1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 20:15:19 -07:00

Move the H2C string->hash functions to their own files

This commit is contained in:
Frank Denis 2021-01-24 18:45:14 +01:00
parent 83ad278a28
commit e0629769d3
21 changed files with 217 additions and 111 deletions

View File

@ -189,6 +189,7 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\hsalsa20\ref2\core_hsalsa20_ref2.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ed25519.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c" />
</ItemGroup>
<ItemGroup>
@ -318,6 +319,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6int\salsa20_xmm6int-sse2.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6-asm_namespace.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\fe.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\base2.h" />

View File

@ -360,6 +360,9 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c">
<Filter>crypto_core\ed25519\ref10</Filter>
</ClCompile>
@ -743,6 +746,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h">
<Filter>crypto_stream\salsa20\xmm6</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h">
<Filter>crypto_core\ed25519</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h">
<Filter>crypto_core\ed25519\ref10\fe_25_5</Filter>
</ClInclude>

View File

@ -189,6 +189,7 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\hsalsa20\ref2\core_hsalsa20_ref2.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ed25519.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c" />
</ItemGroup>
<ItemGroup>
@ -318,6 +319,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6int\salsa20_xmm6int-sse2.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6-asm_namespace.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\fe.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\base2.h" />

View File

@ -360,6 +360,9 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c">
<Filter>crypto_core\ed25519\ref10</Filter>
</ClCompile>
@ -743,6 +746,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h">
<Filter>crypto_stream\salsa20\xmm6</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h">
<Filter>crypto_core\ed25519</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h">
<Filter>crypto_core\ed25519\ref10\fe_25_5</Filter>
</ClInclude>

View File

@ -189,6 +189,7 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\hsalsa20\ref2\core_hsalsa20_ref2.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ed25519.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c" />
</ItemGroup>
<ItemGroup>
@ -318,6 +319,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6int\salsa20_xmm6int-sse2.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6-asm_namespace.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\fe.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\base2.h" />

View File

@ -360,6 +360,9 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c">
<Filter>crypto_core\ed25519\ref10</Filter>
</ClCompile>
@ -743,6 +746,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h">
<Filter>crypto_stream\salsa20\xmm6</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h">
<Filter>crypto_core\ed25519</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h">
<Filter>crypto_core\ed25519\ref10\fe_25_5</Filter>
</ClInclude>

View File

@ -189,6 +189,7 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\hsalsa20\ref2\core_hsalsa20_ref2.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ed25519.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c" />
</ItemGroup>
<ItemGroup>
@ -318,6 +319,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6int\salsa20_xmm6int-sse2.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6-asm_namespace.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\fe.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\base2.h" />

View File

@ -360,6 +360,9 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c">
<Filter>crypto_core\ed25519\ref10</Filter>
</ClCompile>
@ -743,6 +746,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h">
<Filter>crypto_stream\salsa20\xmm6</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h">
<Filter>crypto_core\ed25519</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h">
<Filter>crypto_core\ed25519\ref10\fe_25_5</Filter>
</ClInclude>

View File

@ -189,6 +189,7 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\hsalsa20\ref2\core_hsalsa20_ref2.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ed25519.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c" />
</ItemGroup>
<ItemGroup>
@ -318,6 +319,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6int\salsa20_xmm6int-sse2.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6-asm_namespace.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\fe.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\base2.h" />

View File

@ -360,6 +360,9 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c">
<Filter>crypto_core\ed25519\ref10</Filter>
</ClCompile>
@ -743,6 +746,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h">
<Filter>crypto_stream\salsa20\xmm6</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h">
<Filter>crypto_core\ed25519</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h">
<Filter>crypto_core\ed25519\ref10\fe_25_5</Filter>
</ClInclude>

View File

@ -189,6 +189,7 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\hsalsa20\ref2\core_hsalsa20_ref2.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ed25519.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c" />
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c" />
</ItemGroup>
<ItemGroup>
@ -318,6 +319,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6int\salsa20_xmm6int-sse2.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6-asm_namespace.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\fe.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\base2.h" />

View File

@ -360,6 +360,9 @@
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_ristretto255.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.c">
<Filter>crypto_core\ed25519</Filter>
</ClCompile>
<ClCompile Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c">
<Filter>crypto_core\ed25519\ref10</Filter>
</ClCompile>
@ -743,6 +746,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h">
<Filter>crypto_stream\salsa20\xmm6</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\core_h2c.h">
<Filter>crypto_core\ed25519</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h">
<Filter>crypto_core\ed25519\ref10\fe_25_5</Filter>
</ClInclude>

View File

@ -427,6 +427,7 @@
<ClCompile Include="src\libsodium\crypto_core\hsalsa20\ref2\core_hsalsa20_ref2.c" />
<ClCompile Include="src\libsodium\crypto_core\ed25519\core_ed25519.c" />
<ClCompile Include="src\libsodium\crypto_core\ed25519\core_ristretto255.c" />
<ClCompile Include="src\libsodium\crypto_core\ed25519\core_h2c.c" />
<ClCompile Include="src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c" />
</ItemGroup>
<ItemGroup>
@ -556,6 +557,7 @@
<ClInclude Include="src\libsodium\crypto_stream\salsa20\xmm6int\salsa20_xmm6int-sse2.h" />
<ClInclude Include="src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6-asm_namespace.h" />
<ClInclude Include="src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h" />
<ClInclude Include="src\libsodium\crypto_core\ed25519\core_h2c.h" />
<ClInclude Include="src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h" />
<ClInclude Include="src\libsodium\crypto_core\ed25519\ref10\fe_25_5\fe.h" />
<ClInclude Include="src\libsodium\crypto_core\ed25519\ref10\fe_25_5\base2.h" />

View File

@ -351,6 +351,9 @@
<ClCompile Include="src\libsodium\crypto_core\ed25519\core_ristretto255.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\libsodium\crypto_core\ed25519\core_h2c.c">
<Filter>Source Files</Filter>
</ClCompile>
<ClCompile Include="src\libsodium\crypto_core\ed25519\ref10\ed25519_ref10.c">
<Filter>Source Files</Filter>
</ClCompile>
@ -734,6 +737,9 @@
<ClInclude Include="src\libsodium\crypto_stream\salsa20\xmm6\salsa20_xmm6.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\libsodium\crypto_core\ed25519\core_h2c.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\libsodium\crypto_core\ed25519\ref10\fe_25_5\constants.h">
<Filter>Header Files</Filter>
</ClInclude>

View File

@ -14,6 +14,8 @@ libsodium_la_SOURCES = \
crypto_box/crypto_box_easy.c \
crypto_box/crypto_box_seal.c \
crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c \
crypto_core/ed25519/core_h2c.c \
crypto_core/ed25519/core_h2c.h \
crypto_core/ed25519/ref10/ed25519_ref10.c \
crypto_core/hchacha20/core_hchacha20.c \
crypto_core/hsalsa20/ref2/core_hsalsa20_ref2.c \

View File

@ -1,9 +1,8 @@
#include <assert.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "core_h2c.h"
#include "crypto_core_ed25519.h"
#include "crypto_hash_sha512.h"
#include "private/common.h"
@ -74,58 +73,6 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
return 0;
}
#define HASH_BYTES crypto_hash_sha512_BYTES
#define HASH_BLOCKBYTES 128U
static void
_string_to_h2c_hash(unsigned char *h, const size_t h_len,
const char *ctx, const unsigned char *msg, size_t msg_len)
{
crypto_hash_sha512_state st;
const unsigned char empty_block[HASH_BLOCKBYTES] = { 0 };
unsigned char u0[HASH_BYTES];
unsigned char ux[HASH_BYTES] = { 0 };
unsigned char t[3] = { 0U, (unsigned char) h_len, 0U};
unsigned char ctx_len_u8;
size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U;
size_t i, j;
assert(h_len <= 0xff);
if (ctx_len > (size_t) 0xff) {
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st,
(const unsigned char *) "H2C-OVERSIZE-DST-",
sizeof "H2C-OVERSIZE-DST-" - 1U);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_final(&st, u0);
ctx = (const char *) u0;
ctx_len = HASH_BYTES;
COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff);
}
ctx_len_u8 = (unsigned char) ctx_len;
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, empty_block, sizeof empty_block);
crypto_hash_sha512_update(&st, msg, msg_len);
crypto_hash_sha512_update(&st, t, 3U);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha512_final(&st, u0);
for (i = 0U; i < h_len; i += HASH_BYTES) {
for (j = 0U; j < HASH_BYTES; j++) {
ux[j] ^= u0[j];
}
t[2]++;
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, ux, HASH_BYTES);
crypto_hash_sha512_update(&st, &t[2], 1U);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha512_final(&st, ux);
memcpy(&h[i], ux, h_len - i >= (sizeof ux) ? (sizeof ux) : h_len - i);
}
}
#define HASH_GE_L 48U
static int
@ -139,8 +86,10 @@ _string_to_points(unsigned char * const px, const size_t n,
if (n > 2U) {
abort(); /* LCOV_EXCL_LINE */
}
_string_to_h2c_hash(h_be, n * HASH_GE_L, ctx, msg, msg_len);
if (core_h2c_string_to_hash(h_be, n * HASH_GE_L, ctx, msg, msg_len,
CORE_H2C_SHA512) != 0) {
return -1;
}
COMPILER_ASSERT(sizeof h >= HASH_GE_L);
for (i = 0U; i < n; i++) {
for (j = 0U; j < HASH_GE_L; j++) {

View File

@ -0,0 +1,133 @@
#include <assert.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include "core_h2c.h"
#include "crypto_hash_sha256.h"
#include "crypto_hash_sha512.h"
#include "private/common.h"
#define HASH_BYTES crypto_hash_sha256_BYTES
#define HASH_BLOCKBYTES 64U
static int
core_h2c_string_to_hash_sha256(unsigned char *h, const size_t h_len, const char *ctx,
const unsigned char *msg, size_t msg_len)
{
crypto_hash_sha256_state st;
const unsigned char empty_block[HASH_BLOCKBYTES] = { 0 };
unsigned char u0[HASH_BYTES];
unsigned char ux[HASH_BYTES] = { 0 };
unsigned char t[3] = { 0U, (unsigned char) h_len, 0U};
unsigned char ctx_len_u8;
size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U;
size_t i, j;
assert(h_len <= 0xff);
if (ctx_len > (size_t) 0xff) {
crypto_hash_sha256_init(&st);
crypto_hash_sha256_update(&st,
(const unsigned char *) "H2C-OVERSIZE-DST-",
sizeof "H2C-OVERSIZE-DST-" - 1U);
crypto_hash_sha256_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha256_final(&st, u0);
ctx = (const char *) u0;
ctx_len = HASH_BYTES;
COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff);
}
ctx_len_u8 = (unsigned char) ctx_len;
crypto_hash_sha256_init(&st);
crypto_hash_sha256_update(&st, empty_block, sizeof empty_block);
crypto_hash_sha256_update(&st, msg, msg_len);
crypto_hash_sha256_update(&st, t, 3U);
crypto_hash_sha256_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha256_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha256_final(&st, u0);
for (i = 0U; i < h_len; i += HASH_BYTES) {
for (j = 0U; j < HASH_BYTES; j++) {
ux[j] ^= u0[j];
}
t[2]++;
crypto_hash_sha256_init(&st);
crypto_hash_sha256_update(&st, ux, HASH_BYTES);
crypto_hash_sha256_update(&st, &t[2], 1U);
crypto_hash_sha256_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha256_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha256_final(&st, ux);
memcpy(&h[i], ux, h_len - i >= (sizeof ux) ? (sizeof ux) : h_len - i);
}
return 0;
}
#undef HASH_BYTES
#undef HASH_BLOCKBYTES
#define HASH_BYTES crypto_hash_sha512_BYTES
#define HASH_BLOCKBYTES 128U
static int
core_h2c_string_to_hash_sha512(unsigned char *h, const size_t h_len, const char *ctx,
const unsigned char *msg, size_t msg_len)
{
crypto_hash_sha512_state st;
const unsigned char empty_block[HASH_BLOCKBYTES] = { 0 };
unsigned char u0[HASH_BYTES];
unsigned char ux[HASH_BYTES] = { 0 };
unsigned char t[3] = { 0U, (unsigned char) h_len, 0U};
unsigned char ctx_len_u8;
size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U;
size_t i, j;
assert(h_len <= 0xff);
if (ctx_len > (size_t) 0xff) {
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st,
(const unsigned char *) "H2C-OVERSIZE-DST-",
sizeof "H2C-OVERSIZE-DST-" - 1U);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_final(&st, u0);
ctx = (const char *) u0;
ctx_len = HASH_BYTES;
COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff);
}
ctx_len_u8 = (unsigned char) ctx_len;
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, empty_block, sizeof empty_block);
crypto_hash_sha512_update(&st, msg, msg_len);
crypto_hash_sha512_update(&st, t, 3U);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha512_final(&st, u0);
for (i = 0U; i < h_len; i += HASH_BYTES) {
for (j = 0U; j < HASH_BYTES; j++) {
ux[j] ^= u0[j];
}
t[2]++;
crypto_hash_sha512_init(&st);
crypto_hash_sha512_update(&st, ux, HASH_BYTES);
crypto_hash_sha512_update(&st, &t[2], 1U);
crypto_hash_sha512_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha512_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha512_final(&st, ux);
memcpy(&h[i], ux, h_len - i >= (sizeof ux) ? (sizeof ux) : h_len - i);
}
return 0;
}
int
core_h2c_string_to_hash(unsigned char *h, const size_t h_len, const char *ctx,
const unsigned char *msg, size_t msg_len, int hash_alg)
{
switch (hash_alg) {
case CORE_H2C_SHA256:
return core_h2c_string_to_hash_sha256(h, h_len, ctx, msg, msg_len);
case CORE_H2C_SHA512:
return core_h2c_string_to_hash_sha512(h, h_len, ctx, msg, msg_len);
default:
errno = EINVAL;
return -1;
}
}

View File

@ -0,0 +1,10 @@
#ifndef core_h2c_H
#define core_h2c_H
#define CORE_H2C_SHA256 1
#define CORE_H2C_SHA512 2
int core_h2c_string_to_hash(unsigned char *h, const size_t h_len, const char *ctx,
const unsigned char *msg, size_t msg_len,
int hash_alg);
#endif

View File

@ -3,6 +3,7 @@
#include <stdint.h>
#include <string.h>
#include "core_h2c.h"
#include "crypto_core_ed25519.h"
#include "crypto_core_ristretto255.h"
#include "crypto_hash_sha256.h"
@ -70,65 +71,16 @@ crypto_core_ristretto255_from_hash(unsigned char *p, const unsigned char *r)
return 0;
}
#define HASH_BYTES crypto_hash_sha256_BYTES
#define HASH_BLOCKBYTES 64U
static void
_string_to_h2c_hash(unsigned char *h, const size_t h_len,
const char *ctx, const unsigned char *msg, size_t msg_len)
{
crypto_hash_sha256_state st;
const unsigned char empty_block[HASH_BLOCKBYTES] = { 0 };
unsigned char u0[HASH_BYTES];
unsigned char ux[HASH_BYTES] = { 0 };
unsigned char t[3] = { 0U, (unsigned char) h_len, 0U};
unsigned char ctx_len_u8;
size_t ctx_len = ctx != NULL ? strlen(ctx) : 0U;
size_t i, j;
assert(h_len <= 0xff);
if (ctx_len > (size_t) 0xff) {
crypto_hash_sha256_init(&st);
crypto_hash_sha256_update(&st,
(const unsigned char *) "H2C-OVERSIZE-DST-",
sizeof "H2C-OVERSIZE-DST-" - 1U);
crypto_hash_sha256_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha256_final(&st, u0);
ctx = (const char *) u0;
ctx_len = HASH_BYTES;
COMPILER_ASSERT(HASH_BYTES <= (size_t) 0xff);
}
ctx_len_u8 = (unsigned char) ctx_len;
crypto_hash_sha256_init(&st);
crypto_hash_sha256_update(&st, empty_block, sizeof empty_block);
crypto_hash_sha256_update(&st, msg, msg_len);
crypto_hash_sha256_update(&st, t, 3U);
crypto_hash_sha256_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha256_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha256_final(&st, u0);
for (i = 0U; i < h_len; i += HASH_BYTES) {
for (j = 0U; j < HASH_BYTES; j++) {
ux[j] ^= u0[j];
}
t[2]++;
crypto_hash_sha256_init(&st);
crypto_hash_sha256_update(&st, ux, HASH_BYTES);
crypto_hash_sha256_update(&st, &t[2], 1U);
crypto_hash_sha256_update(&st, (const unsigned char *) ctx, ctx_len);
crypto_hash_sha256_update(&st, &ctx_len_u8, 1U);
crypto_hash_sha256_final(&st, ux);
memcpy(&h[i], ux, h_len - i >= (sizeof ux) ? (sizeof ux) : h_len - i);
}
}
static int
_string_to_element(unsigned char *p,
const char *ctx, const unsigned char *msg, size_t msg_len)
{
unsigned char h[crypto_core_ristretto255_HASHBYTES];
_string_to_h2c_hash(h, sizeof h, ctx, msg, msg_len);
if (core_h2c_string_to_hash(h, sizeof h, ctx, msg, msg_len,
CORE_H2C_SHA256) != 0) {
return -1;
}
ristretto255_from_hash(p, h);
return 0;
@ -231,8 +183,10 @@ crypto_core_ristretto255_scalar_from_string(unsigned char *s,
unsigned char h_be[HASH_SC_L];
size_t i;
_string_to_h2c_hash(h_be, sizeof h_be, ctx, msg, msg_len);
if (core_h2c_string_to_hash(h_be, sizeof h_be, ctx, msg, msg_len,
CORE_H2C_SHA256) != 0) {
return -1;
}
COMPILER_ASSERT(sizeof h >= sizeof h_be);
for (i = 0U; i < HASH_SC_L; i++) {
h[i] = h_be[HASH_SC_L - 1U - i];

View File

@ -37,6 +37,7 @@
#define blake2b_pick_best_implementation _sodium_blake2b_pick_best_implementation
#define blake2b_salt_personal _sodium_blake2b_salt_personal
#define blake2b_update _sodium_blake2b_update
#define core_h2c_string_to_hash _sodium_core_h2c_string_to_hash
#define escrypt_PBKDF2_SHA256 _sodium_escrypt_PBKDF2_SHA256
#define escrypt_alloc_region _sodium_escrypt_alloc_region
#define escrypt_free_local _sodium_escrypt_free_local

View File

@ -32,6 +32,7 @@ blake2b_long
blake2b_pick_best_implementation
blake2b_salt_personal
blake2b_update
core_h2c_string_to_hash
crypto_aead_aegis128l_abytes
crypto_aead_aegis128l_decrypt
crypto_aead_aegis128l_decrypt_detached