diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index 790016f9..8c21c496 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -77,7 +77,8 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) static int _string_to_points(unsigned char * const px, const size_t n, - const char *ctx, const unsigned char *msg, size_t msg_len) + const char *ctx, const unsigned char *msg, size_t msg_len, + int hash_alg) { unsigned char h[crypto_core_ed25519_HASHBYTES]; unsigned char h_be[2U * HASH_GE_L]; @@ -87,7 +88,7 @@ _string_to_points(unsigned char * const px, const size_t n, abort(); /* LCOV_EXCL_LINE */ } if (core_h2c_string_to_hash(h_be, n * HASH_GE_L, ctx, msg, msg_len, - CORE_H2C_SHA512) != 0) { + hash_alg) != 0) { return -1; } COMPILER_ASSERT(sizeof h >= HASH_GE_L); @@ -104,19 +105,19 @@ _string_to_points(unsigned char * const px, const size_t n, int crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES], const char *ctx, const unsigned char *msg, - size_t msg_len) + size_t msg_len, int hash_alg) { - return _string_to_points(p, 1, ctx, msg, msg_len); + return _string_to_points(p, 1, ctx, msg, msg_len, hash_alg); } int crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES], const char *ctx, const unsigned char *msg, - size_t msg_len) + size_t msg_len, int hash_alg) { unsigned char px[2 * crypto_core_ed25519_BYTES]; - if (_string_to_points(px, 2, ctx, msg, msg_len) != 0) { + if (_string_to_points(px, 2, ctx, msg, msg_len, hash_alg) != 0) { return -1; } return crypto_core_ed25519_add(p, &px[0], &px[crypto_core_ed25519_BYTES]); diff --git a/src/libsodium/crypto_core/ed25519/core_h2c.h b/src/libsodium/crypto_core/ed25519/core_h2c.h index 95dbdc78..e595b80c 100644 --- a/src/libsodium/crypto_core/ed25519/core_h2c.h +++ b/src/libsodium/crypto_core/ed25519/core_h2c.h @@ -1,6 +1,8 @@ #ifndef core_h2c_H #define core_h2c_H +#include "private/quirks.h" + #define CORE_H2C_SHA256 1 #define CORE_H2C_SHA512 2 diff --git a/src/libsodium/crypto_core/ed25519/core_ristretto255.c b/src/libsodium/crypto_core/ed25519/core_ristretto255.c index 81951f5c..71da0307 100644 --- a/src/libsodium/crypto_core/ed25519/core_ristretto255.c +++ b/src/libsodium/crypto_core/ed25519/core_ristretto255.c @@ -73,12 +73,13 @@ crypto_core_ristretto255_from_hash(unsigned char *p, const unsigned char *r) static int _string_to_element(unsigned char *p, - const char *ctx, const unsigned char *msg, size_t msg_len) + const char *ctx, const unsigned char *msg, size_t msg_len, + int hash_alg) { unsigned char h[crypto_core_ristretto255_HASHBYTES]; if (core_h2c_string_to_hash(h, sizeof h, ctx, msg, msg_len, - CORE_H2C_SHA256) != 0) { + hash_alg) != 0) { return -1; } ristretto255_from_hash(p, h); @@ -89,17 +90,17 @@ _string_to_element(unsigned char *p, int crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES], const char *ctx, const unsigned char *msg, - size_t msg_len) + size_t msg_len, int hash_alg) { - return _string_to_element(p, ctx, msg, msg_len); + return _string_to_element(p, ctx, msg, msg_len, hash_alg); } int crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES], const char *ctx, const unsigned char *msg, - size_t msg_len) + size_t msg_len, int hash_alg) { - return crypto_core_ristretto255_from_string(p, ctx, msg, msg_len); + return crypto_core_ristretto255_from_string(p, ctx, msg, msg_len, hash_alg); } void @@ -177,14 +178,14 @@ crypto_core_ristretto255_scalar_is_canonical(const unsigned char *s) int crypto_core_ristretto255_scalar_from_string(unsigned char *s, const char *ctx, const unsigned char *msg, - size_t msg_len) + size_t msg_len, int hash_alg) { unsigned char h[crypto_core_ristretto255_NONREDUCEDSCALARBYTES]; unsigned char h_be[HASH_SC_L]; size_t i; if (core_h2c_string_to_hash(h_be, sizeof h_be, ctx, msg, msg_len, - CORE_H2C_SHA256) != 0) { + hash_alg) != 0) { return -1; } COMPILER_ASSERT(sizeof h >= sizeof h_be); diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index 2e80ccdf..618a44f9 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -28,6 +28,9 @@ size_t crypto_core_ed25519_scalarbytes(void); SODIUM_EXPORT size_t crypto_core_ed25519_nonreducedscalarbytes(void); +#define crypto_core_ed25519_H2CSHA256 1 +#define crypto_core_ed25519_H2CSHA512 2 + SODIUM_EXPORT int crypto_core_ed25519_is_valid_point(const unsigned char *p) __attribute__ ((nonnull)); @@ -49,13 +52,13 @@ int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) SODIUM_EXPORT int crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES], const char *ctx, const unsigned char *msg, - size_t msg_len) + size_t msg_len, int hash_alg) __attribute__ ((nonnull(1))); SODIUM_EXPORT int crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES], const char *ctx, const unsigned char *msg, - size_t msg_len) + size_t msg_len, int hash_alg) __attribute__ ((nonnull(1))); SODIUM_EXPORT diff --git a/src/libsodium/include/sodium/crypto_core_ristretto255.h b/src/libsodium/include/sodium/crypto_core_ristretto255.h index c22dfdd4..5fc3a1be 100644 --- a/src/libsodium/include/sodium/crypto_core_ristretto255.h +++ b/src/libsodium/include/sodium/crypto_core_ristretto255.h @@ -24,6 +24,9 @@ size_t crypto_core_ristretto255_scalarbytes(void); SODIUM_EXPORT size_t crypto_core_ristretto255_nonreducedscalarbytes(void); +#define crypto_core_ristretto255_H2CSHA256 1 +#define crypto_core_ristretto255_H2CSHA512 2 + SODIUM_EXPORT int crypto_core_ristretto255_is_valid_point(const unsigned char *p) __attribute__ ((nonnull)); @@ -47,14 +50,14 @@ SODIUM_EXPORT int crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES], const char *ctx, const unsigned char *msg, - size_t msg_len) + size_t msg_len, int hash_alg) __attribute__ ((nonnull(1))); SODIUM_EXPORT int crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES], const char *ctx, const unsigned char *msg, - size_t msg_len) + size_t msg_len, int hash_alg) __attribute__ ((nonnull(1))); SODIUM_EXPORT diff --git a/test/default/core_ed25519_h2c.c b/test/default/core_ed25519_h2c.c index c760c117..e4e65b98 100644 --- a/test/default/core_ed25519_h2c.c +++ b/test/default/core_ed25519_h2c.c @@ -54,6 +54,8 @@ static TestData test_data[] = { "6dc2fc04f266c5c27f236a80b14f92ccd051ef1ff027f26a07f8c0f327d8f995" } }; +#define H2CHASH crypto_core_ed25519_H2CSHA512 + int main(void) { @@ -79,14 +81,14 @@ main(void) if (crypto_core_ed25519_from_string( y, "QUUX-V01-CS02-with-edwards25519_XMD:SHA-512_ELL2_NU_", (const unsigned char *) test_data[i].msg, - strlen(test_data[i].msg)) != 0) { + strlen(test_data[i].msg), H2CHASH) != 0) { printf("crypto_core_ed25519_from_string() failed\n"); } } else { if (crypto_core_ed25519_from_string_ro( y, "QUUX-V01-CS02-with-edwards25519_XMD:SHA-512_ELL2_RO_", (const unsigned char *) test_data[i].msg, - strlen(test_data[i].msg)) != 0) { + strlen(test_data[i].msg), H2CHASH) != 0) { printf("crypto_core_ed25519_from_string_ro() failed\n"); } } @@ -102,11 +104,12 @@ main(void) } if (crypto_core_ed25519_from_string(y, NULL, (const unsigned char *) "msg", - 3U) != 0 || - crypto_core_ed25519_from_string(y, "", guard_page, 0U) != 0 || + 3U, H2CHASH) != 0 || + crypto_core_ed25519_from_string(y, "", guard_page, 0U, H2CHASH) != 0 || crypto_core_ed25519_from_string_ro( - y, NULL, (const unsigned char *) "msg", 3U) != 0 || - crypto_core_ed25519_from_string_ro(y, "", guard_page, 0U) != 0) { + y, NULL, (const unsigned char *) "msg", 3U, H2CHASH) != 0 || + crypto_core_ed25519_from_string_ro(y, "", guard_page, 0U, + H2CHASH) != 0) { printf("Failed with empty parameters"); } @@ -114,12 +117,14 @@ main(void) memset(oversized_ctx, 'X', oversized_ctx_len - 1U); oversized_ctx[oversized_ctx_len - 1U] = 0; crypto_core_ed25519_from_string(y, oversized_ctx, - (const unsigned char *) "msg", 3U); + (const unsigned char *) "msg", 3U, + H2CHASH); sodium_bin2hex(y_hex, crypto_core_ed25519_BYTES * 2U + 1U, y, crypto_core_ed25519_BYTES); printf("NU with oversized context: %s\n", y_hex); crypto_core_ed25519_from_string_ro(y, oversized_ctx, - (const unsigned char *) "msg", 3U); + (const unsigned char *) "msg", 3U, + H2CHASH); sodium_bin2hex(y_hex, crypto_core_ed25519_BYTES * 2U + 1U, y, crypto_core_ed25519_BYTES); printf("RO with oversized context: %s\n", y_hex);