diff options
author | Florian Dold <florian.dold@gmail.com> | 2019-11-26 21:20:02 +0100 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2019-11-26 21:20:26 +0100 |
commit | c4797b14ed1ccf70d2882aa9e9075ebef564d34b (patch) | |
tree | 91e744c0e8c2ea842aad39da65ddf220e1188048 /src/util/tweetnacl-gnunet.c | |
parent | f4011df26cf9ab60213c84f6601e95033bc1111f (diff) | |
download | gnunet-c4797b14ed1ccf70d2882aa9e9075ebef564d34b.tar.gz gnunet-c4797b14ed1ccf70d2882aa9e9075ebef564d34b.zip |
DCE / GNUNET_TWEETNACL prefix for exported symbols
Diffstat (limited to 'src/util/tweetnacl-gnunet.c')
-rw-r--r-- | src/util/tweetnacl-gnunet.c | 116 |
1 files changed, 64 insertions, 52 deletions
diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c index 0f3a976c1..1c27730a4 100644 --- a/src/util/tweetnacl-gnunet.c +++ b/src/util/tweetnacl-gnunet.c | |||
@@ -13,7 +13,6 @@ | |||
13 | #include "gnunet_crypto_lib.h" | 13 | #include "gnunet_crypto_lib.h" |
14 | #include "tweetnacl-gnunet.h" | 14 | #include "tweetnacl-gnunet.h" |
15 | #define FOR(i,n) for (i = 0; i < n; ++i) | 15 | #define FOR(i,n) for (i = 0; i < n; ++i) |
16 | #define sv static void | ||
17 | 16 | ||
18 | typedef uint8_t u8; | 17 | typedef uint8_t u8; |
19 | typedef uint32_t u32; | 18 | typedef uint32_t u32; |
@@ -21,11 +20,6 @@ typedef uint64_t u64; | |||
21 | typedef int64_t i64; | 20 | typedef int64_t i64; |
22 | typedef i64 gf[16]; | 21 | typedef i64 gf[16]; |
23 | 22 | ||
24 | static void randombytes (u8 *data,u64 len) | ||
25 | { | ||
26 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, data, len); | ||
27 | } | ||
28 | |||
29 | static const u8 _9[32] = {9}; | 23 | static const u8 _9[32] = {9}; |
30 | static const gf | 24 | static const gf |
31 | gf0, | 25 | gf0, |
@@ -42,30 +36,29 @@ static const gf | |||
42 | I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, | 36 | I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, |
43 | 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83}; | 37 | 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83}; |
44 | 38 | ||
45 | static int vn (const u8 *x,const u8 *y,int n) | 39 | static int |
40 | vn (const u8 *x,const u8 *y,int n) | ||
46 | { | 41 | { |
47 | u32 i,d = 0; | 42 | u32 i,d = 0; |
48 | FOR (i,n) d |= x[i] ^ y[i]; | 43 | FOR (i,n) d |= x[i] ^ y[i]; |
49 | return (1 & ((d - 1) >> 8)) - 1; | 44 | return (1 & ((d - 1) >> 8)) - 1; |
50 | } | 45 | } |
51 | 46 | ||
52 | int crypto_verify_16 (const u8 *x,const u8 *y) | 47 | static int |
53 | { | 48 | crypto_verify_32 (const u8 *x,const u8 *y) |
54 | return vn (x,y,16); | ||
55 | } | ||
56 | |||
57 | int crypto_verify_32 (const u8 *x,const u8 *y) | ||
58 | { | 49 | { |
59 | return vn (x,y,32); | 50 | return vn (x,y,32); |
60 | } | 51 | } |
61 | 52 | ||
62 | sv set25519 (gf r, const gf a) | 53 | static void |
54 | set25519 (gf r, const gf a) | ||
63 | { | 55 | { |
64 | int i; | 56 | int i; |
65 | FOR (i,16) r[i] = a[i]; | 57 | FOR (i,16) r[i] = a[i]; |
66 | } | 58 | } |
67 | 59 | ||
68 | sv car25519 (gf o) | 60 | static void |
61 | car25519 (gf o) | ||
69 | { | 62 | { |
70 | int i; | 63 | int i; |
71 | i64 c; | 64 | i64 c; |
@@ -77,7 +70,8 @@ sv car25519 (gf o) | |||
77 | } | 70 | } |
78 | } | 71 | } |
79 | 72 | ||
80 | sv sel25519 (gf p,gf q,int b) | 73 | static void |
74 | sel25519 (gf p,gf q,int b) | ||
81 | { | 75 | { |
82 | i64 t,i,c = ~(b - 1); | 76 | i64 t,i,c = ~(b - 1); |
83 | FOR (i,16) { | 77 | FOR (i,16) { |
@@ -87,7 +81,8 @@ sv sel25519 (gf p,gf q,int b) | |||
87 | } | 81 | } |
88 | } | 82 | } |
89 | 83 | ||
90 | sv pack25519 (u8 *o,const gf n) | 84 | static void |
85 | pack25519 (u8 *o,const gf n) | ||
91 | { | 86 | { |
92 | int i,j,b; | 87 | int i,j,b; |
93 | gf m,t; | 88 | gf m,t; |
@@ -112,7 +107,8 @@ sv pack25519 (u8 *o,const gf n) | |||
112 | } | 107 | } |
113 | } | 108 | } |
114 | 109 | ||
115 | static int neq25519 (const gf a, const gf b) | 110 | static int |
111 | neq25519 (const gf a, const gf b) | ||
116 | { | 112 | { |
117 | u8 c[32],d[32]; | 113 | u8 c[32],d[32]; |
118 | pack25519 (c,a); | 114 | pack25519 (c,a); |
@@ -120,33 +116,38 @@ static int neq25519 (const gf a, const gf b) | |||
120 | return crypto_verify_32 (c,d); | 116 | return crypto_verify_32 (c,d); |
121 | } | 117 | } |
122 | 118 | ||
123 | static u8 par25519 (const gf a) | 119 | static uint8_t |
120 | par25519 (const gf a) | ||
124 | { | 121 | { |
125 | u8 d[32]; | 122 | u8 d[32]; |
126 | pack25519 (d,a); | 123 | pack25519 (d,a); |
127 | return d[0] & 1; | 124 | return d[0] & 1; |
128 | } | 125 | } |
129 | 126 | ||
130 | sv unpack25519 (gf o, const u8 *n) | 127 | static void |
128 | unpack25519 (gf o, const u8 *n) | ||
131 | { | 129 | { |
132 | int i; | 130 | int i; |
133 | FOR (i,16) o[i] = n[2 * i] + ((i64) n[2 * i + 1] << 8); | 131 | FOR (i,16) o[i] = n[2 * i] + ((i64) n[2 * i + 1] << 8); |
134 | o[15] &= 0x7fff; | 132 | o[15] &= 0x7fff; |
135 | } | 133 | } |
136 | 134 | ||
137 | sv A (gf o,const gf a,const gf b) | 135 | static void |
136 | A (gf o,const gf a,const gf b) | ||
138 | { | 137 | { |
139 | int i; | 138 | int i; |
140 | FOR (i,16) o[i] = a[i] + b[i]; | 139 | FOR (i,16) o[i] = a[i] + b[i]; |
141 | } | 140 | } |
142 | 141 | ||
143 | sv Z (gf o,const gf a,const gf b) | 142 | static void |
143 | Z (gf o,const gf a,const gf b) | ||
144 | { | 144 | { |
145 | int i; | 145 | int i; |
146 | FOR (i,16) o[i] = a[i] - b[i]; | 146 | FOR (i,16) o[i] = a[i] - b[i]; |
147 | } | 147 | } |
148 | 148 | ||
149 | sv M (gf o,const gf a,const gf b) | 149 | static void |
150 | M (gf o,const gf a,const gf b) | ||
150 | { | 151 | { |
151 | i64 i,j,t[31]; | 152 | i64 i,j,t[31]; |
152 | FOR (i,31) t[i] = 0; | 153 | FOR (i,31) t[i] = 0; |
@@ -157,12 +158,14 @@ sv M (gf o,const gf a,const gf b) | |||
157 | car25519 (o); | 158 | car25519 (o); |
158 | } | 159 | } |
159 | 160 | ||
160 | sv S (gf o,const gf a) | 161 | static void |
162 | S (gf o,const gf a) | ||
161 | { | 163 | { |
162 | M (o,a,a); | 164 | M (o,a,a); |
163 | } | 165 | } |
164 | 166 | ||
165 | sv inv25519 (gf o,const gf i) | 167 | static void |
168 | inv25519 (gf o,const gf i) | ||
166 | { | 169 | { |
167 | gf c; | 170 | gf c; |
168 | int a; | 171 | int a; |
@@ -175,7 +178,7 @@ sv inv25519 (gf o,const gf i) | |||
175 | FOR (a,16) o[a] = c[a]; | 178 | FOR (a,16) o[a] = c[a]; |
176 | } | 179 | } |
177 | 180 | ||
178 | sv pow2523 (gf o,const gf i) | 181 | static void pow2523 (gf o,const gf i) |
179 | { | 182 | { |
180 | gf c; | 183 | gf c; |
181 | int a; | 184 | int a; |
@@ -188,7 +191,8 @@ sv pow2523 (gf o,const gf i) | |||
188 | FOR (a,16) o[a] = c[a]; | 191 | FOR (a,16) o[a] = c[a]; |
189 | } | 192 | } |
190 | 193 | ||
191 | int crypto_scalarmult (u8 *q,const u8 *n,const u8 *p) | 194 | int |
195 | GNUNET_TWEETNACL_scalarmult_curve25519 (u8 *q,const u8 *n,const u8 *p) | ||
192 | { | 196 | { |
193 | u8 z[32]; | 197 | u8 z[32]; |
194 | i64 x[80],r,i; | 198 | i64 x[80],r,i; |
@@ -239,25 +243,22 @@ int crypto_scalarmult (u8 *q,const u8 *n,const u8 *p) | |||
239 | return 0; | 243 | return 0; |
240 | } | 244 | } |
241 | 245 | ||
242 | int crypto_scalarmult_base (u8 *q,const u8 *n) | 246 | int |
243 | { | 247 | GNUNET_TWEETNACL_scalarmult_curve25519_base (u8 *q,const u8 *n) |
244 | return crypto_scalarmult (q,n,_9); | ||
245 | } | ||
246 | |||
247 | int crypto_box_keypair (u8 *y,u8 *x) | ||
248 | { | 248 | { |
249 | randombytes (x,32); | 249 | return GNUNET_TWEETNACL_scalarmult_curve25519 (q,n,_9); |
250 | return crypto_scalarmult_base (y,x); | ||
251 | } | 250 | } |
252 | 251 | ||
253 | int crypto_hash (u8 *out,const u8 *m,u64 n) | 252 | static int |
253 | crypto_hash (u8 *out,const u8 *m,u64 n) | ||
254 | { | 254 | { |
255 | struct GNUNET_HashCode *hc = (void *) out; | 255 | struct GNUNET_HashCode *hc = (void *) out; |
256 | GNUNET_CRYPTO_hash (m, n, hc); | 256 | GNUNET_CRYPTO_hash (m, n, hc); |
257 | return 0; | 257 | return 0; |
258 | } | 258 | } |
259 | 259 | ||
260 | sv add (gf p[4],gf q[4]) | 260 | static void |
261 | add (gf p[4],gf q[4]) | ||
261 | { | 262 | { |
262 | gf a,b,c,d,t,e,f,g,h; | 263 | gf a,b,c,d,t,e,f,g,h; |
263 | 264 | ||
@@ -282,14 +283,16 @@ sv add (gf p[4],gf q[4]) | |||
282 | M (p[3], e, h); | 283 | M (p[3], e, h); |
283 | } | 284 | } |
284 | 285 | ||
285 | sv cswap (gf p[4],gf q[4],u8 b) | 286 | static void |
287 | cswap (gf p[4],gf q[4],u8 b) | ||
286 | { | 288 | { |
287 | int i; | 289 | int i; |
288 | FOR (i,4) | 290 | FOR (i,4) |
289 | sel25519 (p[i],q[i],b); | 291 | sel25519 (p[i],q[i],b); |
290 | } | 292 | } |
291 | 293 | ||
292 | sv pack (u8 *r,gf p[4]) | 294 | static void |
295 | pack (u8 *r,gf p[4]) | ||
293 | { | 296 | { |
294 | gf tx, ty, zi; | 297 | gf tx, ty, zi; |
295 | inv25519 (zi, p[2]); | 298 | inv25519 (zi, p[2]); |
@@ -299,7 +302,8 @@ sv pack (u8 *r,gf p[4]) | |||
299 | r[31] ^= par25519 (tx) << 7; | 302 | r[31] ^= par25519 (tx) << 7; |
300 | } | 303 | } |
301 | 304 | ||
302 | sv scalarmult (gf p[4],gf q[4],const u8 *s) | 305 | static void |
306 | scalarmult (gf p[4],gf q[4],const u8 *s) | ||
303 | { | 307 | { |
304 | int i; | 308 | int i; |
305 | set25519 (p[0],gf0); | 309 | set25519 (p[0],gf0); |
@@ -315,7 +319,8 @@ sv scalarmult (gf p[4],gf q[4],const u8 *s) | |||
315 | } | 319 | } |
316 | } | 320 | } |
317 | 321 | ||
318 | sv scalarbase (gf p[4],const u8 *s) | 322 | static void |
323 | scalarbase (gf p[4],const u8 *s) | ||
319 | { | 324 | { |
320 | gf q[4]; | 325 | gf q[4]; |
321 | set25519 (q[0],X); | 326 | set25519 (q[0],X); |
@@ -330,7 +335,8 @@ static const u64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, | |||
330 | 0, 0, 0, 0, 0, 0, 0, 0, | 335 | 0, 0, 0, 0, 0, 0, 0, 0, |
331 | 0, 0, 0, 0x10}; | 336 | 0, 0, 0, 0x10}; |
332 | 337 | ||
333 | sv modL (u8 *r,i64 x[64]) | 338 | static void |
339 | modL (u8 *r,i64 x[64]) | ||
334 | { | 340 | { |
335 | i64 carry,i,j; | 341 | i64 carry,i,j; |
336 | for (i = 63; i >= 32; --i) { | 342 | for (i = 63; i >= 32; --i) { |
@@ -356,7 +362,8 @@ sv modL (u8 *r,i64 x[64]) | |||
356 | } | 362 | } |
357 | } | 363 | } |
358 | 364 | ||
359 | sv reduce (u8 *r) | 365 | static void |
366 | reduce (u8 *r) | ||
360 | { | 367 | { |
361 | i64 x[64],i; | 368 | i64 x[64],i; |
362 | FOR (i,64) x[i] = (u64) r[i]; | 369 | FOR (i,64) x[i] = (u64) r[i]; |
@@ -364,7 +371,8 @@ sv reduce (u8 *r) | |||
364 | modL (r,x); | 371 | modL (r,x); |
365 | } | 372 | } |
366 | 373 | ||
367 | static int unpackneg (gf r[4],const u8 p[32]) | 374 | static int |
375 | unpackneg (gf r[4],const u8 p[32]) | ||
368 | { | 376 | { |
369 | gf t, chk, num, den, den2, den4, den6; | 377 | gf t, chk, num, den, den2, den4, den6; |
370 | set25519 (r[2],gf1); | 378 | set25519 (r[2],gf1); |
@@ -406,7 +414,7 @@ static int unpackneg (gf r[4],const u8 p[32]) | |||
406 | /* The following functions have been added for GNUnet */ | 414 | /* The following functions have been added for GNUnet */ |
407 | 415 | ||
408 | void | 416 | void |
409 | crypto_sign_pk_from_seed (u8 *pk, const u8 *seed) | 417 | GNUNET_TWEETNACL_sign_pk_from_seed (u8 *pk, const u8 *seed) |
410 | { | 418 | { |
411 | u8 d[64]; | 419 | u8 d[64]; |
412 | gf p[4]; | 420 | gf p[4]; |
@@ -421,7 +429,7 @@ crypto_sign_pk_from_seed (u8 *pk, const u8 *seed) | |||
421 | } | 429 | } |
422 | 430 | ||
423 | void | 431 | void |
424 | crypto_sign_sk_from_seed (u8 *sk, const u8 *seed) | 432 | GNUNET_TWEETNACL_sign_sk_from_seed (u8 *sk, const u8 *seed) |
425 | { | 433 | { |
426 | u8 d[64]; | 434 | u8 d[64]; |
427 | gf p[4]; | 435 | gf p[4]; |
@@ -440,9 +448,9 @@ crypto_sign_sk_from_seed (u8 *sk, const u8 *seed) | |||
440 | FOR (i,32) sk[32 + i] = pk[i]; | 448 | FOR (i,32) sk[32 + i] = pk[i]; |
441 | } | 449 | } |
442 | 450 | ||
443 | |||
444 | int | 451 | int |
445 | crypto_sign_ed25519_pk_to_curve25519 (u8 *x25519_pk, const u8 *ed25519_pk) | 452 | GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (u8 *x25519_pk, |
453 | const u8 *ed25519_pk) | ||
446 | { | 454 | { |
447 | gf ge_a[4]; | 455 | gf ge_a[4]; |
448 | gf x; | 456 | gf x; |
@@ -464,8 +472,10 @@ crypto_sign_ed25519_pk_to_curve25519 (u8 *x25519_pk, const u8 *ed25519_pk) | |||
464 | return 0; | 472 | return 0; |
465 | } | 473 | } |
466 | 474 | ||
467 | 475 | int GNUNET_TWEETNACL_sign_detached_verify (const u8 *sig, | |
468 | int crypto_sign_detached_verify (const u8 *sig,const u8 *m,u64 n,const u8 *pk) | 476 | const u8 *m, |
477 | u64 n, | ||
478 | const u8 *pk) | ||
469 | { | 479 | { |
470 | struct GNUNET_HashContext *hc; | 480 | struct GNUNET_HashContext *hc; |
471 | u8 t[32],h[64]; | 481 | u8 t[32],h[64]; |
@@ -492,9 +502,11 @@ int crypto_sign_detached_verify (const u8 *sig,const u8 *m,u64 n,const u8 *pk) | |||
492 | return 0; | 502 | return 0; |
493 | } | 503 | } |
494 | 504 | ||
495 | |||
496 | int | 505 | int |
497 | crypto_sign_detached (u8 *sig,const u8 *m,u64 n,const u8 *sk) | 506 | GNUNET_TWEETNACL_sign_detached (u8 *sig, |
507 | const u8 *m, | ||
508 | u64 n, | ||
509 | const u8 *sk) | ||
498 | { | 510 | { |
499 | struct GNUNET_HashContext *hc; | 511 | struct GNUNET_HashContext *hc; |
500 | u8 d[64],h[64],r[64]; | 512 | u8 d[64],h[64],r[64]; |