diff options
| author | George Hazan <george.hazan@gmail.com> | 2024-06-21 14:29:17 +0300 |
|---|---|---|
| committer | George Hazan <george.hazan@gmail.com> | 2024-06-21 14:29:17 +0300 |
| commit | 46ea86584a9787c8b9dc3983cf23d9b5b93b5841 (patch) | |
| tree | fbaf3793ae2170f7982f08a62c028a23cd9afedd /libs/libsodium/src/crypto_sign/ed25519/ref10/sign.c | |
| parent | 82e75be329dd0f30c0281ef9c3c08488b89d109f (diff) | |
fixes #4477 (libsodium: update to 1.0.20)
Diffstat (limited to 'libs/libsodium/src/crypto_sign/ed25519/ref10/sign.c')
| -rw-r--r-- | libs/libsodium/src/crypto_sign/ed25519/ref10/sign.c | 31 |
1 files changed, 8 insertions, 23 deletions
diff --git a/libs/libsodium/src/crypto_sign/ed25519/ref10/sign.c b/libs/libsodium/src/crypto_sign/ed25519/ref10/sign.c index 74a8100927..c00c08b40e 100644 --- a/libs/libsodium/src/crypto_sign/ed25519/ref10/sign.c +++ b/libs/libsodium/src/crypto_sign/ed25519/ref10/sign.c @@ -33,31 +33,16 @@ _crypto_sign_ed25519_clamp(unsigned char k[32]) }
#ifdef ED25519_NONDETERMINISTIC
-/* r = hash(B || empty_labelset || Z || pad1 || k || pad2 || empty_labelset || K || extra || M) (mod q) */
+/* r = hash(k || K || noise || pad || M) (mod q) */
static void
_crypto_sign_ed25519_synthetic_r_hv(crypto_hash_sha512_state *hs,
- unsigned char Z[32],
- const unsigned char sk[64])
+ unsigned char tmp[64],
+ const unsigned char az[64])
{
- static const unsigned char B[32] = {
- 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
- 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
- 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
- 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66,
- };
- static const unsigned char zeros[128] = { 0x00 };
- static const unsigned char empty_labelset[3] = { 0x02, 0x00, 0x00 };
-
- crypto_hash_sha512_update(hs, B, 32);
- crypto_hash_sha512_update(hs, empty_labelset, 3);
- randombytes_buf(Z, 32);
- crypto_hash_sha512_update(hs, Z, 32);
- crypto_hash_sha512_update(hs, zeros, 128 - (32 + 3 + 32) % 128);
- crypto_hash_sha512_update(hs, sk, 32);
- crypto_hash_sha512_update(hs, zeros, 128 - 32 % 128);
- crypto_hash_sha512_update(hs, empty_labelset, 3);
- crypto_hash_sha512_update(hs, sk + 32, 32);
- /* empty extra */
+ crypto_hash_sha512_update(hs, az, 64);
+ randombytes_buf(tmp, 32);
+ memset(tmp + 32, 0, 32);
+ crypto_hash_sha512_update(hs, tmp, 64);
}
#endif
@@ -76,7 +61,7 @@ _crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p, crypto_hash_sha512(az, sk, 32);
#ifdef ED25519_NONDETERMINISTIC
- _crypto_sign_ed25519_synthetic_r_hv(&hs, nonce, az);
+ _crypto_sign_ed25519_synthetic_r_hv(&hs, nonce /* tmp */, az);
#else
crypto_hash_sha512_update(&hs, az + 32, 32);
#endif
|