mirror of
https://github.com/oxen-io/session-android.git
synced 2024-11-30 13:35:18 +00:00
Updated to latest of Trevor's ref10-extract
This commit is contained in:
parent
084f27a2e8
commit
238f29c90a
@ -38,8 +38,7 @@ void curve25519_sign(unsigned char* signature_out,
|
||||
{
|
||||
ge_p3 ed_pubkey_point; /* Ed25519 pubkey point */
|
||||
unsigned char ed_pubkey[32]; /* Ed25519 encoded pubkey */
|
||||
unsigned char sigbuf[msg_len + 64]; /* working buffer */
|
||||
unsigned long long sigbuf_out_len = 0;
|
||||
unsigned char sigbuf[msg_len + 128]; /* working buffer */
|
||||
unsigned char sign_bit = 0;
|
||||
|
||||
/* Convert the Curve25519 privkey to an Ed25519 public key */
|
||||
@ -48,7 +47,7 @@ void curve25519_sign(unsigned char* signature_out,
|
||||
sign_bit = ed_pubkey[31] & 0x80;
|
||||
|
||||
/* Perform an Ed25519 signature with explicit private key */
|
||||
crypto_sign_modified(sigbuf, &sigbuf_out_len, msg, msg_len, curve25519_privkey,
|
||||
crypto_sign_modified(sigbuf, msg, msg_len, curve25519_privkey,
|
||||
ed_pubkey, random);
|
||||
memmove(signature_out, sigbuf, 64);
|
||||
|
||||
|
@ -36,7 +36,7 @@ int curve25519_verify(const unsigned char* signature, /* 64 bytes */
|
||||
signature = (R || S)
|
||||
*/
|
||||
int crypto_sign_modified(
|
||||
unsigned char *sm,unsigned long long *smlen,
|
||||
unsigned char *sm,
|
||||
const unsigned char *m,unsigned long long mlen,
|
||||
const unsigned char *sk, /* Curve/Ed25519 private key */
|
||||
const unsigned char *pk, /* Ed25519 public key */
|
||||
|
@ -10,7 +10,7 @@
|
||||
instead of deriving both from a master key.
|
||||
*/
|
||||
int crypto_sign_modified(
|
||||
unsigned char *sm,unsigned long long *smlen,
|
||||
unsigned char *sm,
|
||||
const unsigned char *m,unsigned long long mlen,
|
||||
const unsigned char *sk, const unsigned char* pk,
|
||||
const unsigned char* random
|
||||
@ -21,7 +21,6 @@ int crypto_sign_modified(
|
||||
ge_p3 R;
|
||||
int count=0;
|
||||
|
||||
*smlen = mlen + 64;
|
||||
memmove(sm + 64,m,mlen);
|
||||
memmove(sm + 32,sk,32); /* NEW: Use privkey directly for nonce derivation */
|
||||
|
||||
@ -30,12 +29,11 @@ int crypto_sign_modified(
|
||||
for (count = 1; count < 32; count++)
|
||||
sm[count] = 0xFF;
|
||||
|
||||
crypto_hash_sha512(nonce,sm,mlen + 64);
|
||||
memmove(sm + 32,pk,32);
|
||||
/* NEW: add suffix of random data */
|
||||
memmove(sm + mlen + 64, random, 64);
|
||||
|
||||
/* NEW: XOR random into nonce */
|
||||
for (count=0; count < 64; count++)
|
||||
nonce[count] ^= random[count];
|
||||
crypto_hash_sha512(nonce,sm,mlen + 128);
|
||||
memmove(sm + 32,pk,32);
|
||||
|
||||
sc_reduce(nonce);
|
||||
ge_scalarmult_base(&R,nonce);
|
||||
|
@ -3,17 +3,18 @@
|
||||
#include "crypto_hash_sha512.h"
|
||||
#include "curve_sigs.h"
|
||||
|
||||
#define MSG_LEN 200
|
||||
|
||||
int main(int argc, char* argv[])
|
||||
{
|
||||
unsigned char privkey[32];
|
||||
unsigned char pubkey[32];
|
||||
unsigned char signature[64];
|
||||
unsigned char msg[100];
|
||||
unsigned long long msg_len = 100;
|
||||
unsigned char msg[MSG_LEN];
|
||||
unsigned char random[64];
|
||||
|
||||
/* Initialize pubkey, privkey, msg */
|
||||
memset(msg, 0, 100);
|
||||
memset(msg, 0, MSG_LEN);
|
||||
memset(privkey, 0, 32);
|
||||
memset(pubkey, 0, 32);
|
||||
privkey[0] &= 248;
|
||||
@ -55,16 +56,16 @@ int main(int argc, char* argv[])
|
||||
/* Signature test */
|
||||
curve25519_keygen(pubkey, privkey);
|
||||
|
||||
curve25519_sign(signature, privkey, msg, msg_len, random);
|
||||
curve25519_sign(signature, privkey, msg, MSG_LEN, random);
|
||||
|
||||
if (curve25519_verify(signature, pubkey, msg, msg_len) == 0)
|
||||
if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0)
|
||||
printf("Signature good #1\n");
|
||||
else
|
||||
printf("Signature bad #1\n");
|
||||
|
||||
signature[0] ^= 1;
|
||||
|
||||
if (curve25519_verify(signature, pubkey, msg, msg_len) == 0)
|
||||
if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0)
|
||||
printf("Signature bad #2\n");
|
||||
else
|
||||
printf("Signature good #2\n");
|
||||
@ -84,9 +85,9 @@ int main(int argc, char* argv[])
|
||||
|
||||
curve25519_keygen(pubkey, privkey);
|
||||
|
||||
curve25519_sign(signature, privkey, msg, msg_len, random);
|
||||
curve25519_sign(signature, privkey, msg, MSG_LEN, random);
|
||||
|
||||
if (curve25519_verify(signature, pubkey, msg, msg_len) != 0) {
|
||||
if (curve25519_verify(signature, pubkey, msg, MSG_LEN) != 0) {
|
||||
printf("failure #1 %d\n", count);
|
||||
return -1;
|
||||
}
|
||||
@ -94,8 +95,8 @@ int main(int argc, char* argv[])
|
||||
if (b[63] & 1)
|
||||
signature[count % 64] ^= 1;
|
||||
else
|
||||
msg[count % 100] ^= 1;
|
||||
if (curve25519_verify(signature, pubkey, msg, msg_len) == 0) {
|
||||
msg[count % MSG_LEN] ^= 1;
|
||||
if (curve25519_verify(signature, pubkey, msg, MSG_LEN) == 0) {
|
||||
printf("failure #2 %d\n", count);
|
||||
return -1;
|
||||
}
|
||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue
Block a user