < n * HASH_BYTES; i += HASH_BYTES) { @@ -115,11 +117,12 @@ _string_to_points(unsigned char * const px, size_t n, for (j = 0U; i > 0U && j < HASH_BYTES; j++) { u[i + j] ^= u[i + j - HASH_BYTES]; } + t[2]++; crypto_hash_sha512_init(&st); crypto_hash_sha512_update(&st, &u[i], HASH_BYTES); - t[2]++; - crypto_hash_sha512_update(&st, t + 2U, 2U); + crypto_hash_sha512_update(&st, &t[2], 1U); crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len); + crypto_hash_sha512_update(&st, &ctx_len_u8, 1U); crypto_hash_sha512_final(&st, &u[i]); } for (i = 0U; i < n; i++) { diff --git a/test/default/core_ed25519_h2c.c b/test/default/core_ed25519_h2c.c index df2bddbc..3abd9df1 100644 --- a/test/default/core_ed25519_h2c.c +++ b/test/default/core_ed25519_h2c.c @@ -9,11 +9,11 @@ typedef struct TestData_ { static TestData test_data[] = { { 0, "", - "115fe9c145cec75332210f75537f89a5af2e9e81928ab63225fcf0db4b9f0b41" }, + "4af6284e3cc7116df104f6708e0c44d79b0e294ccd89b87c4c3c892ebd2f03b1" }, { 0, "abc", - "2a78994752306e4a4eb1c629b3c8625cc26f143f1fe35fc728d295222eba7890" }, + "23e704500ac22fd7106ceedd86bfcc8d50351a6303be22b2724fcc1280d00544" }, { 0, "abcdef0123456789", - "0ca9e2b900bcdfc8b26d705040b6b6a6fd6bfadfd43982a2a59e1d069898ae6b" }, + "34b8a16b923101f2d4caa48d9bb86fef4f92be0ce0f55c8ba9db55da23ad623e" }, { 0, "a512_" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" @@ -24,14 +24,14 @@ static TestData test_data[] = { "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaa", - "511dee3fcc3a422738c453a58acdeafc08fc76f862e97d678adb26f03d0963b5" }, + "31e648bbade3b272b7676f82da905d27de37f41581b1d170250dd9d56f95413c" }, { 1, "", - "1af40833bed99ac42f445e9494dbcc489561b3995a40e3864a1b1bdb6ed6ecd0" }, + "5c307efcdf7f0822428f932e66b46b3d88f59880772a1ab07fac5231609c5f76" }, { 1, "abc", - "7bdb83b6322c4977ffbb69b18df168b56eec733a0254cac0e85eb790460ee4b2" }, + "3f4887aeee9213d976e125bfd0e4e2201d7ddea8abfa28e47bec8df008821b1c" }, { 1, "abcdef0123456789", - "2dd85e9585fba5ab3c22a07cf07b2cf4a19b10dcab49e1a4c8f952461e644bbc" }, + "3c67b98967527a551ea54e4de791689834552009a7a40393fd4a23d1f04061ef" }, { 1, "a512_" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" @@ -42,7 +42,7 @@ static TestData test_data[] = { "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaa", - "160e08388e85b6bcbec8f321ed1de259ffe88dc547a1ce506d61b30fd2378fc5" } + "4ce238dc1cac3b392767bda2c81e3374e61efa4c2f93c5c400f0d848b9b2e339" } }; int diff --git a/test/default/core_ed25519_h2c.exp b/test/default/core_ed25519_h2c.exp index d7b4089c..3917fcc9 100644 --- a/test/default/core_ed25519_h2c.exp +++ b/test/default/core_ed25519_h2c.exp @@ -1,3 +1,3 @@ -NU with oversized context: 313ed6e43b04d526ed4fb68296bed3db383dfd750e5b0d14b25bc696bef4831e -RO with oversized context: ac65cbab76476936d64678978d83fa5544dba1b190c72e6566c631e27b54bdd1 +NU with oversized context: 998ca2fdd0ade350cb6c279173dfd4a6a42f46ca5c2928871aacff60c16546e3 +RO with oversized context: d8eef92c8fc5d714a19bcf6f66de9285330438367c5dccaf9a3b1c192297903d OK