From 89c07b8342f48190cd1f1928cdf02aea74fbecb1 Mon Sep 17 00:00:00 2001 From: Loup Vaillant Date: Sun, 1 Dec 2019 18:27:01 +0100 Subject: [PATCH] Removed deprecated X25519 return value --- doc/man/man3/crypto_key_exchange.3monocypher | 16 ++++------------ doc/man/man3/crypto_x25519.3monocypher | 19 +++++-------------- src/monocypher.c | 19 +++++++------------ src/monocypher.h | 12 ++++++------ tests/test.c | 5 +---- tests/utils.c | 8 -------- tests/utils.h | 2 -- 7 files changed, 23 insertions(+), 58 deletions(-) diff --git a/doc/man/man3/crypto_key_exchange.3monocypher b/doc/man/man3/crypto_key_exchange.3monocypher index 1a00096..a255569 100644 --- a/doc/man/man3/crypto_key_exchange.3monocypher +++ b/doc/man/man3/crypto_key_exchange.3monocypher @@ -7,7 +7,7 @@ .Nd Elliptic Curve Diffie-Hellman key exchange .Sh SYNOPSIS .In monocypher.h -.Ft int +.Ft void .Fo crypto_key_exchange .Fa "uint8_t shared_key[32]" .Fa "const uint8_t your_secret_key[32]" @@ -50,16 +50,11 @@ with .Fn crypto_key_exchange_public_key . .El .Sh RETURN VALUES -Some public keys force the shared key to a known constant. .Fn crypto_key_exchange -returns -1 if it detects such a public key, otherwise it returns 0. -This never happens with legitimate public keys. +and +.Fn crypto_key_exchange_public_key +return nothing. .Pp -.Sy The return value has been deprecated . -.Fn crypto_key_exchange -will return -.Vt void -starting with the next major release of Monocypher. Some poorly designed protocols require to test for .Dq contributory behaviour, which ensures that no untrusted party forces the shared @@ -67,9 +62,6 @@ secret to a known constant. Protocols should instead be designed in such a way that no such check is necessary, namely by authenticating the other party or exchanging keys over a trusted channel. -.Pp -.Fn crypto_key_exchange_public_key -returns nothing. .Sh EXAMPLES Generate a public key from a randomly generated secret key: .Bd -literal -offset indent diff --git a/doc/man/man3/crypto_x25519.3monocypher b/doc/man/man3/crypto_x25519.3monocypher index 33dfac5..db69be8 100644 --- a/doc/man/man3/crypto_x25519.3monocypher +++ b/doc/man/man3/crypto_x25519.3monocypher @@ -7,7 +7,7 @@ .Nd X25519 key exchange .Sh SYNOPSIS .In monocypher.h -.Ft int +.Ft void .Fo crypto_x25519 .Fa "uint8_t raw_shared_secret[32]" .Fa "const uint8_t your_secret_key[32]" @@ -56,17 +56,11 @@ random number generator). The public key of the other party. .El .Sh RETURN VALUES -Some public keys force the shared key to a known constant. -.Fn crypto_x225519 -returns -1 if it detects such a public key, otherwise it -returns 0. -This never happens with legitimate public keys. -.Pp -.Sy The return value has been deprecated . .Fn crypto_x25519 -will return -.Vt void -starting with the next major release of Monocypher. +and +.Fn crypto_x25519_public_key +return nothing. +.Pp Some poorly designed protocols require to test for .Dq contributory behaviour, which ensures that no untrusted party forces the shared @@ -74,9 +68,6 @@ secret to a known constant. Protocols should instead be designed in such a way that no such check is necessary, namely by authenticating the other party or exchanging keys over a trusted channel. -.Pp -.Fn crypto_x25519_public_key -returns nothing. .Sh EXAMPLES Generate a pair of shared keys with your secret key and their public key. diff --git a/src/monocypher.c b/src/monocypher.c index 96b380f..52d71fe 100644 --- a/src/monocypher.c +++ b/src/monocypher.c @@ -1289,9 +1289,9 @@ static int scalar_bit(const u8 s[32], int i) { /// X-25519 /// Taken from SUPERCOP's ref10 implementation. /////////////// -int crypto_x25519(u8 raw_shared_secret[32], - const u8 your_secret_key [32], - const u8 their_public_key [32]) +void crypto_x25519(u8 raw_shared_secret[32], + const u8 your_secret_key [32], + const u8 their_public_key [32]) { // computes the scalar product fe x1; @@ -1343,10 +1343,6 @@ int crypto_x25519(u8 raw_shared_secret[32], WIPE_BUFFER(x2); WIPE_BUFFER(z2); WIPE_BUFFER(x3); WIPE_BUFFER(z3); WIPE_BUFFER(t0); WIPE_BUFFER(t1); - - // Returns -1 if the output is all zero - // (happens with some malicious public keys) - return -1 - zerocmp32(raw_shared_secret); } void crypto_x25519_public_key(u8 public_key[32], @@ -2088,13 +2084,12 @@ int crypto_check(const u8 signature[64], //////////////////// /// Key exchange /// //////////////////// -int crypto_key_exchange(u8 shared_key[32], - const u8 your_secret_key [32], - const u8 their_public_key[32]) +void crypto_key_exchange(u8 shared_key[32], + const u8 your_secret_key [32], + const u8 their_public_key[32]) { - int status = crypto_x25519(shared_key, your_secret_key, their_public_key); + crypto_x25519(shared_key, your_secret_key, their_public_key); crypto_hchacha20(shared_key, shared_key, zero); - return status; } //////////////////////////////// diff --git a/src/monocypher.h b/src/monocypher.h index 0d99b04..e7a690c 100644 --- a/src/monocypher.h +++ b/src/monocypher.h @@ -149,9 +149,9 @@ void crypto_argon2i_general(uint8_t *hash, uint32_t hash_size,// >= 4 // Key exchange (x25519 + HChacha20) // --------------------------------- #define crypto_key_exchange_public_key crypto_x25519_public_key -int crypto_key_exchange(uint8_t shared_key [32], - const uint8_t your_secret_key [32], - const uint8_t their_public_key[32]); +void crypto_key_exchange(uint8_t shared_key [32], + const uint8_t your_secret_key [32], + const uint8_t their_public_key[32]); // Signatures (EdDSA with curve25519 + Blake2b) @@ -269,8 +269,8 @@ void crypto_poly1305_final (crypto_poly1305_ctx *ctx, uint8_t mac[16]); // ------- void crypto_x25519_public_key(uint8_t public_key[32], const uint8_t secret_key[32]); -int crypto_x25519(uint8_t raw_shared_secret[32], - const uint8_t your_secret_key [32], - const uint8_t their_public_key [32]); +void crypto_x25519(uint8_t raw_shared_secret[32], + const uint8_t your_secret_key [32], + const uint8_t their_public_key [32]); #endif // MONOCYPHER_H diff --git a/tests/test.c b/tests/test.c index 9a80085..8214c58 100644 --- a/tests/test.c +++ b/tests/test.c @@ -105,10 +105,7 @@ static void x25519(const vector in[], vector *out) { const vector *scalar = in; const vector *point = in + 1; - int report = crypto_x25519(out->buf, scalar->buf, point->buf); - int not_zero = zerocmp(out->buf, out->size); - if ( not_zero && report) printf("FAILURE: x25519 false all_zero report\n"); - if (!not_zero && !report) printf("FAILURE: x25519 failed to report zero\n"); + crypto_x25519(out->buf, scalar->buf, point->buf); } static void x25519_pk(const vector in[], vector *out) diff --git a/tests/utils.c b/tests/utils.c index f3d367b..fc71ade 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -81,14 +81,6 @@ void* alloc(size_t size) return buf; } -int zerocmp(const u8 *p, size_t n) -{ - FOR (i, 0, n) { - if (p[i] != 0) { return -1; } - } - return 0; -} - int vector_test(void (*f)(const vector[], vector*), const char *name, size_t nb_inputs, size_t nb_vectors, u8 **vectors, size_t *sizes) diff --git a/tests/utils.h b/tests/utils.h index fd77abd..c315151 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -36,8 +36,6 @@ void print_vector(const u8 *buf, size_t size); void print_number(u64 n); void* alloc(size_t size); -int zerocmp(const u8 *p, size_t n); - int vector_test(void (*f)(const vector[], vector*), const char *name, size_t nb_inputs, size_t nb_vectors, u8 **vectors, size_t *sizes); -- 2.47.3