Update upstream source from tag 'upstream/0.080'

Update to upstream version '0.080' with Debian dir 292de44fa919f7a5d6252cc2a47f56ca9a8efe3d
author: gregor herrmann <gregoa@debian.org> 2023-11-01 21:24:22 +0100
committer: gregor herrmann <gregoa@debian.org> 2023-11-01 21:24:22 +0100
commit: 2d0f50ad4f8bad20bcbbdd9b3e0b6ec50588a19e (patch)
tree: 63c67a75ad1517c857170ceb46833c2bdee49977 /src/ltc/pk/ec25519
parent: 5ac0a817d688c51b3ee0109aac17d73dcbbc8645 (diff)
parent: d0028b7800375d4b99b3b7fa0b080463b5f20516 (diff)
2 files changed, 62 insertions, 12 deletions
diff --git a/src/ltc/pk/ec25519/ec25519_crypto_ctx.c b/src/ltc/pk/ec25519/ec25519_crypto_ctx.c
new file mode 100644
index 00000000..e1efb301
--- /dev/null
+++ b/src/ltc/pk/ec25519/ec25519_crypto_ctx.c
@@ -0,0 +1,41 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+#include "tomcrypt_private.h"
+
+/**
+  @file ec25519_crypto_ctx.c
+  curve25519 crypto context helper
+*/
+
+#ifdef LTC_CURVE25519
+
+int ec25519_crypto_ctx(unsigned char *out, unsigned long *outlen, unsigned char flag, const unsigned char *ctx, unsigned long ctxlen)
+{
+  unsigned char *buf = out;
+
+  const char *prefix = "SigEd25519 no Ed25519 collisions";
+  const unsigned long prefix_len = XSTRLEN(prefix);
+  const unsigned char ctxlen8 = (unsigned char)ctxlen;
+
+  if (ctxlen > 255u) return CRYPT_INPUT_TOO_LONG;
+  if (*outlen < prefix_len + 2u + ctxlen) return CRYPT_BUFFER_OVERFLOW;
+
+  XMEMCPY(buf, prefix, prefix_len);
+  buf += prefix_len;
+  XMEMCPY(buf, &flag, 1);
+  buf++;
+  XMEMCPY(buf, &ctxlen8, 1);
+  buf++;
+
+  if (ctxlen > 0u) {
+    LTC_ARGCHK(ctx != NULL);
+    XMEMCPY(buf, ctx, ctxlen);
+    buf += ctxlen;
+  }
+
+  *outlen = buf-out;
+
+  return CRYPT_OK;
+}
+
+#endif
diff --git a/src/ltc/pk/ec25519/tweetnacl.c b/src/ltc/pk/ec25519/tweetnacl.c
index fc5aad72..9db0dcd8 100644
--- a/src/ltc/pk/ec25519/tweetnacl.c
+++ b/src/ltc/pk/ec25519/tweetnacl.c
@@ -221,18 +221,22 @@ int tweetnacl_crypto_scalarmult_base(u8 *q,const u8 *n)
   return tweetnacl_crypto_scalarmult(q,n,nine);
 }
 
-static int tweetnacl_crypto_hash(u8 *out,const u8 *m,u64 n)
+static LTC_INLINE int tweetnacl_crypto_hash_ctx(u8 *out,const u8 *m,u64 n,const u8 *ctx,u32 cs)
 {
-  unsigned long len;
-  int err, hash_idx;
+  unsigned long len = 64;
+  int hash_idx = find_hash("sha512");
 
   if (n > ULONG_MAX) return CRYPT_OVERFLOW;
 
-  hash_idx = find_hash("sha512");
-  len = 64;
-  if ((err = hash_memory(hash_idx, m, n, out, &len)) != CRYPT_OK) return err;
+  if(cs == 0)
+    return hash_memory(hash_idx, m, n, out, &len);
 
-  return 0;
+  return hash_memory_multi(hash_idx, out, &len, ctx, cs, m, n, LTC_NULL);
+}
+
+static LTC_INLINE int tweetnacl_crypto_hash(u8 *out,const u8 *m,u64 n)
+{
+  return tweetnacl_crypto_hash_ctx(out, m, n, NULL, 0);
 }
 
 sv add(gf p[4],gf q[4])
@@ -376,7 +380,7 @@ sv reduce(u8 *r)
   modL(r,x);
 }
 
-int tweetnacl_crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 mlen,const u8 *sk,const u8 *pk)
+int tweetnacl_crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 mlen,const u8 *sk,const u8 *pk, const u8 *ctx, u64 cs)
 {
   u8 d[64],h[64],r[64];
   i64 i,j,x[64];
@@ -391,13 +395,13 @@ int tweetnacl_crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 mlen,const u8 *sk,co
   FOR(i,(i64)mlen) sm[64 + i] = m[i];
   FOR(i,32) sm[32 + i] = d[32 + i];
 
-  tweetnacl_crypto_hash(r, sm+32, mlen+32);
+  tweetnacl_crypto_hash_ctx(r, sm+32, mlen+32,ctx,cs);
   reduce(r);
   scalarbase(p,r);
   pack(sm,p);
 
   FOR(i,32) sm[i+32] = pk[i];
-  tweetnacl_crypto_hash(h,sm,mlen + 64);
+  tweetnacl_crypto_hash_ctx(h,sm,mlen + 64,ctx,cs);
   reduce(h);
 
   FOR(i,64) x[i] = 0;
@@ -444,7 +448,7 @@ static int unpackneg(gf r[4],const u8 p[32])
   return 0;
 }
 
-int tweetnacl_crypto_sign_open(int *stat, u8 *m,u64 *mlen,const u8 *sm,u64 smlen,const u8 *pk)
+int tweetnacl_crypto_sign_open(int *stat, u8 *m,u64 *mlen,const u8 *sm,u64 smlen,const u8 *ctx,u64 cs,const u8 *pk)
 {
   u64 i;
   u8 s[32],t[32],h[64];
@@ -460,7 +464,7 @@ int tweetnacl_crypto_sign_open(int *stat, u8 *m,u64 *mlen,const u8 *sm,u64 smlen
   XMEMMOVE(m,sm,smlen);
   XMEMMOVE(s,m + 32,32);
   XMEMMOVE(m + 32,pk,32);
-  tweetnacl_crypto_hash(h,m,smlen);
+  tweetnacl_crypto_hash_ctx(h,m,smlen,ctx,cs);
   reduce(h);
   scalarmult(p,q,h);
 
@@ -480,3 +484,8 @@ int tweetnacl_crypto_sign_open(int *stat, u8 *m,u64 *mlen,const u8 *sm,u64 smlen
   *mlen = smlen;
   return CRYPT_OK;
 }
+
+int tweetnacl_crypto_ph(u8 *out,const u8 *msg,u64 msglen)
+{
+  return tweetnacl_crypto_hash(out, msg, msglen);
+}
author	gregor herrmann <gregoa@debian.org>	2023-11-01 21:24:22 +0100
committer	gregor herrmann <gregoa@debian.org>	2023-11-01 21:24:22 +0100
commit	2d0f50ad4f8bad20bcbbdd9b3e0b6ec50588a19e (patch)
tree	63c67a75ad1517c857170ceb46833c2bdee49977 /src/ltc/pk/ec25519
parent	5ac0a817d688c51b3ee0109aac17d73dcbbc8645 (diff)
parent	d0028b7800375d4b99b3b7fa0b080463b5f20516 (diff)