aboutsummaryrefslogtreecommitdiff
path: root/src/util/crypto_ecc.c
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2020-05-06 18:39:16 +0530
committerFlorian Dold <florian.dold@gmail.com>2020-05-06 18:46:52 +0530
commitd7028a584bf96fb5b84c765a885159cabb95dea2 (patch)
tree681728f41a12075f847e30d4bc5c0cae418f24b7 /src/util/crypto_ecc.c
parent35698918f80cb0b10c21fa450bf265564faf981a (diff)
downloadgnunet-d7028a584bf96fb5b84c765a885159cabb95dea2.tar.gz
gnunet-d7028a584bf96fb5b84c765a885159cabb95dea2.zip
move from tweetnacl (+custom hacks) -> only sodium
Diffstat (limited to 'src/util/crypto_ecc.c')
-rw-r--r--src/util/crypto_ecc.c85
1 files changed, 53 insertions, 32 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 851a45f93..17986a9d1 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -26,10 +26,10 @@
26 */ 26 */
27#include "platform.h" 27#include "platform.h"
28#include <gcrypt.h> 28#include <gcrypt.h>
29#include <sodium.h>
29#include "gnunet_crypto_lib.h" 30#include "gnunet_crypto_lib.h"
30#include "gnunet_strings_lib.h" 31#include "gnunet_strings_lib.h"
31#include "benchmark.h" 32#include "benchmark.h"
32#include "tweetnacl-gnunet.h"
33 33
34#define EXTRA_CHECKS 0 34#define EXTRA_CHECKS 0
35 35
@@ -173,8 +173,14 @@ GNUNET_CRYPTO_ecdsa_key_get_public (
173 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, 173 const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
174 struct GNUNET_CRYPTO_EcdsaPublicKey *pub) 174 struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
175{ 175{
176 uint8_t d[32];
177
178 /* Treat priv as little endian, due to libgcrypt. */
179 for (size_t i = 0; i < 32; i++)
180 d[i] = priv->d[31 - i];
176 BENCHMARK_START (ecdsa_key_get_public); 181 BENCHMARK_START (ecdsa_key_get_public);
177 GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (pub->q_y, priv->d); 182 crypto_scalarmult_ed25519_base_noclamp (pub->q_y, d);
183 sodium_memzero (d, 32);
178 BENCHMARK_END (ecdsa_key_get_public); 184 BENCHMARK_END (ecdsa_key_get_public);
179} 185}
180 186
@@ -190,8 +196,13 @@ GNUNET_CRYPTO_eddsa_key_get_public (
190 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, 196 const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
191 struct GNUNET_CRYPTO_EddsaPublicKey *pub) 197 struct GNUNET_CRYPTO_EddsaPublicKey *pub)
192{ 198{
199 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
200 unsigned char sk[crypto_sign_SECRETKEYBYTES];
201
193 BENCHMARK_START (eddsa_key_get_public); 202 BENCHMARK_START (eddsa_key_get_public);
194 GNUNET_TWEETNACL_sign_pk_from_seed (pub->q_y, priv->d); 203 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
204 GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
205 sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
195 BENCHMARK_END (eddsa_key_get_public); 206 BENCHMARK_END (eddsa_key_get_public);
196} 207}
197 208
@@ -208,7 +219,7 @@ GNUNET_CRYPTO_ecdhe_key_get_public (
208 struct GNUNET_CRYPTO_EcdhePublicKey *pub) 219 struct GNUNET_CRYPTO_EcdhePublicKey *pub)
209{ 220{
210 BENCHMARK_START (ecdhe_key_get_public); 221 BENCHMARK_START (ecdhe_key_get_public);
211 GNUNET_TWEETNACL_scalarmult_curve25519_base (pub->q_y, priv->d); 222 GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
212 BENCHMARK_END (ecdhe_key_get_public); 223 BENCHMARK_END (ecdhe_key_get_public);
213} 224}
214 225
@@ -737,15 +748,17 @@ GNUNET_CRYPTO_eddsa_sign_ (
737{ 748{
738 749
739 size_t mlen = ntohl (purpose->size); 750 size_t mlen = ntohl (purpose->size);
740 unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES]; 751 unsigned char sk[crypto_sign_SECRETKEYBYTES];
752 unsigned char pk[crypto_sign_PUBLICKEYBYTES];
741 int res; 753 int res;
742 754
743 BENCHMARK_START (eddsa_sign); 755 BENCHMARK_START (eddsa_sign);
744 GNUNET_TWEETNACL_sign_sk_from_seed (sk, priv->d); 756 GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
745 res = GNUNET_TWEETNACL_sign_detached ((uint8_t *) sig, 757 res = crypto_sign_detached ((uint8_t *) sig,
746 (uint8_t *) purpose, 758 NULL,
747 mlen, 759 (uint8_t *) purpose,
748 sk); 760 mlen,
761 sk);
749 BENCHMARK_END (eddsa_sign); 762 BENCHMARK_END (eddsa_sign);
750 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; 763 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
751} 764}
@@ -856,7 +869,7 @@ GNUNET_CRYPTO_eddsa_verify_ (
856 return GNUNET_SYSERR; /* purpose mismatch */ 869 return GNUNET_SYSERR; /* purpose mismatch */
857 870
858 BENCHMARK_START (eddsa_verify); 871 BENCHMARK_START (eddsa_verify);
859 res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y); 872 res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
860 BENCHMARK_END (eddsa_verify); 873 BENCHMARK_END (eddsa_verify);
861 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; 874 return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
862} 875}
@@ -875,9 +888,10 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
875 const struct GNUNET_CRYPTO_EcdhePublicKey *pub, 888 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
876 struct GNUNET_HashCode *key_material) 889 struct GNUNET_HashCode *key_material)
877{ 890{
878 uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; 891 uint8_t p[crypto_scalarmult_BYTES];
879 GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, pub->q_y); 892 if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
880 GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); 893 return GNUNET_SYSERR;
894 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
881 return GNUNET_OK; 895 return GNUNET_OK;
882} 896}
883 897
@@ -1041,16 +1055,17 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
1041 struct GNUNET_HashCode *key_material) 1055 struct GNUNET_HashCode *key_material)
1042{ 1056{
1043 struct GNUNET_HashCode hc; 1057 struct GNUNET_HashCode hc;
1044 uint8_t a[GNUNET_TWEETNACL_SCALARMULT_BYTES]; 1058 uint8_t a[crypto_scalarmult_SCALARBYTES];
1045 uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; 1059 uint8_t p[crypto_scalarmult_BYTES];
1046 1060
1047 GNUNET_CRYPTO_hash (priv, 1061 GNUNET_CRYPTO_hash (priv,
1048 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), 1062 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
1049 &hc); 1063 &hc);
1050 memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); 1064 memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
1051 GNUNET_TWEETNACL_scalarmult_curve25519 (p, a, pub->q_y); 1065 if (0 != crypto_scalarmult (p, a, pub->q_y))
1066 return GNUNET_SYSERR;
1052 GNUNET_CRYPTO_hash (p, 1067 GNUNET_CRYPTO_hash (p,
1053 GNUNET_TWEETNACL_SCALARMULT_BYTES, 1068 crypto_scalarmult_BYTES,
1054 key_material); 1069 key_material);
1055 return GNUNET_OK; 1070 return GNUNET_OK;
1056} 1071}
@@ -1071,15 +1086,17 @@ GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv,
1071 const struct GNUNET_CRYPTO_EcdhePublicKey *pub, 1086 const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
1072 struct GNUNET_HashCode *key_material) 1087 struct GNUNET_HashCode *key_material)
1073{ 1088{
1074 uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; 1089 uint8_t p[crypto_scalarmult_BYTES];
1075 uint8_t d_rev[GNUNET_TWEETNACL_SCALARMULT_BYTES]; 1090 uint8_t d_rev[crypto_scalarmult_SCALARBYTES];
1076 1091
1077 BENCHMARK_START (ecdsa_ecdh); 1092 BENCHMARK_START (ecdsa_ecdh);
1093 // FIXME: byte order
1078 for (size_t i = 0; i < 32; i++) 1094 for (size_t i = 0; i < 32; i++)
1079 d_rev[i] = priv->d[31 - i]; 1095 d_rev[i] = priv->d[31 - i];
1080 GNUNET_TWEETNACL_scalarmult_curve25519 (p, d_rev, pub->q_y); 1096 if (0 != crypto_scalarmult (p, d_rev, pub->q_y))
1097 return GNUNET_SYSERR;
1081 GNUNET_CRYPTO_hash (p, 1098 GNUNET_CRYPTO_hash (p,
1082 GNUNET_TWEETNACL_SCALARMULT_BYTES, 1099 crypto_scalarmult_BYTES,
1083 key_material); 1100 key_material);
1084 BENCHMARK_END (ecdsa_ecdh); 1101 BENCHMARK_END (ecdsa_ecdh);
1085 return GNUNET_OK; 1102 return GNUNET_OK;
@@ -1101,12 +1118,14 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1101 const struct GNUNET_CRYPTO_EddsaPublicKey *pub, 1118 const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
1102 struct GNUNET_HashCode *key_material) 1119 struct GNUNET_HashCode *key_material)
1103{ 1120{
1104 uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; 1121 uint8_t p[crypto_scalarmult_BYTES];
1105 uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES]; 1122 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
1106 1123
1107 GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y); 1124 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
1108 GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk); 1125 return GNUNET_SYSERR;
1109 GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); 1126 if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
1127 return GNUNET_SYSERR;
1128 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
1110 return GNUNET_OK; 1129 return GNUNET_OK;
1111} 1130}
1112 1131
@@ -1126,12 +1145,14 @@ GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv,
1126 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, 1145 const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
1127 struct GNUNET_HashCode *key_material) 1146 struct GNUNET_HashCode *key_material)
1128{ 1147{
1129 uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; 1148 uint8_t p[crypto_scalarmult_BYTES];
1130 uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES]; 1149 uint8_t curve25510_pk[crypto_scalarmult_BYTES];
1131 1150
1132 GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y); 1151 if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
1133 GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk); 1152 return GNUNET_SYSERR;
1134 GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); 1153 if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
1154 return GNUNET_SYSERR;
1155 GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
1135 return GNUNET_OK; 1156 return GNUNET_OK;
1136} 1157}
1137 1158
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-18 10:43:21 +0000