kopia lustrzana https://github.com/solokeys/solo1
ed25519: revert message buffer optimization.
rodzic
3963c932b6
commit
3ee801b76b
|
@ -409,8 +409,24 @@ void crypto_ed25519_load_key(uint8_t * data, int len)
|
|||
#endif
|
||||
}
|
||||
|
||||
void crypto_ed25519_sign(uint8_t * data, int len, uint8_t * sig)
|
||||
void crypto_ed25519_sign(uint8_t * data1, int len1, uint8_t * data2, int len2, uint8_t * sig)
|
||||
{
|
||||
// ed25519 signature APIs need the message at once (by design!) and in one
|
||||
// contiguous buffer (could be changed).
|
||||
|
||||
// 512 is an arbitrary sanity limit, could be less
|
||||
if (len1 < 0 || len2 < 0 || len1 > 512 || len2 > 512)
|
||||
{
|
||||
memset(sig, 0, 64); // ed25519 signature len is 64 bytes
|
||||
return;
|
||||
}
|
||||
// XXX: dynamically sized allocation on the stack
|
||||
const int len = len1 + len2; // 0 <= len <= 1024
|
||||
uint8_t data[len1 + len2];
|
||||
|
||||
memcpy(data, data1, len1);
|
||||
memcpy(data + len1, data2, len2);
|
||||
|
||||
#if defined(STM32L432xx)
|
||||
|
||||
// TODO: check that correct load_key() had been called?
|
||||
|
|
|
@ -32,7 +32,7 @@ void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig);
|
|||
void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_ID);
|
||||
|
||||
void crypto_ed25519_derive_public_key(uint8_t * data, int len, uint8_t * x);
|
||||
void crypto_ed25519_sign(uint8_t * data1, int len1, uint8_t * sig);
|
||||
void crypto_ed25519_sign(uint8_t * data1, int len1, uint8_t * data2, int len2, uint8_t * sig);
|
||||
void crypto_ed25519_load_key(uint8_t * data, int len);
|
||||
|
||||
void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey);
|
||||
|
|
|
@ -793,9 +793,7 @@ int ctap_calculate_signature(uint8_t * data, int datalen, uint8_t * clientDataHa
|
|||
// calculate attestation sig
|
||||
if (alg == COSE_ALG_EDDSA)
|
||||
{
|
||||
// ED25519 signing needs message in one chunk
|
||||
memmove(data + datalen, clientDataHash, CLIENT_DATA_HASH_SIZE);
|
||||
crypto_ed25519_sign(data, datalen + CLIENT_DATA_HASH_SIZE, sigder); // not DER, just plain binary!
|
||||
crypto_ed25519_sign(data, datalen, clientDataHash, CLIENT_DATA_HASH_SIZE, sigder); // not DER, just plain binary!
|
||||
return 64;
|
||||
}
|
||||
else
|
||||
|
@ -903,7 +901,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
|
|||
CTAP_makeCredential MC;
|
||||
int ret;
|
||||
unsigned int i;
|
||||
uint8_t auth_data_buf[310 + CLIENT_DATA_HASH_SIZE];
|
||||
uint8_t auth_data_buf[310];
|
||||
CTAP_credentialDescriptor * excl_cred = (CTAP_credentialDescriptor *) auth_data_buf;
|
||||
uint8_t * sigbuf = auth_data_buf + 32;
|
||||
uint8_t * sigder = auth_data_buf + 32 + 64;
|
||||
|
|
|
@ -360,10 +360,10 @@ typedef struct
|
|||
|
||||
|
||||
struct _getAssertionState {
|
||||
// Room for both authData struct and extensions + clientDataHash for efficient ED25519 signature generation
|
||||
// Room for both authData struct and extensions
|
||||
struct {
|
||||
CTAP_authDataHeader authData;
|
||||
uint8_t extensions[80 + CLIENT_DATA_HASH_SIZE];
|
||||
uint8_t extensions[80];
|
||||
} __attribute__((packed)) buf;
|
||||
CTAP_extensions extensions;
|
||||
uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];
|
||||
|
|
Ładowanie…
Reference in New Issue