[tor-commits] [tor/master] Tweak ed25519 ref10 signing interface to use less space.

nickm at torproject.org nickm at torproject.org
Thu Sep 25 19:12:40 UTC 2014 

commit e0097a8839c9dc8e56a7304b84482155dccd0af0
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Aug 26 12:47:27 2014 -0400

    Tweak ed25519 ref10 signing interface to use less space.
    
    Unit tests still pass.
---
 src/common/crypto_ed25519.c                |   22 +++-------------------
 src/ext/ed25519/ref10/crypto_hash_sha512.h |   19 +++++++++++++++++++
 src/ext/ed25519/ref10/ed25519_ref10.h      |    4 ++--
 src/ext/ed25519/ref10/sign.c               |   19 ++++++-------------
 4 files changed, 30 insertions(+), 34 deletions(-)

diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index c39f4f4..90a5fa9 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -59,29 +59,13 @@ ed25519_sign(ed25519_signature_t *signature_out,
              const uint8_t *msg, size_t len,
              const ed25519_keypair_t *keypair)
 {
-  uint8_t keys[64];
-  uint8_t *tmp;
-  uint64_t tmplen;
-
-  /* XXXX Make crypto_sign in ref10 friendlier so we don't need this stupid
-   * copying. */
-  tor_assert(len < SIZE_T_CEILING - 64);
-  tmplen = ((uint64_t)len) + 64;
-  tmp = tor_malloc(tmplen);
 
-  memcpy(keys, keypair->seckey.seckey, 32);
-  memcpy(keys+32, keypair->pubkey.pubkey, 32);
-
-  if (ed25519_ref10_sign(tmp, &tmplen, msg, len, keys) < 0) {
-    tor_free(tmp);
+  if (ed25519_ref10_sign(signature_out->sig, msg, len,
+                         keypair->seckey.seckey,
+                         keypair->pubkey.pubkey) < 0) {
     return -1;
   }
 
-  memcpy(signature_out->sig, tmp, 64);
-  memwipe(keys, 0, sizeof(keys));
-
-  tor_free(tmp);
-
   return 0;
 }
 
diff --git a/src/ext/ed25519/ref10/crypto_hash_sha512.h b/src/ext/ed25519/ref10/crypto_hash_sha512.h
index fa768ac..c819b8d 100644
--- a/src/ext/ed25519/ref10/crypto_hash_sha512.h
+++ b/src/ext/ed25519/ref10/crypto_hash_sha512.h
@@ -2,3 +2,22 @@
 #include <openssl/sha.h>
 #define crypto_hash_sha512(out, inp, len) \
   SHA512((inp), (len), (out))
+
+#define crypto_hash_sha512_2(out, inp1, len1, inp2, len2)               \
+  do {                                                                  \
+      SHA512_CTX sha_ctx_;                                              \
+      SHA512_Init(&sha_ctx_);                                           \
+      SHA512_Update(&sha_ctx_, (inp1), (len1));                         \
+      SHA512_Update(&sha_ctx_, (inp2), (len2));                         \
+      SHA512_Final((out), &sha_ctx_);                                   \
+ } while(0)
+
+#define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3)   \
+  do {                                                                  \
+      SHA512_CTX sha_ctx_;                                              \
+      SHA512_Init(&sha_ctx_);                                           \
+      SHA512_Update(&sha_ctx_, (inp1), (len1));                         \
+      SHA512_Update(&sha_ctx_, (inp2), (len2));                         \
+      SHA512_Update(&sha_ctx_, (inp3), (len3));                         \
+      SHA512_Final((out), &sha_ctx_);                                   \
+ } while(0)
diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h
index 33a24bd..1f7946d 100644
--- a/src/ext/ed25519/ref10/ed25519_ref10.h
+++ b/src/ext/ed25519/ref10/ed25519_ref10.h
@@ -11,8 +11,8 @@ int ed25519_ref10_open(
   const unsigned char *sm,uint64_t smlen,
   const unsigned char *pk);
 int ed25519_ref10_sign(
-  unsigned char *sm,uint64_t *smlen,
+  unsigned char *sig,
   const unsigned char *m,uint64_t mlen,
-  const unsigned char *sk);
+  const unsigned char *sk, const unsigned char *pk);
 
 #endif
diff --git a/src/ext/ed25519/ref10/sign.c b/src/ext/ed25519/ref10/sign.c
index eb3fd65..7eb23c6 100644
--- a/src/ext/ed25519/ref10/sign.c
+++ b/src/ext/ed25519/ref10/sign.c
@@ -5,37 +5,30 @@
 #include "sc.h"
 
 int crypto_sign(
-  unsigned char *sm,uint64_t *smlen,
+  unsigned char *sig,
   const unsigned char *m,uint64_t mlen,
-  const unsigned char *sk
+  const unsigned char *sk,const unsigned char *pk
 )
 {
-  unsigned char pk[32];
   unsigned char az[64];
   unsigned char nonce[64];
   unsigned char hram[64];
   ge_p3 R;
 
-  memmove(pk,sk + 32,32);
-
   crypto_hash_sha512(az,sk,32);
   az[0] &= 248;
   az[31] &= 63;
   az[31] |= 64;
 
-  *smlen = mlen + 64;
-  memmove(sm + 64,m,mlen);
-  memmove(sm + 32,az + 32,32);
-  crypto_hash_sha512(nonce,sm + 32,mlen + 32);
-  memmove(sm + 32,pk,32);
+  crypto_hash_sha512_2(nonce, az+32, 32, m, mlen);
 
   sc_reduce(nonce);
   ge_scalarmult_base(&R,nonce);
-  ge_p3_tobytes(sm,&R);
+  ge_p3_tobytes(sig,&R);
 
-  crypto_hash_sha512(hram,sm,mlen + 64);
+  crypto_hash_sha512_3(hram, sig, 32, pk, 32, m, mlen);
   sc_reduce(hram);
-  sc_muladd(sm + 32,hram,az,nonce);
+  sc_muladd(sig + 32,hram,az,nonce);
 
   return 0;
 }

More information about the tor-commits mailing list