diff --git a/libaxolotl/jni/ed25519/additions/curve_sigs.c b/libaxolotl/jni/ed25519/additions/curve_sigs.c index b92b136cd3..31dd7d1502 100644 --- a/libaxolotl/jni/ed25519/additions/curve_sigs.c +++ b/libaxolotl/jni/ed25519/additions/curve_sigs.c @@ -38,8 +38,7 @@ void curve25519_sign(unsigned char* signature_out, { ge_p3 ed_pubkey_point; /* Ed25519 pubkey point */ unsigned char ed_pubkey[32]; /* Ed25519 encoded pubkey */ - unsigned char sigbuf[msg_len + 64]; /* working buffer */ - unsigned long long sigbuf_out_len = 0; + unsigned char sigbuf[msg_len + 128]; /* working buffer */ unsigned char sign_bit = 0; /* Convert the Curve25519 privkey to an Ed25519 public key */ @@ -48,7 +47,7 @@ void curve25519_sign(unsigned char* signature_out, sign_bit = ed_pubkey[31] & 0x80; /* Perform an Ed25519 signature with explicit private key */ - crypto_sign_modified(sigbuf, &sigbuf_out_len, msg, msg_len, curve25519_privkey, + crypto_sign_modified(sigbuf, msg, msg_len, curve25519_privkey, ed_pubkey, random); memmove(signature_out, sigbuf, 64); diff --git a/libaxolotl/jni/ed25519/additions/curve_sigs.h b/libaxolotl/jni/ed25519/additions/curve_sigs.h index 97d8a165f8..360df11072 100644 --- a/libaxolotl/jni/ed25519/additions/curve_sigs.h +++ b/libaxolotl/jni/ed25519/additions/curve_sigs.h @@ -36,7 +36,7 @@ int curve25519_verify(const unsigned char* signature, /* 64 bytes */ signature = (R || S) */ int crypto_sign_modified( - unsigned char *sm,unsigned long long *smlen, + unsigned char *sm, const unsigned char *m,unsigned long long mlen, const unsigned char *sk, /* Curve/Ed25519 private key */ const unsigned char *pk, /* Ed25519 public key */ diff --git a/libaxolotl/jni/ed25519/additions/sign_modified.c b/libaxolotl/jni/ed25519/additions/sign_modified.c index 5bc5cc7d5e..175731a16c 100644 --- a/libaxolotl/jni/ed25519/additions/sign_modified.c +++ b/libaxolotl/jni/ed25519/additions/sign_modified.c @@ -10,7 +10,7 @@ instead of deriving both from a master key. */ int crypto_sign_modified( - unsigned char *sm,unsigned long long *smlen, + unsigned char *sm, const unsigned char *m,unsigned long long mlen, const unsigned char *sk, const unsigned char* pk, const unsigned char* random @@ -21,7 +21,6 @@ int crypto_sign_modified( ge_p3 R; int count=0; - *smlen = mlen + 64; memmove(sm + 64,m,mlen); memmove(sm + 32,sk,32); /* NEW: Use privkey directly for nonce derivation */ @@ -30,12 +29,11 @@ int crypto_sign_modified( for (count = 1; count < 32; count++) sm[count] = 0xFF; - crypto_hash_sha512(nonce,sm,mlen + 64); - memmove(sm + 32,pk,32); + /* NEW: add suffix of random data */ + memmove(sm + mlen + 64, random, 64); - /* NEW: XOR random into nonce */ - for (count=0; count < 64; count++) - nonce[count] ^= random[count]; + crypto_hash_sha512(nonce,sm,mlen + 128); + memmove(sm + 32,pk,32); sc_reduce(nonce); ge_scalarmult_base(&R,nonce); diff --git a/libaxolotl/jni/ed25519/main/main.c b/libaxolotl/jni/ed25519/main/main.c index ab451bf4e6..cd0cf2d6d9 100644 --- a/libaxolotl/jni/ed25519/main/main.c +++ b/libaxolotl/jni/ed25519/main/main.c @@ -3,17 +3,18 @@ #include "crypto_hash_sha512.h" #include "curve_sigs.h" +#define MSG_LEN 200 + int main(int argc, char* argv[]) { unsigned char privkey[32]; unsigned char pubkey[32]; unsigned char signature[64]; - unsigned char msg[100]; - unsigned long long msg_len = 100; + unsigned char msg[MSG_LEN]; unsigned char random[64]; /* Initialize pubkey, privkey, msg */ - memset(msg, 0, 100); + memset(msg, 0, MSG_LEN); memset(privkey, 0, 32); memset(pubkey, 0, 32); privkey[0] &= 248; @@ -55,16 +56,16 @@ int main(int argc, char* argv[]) /* Signature test */ curve25519_keygen(pubkey, privkey); - curve25519_sign(signature, privkey, msg, msg_len, random); + curve25519_sign(signature, privkey, msg, MSG_LEN, random); - if (curve25519_verify(signature, pubkey, msg, msg_len) == 0) + if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0) printf("Signature good #1\n"); else printf("Signature bad #1\n"); signature[0] ^= 1; - if (curve25519_verify(signature, pubkey, msg, msg_len) == 0) + if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0) printf("Signature bad #2\n"); else printf("Signature good #2\n"); @@ -84,9 +85,9 @@ int main(int argc, char* argv[]) curve25519_keygen(pubkey, privkey); - curve25519_sign(signature, privkey, msg, msg_len, random); + curve25519_sign(signature, privkey, msg, MSG_LEN, random); - if (curve25519_verify(signature, pubkey, msg, msg_len) != 0) { + if (curve25519_verify(signature, pubkey, msg, MSG_LEN) != 0) { printf("failure #1 %d\n", count); return -1; } @@ -94,8 +95,8 @@ int main(int argc, char* argv[]) if (b[63] & 1) signature[count % 64] ^= 1; else - msg[count % 100] ^= 1; - if (curve25519_verify(signature, pubkey, msg, msg_len) == 0) { + msg[count % MSG_LEN] ^= 1; + if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0) { printf("failure #2 %d\n", count); return -1; } diff --git a/libaxolotl/libs/armeabi-v7a/libcurve25519.so b/libaxolotl/libs/armeabi-v7a/libcurve25519.so index bd318cbf6a..3748469977 100755 Binary files a/libaxolotl/libs/armeabi-v7a/libcurve25519.so and b/libaxolotl/libs/armeabi-v7a/libcurve25519.so differ diff --git a/libaxolotl/libs/armeabi/libcurve25519.so b/libaxolotl/libs/armeabi/libcurve25519.so index dfd6de8d15..c56c5e1a5e 100755 Binary files a/libaxolotl/libs/armeabi/libcurve25519.so and b/libaxolotl/libs/armeabi/libcurve25519.so differ diff --git a/libaxolotl/libs/x86/libcurve25519.so b/libaxolotl/libs/x86/libcurve25519.so index e72eaad4a4..4b7ea39c73 100755 Binary files a/libaxolotl/libs/x86/libcurve25519.so and b/libaxolotl/libs/x86/libcurve25519.so differ