Tweak ed25519 ref10 signing interface to use less space.

author Nick Mathewson <nickm@torproject.org>

Tue, 26 Aug 2014 16:47:27 +0000 (12:47 -0400)

committer Nick Mathewson <nickm@torproject.org>

Thu, 25 Sep 2014 19:08:31 +0000 (15:08 -0400)
author Nick Mathewson <nickm@torproject.org>
Tue, 26 Aug 2014 16:47:27 +0000 (12:47 -0400)
committer Nick Mathewson <nickm@torproject.org>
Thu, 25 Sep 2014 19:08:31 +0000 (15:08 -0400)
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c

index c39f4f4fe26ab48a5df489b36f884c6aad98deb6..90a5fa970f5f9f71dab97cb079efe765c36eb5f7 100644 (file)
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -59,29 +59,13 @@ ed25519_sign(ed25519_signature_t *signature_out,
               const uint8_t *msg, size_t len,
               const ed25519_keypair_t *keypair)
  {
-  uint8_t keys[64];
-  uint8_t *tmp;
-  uint64_t tmplen;
-
-  /* XXXX Make crypto_sign in ref10 friendlier so we don't need this stupid
-   * copying. */
-  tor_assert(len < SIZE_T_CEILING - 64);
-  tmplen = ((uint64_t)len) + 64;
-  tmp = tor_malloc(tmplen);
  
-  memcpy(keys, keypair->seckey.seckey, 32);
-  memcpy(keys+32, keypair->pubkey.pubkey, 32);
-
-  if (ed25519_ref10_sign(tmp, &tmplen, msg, len, keys) < 0) {
-    tor_free(tmp);
+  if (ed25519_ref10_sign(signature_out->sig, msg, len,
+                         keypair->seckey.seckey,
+                         keypair->pubkey.pubkey) < 0) {
      return -1;
    }
  
-  memcpy(signature_out->sig, tmp, 64);
-  memwipe(keys, 0, sizeof(keys));
-
-  tor_free(tmp);
-
    return 0;
  }
  
diff --git a/src/ext/ed25519/ref10/crypto_hash_sha512.h b/src/ext/ed25519/ref10/crypto_hash_sha512.h

index fa768aca248e7e46dd22c0c5c5967d6d7fda285a..c819b8d0d358ba1ca6163f29d369916943bd85d0 100644 (file)
--- a/src/ext/ed25519/ref10/crypto_hash_sha512.h
+++ b/src/ext/ed25519/ref10/crypto_hash_sha512.h
@@ -2,3 +2,22 @@
  #include <openssl/sha.h>
  #define crypto_hash_sha512(out, inp, len) \
    SHA512((inp), (len), (out))
+
+#define crypto_hash_sha512_2(out, inp1, len1, inp2, len2)               \
+  do {                                                                  \
+      SHA512_CTX sha_ctx_;                                              \
+      SHA512_Init(&sha_ctx_);                                           \
+      SHA512_Update(&sha_ctx_, (inp1), (len1));                         \
+      SHA512_Update(&sha_ctx_, (inp2), (len2));                         \
+      SHA512_Final((out), &sha_ctx_);                                   \
+ } while(0)
+
+#define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3)   \
+  do {                                                                  \
+      SHA512_CTX sha_ctx_;                                              \
+      SHA512_Init(&sha_ctx_);                                           \
+      SHA512_Update(&sha_ctx_, (inp1), (len1));                         \
+      SHA512_Update(&sha_ctx_, (inp2), (len2));                         \
+      SHA512_Update(&sha_ctx_, (inp3), (len3));                         \
+      SHA512_Final((out), &sha_ctx_);                                   \
+ } while(0)
diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h

index 33a24bd6a4109194ddc71fc2f20aa8033181b108..1f7946d04a2fd6643b83d99fc495b35d0f5c688a 100644 (file)
--- a/src/ext/ed25519/ref10/ed25519_ref10.h
+++ b/src/ext/ed25519/ref10/ed25519_ref10.h
@@ -11,8 +11,8 @@ int ed25519_ref10_open(
    const unsigned char *sm,uint64_t smlen,
    const unsigned char *pk);
  int ed25519_ref10_sign(
-  unsigned char *sm,uint64_t *smlen,
+  unsigned char *sig,
    const unsigned char *m,uint64_t mlen,
-  const unsigned char *sk);
+  const unsigned char *sk, const unsigned char *pk);
  
  #endif
diff --git a/src/ext/ed25519/ref10/sign.c b/src/ext/ed25519/ref10/sign.c

index eb3fd6552c9cc83d613ce5356c2236cbc142f1c3..7eb23c6c794d0805f8e50416d7e14c763c960b2e 100644 (file)
--- a/src/ext/ed25519/ref10/sign.c
+++ b/src/ext/ed25519/ref10/sign.c
@@ -5,37 +5,30 @@
  #include "sc.h"
  
  int crypto_sign(
-  unsigned char *sm,uint64_t *smlen,
+  unsigned char *sig,
    const unsigned char *m,uint64_t mlen,
-  const unsigned char *sk
+  const unsigned char *sk,const unsigned char *pk
  )
  {
-  unsigned char pk[32];
    unsigned char az[64];
    unsigned char nonce[64];
    unsigned char hram[64];
    ge_p3 R;
  
-  memmove(pk,sk + 32,32);
-
    crypto_hash_sha512(az,sk,32);
    az[0] &= 248;
    az[31] &= 63;
    az[31] |= 64;
  
-  *smlen = mlen + 64;
-  memmove(sm + 64,m,mlen);
-  memmove(sm + 32,az + 32,32);
-  crypto_hash_sha512(nonce,sm + 32,mlen + 32);
-  memmove(sm + 32,pk,32);
+  crypto_hash_sha512_2(nonce, az+32, 32, m, mlen);
  
    sc_reduce(nonce);
    ge_scalarmult_base(&R,nonce);
-  ge_p3_tobytes(sm,&R);
+  ge_p3_tobytes(sig,&R);
  
-  crypto_hash_sha512(hram,sm,mlen + 64);
+  crypto_hash_sha512_3(hram, sig, 32, pk, 32, m, mlen);
    sc_reduce(hram);
-  sc_muladd(sm + 32,hram,az,nonce);
+  sc_muladd(sig + 32,hram,az,nonce);
  
    return 0;
  }
author	Nick Mathewson <nickm@torproject.org>
	Tue, 26 Aug 2014 16:47:27 +0000 (12:47 -0400)
committer	Nick Mathewson <nickm@torproject.org>
	Thu, 25 Sep 2014 19:08:31 +0000 (15:08 -0400)
src/common/crypto_ed25519.c		patch \| blob \| blame \| history
src/ext/ed25519/ref10/crypto_hash_sha512.h		patch \| blob \| blame \| history
src/ext/ed25519/ref10/ed25519_ref10.h		patch \| blob \| blame \| history
src/ext/ed25519/ref10/sign.c		patch \| blob \| blame \| history