diff options
Diffstat (limited to 'src/libsodium/crypto_sign/ed25519')
-rw-r--r-- | src/libsodium/crypto_sign/ed25519/ref10/keypair.c | 49 | ||||
-rw-r--r-- | src/libsodium/crypto_sign/ed25519/ref10/open.c | 12 | ||||
-rw-r--r-- | src/libsodium/crypto_sign/ed25519/ref10/sign.c | 18 | ||||
-rw-r--r-- | src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c | 18 |
4 files changed, 80 insertions, 17 deletions
diff --git a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c index 7955647..2268cd6 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c @@ -2,8 +2,11 @@ #include <string.h> #include "api.h" -#include "randombytes.h" #include "crypto_hash_sha512.h" +#include "crypto_scalarmult_curve25519.h" +#include "randombytes.h" +#include "utils.h" +#include "fe.h" #include "ge.h" int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk, @@ -27,7 +30,47 @@ int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk, int crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char seed[32]; + int ret; + + randombytes_buf(seed, sizeof seed); + ret = crypto_sign_seed_keypair(pk, sk, seed); + sodium_memzero(seed, sizeof seed); + + return ret; +} + +int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk, + const unsigned char *ed25519_pk) +{ + ge_p3 A; + fe x; + fe one_minus_y; - randombytes(seed,32); - return crypto_sign_seed_keypair(pk,sk,seed); + ge_frombytes_negate_vartime(&A, ed25519_pk); + fe_1(one_minus_y); + fe_sub(one_minus_y, one_minus_y, A.Y); + fe_invert(one_minus_y, one_minus_y); + fe_1(x); + fe_add(x, x, A.Y); + fe_mul(x, x, one_minus_y); + fe_tobytes(curve25519_pk, x); + + return 0; +} + +int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk, + const unsigned char *ed25519_sk) +{ + unsigned char h[crypto_hash_sha512_BYTES]; + + crypto_hash_sha512(h, ed25519_sk, + crypto_sign_ed25519_SECRETKEYBYTES - + crypto_sign_ed25519_PUBLICKEYBYTES); + h[0] &= 248; + h[31] &= 127; + h[31] |= 64; + memcpy(curve25519_sk, h, crypto_scalarmult_curve25519_BYTES); + sodium_memzero(h, sizeof h); + + return 0; } diff --git a/src/libsodium/crypto_sign/ed25519/ref10/open.c b/src/libsodium/crypto_sign/ed25519/ref10/open.c index 36eb084..488333e 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/open.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/open.c @@ -43,16 +43,8 @@ crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m, ge_double_scalarmult_vartime(&R, h, &A, sig + 32); ge_tobytes(rcheck, &R); - if (crypto_verify_32(rcheck, sig) != 0) { - return -1; - } - if (sig == rcheck) { - return -1; - } - if (sodium_memcmp(sig, rcheck, 32) != 0) { - return -1; - } - return 0; + return crypto_verify_32(rcheck, sig) | (-(rcheck - sig == 0)) | + sodium_memcmp(sig, rcheck, 32); } int diff --git a/src/libsodium/crypto_sign/ed25519/ref10/sign.c b/src/libsodium/crypto_sign/ed25519/ref10/sign.c index 88f4710..1ee5d6c 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/sign.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/sign.c @@ -5,6 +5,7 @@ #include "crypto_hash_sha512.h" #include "ge.h" #include "sc.h" +#include "utils.h" int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen, @@ -44,6 +45,9 @@ crypto_sign_detached(unsigned char *sig, unsigned long long *siglen, sc_reduce(hram); sc_muladd(sig + 32, hram, az, nonce); + sodium_memzero(az, sizeof az); + sodium_memzero(nonce, sizeof nonce); + if (siglen != NULL) { *siglen = 64U; } @@ -57,13 +61,19 @@ crypto_sign(unsigned char *sm, unsigned long long *smlen, { unsigned long long siglen; - if (crypto_sign_detached(sm, &siglen, m, mlen, sk) != 0 || - siglen > crypto_sign_ed25519_BYTES) { - *smlen = 0; + memmove(sm + crypto_sign_ed25519_BYTES, m, mlen); +/* LCOV_EXCL_START */ + if (crypto_sign_detached(sm, &siglen, sm + crypto_sign_ed25519_BYTES, + mlen, sk) != 0 || + siglen != crypto_sign_ed25519_BYTES) { + if (smlen != NULL) { + *smlen = 0; + } memset(sm, 0, mlen + crypto_sign_ed25519_BYTES); return -1; } - memmove(sm + siglen, m, mlen); +/* LCOV_EXCL_STOP */ + if (smlen != NULL) { *smlen = mlen + siglen; } diff --git a/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c b/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c index 9f999d2..7ba6b4c 100644 --- a/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c +++ b/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c @@ -1,3 +1,6 @@ + +#include <string.h> + #include "crypto_sign_ed25519.h" size_t @@ -19,3 +22,18 @@ size_t crypto_sign_ed25519_secretkeybytes(void) { return crypto_sign_ed25519_SECRETKEYBYTES; } + +int +crypto_sign_ed25519_sk_to_seed(unsigned char *seed, const unsigned char *sk) +{ + memmove(seed, sk, crypto_sign_ed25519_SEEDBYTES); + return 0; +} + +int +crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk) +{ + memmove(pk, sk + crypto_sign_ed25519_SEEDBYTES, + crypto_sign_ed25519_PUBLICKEYBYTES); + return 0; +} |