mirror
/
solo1
kopia lustrzana https://github.com/solokeys/solo1
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

ed25519: revert message buffer optimization.

pull/478/head
Enrik Berkhan 2020-10-27 20:03:03 +01:00
rodzic 3963c932b6
commit 3ee801b76b
4 zmienionych plików z 22 dodań i 8 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

18
fido2/crypto.c
Wyświetl plik

@ -409,8 +409,24 @@ void crypto_ed25519_load_key(uint8_t * data, int len)
#endif
}
void crypto_ed25519_sign(uint8_t * data, int len, uint8_t * sig)
void crypto_ed25519_sign(uint8_t * data1, int len1, uint8_t * data2, int len2, uint8_t * sig)
{
// ed25519 signature APIs need the message at once (by design!) and in one
// contiguous buffer (could be changed).
// 512 is an arbitrary sanity limit, could be less
if (len1 < 0 || len2 < 0 || len1 > 512 || len2 > 512)
{
memset(sig, 0, 64); // ed25519 signature len is 64 bytes
return;
}
// XXX: dynamically sized allocation on the stack
const int len = len1 + len2; // 0 <= len <= 1024
uint8_t data[len1 + len2];
memcpy(data, data1, len1);
memcpy(data + len1, data2, len2);
#if defined(STM32L432xx)
// TODO: check that correct load_key() had been called?

2
fido2/crypto.h
Wyświetl plik

@ -32,7 +32,7 @@ void crypto_ecc256_sign(uint8_t * data, int len, uint8_t * sig);
void crypto_ecdsa_sign(uint8_t * data, int len, uint8_t * sig, int MBEDTLS_ECP_ID);
void crypto_ed25519_derive_public_key(uint8_t * data, int len, uint8_t * x);
void crypto_ed25519_sign(uint8_t * data1, int len1, uint8_t * sig);
void crypto_ed25519_sign(uint8_t * data1, int len1, uint8_t * data2, int len2, uint8_t * sig);
void crypto_ed25519_load_key(uint8_t * data, int len);
void generate_private_key(uint8_t * data, int len, uint8_t * data2, int len2, uint8_t * privkey);

6
fido2/ctap.c
Wyświetl plik

@ -793,9 +793,7 @@ int ctap_calculate_signature(uint8_t * data, int datalen, uint8_t * clientDataHa
// calculate attestation sig
if (alg == COSE_ALG_EDDSA)
{
// ED25519 signing needs message in one chunk
memmove(data + datalen, clientDataHash, CLIENT_DATA_HASH_SIZE);
crypto_ed25519_sign(data, datalen + CLIENT_DATA_HASH_SIZE, sigder); // not DER, just plain binary!
crypto_ed25519_sign(data, datalen, clientDataHash, CLIENT_DATA_HASH_SIZE, sigder); // not DER, just plain binary!
return 64;
}
else
@ -903,7 +901,7 @@ uint8_t ctap_make_credential(CborEncoder * encoder, uint8_t * request, int lengt
CTAP_makeCredential MC;
int ret;
unsigned int i;
uint8_t auth_data_buf[310 + CLIENT_DATA_HASH_SIZE];
uint8_t auth_data_buf[310];
CTAP_credentialDescriptor * excl_cred = (CTAP_credentialDescriptor *) auth_data_buf;
uint8_t * sigbuf = auth_data_buf + 32;
uint8_t * sigder = auth_data_buf + 32 + 64;

4
fido2/ctap.h
Wyświetl plik

@ -360,10 +360,10 @@ typedef struct
struct _getAssertionState {
// Room for both authData struct and extensions + clientDataHash for efficient ED25519 signature generation
// Room for both authData struct and extensions
struct {
CTAP_authDataHeader authData;
uint8_t extensions[80 + CLIENT_DATA_HASH_SIZE];
uint8_t extensions[80];
} __attribute__((packed)) buf;
CTAP_extensions extensions;
uint8_t clientDataHash[CLIENT_DATA_HASH_SIZE];