kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 10:05:05 -07:00
Code Releases Wiki Activity

Change crypto_core_ed25519_from_string() to accept a hash function

Browse Source
This commit is contained in:
Frank Denis 2021-01-24 19:21:07 +01:00
parent e0629769d3
commit e4206f1337
6 changed files with 41 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/libsodium/crypto_core/ed25519/core_ed25519.c
View File

@ -77,7 +77,8 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
static int static int
_string_to_points(unsigned char * const px, const size_t n, _string_to_points(unsigned char * const px, const size_t n,
const char *ctx, const unsigned char *msg, size_t msg_len) const char *ctx, const unsigned char *msg, size_t msg_len,
int hash_alg)
{ {
unsigned char h[crypto_core_ed25519_HASHBYTES]; unsigned char h[crypto_core_ed25519_HASHBYTES];
unsigned char h_be[2U * HASH_GE_L]; unsigned char h_be[2U * HASH_GE_L];
@ -87,7 +88,7 @@ _string_to_points(unsigned char * const px, const size_t n,
abort(); /* LCOV_EXCL_LINE */ abort(); /* LCOV_EXCL_LINE */
} }
if (core_h2c_string_to_hash(h_be, n * HASH_GE_L, ctx, msg, msg_len, if (core_h2c_string_to_hash(h_be, n * HASH_GE_L, ctx, msg, msg_len,
CORE_H2C_SHA512) != 0) { hash_alg) != 0) {
return -1; return -1;
} }
COMPILER_ASSERT(sizeof h >= HASH_GE_L); COMPILER_ASSERT(sizeof h >= HASH_GE_L);
@ -104,19 +105,19 @@ _string_to_points(unsigned char * const px, const size_t n,
int int
crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES], crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES],
const char *ctx, const unsigned char *msg, const char *ctx, const unsigned char *msg,
size_t msg_len) size_t msg_len, int hash_alg)
{ {
return _string_to_points(p, 1, ctx, msg, msg_len); return _string_to_points(p, 1, ctx, msg, msg_len, hash_alg);
} }
int int
crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES], crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES],
const char *ctx, const unsigned char *msg, const char *ctx, const unsigned char *msg,
size_t msg_len) size_t msg_len, int hash_alg)
{ {
unsigned char px[2 * crypto_core_ed25519_BYTES]; unsigned char px[2 * crypto_core_ed25519_BYTES];
if (_string_to_points(px, 2, ctx, msg, msg_len) != 0) { if (_string_to_points(px, 2, ctx, msg, msg_len, hash_alg) != 0) {
return -1; return -1;
} }
return crypto_core_ed25519_add(p, &px[0], &px[crypto_core_ed25519_BYTES]); return crypto_core_ed25519_add(p, &px[0], &px[crypto_core_ed25519_BYTES]);

2
src/libsodium/crypto_core/ed25519/core_h2c.h
View File

@ -1,6 +1,8 @@
#ifndef core_h2c_H #ifndef core_h2c_H
#define core_h2c_H #define core_h2c_H
#include "private/quirks.h"
#define CORE_H2C_SHA256 1 #define CORE_H2C_SHA256 1
#define CORE_H2C_SHA512 2 #define CORE_H2C_SHA512 2

17
src/libsodium/crypto_core/ed25519/core_ristretto255.c
View File

@ -73,12 +73,13 @@ crypto_core_ristretto255_from_hash(unsigned char *p, const unsigned char *r)
static int static int
_string_to_element(unsigned char *p, _string_to_element(unsigned char *p,
const char *ctx, const unsigned char *msg, size_t msg_len) const char *ctx, const unsigned char *msg, size_t msg_len,
int hash_alg)
{ {
unsigned char h[crypto_core_ristretto255_HASHBYTES]; unsigned char h[crypto_core_ristretto255_HASHBYTES];
if (core_h2c_string_to_hash(h, sizeof h, ctx, msg, msg_len, if (core_h2c_string_to_hash(h, sizeof h, ctx, msg, msg_len,
CORE_H2C_SHA256) != 0) { hash_alg) != 0) {
return -1; return -1;
} }
ristretto255_from_hash(p, h); ristretto255_from_hash(p, h);
@ -89,17 +90,17 @@ _string_to_element(unsigned char *p,
int int
crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES], crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES],
const char *ctx, const unsigned char *msg, const char *ctx, const unsigned char *msg,
size_t msg_len) size_t msg_len, int hash_alg)
{ {
return _string_to_element(p, ctx, msg, msg_len); return _string_to_element(p, ctx, msg, msg_len, hash_alg);
} }
int int
crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES], crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES],
const char *ctx, const unsigned char *msg, const char *ctx, const unsigned char *msg,
size_t msg_len) size_t msg_len, int hash_alg)
{ {
return crypto_core_ristretto255_from_string(p, ctx, msg, msg_len); return crypto_core_ristretto255_from_string(p, ctx, msg, msg_len, hash_alg);
} }
void void
@ -177,14 +178,14 @@ crypto_core_ristretto255_scalar_is_canonical(const unsigned char *s)
int int
crypto_core_ristretto255_scalar_from_string(unsigned char *s, crypto_core_ristretto255_scalar_from_string(unsigned char *s,
const char *ctx, const unsigned char *msg, const char *ctx, const unsigned char *msg,
size_t msg_len) size_t msg_len, int hash_alg)
{ {
unsigned char h[crypto_core_ristretto255_NONREDUCEDSCALARBYTES]; unsigned char h[crypto_core_ristretto255_NONREDUCEDSCALARBYTES];
unsigned char h_be[HASH_SC_L]; unsigned char h_be[HASH_SC_L];
size_t i; size_t i;
if (core_h2c_string_to_hash(h_be, sizeof h_be, ctx, msg, msg_len, if (core_h2c_string_to_hash(h_be, sizeof h_be, ctx, msg, msg_len,
CORE_H2C_SHA256) != 0) { hash_alg) != 0) {
return -1; return -1;
} }
COMPILER_ASSERT(sizeof h >= sizeof h_be); COMPILER_ASSERT(sizeof h >= sizeof h_be);

7
src/libsodium/include/sodium/crypto_core_ed25519.h
View File

@ -28,6 +28,9 @@ size_t crypto_core_ed25519_scalarbytes(void);
SODIUM_EXPORT SODIUM_EXPORT
size_t crypto_core_ed25519_nonreducedscalarbytes(void); size_t crypto_core_ed25519_nonreducedscalarbytes(void);
#define crypto_core_ed25519_H2CSHA256 1
#define crypto_core_ed25519_H2CSHA512 2
SODIUM_EXPORT SODIUM_EXPORT
int crypto_core_ed25519_is_valid_point(const unsigned char *p) int crypto_core_ed25519_is_valid_point(const unsigned char *p)
__attribute__ ((nonnull)); __attribute__ ((nonnull));
@ -49,13 +52,13 @@ int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
SODIUM_EXPORT SODIUM_EXPORT
int crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES], int crypto_core_ed25519_from_string(unsigned char p[crypto_core_ed25519_BYTES],
const char *ctx, const unsigned char *msg, const char *ctx, const unsigned char *msg,
size_t msg_len) size_t msg_len, int hash_alg)
__attribute__ ((nonnull(1))); __attribute__ ((nonnull(1)));
SODIUM_EXPORT SODIUM_EXPORT
int crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES], int crypto_core_ed25519_from_string_ro(unsigned char p[crypto_core_ed25519_BYTES],
const char *ctx, const unsigned char *msg, const char *ctx, const unsigned char *msg,
size_t msg_len) size_t msg_len, int hash_alg)
__attribute__ ((nonnull(1))); __attribute__ ((nonnull(1)));
SODIUM_EXPORT SODIUM_EXPORT

7
src/libsodium/include/sodium/crypto_core_ristretto255.h
View File

@ -24,6 +24,9 @@ size_t crypto_core_ristretto255_scalarbytes(void);
SODIUM_EXPORT SODIUM_EXPORT
size_t crypto_core_ristretto255_nonreducedscalarbytes(void); size_t crypto_core_ristretto255_nonreducedscalarbytes(void);
#define crypto_core_ristretto255_H2CSHA256 1
#define crypto_core_ristretto255_H2CSHA512 2
SODIUM_EXPORT SODIUM_EXPORT
int crypto_core_ristretto255_is_valid_point(const unsigned char *p) int crypto_core_ristretto255_is_valid_point(const unsigned char *p)
__attribute__ ((nonnull)); __attribute__ ((nonnull));
@ -47,14 +50,14 @@ SODIUM_EXPORT
int crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES], int crypto_core_ristretto255_from_string(unsigned char p[crypto_core_ristretto255_BYTES],
const char *ctx, const char *ctx,
const unsigned char *msg, const unsigned char *msg,
size_t msg_len) size_t msg_len, int hash_alg)
__attribute__ ((nonnull(1))); __attribute__ ((nonnull(1)));
SODIUM_EXPORT SODIUM_EXPORT
int crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES], int crypto_core_ristretto255_from_string_ro(unsigned char p[crypto_core_ristretto255_BYTES],
const char *ctx, const char *ctx,
const unsigned char *msg, const unsigned char *msg,
size_t msg_len) size_t msg_len, int hash_alg)
__attribute__ ((nonnull(1))); __attribute__ ((nonnull(1)));
SODIUM_EXPORT SODIUM_EXPORT

21
test/default/core_ed25519_h2c.c
View File

@ -54,6 +54,8 @@ static TestData test_data[] = {
"6dc2fc04f266c5c27f236a80b14f92ccd051ef1ff027f26a07f8c0f327d8f995" } "6dc2fc04f266c5c27f236a80b14f92ccd051ef1ff027f26a07f8c0f327d8f995" }
}; };
#define H2CHASH crypto_core_ed25519_H2CSHA512
int int
main(void) main(void)
{ {
@ -79,14 +81,14 @@ main(void)
if (crypto_core_ed25519_from_string( if (crypto_core_ed25519_from_string(
y, "QUUX-V01-CS02-with-edwards25519_XMD:SHA-512_ELL2_NU_", y, "QUUX-V01-CS02-with-edwards25519_XMD:SHA-512_ELL2_NU_",
(const unsigned char *) test_data[i].msg, (const unsigned char *) test_data[i].msg,
strlen(test_data[i].msg)) != 0) { strlen(test_data[i].msg), H2CHASH) != 0) {
printf("crypto_core_ed25519_from_string() failed\n"); printf("crypto_core_ed25519_from_string() failed\n");
} }
} else { } else {
if (crypto_core_ed25519_from_string_ro( if (crypto_core_ed25519_from_string_ro(
y, "QUUX-V01-CS02-with-edwards25519_XMD:SHA-512_ELL2_RO_", y, "QUUX-V01-CS02-with-edwards25519_XMD:SHA-512_ELL2_RO_",
(const unsigned char *) test_data[i].msg, (const unsigned char *) test_data[i].msg,
strlen(test_data[i].msg)) != 0) { strlen(test_data[i].msg), H2CHASH) != 0) {
printf("crypto_core_ed25519_from_string_ro() failed\n"); printf("crypto_core_ed25519_from_string_ro() failed\n");
} }
} }
@ -102,11 +104,12 @@ main(void)
} }
if (crypto_core_ed25519_from_string(y, NULL, (const unsigned char *) "msg", if (crypto_core_ed25519_from_string(y, NULL, (const unsigned char *) "msg",
3U) != 0 || 3U, H2CHASH) != 0 ||
crypto_core_ed25519_from_string(y, "", guard_page, 0U) != 0 || crypto_core_ed25519_from_string(y, "", guard_page, 0U, H2CHASH) != 0 ||
crypto_core_ed25519_from_string_ro( crypto_core_ed25519_from_string_ro(
y, NULL, (const unsigned char *) "msg", 3U) != 0 || y, NULL, (const unsigned char *) "msg", 3U, H2CHASH) != 0 ||
crypto_core_ed25519_from_string_ro(y, "", guard_page, 0U) != 0) { crypto_core_ed25519_from_string_ro(y, "", guard_page, 0U,
H2CHASH) != 0) {
printf("Failed with empty parameters"); printf("Failed with empty parameters");
} }
@ -114,12 +117,14 @@ main(void)
memset(oversized_ctx, 'X', oversized_ctx_len - 1U); memset(oversized_ctx, 'X', oversized_ctx_len - 1U);
oversized_ctx[oversized_ctx_len - 1U] = 0; oversized_ctx[oversized_ctx_len - 1U] = 0;
crypto_core_ed25519_from_string(y, oversized_ctx, crypto_core_ed25519_from_string(y, oversized_ctx,
(const unsigned char *) "msg", 3U); (const unsigned char *) "msg", 3U,
H2CHASH);
sodium_bin2hex(y_hex, crypto_core_ed25519_BYTES * 2U + 1U, y, sodium_bin2hex(y_hex, crypto_core_ed25519_BYTES * 2U + 1U, y,
crypto_core_ed25519_BYTES); crypto_core_ed25519_BYTES);
printf("NU with oversized context: %s\n", y_hex); printf("NU with oversized context: %s\n", y_hex);
crypto_core_ed25519_from_string_ro(y, oversized_ctx, crypto_core_ed25519_from_string_ro(y, oversized_ctx,
(const unsigned char *) "msg", 3U); (const unsigned char *) "msg", 3U,
H2CHASH);
sodium_bin2hex(y_hex, crypto_core_ed25519_BYTES * 2U + 1U, y, sodium_bin2hex(y_hex, crypto_core_ed25519_BYTES * 2U + 1U, y,
crypto_core_ed25519_BYTES); crypto_core_ed25519_BYTES);
printf("RO with oversized context: %s\n", y_hex); printf("RO with oversized context: %s\n", y_hex);