diff options
Diffstat (limited to 'src/util/crypto_ecc.c')
-rw-r--r-- | src/util/crypto_ecc.c | 85 |
1 files changed, 53 insertions, 32 deletions
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 851a45f93..17986a9d1 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -26,10 +26,10 @@ | |||
26 | */ | 26 | */ |
27 | #include "platform.h" | 27 | #include "platform.h" |
28 | #include <gcrypt.h> | 28 | #include <gcrypt.h> |
29 | #include <sodium.h> | ||
29 | #include "gnunet_crypto_lib.h" | 30 | #include "gnunet_crypto_lib.h" |
30 | #include "gnunet_strings_lib.h" | 31 | #include "gnunet_strings_lib.h" |
31 | #include "benchmark.h" | 32 | #include "benchmark.h" |
32 | #include "tweetnacl-gnunet.h" | ||
33 | 33 | ||
34 | #define EXTRA_CHECKS 0 | 34 | #define EXTRA_CHECKS 0 |
35 | 35 | ||
@@ -173,8 +173,14 @@ GNUNET_CRYPTO_ecdsa_key_get_public ( | |||
173 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, | 173 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, |
174 | struct GNUNET_CRYPTO_EcdsaPublicKey *pub) | 174 | struct GNUNET_CRYPTO_EcdsaPublicKey *pub) |
175 | { | 175 | { |
176 | uint8_t d[32]; | ||
177 | |||
178 | /* Treat priv as little endian, due to libgcrypt. */ | ||
179 | for (size_t i = 0; i < 32; i++) | ||
180 | d[i] = priv->d[31 - i]; | ||
176 | BENCHMARK_START (ecdsa_key_get_public); | 181 | BENCHMARK_START (ecdsa_key_get_public); |
177 | GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (pub->q_y, priv->d); | 182 | crypto_scalarmult_ed25519_base_noclamp (pub->q_y, d); |
183 | sodium_memzero (d, 32); | ||
178 | BENCHMARK_END (ecdsa_key_get_public); | 184 | BENCHMARK_END (ecdsa_key_get_public); |
179 | } | 185 | } |
180 | 186 | ||
@@ -190,8 +196,13 @@ GNUNET_CRYPTO_eddsa_key_get_public ( | |||
190 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | 196 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, |
191 | struct GNUNET_CRYPTO_EddsaPublicKey *pub) | 197 | struct GNUNET_CRYPTO_EddsaPublicKey *pub) |
192 | { | 198 | { |
199 | unsigned char pk[crypto_sign_PUBLICKEYBYTES]; | ||
200 | unsigned char sk[crypto_sign_SECRETKEYBYTES]; | ||
201 | |||
193 | BENCHMARK_START (eddsa_key_get_public); | 202 | BENCHMARK_START (eddsa_key_get_public); |
194 | GNUNET_TWEETNACL_sign_pk_from_seed (pub->q_y, priv->d); | 203 | GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d)); |
204 | GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES); | ||
205 | sodium_memzero (sk, crypto_sign_SECRETKEYBYTES); | ||
195 | BENCHMARK_END (eddsa_key_get_public); | 206 | BENCHMARK_END (eddsa_key_get_public); |
196 | } | 207 | } |
197 | 208 | ||
@@ -208,7 +219,7 @@ GNUNET_CRYPTO_ecdhe_key_get_public ( | |||
208 | struct GNUNET_CRYPTO_EcdhePublicKey *pub) | 219 | struct GNUNET_CRYPTO_EcdhePublicKey *pub) |
209 | { | 220 | { |
210 | BENCHMARK_START (ecdhe_key_get_public); | 221 | BENCHMARK_START (ecdhe_key_get_public); |
211 | GNUNET_TWEETNACL_scalarmult_curve25519_base (pub->q_y, priv->d); | 222 | GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d)); |
212 | BENCHMARK_END (ecdhe_key_get_public); | 223 | BENCHMARK_END (ecdhe_key_get_public); |
213 | } | 224 | } |
214 | 225 | ||
@@ -737,15 +748,17 @@ GNUNET_CRYPTO_eddsa_sign_ ( | |||
737 | { | 748 | { |
738 | 749 | ||
739 | size_t mlen = ntohl (purpose->size); | 750 | size_t mlen = ntohl (purpose->size); |
740 | unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES]; | 751 | unsigned char sk[crypto_sign_SECRETKEYBYTES]; |
752 | unsigned char pk[crypto_sign_PUBLICKEYBYTES]; | ||
741 | int res; | 753 | int res; |
742 | 754 | ||
743 | BENCHMARK_START (eddsa_sign); | 755 | BENCHMARK_START (eddsa_sign); |
744 | GNUNET_TWEETNACL_sign_sk_from_seed (sk, priv->d); | 756 | GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d)); |
745 | res = GNUNET_TWEETNACL_sign_detached ((uint8_t *) sig, | 757 | res = crypto_sign_detached ((uint8_t *) sig, |
746 | (uint8_t *) purpose, | 758 | NULL, |
747 | mlen, | 759 | (uint8_t *) purpose, |
748 | sk); | 760 | mlen, |
761 | sk); | ||
749 | BENCHMARK_END (eddsa_sign); | 762 | BENCHMARK_END (eddsa_sign); |
750 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; | 763 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; |
751 | } | 764 | } |
@@ -856,7 +869,7 @@ GNUNET_CRYPTO_eddsa_verify_ ( | |||
856 | return GNUNET_SYSERR; /* purpose mismatch */ | 869 | return GNUNET_SYSERR; /* purpose mismatch */ |
857 | 870 | ||
858 | BENCHMARK_START (eddsa_verify); | 871 | BENCHMARK_START (eddsa_verify); |
859 | res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y); | 872 | res = crypto_sign_verify_detached (s, m, mlen, pub->q_y); |
860 | BENCHMARK_END (eddsa_verify); | 873 | BENCHMARK_END (eddsa_verify); |
861 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; | 874 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; |
862 | } | 875 | } |
@@ -875,9 +888,10 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
875 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, | 888 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, |
876 | struct GNUNET_HashCode *key_material) | 889 | struct GNUNET_HashCode *key_material) |
877 | { | 890 | { |
878 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 891 | uint8_t p[crypto_scalarmult_BYTES]; |
879 | GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, pub->q_y); | 892 | if (0 != crypto_scalarmult (p, priv->d, pub->q_y)) |
880 | GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); | 893 | return GNUNET_SYSERR; |
894 | GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material); | ||
881 | return GNUNET_OK; | 895 | return GNUNET_OK; |
882 | } | 896 | } |
883 | 897 | ||
@@ -1041,16 +1055,17 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | |||
1041 | struct GNUNET_HashCode *key_material) | 1055 | struct GNUNET_HashCode *key_material) |
1042 | { | 1056 | { |
1043 | struct GNUNET_HashCode hc; | 1057 | struct GNUNET_HashCode hc; |
1044 | uint8_t a[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 1058 | uint8_t a[crypto_scalarmult_SCALARBYTES]; |
1045 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 1059 | uint8_t p[crypto_scalarmult_BYTES]; |
1046 | 1060 | ||
1047 | GNUNET_CRYPTO_hash (priv, | 1061 | GNUNET_CRYPTO_hash (priv, |
1048 | sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), | 1062 | sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), |
1049 | &hc); | 1063 | &hc); |
1050 | memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | 1064 | memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); |
1051 | GNUNET_TWEETNACL_scalarmult_curve25519 (p, a, pub->q_y); | 1065 | if (0 != crypto_scalarmult (p, a, pub->q_y)) |
1066 | return GNUNET_SYSERR; | ||
1052 | GNUNET_CRYPTO_hash (p, | 1067 | GNUNET_CRYPTO_hash (p, |
1053 | GNUNET_TWEETNACL_SCALARMULT_BYTES, | 1068 | crypto_scalarmult_BYTES, |
1054 | key_material); | 1069 | key_material); |
1055 | return GNUNET_OK; | 1070 | return GNUNET_OK; |
1056 | } | 1071 | } |
@@ -1071,15 +1086,17 @@ GNUNET_CRYPTO_ecdsa_ecdh (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, | |||
1071 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, | 1086 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, |
1072 | struct GNUNET_HashCode *key_material) | 1087 | struct GNUNET_HashCode *key_material) |
1073 | { | 1088 | { |
1074 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 1089 | uint8_t p[crypto_scalarmult_BYTES]; |
1075 | uint8_t d_rev[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 1090 | uint8_t d_rev[crypto_scalarmult_SCALARBYTES]; |
1076 | 1091 | ||
1077 | BENCHMARK_START (ecdsa_ecdh); | 1092 | BENCHMARK_START (ecdsa_ecdh); |
1093 | // FIXME: byte order | ||
1078 | for (size_t i = 0; i < 32; i++) | 1094 | for (size_t i = 0; i < 32; i++) |
1079 | d_rev[i] = priv->d[31 - i]; | 1095 | d_rev[i] = priv->d[31 - i]; |
1080 | GNUNET_TWEETNACL_scalarmult_curve25519 (p, d_rev, pub->q_y); | 1096 | if (0 != crypto_scalarmult (p, d_rev, pub->q_y)) |
1097 | return GNUNET_SYSERR; | ||
1081 | GNUNET_CRYPTO_hash (p, | 1098 | GNUNET_CRYPTO_hash (p, |
1082 | GNUNET_TWEETNACL_SCALARMULT_BYTES, | 1099 | crypto_scalarmult_BYTES, |
1083 | key_material); | 1100 | key_material); |
1084 | BENCHMARK_END (ecdsa_ecdh); | 1101 | BENCHMARK_END (ecdsa_ecdh); |
1085 | return GNUNET_OK; | 1102 | return GNUNET_OK; |
@@ -1101,12 +1118,14 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
1101 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub, | 1118 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub, |
1102 | struct GNUNET_HashCode *key_material) | 1119 | struct GNUNET_HashCode *key_material) |
1103 | { | 1120 | { |
1104 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 1121 | uint8_t p[crypto_scalarmult_BYTES]; |
1105 | uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES]; | 1122 | uint8_t curve25510_pk[crypto_scalarmult_BYTES]; |
1106 | 1123 | ||
1107 | GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y); | 1124 | if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y)) |
1108 | GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk); | 1125 | return GNUNET_SYSERR; |
1109 | GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); | 1126 | if (0 != crypto_scalarmult (p, priv->d, curve25510_pk)) |
1127 | return GNUNET_SYSERR; | ||
1128 | GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material); | ||
1110 | return GNUNET_OK; | 1129 | return GNUNET_OK; |
1111 | } | 1130 | } |
1112 | 1131 | ||
@@ -1126,12 +1145,14 @@ GNUNET_CRYPTO_ecdh_ecdsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
1126 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, | 1145 | const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, |
1127 | struct GNUNET_HashCode *key_material) | 1146 | struct GNUNET_HashCode *key_material) |
1128 | { | 1147 | { |
1129 | uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES]; | 1148 | uint8_t p[crypto_scalarmult_BYTES]; |
1130 | uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES]; | 1149 | uint8_t curve25510_pk[crypto_scalarmult_BYTES]; |
1131 | 1150 | ||
1132 | GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y); | 1151 | if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y)) |
1133 | GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk); | 1152 | return GNUNET_SYSERR; |
1134 | GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material); | 1153 | if (0 != crypto_scalarmult (p, priv->d, curve25510_pk)) |
1154 | return GNUNET_SYSERR; | ||
1155 | GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material); | ||
1135 | return GNUNET_OK; | 1156 | return GNUNET_OK; |
1136 | } | 1157 | } |
1137 | 1158 | ||