Renamed SHA1 functions, else they might cause trouble with tomcrypt

2019-04-07 16:06:22 +02:00 · 2019-04-07 16:06:22 +02:00 · 824abbf483
commit 824abbf483
parent 98bd4f3ec6
8 changed files with 204 additions and 204 deletions
--- a/include/fe.h
+++ b/include/fe.h
@ -15,19 +15,19 @@

 typedef int32_t fe[10];

+#ifdef __cplusplus
+extern "C" {
+#endif

 void fe_0(fe h);
 void fe_1(fe h);
-
 void fe_frombytes(fe h, const unsigned char *s);
 void fe_tobytes(unsigned char *s, const fe h);
-
 void fe_copy(fe h, const fe f);
 int fe_isnegative(const fe f);
 int fe_isnonzero(const fe f);
 void fe_cmov(fe f, const fe g, unsigned int b);
 void fe_cswap(fe f, fe g, unsigned int b);
-
 void fe_neg(fe h, const fe f);
 void fe_add(fe h, const fe f, const fe g);
 void fe_invert(fe out, const fe z);
@ -38,4 +38,8 @@ void fe_mul121666(fe h, fe f);
 void fe_pow22523(fe out, const fe z);
 void fe_sub(fe h, const fe f, const fe g);

+#ifdef __cplusplus
+}
+#endif
+
 #endif
--- a/include/sha512.h
+++ b/include/sha512.h
@ -17,8 +17,8 @@
 		unsigned char buf[128];
 	} sha512_context;
 #endif
-int sha512_init(sha512_context * md);
-int sha512_final(sha512_context * md, unsigned char *out);
-int sha512_update(sha512_context * md, const unsigned char *in, size_t inlen);
-int sha512(const unsigned char *message, size_t message_len, unsigned char *out);
+int _ed_sha512_init(sha512_context * md);
+int _ed_sha512_final(sha512_context * md, unsigned char *out);
+int _ed_sha512_update(sha512_context * md, const unsigned char *in, size_t inlen);
+int _ed_sha512(const unsigned char *message, size_t message_len, unsigned char *out);
 #endif
--- a/src/add_scalar.c
+++ b/src/add_scalar.c
@ -31,10 +31,10 @@ void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, c
        sc_muladd(private_key, SC_1, n, private_key);

        // https://github.com/orlp/ed25519/issues/3
-        sha512_init(&hash);
-        sha512_update(&hash, private_key + 32, 32);
-        sha512_update(&hash, scalar, 32);
-        sha512_final(&hash, hashbuf);
+        _ed_sha512_init(&hash);
+        _ed_sha512_update(&hash, private_key + 32, 32);
+        _ed_sha512_update(&hash, scalar, 32);
+        _ed_sha512_final(&hash, hashbuf);
        for (i = 0; i < 32; ++i) {
            private_key[32 + i] = hashbuf[i];
        }
--- a/src/keypair.c
+++ b/src/keypair.c
@ -6,7 +6,7 @@
 void ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed) {
    ge_p3 A;

-    sha512(seed, 32, private_key);
+    _ed_sha512(seed, 32, private_key);
    private_key[0] &= 248;
    private_key[31] &= 63;
    private_key[31] |= 64;
--- a/src/sha512.c
+++ b/src/sha512.c
@ -75,8 +75,8 @@ static const uint64_t K[80] = {
         (((uint64_t)((y)[6] & 255))<<8)|(((uint64_t)((y)[7] & 255))); }


-#define Ch(x,y,z)       (z ^ (x & (y ^ z)))
-#define Maj(x,y,z)      (((x | y) & z) | (x & y)) 
+#define Ch(x, y, z)       (z ^ (x & (y ^ z)))
+#define Maj(x, y, z)      (((x | y) & z) | (x & y))
 #define S(x, n)         ROR64c(x, n)
 #define R(x, n)         (((x) &UINT64_C(0xFFFFFFFFFFFFFFFF))>>((uint64_t)n))
 #define Sigma0(x)       (S(x, 28) ^ S(x, 34) ^ S(x, 39))
@ -88,8 +88,7 @@ static const uint64_t K[80] = {
 #endif

 /* compress 1024-bits */
-static int sha512_compress(sha512_context *md, unsigned char *buf)
-{
+static int _ed_sha512_compress(sha512_context *md, unsigned char *buf) {
 	uint64_t S[8], W[80], t0, t1;
 	int i;

@ -100,7 +99,7 @@ static int sha512_compress(sha512_context *md, unsigned char *buf)

 	/* copy the state into 1024-bits into W[0..15] */
 	for (i = 0; i < 16; i++) {
-        LOAD64H(W[i], buf + (8*i));
+		LOAD64H(W[i], buf + (8 * i));
 	}

 	/* fill W[16..79] */
@ -109,21 +108,21 @@ static int sha512_compress(sha512_context *md, unsigned char *buf)
 	}

 /* Compress */
-    #define RND(a,b,c,d,e,f,g,h,i) \
+	#define RND(a, b, c, d, e, f, g, h, i) \
    t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
    t1 = Sigma0(a) + Maj(a, b, c);\
    d += t0; \
    h  = t0 + t1;

 	for (i = 0; i < 80; i += 8) {
-       RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0);
-       RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1);
-       RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2);
-       RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3);
-       RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4);
-       RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5);
-       RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6);
-       RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7);
+		RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i + 0);
+		RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], i + 1);
+		RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], i + 2);
+		RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], i + 3);
+		RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], i + 4);
+		RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], i + 5);
+		RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], i + 6);
+		RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], i + 7);
 	}

 	#undef RND
@ -144,7 +143,7 @@ static int sha512_compress(sha512_context *md, unsigned char *buf)
   @param md   The hash state you wish to initialize
   @return 0 if successful
 */
-int sha512_init(sha512_context * md) {
+int _ed_sha512_init(sha512_context *md) {
 	if (md == NULL) return 1;

 	md->curlen = 0;
@ -168,8 +167,7 @@ int sha512_init(sha512_context * md) {
   @param inlen  The length of the data (octets)
   @return 0 if successful
 */
-int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)               
-{                                                                                           
+int _ed_sha512_update(sha512_context *md, const unsigned char *in, size_t inlen) {
 	size_t n;
 	size_t i;
 	int err;
@ -180,7 +178,7 @@ int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)
 	}
 	while (inlen > 0) {
 		if (md->curlen == 0 && inlen >= 128) {
-           if ((err = sha512_compress (md, (unsigned char *)in)) != 0) {               
+			if ((err = _ed_sha512_compress(md, (unsigned char *) in)) != 0) {
 				return err;
 			}
 			md->length += 128 * 8;
@ -198,10 +196,10 @@ int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)
 			in += n;
 			inlen -= n;
 			if (md->curlen == 128) {
-              if ((err = sha512_compress (md, md->buf)) != 0) {            
+				if ((err = _ed_sha512_compress(md, md->buf)) != 0) {
 					return err;
 				}
-              md->length += 8*128;                                       
+				md->length += 8 * 128;
 				md->curlen = 0;
 			}
 		}
@ -215,8 +213,7 @@ int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)
   @param out [out] The destination of the hash (64 bytes)
   @return 0 if successful
 */
-   int sha512_final(sha512_context * md, unsigned char *out)
-   {
+int _ed_sha512_final(sha512_context *md, unsigned char *out) {
 	int i;

 	if (md == NULL) return 1;
@ -230,7 +227,7 @@ int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)
 	md->length += md->curlen * UINT64_C(8);

 	/* append the '1' bit */
- md->buf[md->curlen++] = (unsigned char)0x80;
+	md->buf[md->curlen++] = (unsigned char) 0x80;

 	/* if the length is currently above 112 bytes we append zeros
 	 * then compress.  Then we can fall back to padding zeros and length
@ -238,9 +235,9 @@ int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)
 	 */
 	if (md->curlen > 112) {
 		while (md->curlen < 128) {
-            md->buf[md->curlen++] = (unsigned char)0;
+			md->buf[md->curlen++] = (unsigned char) 0;
 		}
-        sha512_compress(md, md->buf);
+		_ed_sha512_compress(md, md->buf);
 		md->curlen = 0;
 	}

@ -248,28 +245,27 @@ int sha512_update (sha512_context * md, const unsigned char *in, size_t inlen)
 	 * note: that from 112 to 120 is the 64 MSB of the length.  We assume that you won't hash
 	 * > 2^64 bits of data... :-)
 	 */
-while (md->curlen < 120) {
-    md->buf[md->curlen++] = (unsigned char)0;
-}
+	while (md->curlen < 120) {
+		md->buf[md->curlen++] = (unsigned char) 0;
+	}

 	/* store length */
-STORE64H(md->length, md->buf+120);
-sha512_compress(md, md->buf);
+	STORE64H(md->length, md->buf + 120);
+	_ed_sha512_compress(md, md->buf);

 	/* copy output */
-for (i = 0; i < 8; i++) {
-    STORE64H(md->state[i], out+(8*i));
-}
+	for (i = 0; i < 8; i++) {
+		STORE64H(md->state[i], out + (8 * i));
+	}

-return 0;
-}
-
-int sha512(const unsigned char *message, size_t message_len, unsigned char *out)
-{
-    sha512_context ctx;
-    int ret;
-    if ((ret = sha512_init(&ctx))) return ret;
-    if ((ret = sha512_update(&ctx, message, message_len))) return ret;
-    if ((ret = sha512_final(&ctx, out))) return ret;
+	return 0;
+}
+
+int _ed_sha512(const unsigned char *message, size_t message_len, unsigned char *out) {
+	sha512_context ctx;
+	int ret;
+	if ((ret = _ed_sha512_init(&ctx))) return ret;
+	if ((ret = _ed_sha512_update(&ctx, message, message_len))) return ret;
+	if ((ret = _ed_sha512_final(&ctx, out))) return ret;
 	return 0;
 }
--- a/src/sha512_openssl.c
+++ b/src/sha512_openssl.c
@ -1,18 +1,18 @@
 #include <openssl/sha.h>
 #include "../include/sha512.h"

-int sha512_init(sha512_context * md) {
+int _ed_sha512_init(sha512_context * md) {
 	return SHA512_Init(md) != 1; /* Returns 0 on success */
 }

-int sha512_final(sha512_context * md, unsigned char *out) {
+int _ed_sha512_final(sha512_context * md, unsigned char *out) {
 	return SHA512_Final(out, md) != 1; /* Returns 0 on success */
 }

-int sha512_update(sha512_context * md, const unsigned char *in, size_t inlen) {
+int _ed_sha512_update(sha512_context * md, const unsigned char *in, size_t inlen) {
 	return SHA512_Update(md, in, inlen) != 1; /* Returns 0 on success */
 }

-int sha512(const unsigned char *message, size_t message_len, unsigned char *out) {
+int _ed_sha512(const unsigned char *message, size_t message_len, unsigned char *out) {
 	return SHA512(message, message_len, out) != 0; /* Returns 0 on success */
 }
--- a/src/sign.c
+++ b/src/sign.c
@ -11,20 +11,20 @@ void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t
    ge_p3 R;


-    sha512_init(&hash);
-    sha512_update(&hash, private_key + 32, 32);
-    sha512_update(&hash, message, message_len);
-    sha512_final(&hash, r);
+    _ed_sha512_init(&hash);
+    _ed_sha512_update(&hash, private_key + 32, 32);
+    _ed_sha512_update(&hash, message, message_len);
+    _ed_sha512_final(&hash, r);

    sc_reduce(r);
    ge_scalarmult_base(&R, r);
    ge_p3_tobytes(signature, &R);

-    sha512_init(&hash);
-    sha512_update(&hash, signature, 32);
-    sha512_update(&hash, public_key, 32);
-    sha512_update(&hash, message, message_len);
-    sha512_final(&hash, hram);
+    _ed_sha512_init(&hash);
+    _ed_sha512_update(&hash, signature, 32);
+    _ed_sha512_update(&hash, public_key, 32);
+    _ed_sha512_update(&hash, message, message_len);
+    _ed_sha512_final(&hash, hram);

    sc_reduce(hram);
    sc_muladd(signature + 32, hram, private_key, r);
--- a/src/verify.c
+++ b/src/verify.c
@ -59,11 +59,11 @@ int ed25519_verify(const unsigned char *signature, const unsigned char *message,
        return 0;
    }

-    sha512_init(&hash);
-    sha512_update(&hash, signature, 32);
-    sha512_update(&hash, public_key, 32);
-    sha512_update(&hash, message, message_len);
-    sha512_final(&hash, h);
+    _ed_sha512_init(&hash);
+    _ed_sha512_update(&hash, signature, 32);
+    _ed_sha512_update(&hash, public_key, 32);
+    _ed_sha512_update(&hash, message, message_len);
+    _ed_sha512_final(&hash, h);
    
    sc_reduce(h);
    ge_double_scalarmult_vartime(&R, h, &A, signature + 32);