diff options
author | davidben <davidben@chromium.org> | 2015-11-18 19:06:33 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-11-19 03:07:25 +0000 |
commit | 952ee79c0a17c2ed3ceeb4e22b7eafa0da41bbad (patch) | |
tree | 16fe4d0d9836e8e7884ae9417975277755cb1ebd /crypto/curve25519_nss.cc | |
parent | 026b848a61b86043b471d694303684781741ed17 (diff) | |
download | chromium_src-952ee79c0a17c2ed3ceeb4e22b7eafa0da41bbad.zip chromium_src-952ee79c0a17c2ed3ceeb4e22b7eafa0da41bbad.tar.gz chromium_src-952ee79c0a17c2ed3ceeb4e22b7eafa0da41bbad.tar.bz2 |
Roll src/third_party/boringssl/src d7421ebf6..3ac32b1ed
https://boringssl.googlesource.com/boringssl/+log/d7421ebf6cae07051caf657016f160585b64f8a6..3ac32b1eda0da7a99d9c2b6c605fe50af80ccd90
In doing so, switch crypto/curve25519.h to use the new BoringSSL curve25510
code to avoid shipping two copies. This includes a small subgroup check, so
callers need to be tweaked slightly.
BUG=none
Review URL: https://codereview.chromium.org/1459783002
Cr-Commit-Position: refs/heads/master@{#360507}
Diffstat (limited to 'crypto/curve25519_nss.cc')
-rw-r--r-- | crypto/curve25519_nss.cc | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/crypto/curve25519_nss.cc b/crypto/curve25519_nss.cc new file mode 100644 index 0000000..746356f --- /dev/null +++ b/crypto/curve25519_nss.cc @@ -0,0 +1,42 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "crypto/curve25519.h" + +#include "crypto/secure_util.h" + +// Curve25519 is specified in terms of byte strings, not numbers, so all +// implementations take and return the same sequence of bits. So the byte +// order is implicitly specified as in, say, SHA1. +// +// Prototype for |curve25519_donna| function in +// third_party/curve25519-donna/curve25519-donna.c +extern "C" int curve25519_donna(uint8_t*, const uint8_t*, const uint8_t*); + +namespace crypto { + +namespace curve25519 { + +bool ScalarMult(const uint8_t* private_key, + const uint8_t* peer_public_key, + uint8_t* shared_key) { + curve25519_donna(shared_key, private_key, peer_public_key); + + // The all-zero output results when the input is a point of small order. + static const uint8_t kZeros[32] = {0}; + return !SecureMemEqual(shared_key, kZeros, 32); +} + +// kBasePoint is the base point (generator) of the elliptic curve group. +// It is little-endian version of '9' followed by 31 zeros. +// See "Computing public keys" section of http://cr.yp.to/ecdh.html. +static const uint8_t kBasePoint[32] = {9}; + +void ScalarBaseMult(const uint8_t* private_key, uint8_t* public_key) { + curve25519_donna(public_key, private_key, kBasePoint); +} + +} // namespace curve25519 + +} // namespace crypto |