now EdDSA works.

2014-04-03 16:06:42 +09:00
parent 9cd4a1a47f
commit a7f3a3e260
6 changed files with 20 additions and 14 deletions
--- a/7
+++ b/7
@@ -1,3 +1,10 @@
 2014-04-03  Niibe Yutaka  <gniibe@fsij.org>
 	* src/ecc-edwards.c (eddsa_sign_25519): Change type of OUT.
 	* src/openpgp.c (cmd_internal_authenticate): Have a buffer.
 	* src/flash.c (flash_init): Fix key address finder.
 2014-04-02  Niibe Yutaka  <gniibe@fsij.org>
 	* src/openpgp-do.c (proc_key_import): Handle EdDSA.
--- a/doc/note/NOTES
+++ b/doc/note/NOTES
@@ -76,7 +76,6 @@ KEYPTR
         ----> [   P   ][   Q   ][       N        ]
               <---encrypted----><---  plain  ---->
 key_addr                       4-byte
 initial_vector (random)        16-byte
 checksum_encrypted             16-byte
 dek_encrypted_by_keystring_pw1 16-byte
--- a/src/ecc-edwards.c
+++ b/src/ecc-edwards.c
@@ -750,7 +750,7 @@ mod_reduce_M (bn256 *R, const bn512 *A)
 void
-eddsa_sign_25519 (const uint8_t *input, size_t ilen, uint8_t *out,
+eddsa_sign_25519 (const uint8_t *input, size_t ilen, uint32_t *out,
 		  const bn256 *a, const uint8_t *seed, const bn256 *pk)
 {
  bn256 *r, *s;
@@ -761,7 +761,7 @@ eddsa_sign_25519 (const uint8_t *input, size_t ilen, uint8_t *out,
  uint32_t carry, borrow;
  r = (bn256 *)out;
-  s = (bn256 *)(out+32);
+  s = (bn256 *)(out+(32/4));
  sha512_start (&ctx);
  sha512_update (&ctx, seed, sizeof (bn256)); /* It's upper half of the hash */
--- a/src/flash.c
+++ b/src/flash.c
@@ -80,20 +80,17 @@ extern uint8_t _data_pool;
 static int key_available_at (uint8_t *k)
 {
  int i;
  uint8_t *p;
  p = k;
  for (i = 0; i < KEY_SIZE; i++)
-    if (*p)
+    if (k[i])
      break;
-  if (p == k + KEY_SIZE)	/* It's ZERO.  Released key.  */
+  if (i == KEY_SIZE)	/* It's ZERO.  Released key.  */
    return 0;
  p = k;
  for (i = 0; i < KEY_SIZE; i++)
-    if (*p != 0xff)
+    if (k[i] != 0xff)
      break;
-  if (p == k + KEY_SIZE)	/* It's FULL.  Unused key.  */
+  if (i == KEY_SIZE)	/* It's FULL.  Unused key.  */
    return 0;
  return 1;
@@ -127,7 +124,7 @@ flash_init (void)
      uint8_t *k;
      kd[i].key_addr = NULL;
-      for (k = p; k < k + FLASH_PAGE_SIZE; k += KEY_SIZE)
+      for (k = p; k < p + FLASH_PAGE_SIZE; k += KEY_SIZE)
 	if (key_available_at (k))
 	  {
 	    kd[i].key_addr = k;
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -257,7 +257,7 @@ extern int ecdsa_sign_p256k1 (const uint8_t *hash, uint8_t *output,
 extern uint8_t *ecdsa_compute_public_p256k1 (const uint8_t *key_data);
 extern int eddsa_sign_25519 (const uint8_t *input, size_t ilen,
-			     uint8_t *output,
+			     uint32_t *output,
 			     const uint8_t *sk_a, const uint8_t *seed,
 			     const uint8_t *pk);
 extern uint8_t *eddsa_compute_public_25519 (const uint8_t *a);
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -809,7 +809,7 @@ cmd_get_data (void)
 #define ECDSA_SIGNATURE_LENGTH 64
 #define EDDSA_HASH_LEN_MAX 256
-#define EDDSA_SIGNATURE_LENGTH 32
+#define EDDSA_SIGNATURE_LENGTH 64
 static void
 cmd_pso (void)
@@ -1020,6 +1020,8 @@ cmd_internal_authenticate (void)
  if (P1 (apdu) == 0x00 && P2 (apdu) == 0x00)
    {
      uint32_t output[64/4];	/* Require 4-byte alignment. */
      DEBUG_SHORT (len);
      if (!ac_check_status (AC_OTHER_AUTHORIZED))
@@ -1037,10 +1039,11 @@ cmd_internal_authenticate (void)
 	}
      res_APDU_size = EDDSA_SIGNATURE_LENGTH;
-      r = eddsa_sign_25519 (apdu.cmd_apdu_data, len, res_APDU,
+      r = eddsa_sign_25519 (apdu.cmd_apdu_data, len, output,
 	    kd[GPG_KEY_FOR_AUTHENTICATION].data,
 	    kd[GPG_KEY_FOR_AUTHENTICATION].data+32,
 	    kd[GPG_KEY_FOR_AUTHENTICATION].key_addr + KEY_CONTENT_LEN);
      memcpy (res_APDU, output, EDDSA_SIGNATURE_LENGTH);
      if (r < 0)
 	GPG_ERROR ();
    }