Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 006e6d3b6f
Branches Tags
tor
/
src
/
common
/
crypto_ed25519.c

crypto_ed25519.c 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158 
  1. /* Copyright (c) 2013, The Tor Project, Inc. */
    2. 

  2. /* See LICENSE for licensing information */
    3. 

  3. 

  4. /* Wrapper code for an ed25519 implementation. */
    5. 

  5. 

  6. #include "orconfig.h"
    7. 

  7. #ifdef HAVE_SYS_STAT_H
    8. 

  8. #include <sys/stat.h>
    9. 

  9. #endif
    10. 

  10. 

  11. #include "crypto.h"
    12. 

  12. 

  13. #include "crypto_curve25519.h"
    14. 

  14. #include "crypto_ed25519.h"
    15. 

  15. #include "torlog.h"
    16. 

  16. #include "util.h"
    17. 

  17. 

  18. #include "ed25519/ref10/ed25519_ref10.h"
    19. 

  19. 

  20. int
    21. 

  21. ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
    22. 

  22.                         int extra_strong)
    23. 

  23. {
    24. 

  24.   (void) extra_strong;
    25. 

  25.   if (ed25519_ref10_seckey(seckey_out->seckey) < 0)
    26. 

  26.     return -1;
    27. 

  27.   return 0;
    28. 

  28. }
    29. 

  29. 

  30. int
    31. 

  31. ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
    32. 

  32.                              const uint8_t *seed)
    33. 

  33. {
    34. 

  34.   if (ed25519_ref10_seckey_expand(seckey_out->seckey, seed) < 0)
    35. 

  35.     return -1;
    36. 

  36.   return 0;
    37. 

  37. }
    38. 

  38. 

  39. int
    40. 

  40. ed25519_public_key_generate(ed25519_public_key_t *pubkey_out,
    41. 

  41.                         const ed25519_secret_key_t *seckey)
    42. 

  42. {
    43. 

  43.   if (ed25519_ref10_pubkey(pubkey_out->pubkey, seckey->seckey) < 0)
    44. 

  44.     return -1;
    45. 

  45.   return 0;
    46. 

  46. }
    47. 

  47. 

  48. /** Generate a new ed25519 keypair in <b>keypair_out</b>.  If
    49. 

  49.  * <b>extra_strong</b> is set, try to mix some system entropy into the key
    50. 

  50.  * generation process. Return 0 on success, -1 on failure. */
    51. 

  51. int
    52. 

  52. ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong)
    53. 

  53. {
    54. 

  54.   (void) extra_strong;
    55. 

  55. 

  56.   if (ed25519_ref10_keygen(keypair_out->pubkey.pubkey,
    57. 

  57.                            keypair_out->seckey.seckey)<0)
    58. 

  58.     return -1;
    59. 

  59.   return 0;
    60. 

  60. }
    61. 

  61. 

  62. /**
    63. 

  63.  * Set <b>signature_out</b> to a signature of the <b>len</b>-byte message
    64. 

  64.  * <b>msg</b>, using the secret and public key in <b>keypair</b>.
    65. 

  65.  */
    66. 

  66. int
    67. 

  67. ed25519_sign(ed25519_signature_t *signature_out,
    68. 

  68.              const uint8_t *msg, size_t len,
    69. 

  69.              const ed25519_keypair_t *keypair)
    70. 

  70. {
    71. 

  71. 

  72.   if (ed25519_ref10_sign(signature_out->sig, msg, len,
    73. 

  73.                          keypair->seckey.seckey,
    74. 

  74.                          keypair->pubkey.pubkey) < 0) {
    75. 

  75.     return -1;
    76. 

  76.   }
    77. 

  77. 

  78.   return 0;
    79. 

  79. }
    80. 

  80. 

  81. /**
    82. 

  82.  * Check whether if <b>signature</b> is a valid signature for the
    83. 

  83.  * <b>len</b>-byte message in <b>msg</b> made with the key <b>pubkey</b>.
    84. 

  84.  *
    85. 

  85.  * Return 0 if the signature is valid; -1 if it isn't.
    86. 

  86.  */
    87. 

  87. int
    88. 

  88. ed25519_checksig(const ed25519_signature_t *signature,
    89. 

  89.                  const uint8_t *msg, size_t len,
    90. 

  90.                  const ed25519_public_key_t *pubkey)
    91. 

  91. {
    92. 

  92.   return
    93. 

  93.     ed25519_ref10_open(signature->sig, msg, len, pubkey->pubkey) < 0 ? -1 : 0;
    94. 

  94. }
    95. 

  95. 

  96. /** Validate every signature among those in <b>checkable</b>, which contains
    97. 

  97.  * exactly <b>n_checkable</b> elements.  If <b>okay_out</b> is non-NULL, set
    98. 

  98.  * the i'th element of <b>okay_out</b> to 1 if the i'th element of
    99. 

  99.  * <b>checkable</b> is valid, and to 0 otherwise.  Return 0 if every signature
    100. 

  100.  * was valid. Otherwise return -N, where N is the number of invalid
    101. 

  101.  * signatures.
    102. 

  102.  */
    103. 

  103. int
    104. 

  104. ed25519_checksig_batch(int *okay_out,
    105. 

  105.                        const ed25519_checkable_t *checkable,
    106. 

  106.                        int n_checkable)
    107. 

  107. {
    108. 

  108.   int res, i;
    109. 

  109. 

  110.   res = 0;
    111. 

  111.   for (i = 0; i < n_checkable; ++i) {
    112. 

  112.     const ed25519_checkable_t *ch = &checkable[i];
    113. 

  113.     int r = ed25519_checksig(&ch->signature, ch->msg, ch->len, ch->pubkey);
    114. 

  114.     if (r < 0)
    115. 

  115.       --res;
    116. 

  116.     if (okay_out)
    117. 

  117.       okay_out[i] = (r == 0);
    118. 

  118.   }
    119. 

  119. 

  120. #if 0
    121. 

  121.   const uint8_t **ms;
    122. 

  122.   size_t *lens;
    123. 

  123.   const uint8_t **pks;
    124. 

  124.   const uint8_t **sigs;
    125. 

  125.   int *oks;
    126. 

  126. 

  127.   ms = tor_malloc(sizeof(uint8_t*)*n_checkable);
    128. 

  128.   lens = tor_malloc(sizeof(size_t)*n_checkable);
    129. 

  129.   pks = tor_malloc(sizeof(uint8_t*)*n_checkable);
    130. 

  130.   sigs = tor_malloc(sizeof(uint8_t*)*n_checkable);
    131. 

  131.   oks = okay_out ? okay_out : tor_malloc(sizeof(int)*n_checkable);
    132. 

  132. 

  133.   for (i = 0; i < n_checkable; ++i) {
    134. 

  134.     ms[i] = checkable[i].msg;
    135. 

  135.     lens[i] = checkable[i].len;
    136. 

  136.     pks[i] = checkable[i].pubkey->pubkey;
    137. 

  137.     sigs[i] = checkable[i].signature.sig;
    138. 

  138.     oks[i] = 0;
    139. 

  139.   }
    140. 

  140. 

  141.   ed25519_sign_open_batch_donna_fb(ms, lens, pks, sigs, n_checkable, oks);
    142. 

  142. 

  143.   res = 0;
    144. 

  144.   for (i = 0; i < n_checkable; ++i) {
    145. 

  145.     if (!oks[i])
    146. 

  146.       --res;
    147. 

  147.   }
    148. 

  148. 

  149.   tor_free(ms);
    150. 

  150.   tor_free(lens);
    151. 

  151.   tor_free(pks);
    152. 

  152.   if (! okay_out)
    153. 

  153.     tor_free(oks);
    154. 

  154. #endif
    155. 

  155. 

  156.   return res;
    157. 

  157. }
    158. 

  158.