tUpdate ed25519 library to an up-to-date version - sick - sign and check files using ed25519
(HTM) git clone git://z3bra.org/sick
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 60ecb5437dce4b2cb787c3c80403ff3bb6648d0a
(DIR) parent 4b5bc4c8bffcb488540514047115e7e0371c51be
(HTM) Author: Willy Goiffon <dev@z3bra.org>
Date: Tue, 2 Jun 2020 13:34:21 +0200
Update ed25519 library to an up-to-date version
Diffstat:
M README | 5 ++---
D ed25519/ed25519_32.dll | 0
D ed25519/ed25519_64.dll | 0
M ed25519/readme.md | 2 +-
M ed25519/src/add_scalar.c | 13 +++++++++++++
M ed25519/src/ed25519.h | 2 +-
M ed25519/src/fe.c | 20 ++++++++++----------
M ed25519/src/ge.c | 2 +-
M ed25519/src/keypair.c | 4 ----
M ed25519/src/precomp_data.h | 4 ++--
M ed25519/src/sign.c | 28 +++++++++-------------------
M sick.c | 2 +-
12 files changed, 40 insertions(+), 42 deletions(-)
---
(DIR) diff --git a/README b/README
t@@ -33,7 +33,6 @@ Edit config.mk as needed, then build/install with the following commands:
make
make install
-Require [ed25519][0]. A working copy is shipped for easier integration.
-
-[0]: https://github.com/rdeker/ed25519
+Require [ed25519][0]. A working copy is shipped with the code.
+[0]: https://github.com/orlp/ed25519
(DIR) diff --git a/ed25519/ed25519_32.dll b/ed25519/ed25519_32.dll
Binary files differ.
(DIR) diff --git a/ed25519/ed25519_64.dll b/ed25519/ed25519_64.dll
Binary files differ.
(DIR) diff --git a/ed25519/readme.md b/ed25519/readme.md
t@@ -163,4 +163,4 @@ ed25519_key_exchange(shared_secret, other_public_key, private_key);
License
-------
-All code is in the public domain.
+All code is released under the zlib license. See license.txt for details.
(DIR) diff --git a/ed25519/src/add_scalar.c b/ed25519/src/add_scalar.c
t@@ -1,6 +1,7 @@
#include "ed25519.h"
#include "ge.h"
#include "sc.h"
+#include "sha512.h"
/* see http://crypto.stackexchange.com/a/6215/4697 */
t@@ -14,6 +15,9 @@ void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, c
ge_p3 public_key_unpacked;
ge_cached T;
+ sha512_context hash;
+ unsigned char hashbuf[64];
+
int i;
/* copy the scalar and clear highest bit */
t@@ -25,6 +29,15 @@ void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, c
/* private key: a = n + t */
if (private_key) {
sc_muladd(private_key, SC_1, n, private_key);
+
+ // https://github.com/orlp/ed25519/issues/3
+ sha512_init(&hash);
+ sha512_update(&hash, private_key + 32, 32);
+ sha512_update(&hash, scalar, 32);
+ sha512_final(&hash, hashbuf);
+ for (i = 0; i < 32; ++i) {
+ private_key[32 + i] = hashbuf[i];
+ }
}
/* public key: A = nB + T */
(DIR) diff --git a/ed25519/src/ed25519.h b/ed25519/src/ed25519.h
t@@ -25,7 +25,7 @@ int ED25519_DECLSPEC ed25519_create_seed(unsigned char *seed);
#endif
void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed);
-void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key);
+void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key);
int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key);
void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar);
void ED25519_DECLSPEC ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key);
(DIR) diff --git a/ed25519/src/fe.c b/ed25519/src/fe.c
t@@ -820,16 +820,16 @@ void fe_mul121666(fe h, fe f) {
carry6 = (h6 + (int64_t) (1<<25)) >> 26; h7 += carry6; h6 -= carry6 << 26;
carry8 = (h8 + (int64_t) (1<<25)) >> 26; h9 += carry8; h8 -= carry8 << 26;
- h[0] = h0;
- h[1] = h1;
- h[2] = h2;
- h[3] = h3;
- h[4] = h4;
- h[5] = h5;
- h[6] = h6;
- h[7] = h7;
- h[8] = h8;
- h[9] = h9;
+ h[0] = (int32_t) h0;
+ h[1] = (int32_t) h1;
+ h[2] = (int32_t) h2;
+ h[3] = (int32_t) h3;
+ h[4] = (int32_t) h4;
+ h[5] = (int32_t) h5;
+ h[6] = (int32_t) h6;
+ h[7] = (int32_t) h7;
+ h[8] = (int32_t) h8;
+ h[9] = (int32_t) h9;
}
(DIR) diff --git a/ed25519/src/ge.c b/ed25519/src/ge.c
t@@ -346,7 +346,7 @@ static unsigned char negative(signed char b) {
return (unsigned char) x;
}
-static void cmov(ge_precomp *t, ge_precomp *u, unsigned char b) {
+static void cmov(ge_precomp *t, const ge_precomp *u, unsigned char b) {
fe_cmov(t->yplusx, u->yplusx, b);
fe_cmov(t->yminusx, u->yminusx, b);
fe_cmov(t->xy2d, u->xy2d, b);
(DIR) diff --git a/ed25519/src/keypair.c b/ed25519/src/keypair.c
t@@ -1,4 +1,3 @@
-#include <string.h>
#include "ed25519.h"
#include "sha512.h"
#include "ge.h"
t@@ -14,7 +13,4 @@ void ed25519_create_keypair(unsigned char *public_key, unsigned char *private_ke
ge_scalarmult_base(&A, private_key);
ge_p3_tobytes(public_key, &A);
-
- memmove(private_key, seed, 32);
- memmove(private_key + 32, public_key, 32);
}
(DIR) diff --git a/ed25519/src/precomp_data.h b/ed25519/src/precomp_data.h
t@@ -1,4 +1,4 @@
-static ge_precomp Bi[8] = {
+static const ge_precomp Bi[8] = {
{
{ 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 },
{ -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378 },
t@@ -43,7 +43,7 @@ static ge_precomp Bi[8] = {
/* base[i][j] = (j+1)*256^i*B */
-static ge_precomp base[32][8] = {
+static const ge_precomp base[32][8] = {
{
{
{ 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 },
(DIR) diff --git a/ed25519/src/sign.c b/ed25519/src/sign.c
t@@ -1,41 +1,31 @@
-#include <string.h>
#include "ed25519.h"
#include "sha512.h"
#include "ge.h"
#include "sc.h"
-void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *private_key) {
+void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key) {
sha512_context hash;
unsigned char hram[64];
- unsigned char nonce[64];
- unsigned char az[64];
+ unsigned char r[64];
ge_p3 R;
- sha512(private_key, 32, az);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
sha512_init(&hash);
- sha512_update(&hash, az + 32, 32);
+ sha512_update(&hash, private_key + 32, 32);
sha512_update(&hash, message, message_len);
- sha512_final(&hash, nonce);
+ sha512_final(&hash, r);
- memmove(signature + 32, private_key + 32, 32);
-
- sc_reduce(nonce);
- ge_scalarmult_base(&R, nonce);
+ sc_reduce(r);
+ ge_scalarmult_base(&R, r);
ge_p3_tobytes(signature, &R);
sha512_init(&hash);
- sha512_update(&hash, signature, 64);
+ sha512_update(&hash, signature, 32);
+ sha512_update(&hash, public_key, 32);
sha512_update(&hash, message, message_len);
sha512_final(&hash, hram);
sc_reduce(hram);
- sc_muladd(signature + 32, hram, az, nonce);
-
- memset(az, 0, sizeof(az));
- memset(nonce, 0, sizeof(nonce));
+ sc_muladd(signature + 32, hram, private_key, r);
}
(DIR) diff --git a/sick.c b/sick.c
t@@ -276,7 +276,7 @@ sign(FILE *fp, FILE *key)
if (verbose)
fprintf(stderr, "Signing stream (%lu bytes)\n", len);
- ed25519_sign(sig, msg, len, priv);
+ ed25519_sign(sig, msg, len, NULL, priv);
/* write buffer to stdout .. */
fwrite(msg, 1, len, stdout);