[tor-commits] [tor/master] Comments and tweaks based on review by asn
nickm at torproject.org
nickm at torproject.org
Thu Sep 25 19:12:41 UTC 2014
commit 46cda485bce60894d3128dcd42831a8c6cc7bcb4
Author: Nick Mathewson <nickm at torproject.org>
Date: Thu Sep 25 15:03:55 2014 -0400
Comments and tweaks based on review by asn
Add some documentation
Rename "derive" -> "blind"
Check for failure on randombytes().
---
src/common/crypto_curve25519.c | 14 ++++++++++++--
src/common/crypto_ed25519.c | 6 ++++--
src/ext/ed25519/ref10/blinding.c | 9 +++++----
src/ext/ed25519/ref10/crypto_hash_sha512.h | 7 +++++++
src/ext/ed25519/ref10/ed25519_ref10.h | 4 ++--
src/ext/ed25519/ref10/keypair.c | 5 +++--
src/ext/ed25519/ref10/open.c | 2 ++
src/ext/ed25519/ref10/sign.c | 1 +
8 files changed, 36 insertions(+), 12 deletions(-)
diff --git a/src/common/crypto_curve25519.c b/src/common/crypto_curve25519.c
index 484dd76..44b280a 100644
--- a/src/common/crypto_curve25519.c
+++ b/src/common/crypto_curve25519.c
@@ -128,7 +128,13 @@ curve25519_keypair_generate(curve25519_keypair_t *keypair_out,
return 0;
}
-/** DOCDOC */
+/** Write the <b>datalen</b> bytes from <b>data</b> to the file named
+ * <b>fname</b> in the tagged-data format. This format contains a
+ * 32-byte header, followed by the data itself. The header is the
+ * NUL-padded string "== <b>typestring</b>: <b>tag</b> ==". The length
+ * of <b>typestring</b> and <b>tag</b> must therefore be no more than
+ * 24.
+ **/
int
crypto_write_tagged_contents_to_file(const char *fname,
const char *typestring,
@@ -159,7 +165,11 @@ crypto_write_tagged_contents_to_file(const char *fname,
return r;
}
-/** DOCDOC */
+/** Read a tagged-data file from <b>fname</b> into the
+ * <b>data_out_len</b>-byte buffer in <b>data_out</b>. Check that the
+ * typestring matches <b>typestring</b>; store the tag into a newly allocated
+ * string in <b>tag_out</b>. Return -1 on failure, and the number of bytes of
+ * data on success. */
ssize_t
crypto_read_tagged_contents_from_file(const char *fname,
const char *typestring,
diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index a545cad..408c12b 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -138,6 +138,8 @@ ed25519_checksig_batch(int *okay_out,
}
#if 0
+ /* This is how we'd do it if we were using ed25519_donna. I'll keep this
+ * code around here in case we ever do that. */
const uint8_t **ms;
size_t *lens;
const uint8_t **pks;
@@ -249,7 +251,7 @@ ed25519_keypair_blind(ed25519_keypair_t *out,
{
ed25519_public_key_t pubkey_check;
- ed25519_ref10_derive_secret_key(out->seckey.seckey,
+ ed25519_ref10_blind_secret_key(out->seckey.seckey,
inp->seckey.seckey, param);
ed25519_public_blind(&pubkey_check, &inp->pubkey, param);
@@ -272,7 +274,7 @@ ed25519_public_blind(ed25519_public_key_t *out,
const ed25519_public_key_t *inp,
const uint8_t *param)
{
- ed25519_ref10_derive_public_key(out->pubkey, inp->pubkey, param);
+ ed25519_ref10_blind_public_key(out->pubkey, inp->pubkey, param);
return 0;
}
diff --git a/src/ext/ed25519/ref10/blinding.c b/src/ext/ed25519/ref10/blinding.c
index f0154e0..4d9a9cb 100644
--- a/src/ext/ed25519/ref10/blinding.c
+++ b/src/ext/ed25519/ref10/blinding.c
@@ -19,7 +19,7 @@ gettweak(unsigned char *out, const unsigned char *param)
out[31] |= 64;
}
-int ed25519_ref10_derive_secret_key(unsigned char *out,
+int ed25519_ref10_blind_secret_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param)
{
@@ -40,7 +40,7 @@ int ed25519_ref10_derive_secret_key(unsigned char *out,
return 0;
}
-int ed25519_ref10_derive_public_key(unsigned char *out,
+int ed25519_ref10_blind_public_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param)
{
@@ -58,7 +58,8 @@ int ed25519_ref10_derive_public_key(unsigned char *out,
* strongly that I'm about to code my own ge_scalarmult_vartime). */
/* We negate the public key first, so that we can pass it to
- * frombytes_negate_vartime, which negates it again. */
+ * frombytes_negate_vartime, which negates it again. If there were a
+ * "ge_frombytes", we'd use that, but there isn't. */
memcpy(pkcopy, inp, 32);
pkcopy[31] ^= (1<<7);
ge_frombytes_negate_vartime(&A, pkcopy);
@@ -69,7 +70,7 @@ int ed25519_ref10_derive_public_key(unsigned char *out,
memwipe(tweak, 0, sizeof(tweak));
memwipe(&A, 0, sizeof(A));
memwipe(&Aprime, 0, sizeof(Aprime));
- memwipe(&pkcopy, 0, sizeof(pkcopy));
+ memwipe(pkcopy, 0, sizeof(pkcopy));
return 0;
}
diff --git a/src/ext/ed25519/ref10/crypto_hash_sha512.h b/src/ext/ed25519/ref10/crypto_hash_sha512.h
index c819b8d..0278571 100644
--- a/src/ext/ed25519/ref10/crypto_hash_sha512.h
+++ b/src/ext/ed25519/ref10/crypto_hash_sha512.h
@@ -1,8 +1,12 @@
/* Added for Tor. */
#include <openssl/sha.h>
+
+/* Set 'out' to the 512-bit SHA512 hash of the 'len'-byte string in 'inp' */
#define crypto_hash_sha512(out, inp, len) \
SHA512((inp), (len), (out))
+/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
+ * concatenated with the 'len2'-byte string in 'inp2'. */
#define crypto_hash_sha512_2(out, inp1, len1, inp2, len2) \
do { \
SHA512_CTX sha_ctx_; \
@@ -12,6 +16,9 @@
SHA512_Final((out), &sha_ctx_); \
} while(0)
+/* Set 'out' to the 512-bit SHA512 hash of the 'len1'-byte string in 'inp1',
+ * concatenated with the 'len2'-byte string in 'inp2', concatenated with
+ * the 'len3'-byte string in 'len3'. */
#define crypto_hash_sha512_3(out, inp1, len1, inp2, len2, inp3, len3) \
do { \
SHA512_CTX sha_ctx_; \
diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h
index f4a76e6..8c77b0e 100644
--- a/src/ext/ed25519/ref10/ed25519_ref10.h
+++ b/src/ext/ed25519/ref10/ed25519_ref10.h
@@ -20,10 +20,10 @@ int ed25519_ref10_sign(
int ed25519_ref10_pubkey_from_curve25519_pubkey(unsigned char *out,
const unsigned char *inp,
int signbit);
-int ed25519_ref10_derive_secret_key(unsigned char *out,
+int ed25519_ref10_blind_secret_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param);
-int ed25519_ref10_derive_public_key(unsigned char *out,
+int ed25519_ref10_blind_public_key(unsigned char *out,
const unsigned char *inp,
const unsigned char *param);
diff --git a/src/ext/ed25519/ref10/keypair.c b/src/ext/ed25519/ref10/keypair.c
index e861998..7ddbaa9 100644
--- a/src/ext/ed25519/ref10/keypair.c
+++ b/src/ext/ed25519/ref10/keypair.c
@@ -1,4 +1,4 @@
-/* Modified for Tor: new API, 32-byte secret keys. */
+/* Modified for Tor: new API, 64-byte secret keys. */
#include <string.h>
#include "randombytes.h"
#include "crypto_sign.h"
@@ -10,7 +10,8 @@ crypto_sign_seckey(unsigned char *sk)
{
unsigned char seed[32];
- randombytes(seed,32);
+ if (randombytes(seed,32) < 0)
+ return -1;
crypto_sign_seckey_expand(sk, seed);
diff --git a/src/ext/ed25519/ref10/open.c b/src/ext/ed25519/ref10/open.c
index 790f668..0e7abba 100644
--- a/src/ext/ed25519/ref10/open.c
+++ b/src/ext/ed25519/ref10/open.c
@@ -1,3 +1,4 @@
+/* (Modified by Tor to verify signature separately from message) */
#include <string.h>
#include "crypto_sign.h"
#include "crypto_hash_sha512.h"
@@ -5,6 +6,7 @@
#include "ge.h"
#include "sc.h"
+/* 'signature' must be 64-bytes long. */
int crypto_sign_open(
const unsigned char *signature,
const unsigned char *m,uint64_t mlen,
diff --git a/src/ext/ed25519/ref10/sign.c b/src/ext/ed25519/ref10/sign.c
index c11fca9..e37b0d1 100644
--- a/src/ext/ed25519/ref10/sign.c
+++ b/src/ext/ed25519/ref10/sign.c
@@ -1,3 +1,4 @@
+/* (Modified by Tor to generate detached signatures.) */
#include <string.h>
#include "crypto_sign.h"
#include "crypto_hash_sha512.h"
More information about the tor-commits
mailing list