commit e0097a8839c9dc8e56a7304b84482155dccd0af0 Author: Nick Mathewson <nickm@torproject.org> Date: Tue Aug 26 12:47:27 2014 -0400 Tweak ed25519 ref10 signing interface to use less space. Unit tests still pass. --- src/common/crypto_ed25519.c | 22 +++------------------- src/ext/ed25519/ref10/crypto_hash_sha512.h | 19 +++++++++++++++++++ src/ext/ed25519/ref10/ed25519_ref10.h | 4 ++-- src/ext/ed25519/ref10/sign.c | 19 ++++++------------- 4 files changed, 30 insertions(+), 34 deletions(-) diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c index c39f4f4..90a5fa9 100644 --- a/src/common/crypto_ed25519.c +++ b/src/common/crypto_ed25519.c @@ -59,29 +59,13 @@ ed25519_sign(ed25519_signature_t *signature_out, const uint8_t *msg, size_t len, const ed25519_keypair_t *keypair) { - uint8_t keys[64]; - uint8_t *tmp; - uint64_t tmplen; - - /* XXXX Make crypto_sign in ref10 friendlier so we don't need this stupid - * copying. */ - tor_assert(len < SIZE_T_CEILING - 64); - tmplen = ((uint64_t)len) + 64; - tmp = tor_malloc(tmplen); - memcpy(keys, keypair->seckey.seckey, 32); - memcpy(keys+32, keypair->pubkey.pubkey, 32); - - if (ed25519_ref10_sign(tmp, &tmplen, msg, len, keys) < 0) { - tor_free(tmp); + if (ed25519_ref10_sign(signature_out->sig, msg, len, + keypair->seckey.seckey, + keypair->pubkey.pubkey) < 0) { return -1; } - memcpy(signature_out->sig, tmp, 64); - memwipe(keys, 0, sizeof(keys)); - - tor_free(tmp); - return 0; } diff --git a/src/ext/ed25519/ref10/crypto_hash_sha512.h b/src/ext/ed25519/ref10/crypto_hash_sha512.h index fa768ac..c819b8d 100644 --- a/src/ext/ed25519/ref10/crypto_hash_sha512.h +++ b/src/ext/ed25519/ref10/crypto_hash_sha512.h @@ -2,3 +2,22 @@ #include <openssl/sha.h> #define crypto_hash_sha512(out, inp, len) \ SHA512((inp), (len), (out)) + +#define crypto_hash_sha512_2(out, inp1, len1, inp2, len2) \ + do { \ + SHA512_CTX sha_ctx_; \ + SHA512_Init(&sha_ctx_); \ + SHA512_Update(&sha_ctx_, (inp1), (len1)); \ + SHA512_Update(&sha_ctx_, (inp2), (len2)); \ + SHA512_Final((out), &sha_ctx_); \ + } while(0) + +#define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3) \ + do { \ + SHA512_CTX sha_ctx_; \ + SHA512_Init(&sha_ctx_); \ + SHA512_Update(&sha_ctx_, (inp1), (len1)); \ + SHA512_Update(&sha_ctx_, (inp2), (len2)); \ + SHA512_Update(&sha_ctx_, (inp3), (len3)); \ + SHA512_Final((out), &sha_ctx_); \ + } while(0) diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h index 33a24bd..1f7946d 100644 --- a/src/ext/ed25519/ref10/ed25519_ref10.h +++ b/src/ext/ed25519/ref10/ed25519_ref10.h @@ -11,8 +11,8 @@ int ed25519_ref10_open( const unsigned char *sm,uint64_t smlen, const unsigned char *pk); int ed25519_ref10_sign( - unsigned char *sm,uint64_t *smlen, + unsigned char *sig, const unsigned char *m,uint64_t mlen, - const unsigned char *sk); + const unsigned char *sk, const unsigned char *pk); #endif diff --git a/src/ext/ed25519/ref10/sign.c b/src/ext/ed25519/ref10/sign.c index eb3fd65..7eb23c6 100644 --- a/src/ext/ed25519/ref10/sign.c +++ b/src/ext/ed25519/ref10/sign.c @@ -5,37 +5,30 @@ #include "sc.h" int crypto_sign( - unsigned char *sm,uint64_t *smlen, + unsigned char *sig, const unsigned char *m,uint64_t mlen, - const unsigned char *sk + const unsigned char *sk,const unsigned char *pk ) { - unsigned char pk[32]; unsigned char az[64]; unsigned char nonce[64]; unsigned char hram[64]; ge_p3 R; - memmove(pk,sk + 32,32); - crypto_hash_sha512(az,sk,32); az[0] &= 248; az[31] &= 63; az[31] |= 64; - *smlen = mlen + 64; - memmove(sm + 64,m,mlen); - memmove(sm + 32,az + 32,32); - crypto_hash_sha512(nonce,sm + 32,mlen + 32); - memmove(sm + 32,pk,32); + crypto_hash_sha512_2(nonce, az+32, 32, m, mlen); sc_reduce(nonce); ge_scalarmult_base(&R,nonce); - ge_p3_tobytes(sm,&R); + ge_p3_tobytes(sig,&R); - crypto_hash_sha512(hram,sm,mlen + 64); + crypto_hash_sha512_3(hram, sig, 32, pk, 32, m, mlen); sc_reduce(hram); - sc_muladd(sm + 32,hram,az,nonce); + sc_muladd(sig + 32,hram,az,nonce); return 0; }