From 4a216c57d48be6d3563bd346c60f9468b7d31e4e Mon Sep 17 00:00:00 2001
From: str4d <str4d@mail.i2p>
Date: Sun, 31 Aug 2014 00:11:03 +0000
Subject: [PATCH] Updated EdDSA code from upstream
Source: https://github.com/str4d/ed25519-java
Git commit: f9a9213e1446adb46756d3a23b614fe09324ae16
---
core/java/src/net/i2p/crypto/eddsa/Utils.java | 32 ++++++++++++++++++-
.../math/ed25519/Ed25519FieldElement.java | 14 +++-----
2 files changed, 35 insertions(+), 11 deletions(-)
diff --git a/core/java/src/net/i2p/crypto/eddsa/Utils.java b/core/java/src/net/i2p/crypto/eddsa/Utils.java
index 8c8bb2ea39..0b471550c7 100644
--- a/core/java/src/net/i2p/crypto/eddsa/Utils.java
+++ b/core/java/src/net/i2p/crypto/eddsa/Utils.java
@@ -22,6 +22,18 @@ public class Utils {
return (result ^ 0x01) & 0x01;
}
+ /**
+ * Constant-time byte[] comparison.
+ * @return 1 if b and c are equal, 0 otherwise.
+ */
+ public static int equal(byte[] b, byte[] c) {
+ int result = 0;
+ for (int i = 0; i < 32; i++) {
+ result |= b[i] ^ c[i];
+ }
+ return ~equal(result, 0) & 0x01;
+ }
+
/**
* Constant-time determine if byte is negative.
* @param b the byte to check.
@@ -38,7 +50,7 @@ public class Utils {
* @return 0 or 1, the value of the i'th bit in h
*/
public static int bit(byte[] h, int i) {
- return (h[i/8] >> (i%8)) & 1;
+ return (h[i >> 3] >> (i & 7)) & 1;
}
/**
@@ -55,4 +67,22 @@ public class Utils {
}
return data;
}
+
+ /**
+ * Converts bytes to a hex string.
+ * @param raw the byte[] to be converted.
+ * @return the hex representation as a string.
+ */
+ public static String bytesToHex(byte[] raw) {
+ if ( raw == null ) {
+ return null;
+ }
+ final StringBuilder hex = new StringBuilder(2 * raw.length);
+ for (final byte b : raw) {
+ hex.append(Character.forDigit((b & 0xF0) >> 4, 16))
+ .append(Character.forDigit((b & 0x0F), 16));
+ }
+ return hex.toString();
+ }
+
}
diff --git a/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java b/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java
index 6b0f207ddf..cbba7a3157 100644
--- a/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java
+++ b/core/java/src/net/i2p/crypto/eddsa/math/ed25519/Ed25519FieldElement.java
@@ -1,8 +1,8 @@
package net.i2p.crypto.eddsa.math.ed25519;
+import net.i2p.crypto.eddsa.Utils;
import net.i2p.crypto.eddsa.math.Field;
import net.i2p.crypto.eddsa.math.FieldElement;
-import net.i2p.data.DataHelper;
/**
* An element t, entries t[0]...t[9], represents the integer
@@ -26,11 +26,7 @@ public class Ed25519FieldElement extends FieldElement {
public boolean isNonZero() {
byte[] s = toByteArray();
- int result = 0;
- for (int i = 0; i < 32; i++) {
- result |= s[i] ^ zero[i];
- }
- return result != 0;
+ return Utils.equal(s, zero) == 1;
}
/**
@@ -959,13 +955,11 @@ public class Ed25519FieldElement extends FieldElement {
if (!(obj instanceof Ed25519FieldElement))
return false;
Ed25519FieldElement fe = (Ed25519FieldElement) obj;
- // XXX why does direct byte[] comparison fail?
- // TODO should this be constant time?
- return DataHelper.toString(toByteArray()).equals(DataHelper.toString(fe.toByteArray()));
+ return 1==Utils.equal(toByteArray(), fe.toByteArray());
}
@Override
public String toString() {
- return "[Ed25519FieldElement val="+DataHelper.toString(toByteArray())+"]";
+ return "[Ed25519FieldElement val="+Utils.bytesToHex(toByteArray())+"]";
}
}
--
GitLab