kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 18:15:18 -07:00
Code Releases Wiki Activity

Merge branch 'master' of github.com:jedisct1/libsodium into master

Browse Source 
* 'master' of github.com:jedisct1/libsodium:
  Add hash_to_ristretto255
  Move 2^511 -> 2^255-19 reduction to its own function
  Constify
This commit is contained in:
Frank Denis 2020-09-20 15:13:03 +02:00
commit dfcc95cb64
4 changed files with 95 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libsodium/crypto_core/ed25519/core_ed25519.c
View File

@ -82,7 +82,7 @@ _string_to_points(unsigned char * const px, size_t n,
const char *ctx, const unsigned char *msg, size_t msg_len) const char *ctx, const unsigned char *msg, size_t msg_len)
{ {
crypto_hash_sha512_state st; crypto_hash_sha512_state st;
unsigned char empty_block[128] = { 0 }; const unsigned char empty_block[128] = { 0 };
unsigned char u0[HASH_BYTES], u[2 * HASH_BYTES]; unsigned char u0[HASH_BYTES], u[2 * HASH_BYTES];
unsigned char t[3] = { 0U, n * HASH_L, 0U}; unsigned char t[3] = { 0U, n * HASH_L, 0U};
unsigned char ctx_len_u8; unsigned char ctx_len_u8;

67
src/libsodium/crypto_core/ed25519/core_ristretto255.c
View File

@ -3,6 +3,7 @@
#include "crypto_core_ed25519.h" #include "crypto_core_ed25519.h"
#include "crypto_core_ristretto255.h" #include "crypto_core_ristretto255.h"
#include "crypto_hash_sha512.h"
#include "private/common.h" #include "private/common.h"
#include "private/ed25519_ref10.h" #include "private/ed25519_ref10.h"
#include "randombytes.h" #include "randombytes.h"
@ -67,6 +68,72 @@ crypto_core_ristretto255_from_hash(unsigned char *p, const unsigned char *r)
return 0; return 0;
} }
#define HASH_BYTES crypto_hash_sha512_BYTES
#define HASH_BLOCKBYTES 128U
#define HASH_L crypto_core_ristretto255_HASHBYTES
static int
_string_to_element(unsigned char *p,
const char *ctx, const unsigned char *msg, size_t msg_len)
{
crypto_hash_sha512_state st;
const unsigned char empty_block[128] = { 0 };
unsigned char u0[HASH_BYTES];
unsigned char t[3] = { 0U, HASH_L, 0U};
unsigned char ctx_len_u8;
size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U;
COMPILER_ASSERT(HASH_L <= 0xff);
if (ctx_len > (size_t) 0xff) {
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st,
(const unsigned char *) "H2C-OVERSIZE-DST-",
sizeof "H2C-OVERSIZE-DST-" - 1U);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_final(&st, u0);
ctx = (const char *) u0;
ctx_len = HASH_BYTES;
COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff);
}
ctx_len_u8 = (unsigned char) ctx_len;
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, empty_block, sizeof empty_block);
crypto_hash_sha512_update(&st, msg, msg_len);
crypto_hash_sha512_update(&st, t, 3U);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha512_final(&st, u0);
t[2]++;
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, u0, HASH_BYTES);
crypto_hash_sha512_update(&st, &t[2], 1U);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha512_final(&st, u0);
COMPILER_ASSERT(crypto_core_ristretto255_HASHBYTES == HASH_L);
ristretto255_from_hash(p, u0);
return 0;
}
int
crypto_core_risretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES],
const char *ctx, const unsigned char *msg,
size_t msg_len)
{
return _string_to_element(p, ctx, msg, msg_len);
}
int
crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES],
const char *ctx, const unsigned char *msg,
size_t msg_len)
{
return crypto_core_risretto255_from_string(p, ctx, msg, msg_len);
}
void void
crypto_core_ristretto255_random(unsigned char *p) crypto_core_ristretto255_random(unsigned char *p)
{ {

20
src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
View File

@ -2702,18 +2702,13 @@ ge25519_from_uniform(unsigned char s[32], const unsigned char r[32])
ge25519_p3_tobytes(s, &p3); ge25519_p3_tobytes(s, &p3);
} }
void static void
ge25519_from_hash(unsigned char s[32], const unsigned char h[64]) fe25519_reduce64(fe25519 fe_f, const unsigned char h[64])
{ {
unsigned char fl[32]; unsigned char fl[32];
unsigned char gl[32]; unsigned char gl[32];
ge25519_p3 p3;
fe25519 x, y, negy;
fe25519 fe_f;
fe25519 fe_g; fe25519 fe_g;
size_t i; size_t i;
int notsquare;
unsigned char y_sign;
for (i = 0; i < 32; i++) { for (i = 0; i < 32; i++) {
fl[i] = h[63 - i]; fl[i] = h[63 - i];
@ -2728,7 +2723,18 @@ ge25519_from_hash(unsigned char s[32], const unsigned char h[64])
fe_f[i] += 38 * fe_g[i]; fe_f[i] += 38 * fe_g[i];
} }
fe25519_reduce(fe_f, fe_f); fe25519_reduce(fe_f, fe_f);
}
void
ge25519_from_hash(unsigned char s[32], const unsigned char h[64])
{
ge25519_p3 p3;
fe25519 fe_f;
fe25519 x, y, negy;
int notsquare;
unsigned char y_sign;
fe25519_reduce64(fe_f, h);
ge25519_elligator2(x, y, fe_f, &notsquare); ge25519_elligator2(x, y, fe_f, &notsquare);
y_sign = notsquare; y_sign = notsquare;

14
src/libsodium/include/sodium/crypto_core_ristretto255.h
View File

@ -43,6 +43,20 @@ int crypto_core_ristretto255_from_hash(unsigned char *p,
const unsigned char *r) const unsigned char *r)
__attribute__ ((nonnull)); __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES],
const char *ctx,
const unsigned char *msg,
size_t msg_len)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT
int crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES],
const char *ctx,
const unsigned char *msg,
size_t msg_len)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT SODIUM_EXPORT
void crypto_core_ristretto255_random(unsigned char *p) void crypto_core_ristretto255_random(unsigned char *p)
__attribute__ ((nonnull)); __attribute__ ((nonnull));