arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add additional asserts

pull/769/head
Jeffrey Walton 2018-12-25 20:24:54 -05:00
parent 6e09f4ee19
commit bf10aae97d
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
2 changed files with 32 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
xed25519.cpp
View File

@ -47,6 +47,24 @@ const byte blacklist[][32] = {
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }
}; };
bool HasSmallOrder(const byte y[32])
{
// The magic 12 is the count of blaklisted points
byte c[12] = { 0 };
for (size_t j = 0; j < 32; j++) {
for (size_t i = 0; i < COUNTOF(blacklist); i++) {
c[i] |= y[j] ^ blacklist[i][j];
}
}
unsigned int k = 0;
for (size_t i = 0; i < COUNTOF(blacklist); i++) {
k |= (c[i] - 1);
}
return (bool)((k >> 8) & 1);
}
ANONYMOUS_NAMESPACE_END ANONYMOUS_NAMESPACE_END
NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(CryptoPP)
@ -120,20 +138,7 @@ bool x25519::IsClamped(const byte x[SECRET_KEYLENGTH]) const
bool x25519::IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const bool x25519::IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const
{ {
// The magic 12 is the count of blaklisted points return HasSmallOrder(y);
byte c[12] = { 0 };
for (size_t j = 0; j < PUBLIC_KEYLENGTH; j++) {
for (size_t i = 0; i < COUNTOF(blacklist); i++) {
c[i] |= y[j] ^ blacklist[i][j];
}
}
unsigned int k = 0;
for (size_t i = 0; i < COUNTOF(blacklist); i++) {
k |= (c[i] - 1);
}
return (bool)((k >> 8) & 1);
} }
void x25519::BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt) void x25519::BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt)
@ -360,6 +365,11 @@ bool ed25519PrivateKey::IsClamped(const byte x[SECRET_KEYLENGTH]) const
return (x[0] & 248) == x[0] && (x[31] & 127) == x[31] && (x[31] | 64) == x[31]; return (x[0] & 248) == x[0] && (x[31] & 127) == x[31] && (x[31] | 64) == x[31];
} }
bool ed25519PrivateKey::IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const
{
return HasSmallOrder(y);
}
bool ed25519PrivateKey::Validate(RandomNumberGenerator &rng, unsigned int level) const bool ed25519PrivateKey::Validate(RandomNumberGenerator &rng, unsigned int level) const
{ {
CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(level); CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(level);
@ -418,6 +428,9 @@ void ed25519PrivateKey::AssignFrom(const NameValuePairs &source)
bool clamp = false; bool clamp = false;
if (source.GetValue("Clamp", clamp) && clamp == true) if (source.GetValue("Clamp", clamp) && clamp == true)
ClampKeys(m_pk, m_sk); ClampKeys(m_pk, m_sk);
CRYPTOPP_ASSERT(IsClamped(m_sk) == true);
CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false);
} }
void ed25519PrivateKey::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params=g_nullNameValuePairs) void ed25519PrivateKey::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params=g_nullNameValuePairs)
@ -493,6 +506,7 @@ void ed25519PrivateKey::BERDecode(BufferedTransformation &bt)
Donna::ed25519_publickey(m_pk, m_sk); Donna::ed25519_publickey(m_pk, m_sk);
CRYPTOPP_ASSERT(IsClamped(m_sk) == true); CRYPTOPP_ASSERT(IsClamped(m_sk) == true);
CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false);
} }
void ed25519PrivateKey::DEREncode(BufferedTransformation &bt, int version) const void ed25519PrivateKey::DEREncode(BufferedTransformation &bt, int version) const

4
xed25519.h
View File

@ -450,6 +450,10 @@ struct ed25519PrivateKey : public PKCS8PrivateKey
/// \param x private key /// \param x private key
bool IsClamped(const byte x[SECRET_KEYLENGTH]) const; bool IsClamped(const byte x[SECRET_KEYLENGTH]) const;
/// \brief Test if a key has small order
/// \param y public key
bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const;
/// \brief Retrieve private key byte array /// \brief Retrieve private key byte array
/// \returns the private key byte array /// \returns the private key byte array
/// \details GetPrivateKeyBytePtr() is used by signing code to call ed25519_sign. /// \details GetPrivateKeyBytePtr() is used by signing code to call ed25519_sign.