Updated to latest of Trevor's ref10-extract

2025-04-03 22:15:38 +00:00 · 2014-07-28 09:28:49 -07:00 · 2014-07-28 09:28:49 -07:00 · 238f29c90a
commit 238f29c90a
parent 084f27a2e8
7 changed files with 19 additions and 21 deletions
--- a/libaxolotl/jni/ed25519/additions/curve_sigs.c
+++ b/libaxolotl/jni/ed25519/additions/curve_sigs.c
@ -38,8 +38,7 @@ void curve25519_sign(unsigned char* signature_out,
 {
  ge_p3 ed_pubkey_point; /* Ed25519 pubkey point */
  unsigned char ed_pubkey[32]; /* Ed25519 encoded pubkey */
-  unsigned char sigbuf[msg_len + 64]; /* working buffer */
+  unsigned char sigbuf[msg_len + 128]; /* working buffer */
  unsigned long long sigbuf_out_len = 0;
  unsigned char sign_bit = 0;
  /* Convert the Curve25519 privkey to an Ed25519 public key */
@ -48,7 +47,7 @@ void curve25519_sign(unsigned char* signature_out,
  sign_bit = ed_pubkey[31] & 0x80;
  /* Perform an Ed25519 signature with explicit private key */
-  crypto_sign_modified(sigbuf, &sigbuf_out_len, msg, msg_len, curve25519_privkey,
+  crypto_sign_modified(sigbuf, msg, msg_len, curve25519_privkey,
                       ed_pubkey, random);
  memmove(signature_out, sigbuf, 64);
--- a/libaxolotl/jni/ed25519/additions/curve_sigs.h
+++ b/libaxolotl/jni/ed25519/additions/curve_sigs.h
@ -36,7 +36,7 @@ int curve25519_verify(const unsigned char* signature, /* 64 bytes */
   signature = (R || S)
 */
 int crypto_sign_modified(
-  unsigned char *sm,unsigned long long *smlen,
+  unsigned char *sm,
  const unsigned char *m,unsigned long long mlen,
  const unsigned char *sk, /* Curve/Ed25519 private key */
  const unsigned char *pk, /* Ed25519 public key */
--- a/libaxolotl/jni/ed25519/additions/sign_modified.c
+++ b/libaxolotl/jni/ed25519/additions/sign_modified.c
@ -10,7 +10,7 @@
   instead of deriving both from a master key.
 */
 int crypto_sign_modified(
-  unsigned char *sm,unsigned long long *smlen,
+  unsigned char *sm,
  const unsigned char *m,unsigned long long mlen,
  const unsigned char *sk, const unsigned char* pk,
  const unsigned char* random
@ -21,7 +21,6 @@ int crypto_sign_modified(
  ge_p3 R;
  int count=0;
  *smlen = mlen + 64;
  memmove(sm + 64,m,mlen);
  memmove(sm + 32,sk,32); /* NEW: Use privkey directly for nonce derivation */
@ -30,12 +29,11 @@ int crypto_sign_modified(
  for (count = 1; count < 32; count++)
    sm[count] = 0xFF;
-  crypto_hash_sha512(nonce,sm,mlen + 64);
+  /* NEW: add suffix of random data */
-  memmove(sm + 32,pk,32);
+  memmove(sm + mlen + 64, random, 64);
-  /* NEW: XOR random into nonce */
+  crypto_hash_sha512(nonce,sm,mlen + 128);
-  for (count=0; count < 64; count++)
+  memmove(sm + 32,pk,32);
    nonce[count] ^= random[count];
  sc_reduce(nonce);
  ge_scalarmult_base(&R,nonce);
--- a/libaxolotl/jni/ed25519/main/main.c
+++ b/libaxolotl/jni/ed25519/main/main.c
@ -3,17 +3,18 @@
 #include "crypto_hash_sha512.h"
 #include "curve_sigs.h"
 #define MSG_LEN 200
 int main(int argc, char* argv[])
 {
  unsigned char privkey[32];
  unsigned char pubkey[32];
  unsigned char signature[64];
-  unsigned char msg[100];
+  unsigned char msg[MSG_LEN];
  unsigned long long msg_len = 100;
  unsigned char random[64];
  /* Initialize pubkey, privkey, msg */
-  memset(msg, 0, 100);
+  memset(msg, 0, MSG_LEN);
  memset(privkey, 0, 32);
  memset(pubkey, 0, 32);
  privkey[0] &= 248;
@ -55,16 +56,16 @@ int main(int argc, char* argv[])
  /* Signature test */
  curve25519_keygen(pubkey, privkey);
-  curve25519_sign(signature, privkey, msg, msg_len, random);
+  curve25519_sign(signature, privkey, msg, MSG_LEN, random);
-  if (curve25519_verify(signature, pubkey, msg, msg_len) == 0)
+  if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0)
    printf("Signature good #1\n");
  else
    printf("Signature bad #1\n");
  signature[0] ^= 1;
-  if (curve25519_verify(signature, pubkey, msg, msg_len) == 0)
+  if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0)
    printf("Signature bad #2\n");
  else
    printf("Signature good #2\n");
@ -84,9 +85,9 @@ int main(int argc, char* argv[])
    curve25519_keygen(pubkey, privkey);
-    curve25519_sign(signature, privkey, msg, msg_len, random);
+    curve25519_sign(signature, privkey, msg, MSG_LEN, random);
-    if (curve25519_verify(signature, pubkey, msg, msg_len) != 0) {
+    if (curve25519_verify(signature, pubkey, msg, MSG_LEN) != 0) {
      printf("failure #1 %d\n", count);
      return -1;
    }
@ -94,8 +95,8 @@ int main(int argc, char* argv[])
    if (b[63] & 1)
      signature[count % 64] ^= 1;
    else
-      msg[count % 100] ^= 1;
+      msg[count % MSG_LEN] ^= 1;
-    if (curve25519_verify(signature, pubkey, msg, msg_len) == 0) {
+    if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0) {
      printf("failure #2 %d\n", count);
      return -1;
    }
--- a/libaxolotl/libs/armeabi-v7a/libcurve25519.so
+++ b/libaxolotl/libs/armeabi-v7a/libcurve25519.so
--- a/libaxolotl/libs/armeabi/libcurve25519.so
+++ b/libaxolotl/libs/armeabi/libcurve25519.so
--- a/libaxolotl/libs/x86/libcurve25519.so
+++ b/libaxolotl/libs/x86/libcurve25519.so