return 0;
}
-/** DOCDOC */
+/** Write the <b>datalen</b> bytes from <b>data</b> to the file named
+ * <b>fname</b> in the tagged-data format. This format contains a
+ * 32-byte header, followed by the data itself. The header is the
+ * NUL-padded string "== <b>typestring</b>: <b>tag</b> ==". The length
+ * of <b>typestring</b> and <b>tag</b> must therefore be no more than
+ * 24.
+ **/
int
crypto_write_tagged_contents_to_file(const char *fname,
const char *typestring,
return r;
}
-/** DOCDOC */
+/** Read a tagged-data file from <b>fname</b> into the
+ * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
+ * typestring matches <b>typestring</b>; store the tag into a newly allocated
+ * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
+ * data on success. */
ssize_t
crypto_read_tagged_contents_from_file(const char *fname,
const char *typestring,
}
#if 0
+ /* This is how we'd do it if we were using ed25519_donna. I'll keep this
+ * code around here in case we ever do that. */
const uint8_t **ms;
size_t *lens;
const uint8_t **pks;
{
ed25519_public_key_t pubkey_check;
- ed25519_ref10_derive_secret_key(out->seckey.seckey,
+ ed25519_ref10_blind_secret_key(out->seckey.seckey,
inp->seckey.seckey, param);
ed25519_public_blind(&pubkey_check, &inp->pubkey, param);
const ed25519_public_key_t *inp,
const uint8_t *param)
{
- ed25519_ref10_derive_public_key(out->pubkey, inp->pubkey, param);
+ ed25519_ref10_blind_public_key(out->pubkey, inp->pubkey, param);
return 0;
}
out[31] |= 64;
}
-int ed25519_ref10_derive_secret_key(unsigned char *out,
+int ed25519_ref10_blind_secret_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param)
{
return 0;
}
-int ed25519_ref10_derive_public_key(unsigned char *out,
+int ed25519_ref10_blind_public_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param)
{
* strongly that I'm about to code my own ge_scalarmult_vartime). */
/* We negate the public key first, so that we can pass it to
- * frombytes_negate_vartime, which negates it again. */
+ * frombytes_negate_vartime, which negates it again. If there were a
+ * "ge_frombytes", we'd use that, but there isn't. */
memcpy(pkcopy, inp, 32);
pkcopy[31] ^= (1<<7);
ge_frombytes_negate_vartime(&A, pkcopy);
memwipe(tweak, 0, sizeof(tweak));
memwipe(&A, 0, sizeof(A));
memwipe(&Aprime, 0, sizeof(Aprime));
- memwipe(&pkcopy, 0, sizeof(pkcopy));
+ memwipe(pkcopy, 0, sizeof(pkcopy));
return 0;
}
/* Added for Tor. */
#include <openssl/sha.h>
+
+/* Set 'out' to the 512-bit SHA512 hash of the 'len'-byte string in 'inp' */
#define crypto_hash_sha512(out, inp, len) \
SHA512((inp), (len), (out))
+/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
+ * concatenated with the 'len2'-byte string in 'inp2'. */
#define crypto_hash_sha512_2(out, inp1, len1, inp2, len2) \
do { \
SHA512_CTX sha_ctx_; \
SHA512_Final((out), &sha_ctx_); \
} while(0)
+/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
+ * concatenated with the 'len2'-byte string in 'inp2', concatenated with
+ * the 'len3'-byte string in 'len3'. */
#define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3) \
do { \
SHA512_CTX sha_ctx_; \
int ed25519_ref10_pubkey_from_curve25519_pubkey(unsigned char *out,
const unsigned char *inp,
int signbit);
-int ed25519_ref10_derive_secret_key(unsigned char *out,
+int ed25519_ref10_blind_secret_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param);
-int ed25519_ref10_derive_public_key(unsigned char *out,
+int ed25519_ref10_blind_public_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param);
-/* Modified for Tor: new API, 32-byte secret keys. */
+/* Modified for Tor: new API, 64-byte secret keys. */
#include <string.h>
#include "randombytes.h"
#include "crypto_sign.h"
{
unsigned char seed[32];
- randombytes(seed,32);
+ if (randombytes(seed,32) < 0)
+ return -1;
crypto_sign_seckey_expand(sk, seed);
+/* (Modified by Tor to verify signature separately from message) */
#include <string.h>
#include "crypto_sign.h"
#include "crypto_hash_sha512.h"
#include "ge.h"
#include "sc.h"
+/* 'signature' must be 64-bytes long. */
int crypto_sign_open(
const unsigned char *signature,
const unsigned char *m,uint64_t mlen,
+/* (Modified by Tor to generate detached signatures.) */
#include <string.h>
#include "crypto_sign.h"
#include "crypto_hash_sha512.h"
projects / thirdparty / tor.git / commitdiff
