summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorng0 <ng0@n0.is>2019-11-27 18:01:12 +0000
committerng0 <ng0@n0.is>2019-11-27 18:01:12 +0000
commit3ad52c948d69799351c4a98cd04294d470c49e66 (patch)
tree03c5ece9cbc5cafee21005f9a9a2148fd92943e7
parente5e6aecd0edaf03472833c34fbca057d0aabdfd7 (diff)
parentbb5def7be01569fe49b074e76e40cc5a7467c925 (diff)
Merge branch 'master' of gnunet.org:gnunet
-rw-r--r--src/util/crypto_ecc.c48
-rw-r--r--src/util/crypto_kdf.c6
-rw-r--r--src/util/tweetnacl-gnunet.c116
-rw-r--r--src/util/tweetnacl-gnunet.h105
4 files changed, 128 insertions, 147 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 86beb9109..f9efcf6e7 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -282,7 +282,7 @@ GNUNET_CRYPTO_eddsa_key_get_public (
{
#if NEW_CRYPTO
BENCHMARK_START (eddsa_key_get_public);
- crypto_sign_pk_from_seed (pub->q_y, priv->d);
+ GNUNET_TWEETNACL_sign_pk_from_seed (pub->q_y, priv->d);
BENCHMARK_END (eddsa_key_get_public);
#else
gcry_sexp_t sexp;
@@ -319,7 +319,7 @@ GNUNET_CRYPTO_ecdhe_key_get_public (
{
#if NEW_CRYPTO
BENCHMARK_START (ecdhe_key_get_public);
- crypto_scalarmult_curve25519_base (pub->q_y, priv->d);
+ GNUNET_TWEETNACL_scalarmult_curve25519_base (pub->q_y, priv->d);
BENCHMARK_END (ecdhe_key_get_public);
#else
gcry_sexp_t sexp;
@@ -1036,15 +1036,15 @@ GNUNET_CRYPTO_eddsa_sign (
#if NEW_CRYPTO
size_t mlen = ntohl (purpose->size);
- unsigned char sk[crypto_sign_SECRETKEYBYTES];
+ unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES];
int res;
BENCHMARK_START (eddsa_sign);
- crypto_sign_sk_from_seed (sk, priv->d);
- res = crypto_sign_detached ((uint8_t *) sig,
- (uint8_t *) purpose,
- mlen,
- sk);
+ GNUNET_TWEETNACL_sign_sk_from_seed (sk, priv->d);
+ res = GNUNET_TWEETNACL_sign_detached ((uint8_t *) sig,
+ (uint8_t *) purpose,
+ mlen,
+ sk);
BENCHMARK_END (eddsa_sign);
return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
#else
@@ -1189,7 +1189,7 @@ GNUNET_CRYPTO_eddsa_verify (
return GNUNET_SYSERR; /* purpose mismatch */
BENCHMARK_START (eddsa_verify);
- res = crypto_sign_detached_verify (s, m, mlen, pub->q_y);
+ res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y);
BENCHMARK_END (eddsa_verify);
return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
#else
@@ -1262,9 +1262,9 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
struct GNUNET_HashCode *key_material)
{
#if NEW_CRYPTO
- uint8_t p[crypto_scalarmult_BYTES];
- crypto_scalarmult_curve25519 (p, priv->d, pub->q_y);
- GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
+ uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
+ GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, pub->q_y);
+ GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material);
return GNUNET_OK;
#else
gcry_mpi_point_t result;
@@ -1592,12 +1592,16 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
{
#if NEW_CRYPTO
struct GNUNET_HashCode hc;
- uint8_t a[crypto_scalarmult_BYTES];
- uint8_t p[crypto_scalarmult_BYTES];
- GNUNET_CRYPTO_hash (priv, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), &hc);
+ uint8_t a[GNUNET_TWEETNACL_SCALARMULT_BYTES];
+ uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
+ GNUNET_CRYPTO_hash (priv,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
+ &hc);
memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
- crypto_scalarmult_curve25519 (p, a, pub->q_y);
- GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
+ GNUNET_TWEETNACL_scalarmult_curve25519 (p, a, pub->q_y);
+ GNUNET_CRYPTO_hash (p,
+ GNUNET_TWEETNACL_SCALARMULT_BYTES,
+ key_material);
return GNUNET_OK;
#else
gcry_mpi_point_t result;
@@ -1712,11 +1716,11 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
struct GNUNET_HashCode *key_material)
{
#if NEW_CRYPTO
- uint8_t p[crypto_scalarmult_BYTES];
- uint8_t curve25510_pk[crypto_sign_PUBLICKEYBYTES];
- crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y);
- crypto_scalarmult_curve25519 (p, priv->d, curve25510_pk);
- GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
+ uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
+ uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES];
+ GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y);
+ GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk);
+ GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material);
return GNUNET_OK;
#else
gcry_mpi_point_t result;
diff --git a/src/util/crypto_kdf.c b/src/util/crypto_kdf.c
index 43a9731ff..1b3bd686f 100644
--- a/src/util/crypto_kdf.c
+++ b/src/util/crypto_kdf.c
@@ -132,7 +132,7 @@ GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,
gcry_error_t rc;
unsigned int nbits;
size_t rsize;
- unsigned int ctr;
+ uint16_t ctr;
nbits = gcry_mpi_get_nbits (n);
/* GNUNET_assert (nbits > 512); */
@@ -143,12 +143,14 @@ GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r,
/* Ain't clear if n is always divisible by 8 */
uint8_t buf[ (nbits - 1) / 8 + 1 ];
+ uint16_t ctr_nbo = htons (ctr);
+
rc = GNUNET_CRYPTO_kdf (buf,
sizeof(buf),
xts, xts_len,
skm, skm_len,
ctx, strlen (ctx),
- &ctr, sizeof(ctr),
+ &ctr_nbo, sizeof(ctr_nbo),
NULL, 0);
GNUNET_assert (GNUNET_YES == rc);
diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c
index 0f3a976c1..1c27730a4 100644
--- a/src/util/tweetnacl-gnunet.c
+++ b/src/util/tweetnacl-gnunet.c
@@ -13,7 +13,6 @@
#include "gnunet_crypto_lib.h"
#include "tweetnacl-gnunet.h"
#define FOR(i,n) for (i = 0; i < n; ++i)
-#define sv static void
typedef uint8_t u8;
typedef uint32_t u32;
@@ -21,11 +20,6 @@ typedef uint64_t u64;
typedef int64_t i64;
typedef i64 gf[16];
-static void randombytes (u8 *data,u64 len)
-{
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, data, len);
-}
-
static const u8 _9[32] = {9};
static const gf
gf0,
@@ -42,30 +36,29 @@ static const gf
I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7,
0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83};
-static int vn (const u8 *x,const u8 *y,int n)
+static int
+vn (const u8 *x,const u8 *y,int n)
{
u32 i,d = 0;
FOR (i,n) d |= x[i] ^ y[i];
return (1 & ((d - 1) >> 8)) - 1;
}
-int crypto_verify_16 (const u8 *x,const u8 *y)
-{
- return vn (x,y,16);
-}
-
-int crypto_verify_32 (const u8 *x,const u8 *y)
+static int
+crypto_verify_32 (const u8 *x,const u8 *y)
{
return vn (x,y,32);
}
-sv set25519 (gf r, const gf a)
+static void
+set25519 (gf r, const gf a)
{
int i;
FOR (i,16) r[i] = a[i];
}
-sv car25519 (gf o)
+static void
+car25519 (gf o)
{
int i;
i64 c;
@@ -77,7 +70,8 @@ sv car25519 (gf o)
}
}
-sv sel25519 (gf p,gf q,int b)
+static void
+sel25519 (gf p,gf q,int b)
{
i64 t,i,c = ~(b - 1);
FOR (i,16) {
@@ -87,7 +81,8 @@ sv sel25519 (gf p,gf q,int b)
}
}
-sv pack25519 (u8 *o,const gf n)
+static void
+pack25519 (u8 *o,const gf n)
{
int i,j,b;
gf m,t;
@@ -112,7 +107,8 @@ sv pack25519 (u8 *o,const gf n)
}
}
-static int neq25519 (const gf a, const gf b)
+static int
+neq25519 (const gf a, const gf b)
{
u8 c[32],d[32];
pack25519 (c,a);
@@ -120,33 +116,38 @@ static int neq25519 (const gf a, const gf b)
return crypto_verify_32 (c,d);
}
-static u8 par25519 (const gf a)
+static uint8_t
+par25519 (const gf a)
{
u8 d[32];
pack25519 (d,a);
return d[0] & 1;
}
-sv unpack25519 (gf o, const u8 *n)
+static void
+unpack25519 (gf o, const u8 *n)
{
int i;
FOR (i,16) o[i] = n[2 * i] + ((i64) n[2 * i + 1] << 8);
o[15] &= 0x7fff;
}
-sv A (gf o,const gf a,const gf b)
+static void
+A (gf o,const gf a,const gf b)
{
int i;
FOR (i,16) o[i] = a[i] + b[i];
}
-sv Z (gf o,const gf a,const gf b)
+static void
+Z (gf o,const gf a,const gf b)
{
int i;
FOR (i,16) o[i] = a[i] - b[i];
}
-sv M (gf o,const gf a,const gf b)
+static void
+M (gf o,const gf a,const gf b)
{
i64 i,j,t[31];
FOR (i,31) t[i] = 0;
@@ -157,12 +158,14 @@ sv M (gf o,const gf a,const gf b)
car25519 (o);
}
-sv S (gf o,const gf a)
+static void
+S (gf o,const gf a)
{
M (o,a,a);
}
-sv inv25519 (gf o,const gf i)
+static void
+inv25519 (gf o,const gf i)
{
gf c;
int a;
@@ -175,7 +178,7 @@ sv inv25519 (gf o,const gf i)
FOR (a,16) o[a] = c[a];
}
-sv pow2523 (gf o,const gf i)
+static void pow2523 (gf o,const gf i)
{
gf c;
int a;
@@ -188,7 +191,8 @@ sv pow2523 (gf o,const gf i)
FOR (a,16) o[a] = c[a];
}
-int crypto_scalarmult (u8 *q,const u8 *n,const u8 *p)
+int
+GNUNET_TWEETNACL_scalarmult_curve25519 (u8 *q,const u8 *n,const u8 *p)
{
u8 z[32];
i64 x[80],r,i;
@@ -239,25 +243,22 @@ int crypto_scalarmult (u8 *q,const u8 *n,const u8 *p)
return 0;
}
-int crypto_scalarmult_base (u8 *q,const u8 *n)
-{
- return crypto_scalarmult (q,n,_9);
-}
-
-int crypto_box_keypair (u8 *y,u8 *x)
+int
+GNUNET_TWEETNACL_scalarmult_curve25519_base (u8 *q,const u8 *n)
{
- randombytes (x,32);
- return crypto_scalarmult_base (y,x);
+ return GNUNET_TWEETNACL_scalarmult_curve25519 (q,n,_9);
}
-int crypto_hash (u8 *out,const u8 *m,u64 n)
+static int
+crypto_hash (u8 *out,const u8 *m,u64 n)
{
struct GNUNET_HashCode *hc = (void *) out;
GNUNET_CRYPTO_hash (m, n, hc);
return 0;
}
-sv add (gf p[4],gf q[4])
+static void
+add (gf p[4],gf q[4])
{
gf a,b,c,d,t,e,f,g,h;
@@ -282,14 +283,16 @@ sv add (gf p[4],gf q[4])
M (p[3], e, h);
}
-sv cswap (gf p[4],gf q[4],u8 b)
+static void
+cswap (gf p[4],gf q[4],u8 b)
{
int i;
FOR (i,4)
sel25519 (p[i],q[i],b);
}
-sv pack (u8 *r,gf p[4])
+static void
+pack (u8 *r,gf p[4])
{
gf tx, ty, zi;
inv25519 (zi, p[2]);
@@ -299,7 +302,8 @@ sv pack (u8 *r,gf p[4])
r[31] ^= par25519 (tx) << 7;
}
-sv scalarmult (gf p[4],gf q[4],const u8 *s)
+static void
+scalarmult (gf p[4],gf q[4],const u8 *s)
{
int i;
set25519 (p[0],gf0);
@@ -315,7 +319,8 @@ sv scalarmult (gf p[4],gf q[4],const u8 *s)
}
}
-sv scalarbase (gf p[4],const u8 *s)
+static void
+scalarbase (gf p[4],const u8 *s)
{
gf q[4];
set25519 (q[0],X);
@@ -330,7 +335,8 @@ static const u64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6,
0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0x10};
-sv modL (u8 *r,i64 x[64])
+static void
+modL (u8 *r,i64 x[64])
{
i64 carry,i,j;
for (i = 63; i >= 32; --i) {
@@ -356,7 +362,8 @@ sv modL (u8 *r,i64 x[64])
}
}
-sv reduce (u8 *r)
+static void
+reduce (u8 *r)
{
i64 x[64],i;
FOR (i,64) x[i] = (u64) r[i];
@@ -364,7 +371,8 @@ sv reduce (u8 *r)
modL (r,x);
}
-static int unpackneg (gf r[4],const u8 p[32])
+static int
+unpackneg (gf r[4],const u8 p[32])
{
gf t, chk, num, den, den2, den4, den6;
set25519 (r[2],gf1);
@@ -406,7 +414,7 @@ static int unpackneg (gf r[4],const u8 p[32])
/* The following functions have been added for GNUnet */
void
-crypto_sign_pk_from_seed (u8 *pk, const u8 *seed)
+GNUNET_TWEETNACL_sign_pk_from_seed (u8 *pk, const u8 *seed)
{
u8 d[64];
gf p[4];
@@ -421,7 +429,7 @@ crypto_sign_pk_from_seed (u8 *pk, const u8 *seed)
}
void
-crypto_sign_sk_from_seed (u8 *sk, const u8 *seed)
+GNUNET_TWEETNACL_sign_sk_from_seed (u8 *sk, const u8 *seed)
{
u8 d[64];
gf p[4];
@@ -440,9 +448,9 @@ crypto_sign_sk_from_seed (u8 *sk, const u8 *seed)
FOR (i,32) sk[32 + i] = pk[i];
}
-
int
-crypto_sign_ed25519_pk_to_curve25519 (u8 *x25519_pk, const u8 *ed25519_pk)
+GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (u8 *x25519_pk,
+ const u8 *ed25519_pk)
{
gf ge_a[4];
gf x;
@@ -464,8 +472,10 @@ crypto_sign_ed25519_pk_to_curve25519 (u8 *x25519_pk, const u8 *ed25519_pk)
return 0;
}
-
-int crypto_sign_detached_verify (const u8 *sig,const u8 *m,u64 n,const u8 *pk)
+int GNUNET_TWEETNACL_sign_detached_verify (const u8 *sig,
+ const u8 *m,
+ u64 n,
+ const u8 *pk)
{
struct GNUNET_HashContext *hc;
u8 t[32],h[64];
@@ -492,9 +502,11 @@ int crypto_sign_detached_verify (const u8 *sig,const u8 *m,u64 n,const u8 *pk)
return 0;
}
-
int
-crypto_sign_detached (u8 *sig,const u8 *m,u64 n,const u8 *sk)
+GNUNET_TWEETNACL_sign_detached (u8 *sig,
+ const u8 *m,
+ u64 n,
+ const u8 *sk)
{
struct GNUNET_HashContext *hc;
u8 d[64],h[64],r[64];
diff --git a/src/util/tweetnacl-gnunet.h b/src/util/tweetnacl-gnunet.h
index d413541ff..239166ffc 100644
--- a/src/util/tweetnacl-gnunet.h
+++ b/src/util/tweetnacl-gnunet.h
@@ -13,75 +13,38 @@
#ifndef TWEETNACL_H
#define TWEETNACL_H
#include <stdint.h>
-#define crypto_scalarmult_PRIMITIVE "curve25519"
-#define crypto_scalarmult crypto_scalarmult_curve25519
-#define crypto_scalarmult_base crypto_scalarmult_curve25519_base
-#define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES
-#define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES
-#define crypto_scalarmult_IMPLEMENTATION \
- crypto_scalarmult_curve25519_IMPLEMENTATION
-#define crypto_scalarmult_VERSION crypto_scalarmult_curve25519_VERSION
-#define crypto_scalarmult_curve25519_tweet_BYTES 32
-#define crypto_scalarmult_curve25519_tweet_SCALARBYTES 32
-extern int crypto_scalarmult_curve25519_tweet (uint8_t *,
- const uint8_t *,
- const uint8_t *);
-extern int crypto_scalarmult_curve25519_tweet_base (uint8_t *,
- const uint8_t *);
-#define crypto_scalarmult_curve25519_tweet_VERSION "-"
-#define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_tweet
-#define crypto_scalarmult_curve25519_base \
- crypto_scalarmult_curve25519_tweet_base
-#define crypto_scalarmult_curve25519_BYTES \
- crypto_scalarmult_curve25519_tweet_BYTES
-#define crypto_scalarmult_curve25519_SCALARBYTES \
- crypto_scalarmult_curve25519_tweet_SCALARBYTES
-#define crypto_scalarmult_curve25519_VERSION \
- crypto_scalarmult_curve25519_tweet_VERSION
-#define crypto_scalarmult_curve25519_IMPLEMENTATION \
- "crypto_scalarmult/curve25519/tweet"
-#define crypto_sign_PRIMITIVE "ed25519"
-#define crypto_sign crypto_sign_ed25519
-#define crypto_sign_BYTES crypto_sign_ed25519_BYTES
-#define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES
-#define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES
-#define crypto_sign_IMPLEMENTATION crypto_sign_ed25519_IMPLEMENTATION
-#define crypto_sign_VERSION crypto_sign_ed25519_VERSION
-#define crypto_sign_ed25519_tweet_BYTES 64
-#define crypto_sign_ed25519_tweet_PUBLICKEYBYTES 32
-#define crypto_sign_ed25519_tweet_SECRETKEYBYTES 64
-extern int crypto_sign_ed25519_tweet (uint8_t *,
- uint64_t *,
- const uint8_t *,
- uint64_t,
- const uint8_t *);
-extern int crypto_sign_ed25519_tweet_open (uint8_t *,
- uint64_t *,
- const uint8_t *,
- uint64_t,
- const uint8_t *);
-extern int crypto_sign_ed25519_tweet_keypair (uint8_t *,uint8_t *);
-#define crypto_sign_ed25519_tweet_VERSION "-"
-#define crypto_sign_ed25519 crypto_sign_ed25519_tweet
-#define crypto_sign_ed25519_open crypto_sign_ed25519_tweet_open
-#define crypto_sign_ed25519_keypair crypto_sign_ed25519_tweet_keypair
-#define crypto_sign_ed25519_BYTES crypto_sign_ed25519_tweet_BYTES
-#define crypto_sign_ed25519_PUBLICKEYBYTES \
- crypto_sign_ed25519_tweet_PUBLICKEYBYTES
-#define crypto_sign_ed25519_SECRETKEYBYTES \
- crypto_sign_ed25519_tweet_SECRETKEYBYTES
-#define crypto_sign_ed25519_VERSION crypto_sign_ed25519_tweet_VERSION
-#define crypto_sign_ed25519_IMPLEMENTATION "crypto_sign/ed25519/tweet"
-void crypto_sign_pk_from_seed (uint8_t *pk, const uint8_t *seed);
-void crypto_sign_sk_from_seed (uint8_t *sk, const uint8_t *seed);
-int crypto_sign_ed25519_pk_to_curve25519 (uint8_t *x25519_pk,
- const uint8_t *ed25519_pk);
-int crypto_sign_detached_verify (const uint8_t *sig,
- const uint8_t *m,
- uint64_t n,
- const uint8_t *pk);
-int crypto_sign_detached (uint8_t *sig,
- const uint8_t *m,
- uint64_t n,
- const uint8_t *sk);
+
+
+#define GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES 64
+#define GNUNET_TWEETNACL_SIGN_PUBLICBYTES 32
+#define GNUNET_TWEETNACL_SCALARMULT_BYTES 32
+
+int
+GNUNET_TWEETNACL_scalarmult_curve25519 (uint8_t *,
+ const uint8_t *,
+ const uint8_t *);
+extern int
+GNUNET_TWEETNACL_scalarmult_curve25519_base (uint8_t *,
+ const uint8_t *);
+void
+GNUNET_TWEETNACL_sign_pk_from_seed (uint8_t *pk, const uint8_t *seed);
+
+void
+GNUNET_TWEETNACL_sign_sk_from_seed (uint8_t *sk, const uint8_t *seed);
+
+int
+GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (uint8_t *x25519_pk,
+ const uint8_t *ed25519_pk);
+
+int
+GNUNET_TWEETNACL_sign_detached_verify (const uint8_t *sig,
+ const uint8_t *m,
+ uint64_t n,
+ const uint8_t *pk);
+
+int
+GNUNET_TWEETNACL_sign_detached (uint8_t *sig,
+ const uint8_t *m,
+ uint64_t n,
+ const uint8_t *sk);
#endif