gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnunet] branch master updated (a0a666fb6 -> 82ac104a1)

From: gnunet
Subject: [gnunet] branch master updated (a0a666fb6 -> 82ac104a1)
Date: Wed, 06 May 2020 16:49:55 +0200 
This is an automated email from the git hooks/post-receive script.

dold pushed a change to branch master
in repository gnunet.

    from a0a666fb6 fix
     new 35698918f check for libsodium
     new d7028a584 move from tweetnacl (+custom hacks) -> only sodium
     new 82ac104a1 Fix #6070

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 configure.ac                |   9 +
 src/util/Makefile.am        |   3 +-
 src/util/crypto_ecc.c       | 156 ++++++------
 src/util/crypto_mpi.c       |  28 +++
 src/util/tweetnacl-gnunet.c | 560 --------------------------------------------
 src/util/tweetnacl-gnunet.h |  54 -----
 6 files changed, 106 insertions(+), 704 deletions(-)
 delete mode 100644 src/util/tweetnacl-gnunet.c
 delete mode 100644 src/util/tweetnacl-gnunet.h

diff --git a/configure.ac b/configure.ac
index 089f0493c..94c0a7689 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1046,6 +1046,15 @@ AS_IF([test x$argon = x1],
  AC_MSG_ERROR([GNUnet requires argon2.])
 ])
 
+libsodium=0
+# test for libsodium
+AC_CHECK_HEADER([sodium.h],
+                [AC_CHECK_LIB([sodium], [sodium_init],
+                              [libsodium=1])])
+
+AS_IF([test x$libsodium = x0],
+      [AC_MSG_ERROR([GNUnet requires libsodium.])])
+
 # test for libextractor
 extractor=0
 AC_MSG_CHECKING(for libextractor)
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index fed0dad79..f3373fc38 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -96,8 +96,6 @@ libgnunetutil_la_SOURCES = \
   strings.c \
   time.c \
   tun.c \
-  tweetnacl-gnunet.c \
-  tweetnacl-gnunet.h \
   speedup.c speedup.h \
   proc_compat.c
 
@@ -134,6 +132,7 @@ libgnunetutil_la_LIBADD = \
   $(Z_LIBS) \
   -lunistring \
   -largon2 \
+  -lsodium \
   $(XLIB) \
   $(PTHREAD)
 
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index 851a45f93..96d546185 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -26,10 +26,10 @@
  */
 #include "platform.h"
 #include <gcrypt.h>
+#include <sodium.h>
 #include "gnunet_crypto_lib.h"
 #include "gnunet_strings_lib.h"
 #include "benchmark.h"
-#include "tweetnacl-gnunet.h"
 
 #define EXTRA_CHECKS 0
 
@@ -139,13 +139,17 @@ decode_private_ecdsa_key (const struct 
GNUNET_CRYPTO_EcdsaPrivateKey *priv)
 {
   gcry_sexp_t result;
   int rc;
+  uint8_t d[32];
+
+  for (size_t i=0; i<32; i++)
+    d[i] = priv->d[31 - i];
 
   rc = gcry_sexp_build (&result,
                         NULL,
                         "(private-key(ecc(curve \"" CURVE "\")"
                         "(d %b)))",
-                        (int) sizeof(priv->d),
-                        priv->d);
+                        32,
+                        d);
   if (0 != rc)
   {
     LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
@@ -174,7 +178,7 @@ GNUNET_CRYPTO_ecdsa_key_get_public (
   struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 {
   BENCHMARK_START (ecdsa_key_get_public);
-  GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (pub->q_y, priv->d);
+  crypto_scalarmult_ed25519_base_noclamp (pub->q_y, priv->d);
   BENCHMARK_END (ecdsa_key_get_public);
 }
 
@@ -190,8 +194,13 @@ GNUNET_CRYPTO_eddsa_key_get_public (
   const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
   struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 {
+  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
+  unsigned char sk[crypto_sign_SECRETKEYBYTES]; 
+
   BENCHMARK_START (eddsa_key_get_public);
-  GNUNET_TWEETNACL_sign_pk_from_seed (pub->q_y, priv->d);
+  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
+  GNUNET_memcpy (pub->q_y, pk, crypto_sign_PUBLICKEYBYTES);
+  sodium_memzero (sk, crypto_sign_SECRETKEYBYTES);
   BENCHMARK_END (eddsa_key_get_public);
 }
 
@@ -208,7 +217,7 @@ GNUNET_CRYPTO_ecdhe_key_get_public (
   struct GNUNET_CRYPTO_EcdhePublicKey *pub)
 {
   BENCHMARK_START (ecdhe_key_get_public);
-  GNUNET_TWEETNACL_scalarmult_curve25519_base (pub->q_y, priv->d);
+  GNUNET_assert (0 == crypto_scalarmult_base (pub->q_y, priv->d));
   BENCHMARK_END (ecdhe_key_get_public);
 }
 
@@ -514,57 +523,14 @@ GNUNET_CRYPTO_ecdhe_key_create (struct 
GNUNET_CRYPTO_EcdhePrivateKey *pk)
 void
 GNUNET_CRYPTO_ecdsa_key_create (struct GNUNET_CRYPTO_EcdsaPrivateKey *pk)
 {
-  gcry_sexp_t priv_sexp;
-  gcry_sexp_t s_keyparam;
-  gcry_mpi_t d;
-  int rc;
-
   BENCHMARK_START (ecdsa_key_create);
-  if (0 != (rc = gcry_sexp_build (&s_keyparam,
-                                  NULL,
-                                  "(genkey(ecc(curve \"" CURVE "\")"
-                                  "(flags)))")))
-  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR,
-              "gcry_sexp_build",
-              rc);
-    GNUNET_assert (0);
-  }
-  if (0 != (rc = gcry_pk_genkey (&priv_sexp,
-                                 s_keyparam)))
-  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR,
-              "gcry_pk_genkey",
-              rc);
-    gcry_sexp_release (s_keyparam);
-    GNUNET_assert (0);
-  }
-  gcry_sexp_release (s_keyparam);
-#if EXTRA_CHECKS
-  if (0 != (rc = gcry_pk_testkey (priv_sexp)))
-  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR,
-              "gcry_pk_testkey",
-              rc);
-    gcry_sexp_release (priv_sexp);
-    GNUNET_assert (0);
-  }
-#endif
-  if (0 != (rc = key_from_sexp (&d, priv_sexp,
-                                "private-key",
-                                "d")))
-  {
-    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR,
-              "key_from_sexp",
-              rc);
-    gcry_sexp_release (priv_sexp);
-    GNUNET_assert (0);
-  }
-  gcry_sexp_release (priv_sexp);
-  GNUNET_CRYPTO_mpi_print_unsigned (pk->d,
-                                    sizeof(pk->d),
-                                    d);
-  gcry_mpi_release (d);
+  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+                              pk,
+                              sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
+  pk->d[0] &= 248;
+  pk->d[31] &= 127;
+  pk->d[31] |= 64;
+
   BENCHMARK_END (ecdsa_key_create);
 }
 
@@ -737,15 +703,17 @@ GNUNET_CRYPTO_eddsa_sign_ (
 {
 
   size_t mlen = ntohl (purpose->size);
-  unsigned char sk[GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES];
+  unsigned char sk[crypto_sign_SECRETKEYBYTES];
+  unsigned char pk[crypto_sign_PUBLICKEYBYTES];
   int res;
 
   BENCHMARK_START (eddsa_sign);
-  GNUNET_TWEETNACL_sign_sk_from_seed (sk, priv->d);
-  res = GNUNET_TWEETNACL_sign_detached ((uint8_t *) sig,
-                                        (uint8_t *) purpose,
-                                        mlen,
-                                        sk);
+  GNUNET_assert (0 == crypto_sign_seed_keypair (pk, sk, priv->d));
+  res = crypto_sign_detached ((uint8_t *) sig,
+                              NULL,
+                              (uint8_t *) purpose,
+                              mlen,
+                              sk);
   BENCHMARK_END (eddsa_sign);
   return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
 }
@@ -856,7 +824,7 @@ GNUNET_CRYPTO_eddsa_verify_ (
     return GNUNET_SYSERR; /* purpose mismatch */
 
   BENCHMARK_START (eddsa_verify);
-  res = GNUNET_TWEETNACL_sign_detached_verify (s, m, mlen, pub->q_y);
+  res = crypto_sign_verify_detached (s, m, mlen, pub->q_y);
   BENCHMARK_END (eddsa_verify);
   return (res == 0) ? GNUNET_OK : GNUNET_SYSERR;
 }
@@ -875,9 +843,10 @@ GNUNET_CRYPTO_ecc_ecdh (const struct 
GNUNET_CRYPTO_EcdhePrivateKey *priv,
                         const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                         struct GNUNET_HashCode *key_material)
 {
-  uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
-  GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, pub->q_y);
-  GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material);
+  uint8_t p[crypto_scalarmult_BYTES];
+  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
+    return GNUNET_SYSERR;
+  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
   return GNUNET_OK;
 }
 
@@ -938,6 +907,7 @@ GNUNET_CRYPTO_ecdsa_private_key_derive (
 {
   struct GNUNET_CRYPTO_EcdsaPublicKey pub;
   struct GNUNET_CRYPTO_EcdsaPrivateKey *ret;
+  uint8_t dc[32];
   gcry_mpi_t h;
   gcry_mpi_t x;
   gcry_mpi_t d;
@@ -950,7 +920,10 @@ GNUNET_CRYPTO_ecdsa_private_key_derive (
   GNUNET_CRYPTO_ecdsa_key_get_public (priv, &pub);
 
   h = derive_h (&pub, label, context);
-  GNUNET_CRYPTO_mpi_scan_unsigned (&x, priv->d, sizeof(priv->d));
+  /* Convert to big endian for libgcrypt */
+  for (size_t i=0; i < 32; i++)
+    dc[i] = priv->d[31 - i];
+  GNUNET_CRYPTO_mpi_scan_unsigned (&x, dc, sizeof(dc));
   d = gcry_mpi_new (256);
   gcry_mpi_mulm (d, h, x, n);
   gcry_mpi_release (h);
@@ -958,7 +931,11 @@ GNUNET_CRYPTO_ecdsa_private_key_derive (
   gcry_mpi_release (n);
   gcry_ctx_release (ctx);
   ret = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPrivateKey);
-  GNUNET_CRYPTO_mpi_print_unsigned (ret->d, sizeof(ret->d), d);
+  GNUNET_CRYPTO_mpi_print_unsigned (dc, sizeof(dc), d);
+  /* Convert to big endian for libgcrypt */
+  for (size_t i=0; i < 32; i++)
+    ret->d[i] = dc[31 - i];
+  sodium_memzero(dc, sizeof(dc));
   gcry_mpi_release (d);
   return ret;
 }
@@ -1041,16 +1018,17 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct 
GNUNET_CRYPTO_EddsaPrivateKey *priv,
                           struct GNUNET_HashCode *key_material)
 {
   struct GNUNET_HashCode hc;
-  uint8_t a[GNUNET_TWEETNACL_SCALARMULT_BYTES];
-  uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
+  uint8_t a[crypto_scalarmult_SCALARBYTES];
+  uint8_t p[crypto_scalarmult_BYTES];
 
   GNUNET_CRYPTO_hash (priv,
                       sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
                       &hc);
   memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
-  GNUNET_TWEETNACL_scalarmult_curve25519 (p, a, pub->q_y);
+  if (0 != crypto_scalarmult (p, a, pub->q_y))
+    return GNUNET_SYSERR;
   GNUNET_CRYPTO_hash (p,
-                      GNUNET_TWEETNACL_SCALARMULT_BYTES,
+                      crypto_scalarmult_BYTES,
                       key_material);
   return GNUNET_OK;
 }
@@ -1071,15 +1049,13 @@ GNUNET_CRYPTO_ecdsa_ecdh (const struct 
GNUNET_CRYPTO_EcdsaPrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdhePublicKey *pub,
                           struct GNUNET_HashCode *key_material)
 {
-  uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
-  uint8_t d_rev[GNUNET_TWEETNACL_SCALARMULT_BYTES];
+  uint8_t p[crypto_scalarmult_BYTES];
 
   BENCHMARK_START (ecdsa_ecdh);
-  for (size_t i = 0; i < 32; i++)
-    d_rev[i] = priv->d[31 - i];
-  GNUNET_TWEETNACL_scalarmult_curve25519 (p, d_rev, pub->q_y);
+  if (0 != crypto_scalarmult (p, priv->d, pub->q_y))
+    return GNUNET_SYSERR;
   GNUNET_CRYPTO_hash (p,
-                      GNUNET_TWEETNACL_SCALARMULT_BYTES,
+                      crypto_scalarmult_BYTES,
                       key_material);
   BENCHMARK_END (ecdsa_ecdh);
   return GNUNET_OK;
@@ -1101,12 +1077,14 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct 
GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material)
 {
-  uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
-  uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES];
+  uint8_t p[crypto_scalarmult_BYTES];
+  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
 
-  GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y);
-  GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk);
-  GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material);
+  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
+    return GNUNET_SYSERR;
+  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
+    return GNUNET_SYSERR;
+  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
   return GNUNET_OK;
 }
 
@@ -1126,12 +1104,14 @@ GNUNET_CRYPTO_ecdh_ecdsa (const struct 
GNUNET_CRYPTO_EcdhePrivateKey *priv,
                           const struct GNUNET_CRYPTO_EcdsaPublicKey *pub,
                           struct GNUNET_HashCode *key_material)
 {
-  uint8_t p[GNUNET_TWEETNACL_SCALARMULT_BYTES];
-  uint8_t curve25510_pk[GNUNET_TWEETNACL_SIGN_PUBLICBYTES];
+  uint8_t p[crypto_scalarmult_BYTES];
+  uint8_t curve25510_pk[crypto_scalarmult_BYTES];
 
-  GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y);
-  GNUNET_TWEETNACL_scalarmult_curve25519 (p, priv->d, curve25510_pk);
-  GNUNET_CRYPTO_hash (p, GNUNET_TWEETNACL_SCALARMULT_BYTES, key_material);
+  if (0 != crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y))
+    return GNUNET_SYSERR;
+  if (0 != crypto_scalarmult (p, priv->d, curve25510_pk))
+    return GNUNET_SYSERR;
+  GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material);
   return GNUNET_OK;
 }
 
diff --git a/src/util/crypto_mpi.c b/src/util/crypto_mpi.c
index 51a29ac7c..099921611 100644
--- a/src/util/crypto_mpi.c
+++ b/src/util/crypto_mpi.c
@@ -146,4 +146,32 @@ GNUNET_CRYPTO_mpi_scan_unsigned (gcry_mpi_t *result,
 }
 
 
+/**
+ * Convert little endian data buffer into MPI value.
+ * The buffer is interpreted as network
+ * byte order, unsigned integer.
+ *
+ * @param result where to store MPI value (allocated)
+ * @param data raw data (GCRYMPI_FMT_USG)
+ * @param size number of bytes in @a data
+ */
+void
+GNUNET_CRYPTO_mpi_scan_unsigned_le (gcry_mpi_t *result,
+                                 const void *data,
+                                 size_t size)
+{
+  int rc;
+
+  if (0 != (rc = gcry_mpi_scan (result,
+                                GCRYMPI_FMT_USG,
+                                data, size, &size)))
+  {
+    LOG_GCRY (GNUNET_ERROR_TYPE_ERROR,
+              "gcry_mpi_scan",
+              rc);
+    GNUNET_assert (0);
+  }
+}
+
+
 /* end of crypto_mpi.c */
diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c
deleted file mode 100644
index f01667adb..000000000
--- a/src/util/tweetnacl-gnunet.c
+++ /dev/null
@@ -1,560 +0,0 @@
-/*
-      This file has been placed in the public domain.
-
-      Based on TweetNaCl version 20140427
-
-      Originally obtained from:
-      https://tweetnacl.cr.yp.to/20140427/tweetnacl.h
-
-      SPDX-License-Identifier: 0BSD
-*/
-
-#include "platform.h"
-#include "gnunet_crypto_lib.h"
-#include "tweetnacl-gnunet.h"
-#define FOR(i,n) for (i = 0; i < n; ++i)
-
-typedef uint8_t u8;
-typedef uint32_t u32;
-typedef uint64_t u64;
-typedef int64_t i64;
-typedef i64 gf[16];
-
-static const u8 _9[32] = {9};
-static const gf
-  gf0,
-  gf1 = {1},
-  _121665 = {0xDB41,1},
-  D = {0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898,
-       0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203},
-  D2 = {0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130,
-        0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406},
-  X = {0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c,
-       0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169},
-  Y = {0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666,
-       0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666},
-  I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7,
-       0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83};
-
-static int
-vn (const u8 *x,const u8 *y,int n)
-{
-  u32 i,d = 0;
-  FOR (i,n) d |= x[i] ^ y[i];
-  return (1 & ((d - 1) >> 8)) - 1;
-}
-
-static int
-crypto_verify_32 (const u8 *x,const u8 *y)
-{
-  return vn (x,y,32);
-}
-
-static void
-set25519 (gf r, const gf a)
-{
-  int i;
-  FOR (i,16) r[i] = a[i];
-}
-
-static void
-car25519 (gf o)
-{
-  int i;
-  i64 c;
-  FOR (i,16) {
-    o[i] += (1LL << 16);
-    c = o[i] >> 16;
-    o[(i + 1) * (i<15)] += c - 1 + 37 * (c - 1) * (i==15);
-    o[i] -= c << 16;
-  }
-}
-
-static void
-sel25519 (gf p,gf q,int b)
-{
-  i64 t,i,c = ~(b - 1);
-  FOR (i,16) {
-    t = c & (p[i] ^ q[i]);
-    p[i] ^= t;
-    q[i] ^= t;
-  }
-}
-
-static void
-pack25519 (u8 *o,const gf n)
-{
-  int i,j,b;
-  gf m,t;
-  FOR (i,16) t[i] = n[i];
-  car25519 (t);
-  car25519 (t);
-  car25519 (t);
-  FOR (j,2) {
-    m[0] = t[0] - 0xffed;
-    for (i = 1; i<15; i++) {
-      m[i] = t[i] - 0xffff - ((m[i - 1] >> 16) & 1);
-      m[i - 1] &= 0xffff;
-    }
-    m[15] = t[15] - 0x7fff - ((m[14] >> 16) & 1);
-    b = (m[15] >> 16) & 1;
-    m[14] &= 0xffff;
-    sel25519 (t,m,1 - b);
-  }
-  FOR (i,16) {
-    o[2 * i] = t[i] & 0xff;
-    o[2 * i + 1] = t[i] >> 8;
-  }
-}
-
-static int
-neq25519 (const gf a, const gf b)
-{
-  u8 c[32],d[32];
-  pack25519 (c,a);
-  pack25519 (d,b);
-  return crypto_verify_32 (c,d);
-}
-
-static uint8_t
-par25519 (const gf a)
-{
-  u8 d[32];
-  pack25519 (d,a);
-  return d[0] & 1;
-}
-
-static void
-unpack25519 (gf o, const u8 *n)
-{
-  int i;
-  FOR (i,16) o[i] = n[2 * i] + ((i64) n[2 * i + 1] << 8);
-  o[15] &= 0x7fff;
-}
-
-static void
-A (gf o,const gf a,const gf b)
-{
-  int i;
-  FOR (i,16) o[i] = a[i] + b[i];
-}
-
-static void
-Z (gf o,const gf a,const gf b)
-{
-  int i;
-  FOR (i,16) o[i] = a[i] - b[i];
-}
-
-static void
-M (gf o,const gf a,const gf b)
-{
-  i64 i,j,t[31];
-  FOR (i,31) t[i] = 0;
-  FOR (i,16) FOR (j,16) t[i + j] += a[i] * b[j];
-  FOR (i,15) t[i] += 38 * t[i + 16];
-  FOR (i,16) o[i] = t[i];
-  car25519 (o);
-  car25519 (o);
-}
-
-static void
-S (gf o,const gf a)
-{
-  M (o,a,a);
-}
-
-static void
-inv25519 (gf o,const gf i)
-{
-  gf c;
-  int a;
-  FOR (a,16) c[a] = i[a];
-  for (a = 253; a>=0; a--) {
-    S (c,c);
-    if ((a!=2)&&(a!=4))
-      M (c,c,i);
-  }
-  FOR (a,16) o[a] = c[a];
-}
-
-static void pow2523 (gf o,const gf i)
-{
-  gf c;
-  int a;
-  FOR (a,16) c[a] = i[a];
-  for (a = 250; a>=0; a--) {
-    S (c,c);
-    if (a!=1)
-      M (c,c,i);
-  }
-  FOR (a,16) o[a] = c[a];
-}
-
-int
-GNUNET_TWEETNACL_scalarmult_curve25519 (u8 *q,const u8 *n,const u8 *p)
-{
-  u8 z[32];
-  i64 x[80],r,i;
-  gf a,b,c,d,e,f;
-  FOR (i,31) z[i] = n[i];
-  z[31] = (n[31] & 127) | 64;
-  z[0] &= 248;
-  unpack25519 (x,p);
-  FOR (i,16) {
-    b[i] = x[i];
-    d[i] = a[i] = c[i] = 0;
-  }
-  a[0] = d[0] = 1;
-  for (i = 254; i>=0; --i) {
-    r = (z[i >> 3] >> (i & 7)) & 1;
-    sel25519 (a,b,r);
-    sel25519 (c,d,r);
-    A (e,a,c);
-    Z (a,a,c);
-    A (c,b,d);
-    Z (b,b,d);
-    S (d,e);
-    S (f,a);
-    M (a,c,a);
-    M (c,b,e);
-    A (e,a,c);
-    Z (a,a,c);
-    S (b,a);
-    Z (c,d,f);
-    M (a,c,_121665);
-    A (a,a,d);
-    M (c,c,a);
-    M (a,d,f);
-    M (d,b,x);
-    S (b,e);
-    sel25519 (a,b,r);
-    sel25519 (c,d,r);
-  }
-  FOR (i,16) {
-    x[i + 16] = a[i];
-    x[i + 32] = c[i];
-    x[i + 48] = b[i];
-    x[i + 64] = d[i];
-  }
-  inv25519 (x + 32,x + 32);
-  M (x + 16,x + 16,x + 32);
-  pack25519 (q,x + 16);
-  return 0;
-}
-
-int
-GNUNET_TWEETNACL_scalarmult_curve25519_base (u8 *q,const u8 *n)
-{
-  return GNUNET_TWEETNACL_scalarmult_curve25519 (q,n,_9);
-}
-
-static int
-crypto_hash (u8 *out,const u8 *m,u64 n)
-{
-  struct GNUNET_HashCode *hc = (void *) out;
-  GNUNET_CRYPTO_hash (m, n, hc);
-  return 0;
-}
-
-static void
-add (gf p[4],gf q[4])
-{
-  gf a,b,c,d,t,e,f,g,h;
-
-  Z (a, p[1], p[0]);
-  Z (t, q[1], q[0]);
-  M (a, a, t);
-  A (b, p[0], p[1]);
-  A (t, q[0], q[1]);
-  M (b, b, t);
-  M (c, p[3], q[3]);
-  M (c, c, D2);
-  M (d, p[2], q[2]);
-  A (d, d, d);
-  Z (e, b, a);
-  Z (f, d, c);
-  A (g, d, c);
-  A (h, b, a);
-
-  M (p[0], e, f);
-  M (p[1], h, g);
-  M (p[2], g, f);
-  M (p[3], e, h);
-}
-
-static void
-cswap (gf p[4],gf q[4],u8 b)
-{
-  int i;
-  FOR (i,4)
-  sel25519 (p[i],q[i],b);
-}
-
-static void
-pack (u8 *r,gf p[4])
-{
-  gf tx, ty, zi;
-  inv25519 (zi, p[2]);
-  M (tx, p[0], zi);
-  M (ty, p[1], zi);
-  pack25519 (r, ty);
-  r[31] ^= par25519 (tx) << 7;
-}
-
-static void
-scalarmult (gf p[4],gf q[4],const u8 *s)
-{
-  int i;
-  set25519 (p[0],gf0);
-  set25519 (p[1],gf1);
-  set25519 (p[2],gf1);
-  set25519 (p[3],gf0);
-  for (i = 255; i >= 0; --i) {
-    u8 b = (s[i / 8] >> (i & 7)) & 1;
-    cswap (p,q,b);
-    add (q,p);
-    add (p,p);
-    cswap (p,q,b);
-  }
-}
-
-static void 
-scalarbase (gf p[4],const u8 *s)
-{
-  gf q[4];
-  set25519 (q[0],X);
-  set25519 (q[1],Y);
-  set25519 (q[2],gf1);
-  M (q[3],X,Y);
-  scalarmult (p,q,s);
-}
-
-static const u64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6,
-                          0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0,
-                          0, 0, 0, 0, 0, 0, 0, 0,
-                          0, 0, 0, 0x10};
-
-static void
-modL (u8 *r,i64 x[64])
-{
-  i64 carry,i,j;
-  for (i = 63; i >= 32; --i) {
-    carry = 0;
-    for (j = i - 32; j < i - 12; ++j) {
-      x[j] += carry - 16 * x[i] * L[j - (i - 32)];
-      carry = (x[j] + 128) >> 8;
-      x[j] -= carry << 8;
-    }
-    x[j] += carry;
-    x[i] = 0;
-  }
-  carry = 0;
-  FOR (j,32) {
-    x[j] += carry - (x[31] >> 4) * L[j];
-    carry = x[j] >> 8;
-    x[j] &= 255;
-  }
-  FOR (j,32) x[j] -= carry * L[j];
-  FOR (i,32) {
-    x[i + 1] += x[i] >> 8;
-    r[i] = x[i] & 255;
-  }
-}
-
-static void
-reduce (u8 *r)
-{
-  i64 x[64],i;
-  FOR (i,64) x[i] = (u64) r[i];
-  FOR (i,64) r[i] = 0;
-  modL (r,x);
-}
-
-static int
-unpackneg (gf r[4],const u8 p[32])
-{
-  gf t, chk, num, den, den2, den4, den6;
-  set25519 (r[2],gf1);
-  unpack25519 (r[1],p);
-  S (num,r[1]);
-  M (den,num,D);
-  Z (num,num,r[2]);
-  A (den,r[2],den);
-
-  S (den2,den);
-  S (den4,den2);
-  M (den6,den4,den2);
-  M (t,den6,num);
-  M (t,t,den);
-
-  pow2523 (t,t);
-  M (t,t,num);
-  M (t,t,den);
-  M (t,t,den);
-  M (r[0],t,den);
-
-  S (chk,r[0]);
-  M (chk,chk,den);
-  if (neq25519 (chk, num))
-    M (r[0],r[0],I);
-
-  S (chk,r[0]);
-  M (chk,chk,den);
-  if (neq25519 (chk, num))
-    return -1;
-
-  if (par25519 (r[0]) == (p[31] >> 7))
-    Z (r[0],gf0,r[0]);
-
-  M (r[3],r[0],r[1]);
-  return 0;
-}
-
-/* The following functions have been added for GNUnet */
-
-void
-GNUNET_TWEETNACL_sign_pk_from_seed (u8 *pk, const u8 *seed)
-{
-  u8 d[64];
-  gf p[4];
-
-  crypto_hash (d, seed, 32);
-  d[0] &= 248;
-  d[31] &= 127;
-  d[31] |= 64;
-
-  scalarbase (p, d);
-  pack (pk, p);
-}
-
-void
-GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (u8 *pk, const u8 *s)
-{
-  u8 d[64];
-  gf p[4];
-
-  // Treat s as little endian.
-  for (u32 i = 0; i < 32; i++)
-    d[i] = s[31 - i];
-
-  // For GNUnet, we don't normalize d
-
-  scalarbase (p, d);
-  pack (pk, p);
-}
-
-void
-GNUNET_TWEETNACL_sign_sk_from_seed (u8 *sk, const u8 *seed)
-{
-  u8 d[64];
-  gf p[4];
-  u8 pk[32];
-  int i;
-
-  crypto_hash (d, seed, 32);
-  d[0] &= 248;
-  d[31] &= 127;
-  d[31] |= 64;
-
-  scalarbase (p,d);
-  pack (pk,p);
-
-  FOR (i,32) sk[i] = seed[i];
-  FOR (i,32) sk[32 + i] = pk[i];
-}
-
-int
-GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (u8 *x25519_pk,
-                                                const u8 *ed25519_pk)
-{
-  gf ge_a[4];
-  gf x;
-  gf one_minus_y;
-
-  if (0 != unpackneg (ge_a, ed25519_pk))
-    return -1;
-
-  set25519 (one_minus_y, gf1);
-  Z (one_minus_y, one_minus_y, ge_a[1]);
-
-  set25519 (x, gf1);
-  A (x, x, ge_a[1]);
-
-  inv25519 (one_minus_y, one_minus_y);
-  M (x, x, one_minus_y);
-  pack25519 (x25519_pk, x);
-
-  return 0;
-}
-
-int GNUNET_TWEETNACL_sign_detached_verify (const u8 *sig,
-                                           const u8 *m,
-                                           u64 n,
-                                           const u8 *pk)
-{
-  struct GNUNET_HashContext *hc;
-  u8 t[32],h[64];
-  gf p[4],q[4];
-
-  if (unpackneg (q,pk))
-    return -1;
-
-  hc = GNUNET_CRYPTO_hash_context_start ();
-  GNUNET_CRYPTO_hash_context_read (hc, sig, 32);
-  GNUNET_CRYPTO_hash_context_read (hc, pk, 32);
-  GNUNET_CRYPTO_hash_context_read (hc, m, n);
-  GNUNET_CRYPTO_hash_context_finish (hc, (void *) h);
-
-  reduce (h);
-  scalarmult (p,q,h);
-
-  scalarbase (q,sig+32);
-  add (p,q);
-  pack (t,p);
-
-  if (crypto_verify_32 (sig, t))
-    return -1;
-  return 0;
-}
-
-int
-GNUNET_TWEETNACL_sign_detached (u8 *sig,
-                                const u8 *m,
-                                u64 n,
-                                const u8 *sk)
-{
-  struct GNUNET_HashContext *hc;
-  u8 d[64],h[64],r[64];
-  i64 i,j,x[64];
-  gf p[4];
-
-  crypto_hash (d, sk, 32);
-  d[0] &= 248;
-  d[31] &= 127;
-  d[31] |= 64;
-
-  hc = GNUNET_CRYPTO_hash_context_start ();
-  GNUNET_CRYPTO_hash_context_read (hc, d + 32, 32);
-  GNUNET_CRYPTO_hash_context_read (hc, m, n);
-  GNUNET_CRYPTO_hash_context_finish (hc, (void *) r);
-
-  reduce (r);
-  scalarbase (p,r);
-  pack (sig,p);
-
-  hc = GNUNET_CRYPTO_hash_context_start ();
-  GNUNET_CRYPTO_hash_context_read (hc, sig, 32);
-  GNUNET_CRYPTO_hash_context_read (hc, sk + 32, 32);
-  GNUNET_CRYPTO_hash_context_read (hc, m, n);
-  GNUNET_CRYPTO_hash_context_finish (hc, (void *) h);
-
-  reduce (h);
-
-  FOR (i,64) x[i] = 0;
-  FOR (i,32) x[i] = (u64) r[i];
-  FOR (i,32) FOR (j,32) x[i + j] += h[i] * (u64) d[j];
-  modL (sig + 32,x);
-
-  return 0;
-}
diff --git a/src/util/tweetnacl-gnunet.h b/src/util/tweetnacl-gnunet.h
deleted file mode 100644
index d052d8824..000000000
--- a/src/util/tweetnacl-gnunet.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
-      This file has been placed in the public domain.
-
-      Based on TweetNaCl version 20140427
-
-      Originally obtained from:
-      https://tweetnacl.cr.yp.to/20140427/tweetnacl.h
-
-      SPDX-License-Identifier: 0BSD
- */
-
-
-#ifndef TWEETNACL_H
-#define TWEETNACL_H
-#include <stdint.h>
-
-
-#define GNUNET_TWEETNACL_SIGN_SECRETKEYBYTES 64
-#define GNUNET_TWEETNACL_SIGN_PUBLICBYTES 32
-#define GNUNET_TWEETNACL_SCALARMULT_BYTES 32
-
-int
-GNUNET_TWEETNACL_scalarmult_curve25519 (uint8_t *,
-                                        const uint8_t *,
-                                        const uint8_t *);
-extern int
-GNUNET_TWEETNACL_scalarmult_curve25519_base (uint8_t *,
-                                             const uint8_t *);
-void
-GNUNET_TWEETNACL_sign_pk_from_seed (uint8_t *pk, const uint8_t *seed);
-
-void
-GNUNET_TWEETNACL_sign_sk_from_seed (uint8_t *sk, const uint8_t *seed);
-
-int
-GNUNET_TWEETNACL_sign_ed25519_pk_to_curve25519 (uint8_t *x25519_pk,
-                                                const uint8_t *ed25519_pk);
-
-int
-GNUNET_TWEETNACL_sign_detached_verify (const uint8_t *sig,
-                                       const uint8_t *m,
-                                       uint64_t n,
-                                       const uint8_t *pk);
-
-int
-GNUNET_TWEETNACL_sign_detached (uint8_t *sig,
-                                const uint8_t *m,
-                                uint64_t n,
-                                const uint8_t *sk);
-
-void
-GNUNET_TWEETNACL_scalarmult_gnunet_ecdsa (uint8_t *pk, const uint8_t *s);
-
-#endif

-- 
To stop receiving notification emails like this one, please contact
address@hidden.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]