diff options
author | gregor herrmann <gregoa@debian.org> | 2023-11-01 21:24:22 +0100 |
---|---|---|
committer | gregor herrmann <gregoa@debian.org> | 2023-11-01 21:24:22 +0100 |
commit | 2d0f50ad4f8bad20bcbbdd9b3e0b6ec50588a19e (patch) | |
tree | 63c67a75ad1517c857170ceb46833c2bdee49977 /src/ltc/pk/ec25519 | |
parent | 5ac0a817d688c51b3ee0109aac17d73dcbbc8645 (diff) | |
parent | d0028b7800375d4b99b3b7fa0b080463b5f20516 (diff) |
Update upstream source from tag 'upstream/0.080'
Update to upstream version '0.080'
with Debian dir 292de44fa919f7a5d6252cc2a47f56ca9a8efe3d
Diffstat (limited to 'src/ltc/pk/ec25519')
-rw-r--r-- | src/ltc/pk/ec25519/ec25519_crypto_ctx.c | 41 | ||||
-rw-r--r-- | src/ltc/pk/ec25519/tweetnacl.c | 33 |
2 files changed, 62 insertions, 12 deletions
diff --git a/src/ltc/pk/ec25519/ec25519_crypto_ctx.c b/src/ltc/pk/ec25519/ec25519_crypto_ctx.c new file mode 100644 index 00000000..e1efb301 --- /dev/null +++ b/src/ltc/pk/ec25519/ec25519_crypto_ctx.c @@ -0,0 +1,41 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis */ +/* SPDX-License-Identifier: Unlicense */ +#include "tomcrypt_private.h" + +/** + @file ec25519_crypto_ctx.c + curve25519 crypto context helper +*/ + +#ifdef LTC_CURVE25519 + +int ec25519_crypto_ctx(unsigned char *out, unsigned long *outlen, unsigned char flag, const unsigned char *ctx, unsigned long ctxlen) +{ + unsigned char *buf = out; + + const char *prefix = "SigEd25519 no Ed25519 collisions"; + const unsigned long prefix_len = XSTRLEN(prefix); + const unsigned char ctxlen8 = (unsigned char)ctxlen; + + if (ctxlen > 255u) return CRYPT_INPUT_TOO_LONG; + if (*outlen < prefix_len + 2u + ctxlen) return CRYPT_BUFFER_OVERFLOW; + + XMEMCPY(buf, prefix, prefix_len); + buf += prefix_len; + XMEMCPY(buf, &flag, 1); + buf++; + XMEMCPY(buf, &ctxlen8, 1); + buf++; + + if (ctxlen > 0u) { + LTC_ARGCHK(ctx != NULL); + XMEMCPY(buf, ctx, ctxlen); + buf += ctxlen; + } + + *outlen = buf-out; + + return CRYPT_OK; +} + +#endif diff --git a/src/ltc/pk/ec25519/tweetnacl.c b/src/ltc/pk/ec25519/tweetnacl.c index fc5aad72..9db0dcd8 100644 --- a/src/ltc/pk/ec25519/tweetnacl.c +++ b/src/ltc/pk/ec25519/tweetnacl.c @@ -221,18 +221,22 @@ int tweetnacl_crypto_scalarmult_base(u8 *q,const u8 *n) return tweetnacl_crypto_scalarmult(q,n,nine); } -static int tweetnacl_crypto_hash(u8 *out,const u8 *m,u64 n) +static LTC_INLINE int tweetnacl_crypto_hash_ctx(u8 *out,const u8 *m,u64 n,const u8 *ctx,u32 cs) { - unsigned long len; - int err, hash_idx; + unsigned long len = 64; + int hash_idx = find_hash("sha512"); if (n > ULONG_MAX) return CRYPT_OVERFLOW; - hash_idx = find_hash("sha512"); - len = 64; - if ((err = hash_memory(hash_idx, m, n, out, &len)) != CRYPT_OK) return err; + if(cs == 0) + return hash_memory(hash_idx, m, n, out, &len); - return 0; + return hash_memory_multi(hash_idx, out, &len, ctx, cs, m, n, LTC_NULL); +} + +static LTC_INLINE int tweetnacl_crypto_hash(u8 *out,const u8 *m,u64 n) +{ + return tweetnacl_crypto_hash_ctx(out, m, n, NULL, 0); } sv add(gf p[4],gf q[4]) @@ -376,7 +380,7 @@ sv reduce(u8 *r) modL(r,x); } -int tweetnacl_crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 mlen,const u8 *sk,const u8 *pk) +int tweetnacl_crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 mlen,const u8 *sk,const u8 *pk, const u8 *ctx, u64 cs) { u8 d[64],h[64],r[64]; i64 i,j,x[64]; @@ -391,13 +395,13 @@ int tweetnacl_crypto_sign(u8 *sm,u64 *smlen,const u8 *m,u64 mlen,const u8 *sk,co FOR(i,(i64)mlen) sm[64 + i] = m[i]; FOR(i,32) sm[32 + i] = d[32 + i]; - tweetnacl_crypto_hash(r, sm+32, mlen+32); + tweetnacl_crypto_hash_ctx(r, sm+32, mlen+32,ctx,cs); reduce(r); scalarbase(p,r); pack(sm,p); FOR(i,32) sm[i+32] = pk[i]; - tweetnacl_crypto_hash(h,sm,mlen + 64); + tweetnacl_crypto_hash_ctx(h,sm,mlen + 64,ctx,cs); reduce(h); FOR(i,64) x[i] = 0; @@ -444,7 +448,7 @@ static int unpackneg(gf r[4],const u8 p[32]) return 0; } -int tweetnacl_crypto_sign_open(int *stat, u8 *m,u64 *mlen,const u8 *sm,u64 smlen,const u8 *pk) +int tweetnacl_crypto_sign_open(int *stat, u8 *m,u64 *mlen,const u8 *sm,u64 smlen,const u8 *ctx,u64 cs,const u8 *pk) { u64 i; u8 s[32],t[32],h[64]; @@ -460,7 +464,7 @@ int tweetnacl_crypto_sign_open(int *stat, u8 *m,u64 *mlen,const u8 *sm,u64 smlen XMEMMOVE(m,sm,smlen); XMEMMOVE(s,m + 32,32); XMEMMOVE(m + 32,pk,32); - tweetnacl_crypto_hash(h,m,smlen); + tweetnacl_crypto_hash_ctx(h,m,smlen,ctx,cs); reduce(h); scalarmult(p,q,h); @@ -480,3 +484,8 @@ int tweetnacl_crypto_sign_open(int *stat, u8 *m,u64 *mlen,const u8 *sm,u64 smlen *mlen = smlen; return CRYPT_OK; } + +int tweetnacl_crypto_ph(u8 *out,const u8 *msg,u64 msglen) +{ + return tweetnacl_crypto_hash(out, msg, msglen); +} |