From 7ec87d8616d0034903d68f74d1c58a543c812d5b Mon Sep 17 00:00:00 2001 From: Andrew Bennett Date: Fri, 26 Aug 2016 12:29:44 -0400 Subject: [PATCH] Use magic constant ED25519_NO_CONTEXT for non-contextual operations. --- src/GENERATED/c/curve25519/eddsa.c | 25 ++++++++++--------------- src/GENERATED/c/ed448goldilocks/eddsa.c | 25 ++++++++++--------------- src/GENERATED/include/decaf/ed255.h | 11 ++++------- src/GENERATED/include/decaf/ed255.hxx | 17 ++++++----------- src/GENERATED/include/decaf/ed448.h | 10 +++------- src/GENERATED/include/decaf/ed448.hxx | 17 ++++++----------- src/per_curve/eddsa.tmpl.c | 25 ++++++++++--------------- src/per_curve/eddsa.tmpl.h | 10 +++------- src/per_curve/eddsa.tmpl.hxx | 17 ++++++----------- test/test_decaf.cxx | 4 ++-- test/vectors.inc.cxx | 23 +++-------------------- 11 files changed, 63 insertions(+), 121 deletions(-) diff --git a/src/GENERATED/c/curve25519/eddsa.c b/src/GENERATED/c/curve25519/eddsa.c index faf853a..7e50ab0 100644 --- a/src/GENERATED/c/curve25519/eddsa.c +++ b/src/GENERATED/c/curve25519/eddsa.c @@ -58,21 +58,18 @@ static void hash_init_with_dom( uint8_t prehashed, uint8_t for_prehash, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) { hash_init(hash); - + #if NO_CONTEXT - if (no_context) { + if (context_len == 0 && context == ED25519_NO_CONTEXT) { (void)prehashed; (void)for_prehash; (void)context; (void)context_len; return; } -#else - (void)no_context; #endif const char *dom_s = "SigEd25519 no Ed25519 collisions"; const uint8_t dom[2] = {2+word_is_zero(prehashed)+word_is_zero(for_prehash), context_len}; @@ -134,8 +131,7 @@ void decaf_ed25519_sign ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) { API_NS(scalar_t) secret_scalar; hash_ctx_t hash; @@ -155,7 +151,7 @@ void decaf_ed25519_sign ( API_NS(scalar_decode_long)(secret_scalar, expanded.secret_scalar_ser, sizeof(expanded.secret_scalar_ser)); /* Hash to create the nonce */ - hash_init_with_dom(hash,prehashed,0,context,context_len,no_context); + hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,expanded.seed,sizeof(expanded.seed)); hash_update(hash,message,message_len); decaf_bzero(&expanded, sizeof(expanded)); @@ -189,7 +185,7 @@ void decaf_ed25519_sign ( API_NS(scalar_t) challenge_scalar; { /* Compute the challenge */ - hash_init_with_dom(hash,prehashed,0,context,context_len,no_context); + hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,nonce_point,sizeof(nonce_point)); hash_update(hash,pubkey,DECAF_EDDSA_25519_PUBLIC_BYTES); hash_update(hash,message,message_len); @@ -229,7 +225,7 @@ void decaf_ed25519_sign_prehash ( hash_destroy(hash_too); } - decaf_ed25519_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0); + decaf_ed25519_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len); decaf_bzero(hash_output,sizeof(hash_output)); } @@ -240,8 +236,7 @@ decaf_error_t decaf_ed25519_verify ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) { API_NS(point_t) pk_point, r_point; decaf_error_t error = API_NS(point_decode_like_eddsa_and_ignore_cofactor)(pk_point,pubkey); @@ -254,7 +249,7 @@ decaf_error_t decaf_ed25519_verify ( { /* Compute the challenge */ hash_ctx_t hash; - hash_init_with_dom(hash,prehashed,0,context,context_len,no_context); + hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,signature,DECAF_EDDSA_25519_PUBLIC_BYTES); hash_update(hash,pubkey,DECAF_EDDSA_25519_PUBLIC_BYTES); hash_update(hash,message,message_len); @@ -305,7 +300,7 @@ decaf_error_t decaf_ed25519_verify_prehash ( hash_destroy(hash_too); } - ret = decaf_ed25519_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0); + ret = decaf_ed25519_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len); return ret; } diff --git a/src/GENERATED/c/ed448goldilocks/eddsa.c b/src/GENERATED/c/ed448goldilocks/eddsa.c index 9e0f84c..4cfbf3c 100644 --- a/src/GENERATED/c/ed448goldilocks/eddsa.c +++ b/src/GENERATED/c/ed448goldilocks/eddsa.c @@ -58,21 +58,18 @@ static void hash_init_with_dom( uint8_t prehashed, uint8_t for_prehash, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) { hash_init(hash); - + #if NO_CONTEXT - if (no_context) { + if (context_len == 0 && context == ED448_NO_CONTEXT) { (void)prehashed; (void)for_prehash; (void)context; (void)context_len; return; } -#else - (void)no_context; #endif const char *dom_s = "SigEd448"; const uint8_t dom[2] = {2+word_is_zero(prehashed)+word_is_zero(for_prehash), context_len}; @@ -134,8 +131,7 @@ void decaf_ed448_sign ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) { API_NS(scalar_t) secret_scalar; hash_ctx_t hash; @@ -155,7 +151,7 @@ void decaf_ed448_sign ( API_NS(scalar_decode_long)(secret_scalar, expanded.secret_scalar_ser, sizeof(expanded.secret_scalar_ser)); /* Hash to create the nonce */ - hash_init_with_dom(hash,prehashed,0,context,context_len,no_context); + hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,expanded.seed,sizeof(expanded.seed)); hash_update(hash,message,message_len); decaf_bzero(&expanded, sizeof(expanded)); @@ -189,7 +185,7 @@ void decaf_ed448_sign ( API_NS(scalar_t) challenge_scalar; { /* Compute the challenge */ - hash_init_with_dom(hash,prehashed,0,context,context_len,no_context); + hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,nonce_point,sizeof(nonce_point)); hash_update(hash,pubkey,DECAF_EDDSA_448_PUBLIC_BYTES); hash_update(hash,message,message_len); @@ -229,7 +225,7 @@ void decaf_ed448_sign_prehash ( hash_destroy(hash_too); } - decaf_ed448_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0); + decaf_ed448_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len); decaf_bzero(hash_output,sizeof(hash_output)); } @@ -240,8 +236,7 @@ decaf_error_t decaf_ed448_verify ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) { API_NS(point_t) pk_point, r_point; decaf_error_t error = API_NS(point_decode_like_eddsa_and_ignore_cofactor)(pk_point,pubkey); @@ -254,7 +249,7 @@ decaf_error_t decaf_ed448_verify ( { /* Compute the challenge */ hash_ctx_t hash; - hash_init_with_dom(hash,prehashed,0,context,context_len,no_context); + hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,signature,DECAF_EDDSA_448_PUBLIC_BYTES); hash_update(hash,pubkey,DECAF_EDDSA_448_PUBLIC_BYTES); hash_update(hash,message,message_len); @@ -305,7 +300,7 @@ decaf_error_t decaf_ed448_verify_prehash ( hash_destroy(hash_too); } - ret = decaf_ed448_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0); + ret = decaf_ed448_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len); return ret; } diff --git a/src/GENERATED/include/decaf/ed255.h b/src/GENERATED/include/decaf/ed255.h index 4f0e77c..27fa44f 100644 --- a/src/GENERATED/include/decaf/ed255.h +++ b/src/GENERATED/include/decaf/ed255.h @@ -34,7 +34,8 @@ extern "C" { /** Does EdDSA support non-contextual signatures? */ #define DECAF_EDDSA_25519_NO_CONTEXT 1 - +const uint8_t * const ED25519_NO_CONTEXT = (const uint8_t * const)(25519); + /** Prehash context renaming macros. */ #define decaf_ed25519_prehash_ctx_s decaf_sha512_ctx_s #define decaf_ed25519_prehash_ctx_t decaf_sha512_ctx_t @@ -64,7 +65,6 @@ void decaf_ed25519_derive_public_key ( * @param [in] prehashed Nonzero if the message is actually the hash of something you want to sign. * @param [in] context A "context" for this signature of up to 255 bytes. * @param [in] context_len Length of the context. - * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported). * * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed * messages, at least without some very careful protocol-level disambiguation. For Ed448 it is @@ -79,8 +79,7 @@ void decaf_ed25519_sign ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) API_VIS __attribute__((nonnull(1,2,3))) NOINLINE; /** @@ -128,7 +127,6 @@ void decaf_ed25519_prehash_init ( * @param [in] prehashed Nonzero if the message is actually the hash of something you want to verify. * @param [in] context A "context" for this signature of up to 255 bytes. * @param [in] context_len Length of the context. - * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported). * * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed * messages, at least without some very careful protocol-level disambiguation. For Ed448 it is @@ -142,8 +140,7 @@ decaf_error_t decaf_ed25519_verify ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) API_VIS __attribute__((nonnull(1,2))) NOINLINE; /** diff --git a/src/GENERATED/include/decaf/ed255.hxx b/src/GENERATED/include/decaf/ed255.hxx index bbd9c50..26ebc80 100644 --- a/src/GENERATED/include/decaf/ed255.hxx +++ b/src/GENERATED/include/decaf/ed255.hxx @@ -141,8 +141,7 @@ public: */ inline SecureBuffer sign ( const Block &message, - const Block &context = Block(NULL,0), - const bool no_context = false + const Block &context = Block(NULL,0) ) const /* TODO: this exn spec tickles a Clang bug? * throw(LengthException, std::bad_alloc) */ { @@ -159,8 +158,7 @@ public: message.size(), 0, context.data(), - context.size(), - no_context + context.size() ); return out; } @@ -247,8 +245,7 @@ public: inline decaf_error_t WARN_UNUSED verify_noexcept ( const FixedBlock &sig, const Block &message, - const Block &context = Block(NULL,0), - const bool no_context = false + const Block &context = Block(NULL,0) ) const /*NOEXCEPT*/ { if (context.size() > 255) { return DECAF_FAILURE; @@ -261,8 +258,7 @@ public: message.size(), 0, context.data(), - context.size(), - no_context + context.size() ); } @@ -276,14 +272,13 @@ public: inline void verify ( const FixedBlock &sig, const Block &message, - const Block &context = Block(NULL,0), - const bool no_context = false + const Block &context = Block(NULL,0) ) const /*throw(LengthException,CryptoException)*/ { if (context.size() > 255) { throw LengthException(); } - if (DECAF_SUCCESS != verify_noexcept( sig, message, context, no_context )) { + if (DECAF_SUCCESS != verify_noexcept( sig, message, context )) { throw CryptoException(); } } diff --git a/src/GENERATED/include/decaf/ed448.h b/src/GENERATED/include/decaf/ed448.h index 967675b..1c011ed 100644 --- a/src/GENERATED/include/decaf/ed448.h +++ b/src/GENERATED/include/decaf/ed448.h @@ -34,7 +34,7 @@ extern "C" { /** Does EdDSA support non-contextual signatures? */ #define DECAF_EDDSA_448_NO_CONTEXT 0 - + /** Prehash context renaming macros. */ #define decaf_ed448_prehash_ctx_s decaf_shake256_ctx_s #define decaf_ed448_prehash_ctx_t decaf_shake256_ctx_t @@ -64,7 +64,6 @@ void decaf_ed448_derive_public_key ( * @param [in] prehashed Nonzero if the message is actually the hash of something you want to sign. * @param [in] context A "context" for this signature of up to 255 bytes. * @param [in] context_len Length of the context. - * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported). * * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed * messages, at least without some very careful protocol-level disambiguation. For Ed448 it is @@ -79,8 +78,7 @@ void decaf_ed448_sign ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) API_VIS __attribute__((nonnull(1,2,3))) NOINLINE; /** @@ -128,7 +126,6 @@ void decaf_ed448_prehash_init ( * @param [in] prehashed Nonzero if the message is actually the hash of something you want to verify. * @param [in] context A "context" for this signature of up to 255 bytes. * @param [in] context_len Length of the context. - * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported). * * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed * messages, at least without some very careful protocol-level disambiguation. For Ed448 it is @@ -142,8 +139,7 @@ decaf_error_t decaf_ed448_verify ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) API_VIS __attribute__((nonnull(1,2))) NOINLINE; /** diff --git a/src/GENERATED/include/decaf/ed448.hxx b/src/GENERATED/include/decaf/ed448.hxx index 65ae139..4b1e26b 100644 --- a/src/GENERATED/include/decaf/ed448.hxx +++ b/src/GENERATED/include/decaf/ed448.hxx @@ -141,8 +141,7 @@ public: */ inline SecureBuffer sign ( const Block &message, - const Block &context = Block(NULL,0), - const bool no_context = false + const Block &context = Block(NULL,0) ) const /* TODO: this exn spec tickles a Clang bug? * throw(LengthException, std::bad_alloc) */ { @@ -159,8 +158,7 @@ public: message.size(), 0, context.data(), - context.size(), - no_context + context.size() ); return out; } @@ -247,8 +245,7 @@ public: inline decaf_error_t WARN_UNUSED verify_noexcept ( const FixedBlock &sig, const Block &message, - const Block &context = Block(NULL,0), - const bool no_context = false + const Block &context = Block(NULL,0) ) const /*NOEXCEPT*/ { if (context.size() > 255) { return DECAF_FAILURE; @@ -261,8 +258,7 @@ public: message.size(), 0, context.data(), - context.size(), - no_context + context.size() ); } @@ -276,14 +272,13 @@ public: inline void verify ( const FixedBlock &sig, const Block &message, - const Block &context = Block(NULL,0), - const bool no_context = false + const Block &context = Block(NULL,0) ) const /*throw(LengthException,CryptoException)*/ { if (context.size() > 255) { throw LengthException(); } - if (DECAF_SUCCESS != verify_noexcept( sig, message, context, no_context )) { + if (DECAF_SUCCESS != verify_noexcept( sig, message, context )) { throw CryptoException(); } } diff --git a/src/per_curve/eddsa.tmpl.c b/src/per_curve/eddsa.tmpl.c index 5d9448f..cd0f81b 100644 --- a/src/per_curve/eddsa.tmpl.c +++ b/src/per_curve/eddsa.tmpl.c @@ -49,21 +49,18 @@ static void hash_init_with_dom( uint8_t prehashed, uint8_t for_prehash, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) { hash_init(hash); - + #if NO_CONTEXT - if (no_context) { + if (context_len == 0 && context == ED$(gf_shortname)_NO_CONTEXT) { (void)prehashed; (void)for_prehash; (void)context; (void)context_len; return; } -#else - (void)no_context; #endif const char *dom_s = "$(eddsa_dom)"; const uint8_t dom[2] = {2+word_is_zero(prehashed)+word_is_zero(for_prehash), context_len}; @@ -125,8 +122,7 @@ void decaf_ed$(gf_shortname)_sign ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) { API_NS(scalar_t) secret_scalar; hash_ctx_t hash; @@ -146,7 +142,7 @@ void decaf_ed$(gf_shortname)_sign ( API_NS(scalar_decode_long)(secret_scalar, expanded.secret_scalar_ser, sizeof(expanded.secret_scalar_ser)); /* Hash to create the nonce */ - hash_init_with_dom(hash,prehashed,0,context,context_len,no_context); + hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,expanded.seed,sizeof(expanded.seed)); hash_update(hash,message,message_len); decaf_bzero(&expanded, sizeof(expanded)); @@ -180,7 +176,7 @@ void decaf_ed$(gf_shortname)_sign ( API_NS(scalar_t) challenge_scalar; { /* Compute the challenge */ - hash_init_with_dom(hash,prehashed,0,context,context_len,no_context); + hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,nonce_point,sizeof(nonce_point)); hash_update(hash,pubkey,DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES); hash_update(hash,message,message_len); @@ -220,7 +216,7 @@ void decaf_ed$(gf_shortname)_sign_prehash ( hash_destroy(hash_too); } - decaf_ed$(gf_shortname)_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0); + decaf_ed$(gf_shortname)_sign(signature,privkey,pubkey,hash_output,sizeof(hash_output),1,context,context_len); decaf_bzero(hash_output,sizeof(hash_output)); } @@ -231,8 +227,7 @@ decaf_error_t decaf_ed$(gf_shortname)_verify ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) { API_NS(point_t) pk_point, r_point; decaf_error_t error = API_NS(point_decode_like_eddsa_and_ignore_cofactor)(pk_point,pubkey); @@ -245,7 +240,7 @@ decaf_error_t decaf_ed$(gf_shortname)_verify ( { /* Compute the challenge */ hash_ctx_t hash; - hash_init_with_dom(hash,prehashed,0,context,context_len,no_context); + hash_init_with_dom(hash,prehashed,0,context,context_len); hash_update(hash,signature,DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES); hash_update(hash,pubkey,DECAF_EDDSA_$(gf_shortname)_PUBLIC_BYTES); hash_update(hash,message,message_len); @@ -296,7 +291,7 @@ decaf_error_t decaf_ed$(gf_shortname)_verify_prehash ( hash_destroy(hash_too); } - ret = decaf_ed$(gf_shortname)_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len,0); + ret = decaf_ed$(gf_shortname)_verify(signature,pubkey,hash_output,sizeof(hash_output),1,context,context_len); return ret; } diff --git a/src/per_curve/eddsa.tmpl.h b/src/per_curve/eddsa.tmpl.h index 0b16349..44883c5 100644 --- a/src/per_curve/eddsa.tmpl.h +++ b/src/per_curve/eddsa.tmpl.h @@ -19,7 +19,7 @@ extern "C" { /** Does EdDSA support non-contextual signatures? */ #define DECAF_EDDSA_$(gf_shortname)_NO_CONTEXT $(eddsa_no_context) - +$("const uint8_t * const ED" + gf_shortname + "_NO_CONTEXT = (const uint8_t * const)(" + gf_shortname + ");\n" if eddsa_no_context else "") /** Prehash context renaming macros. */ #define decaf_ed$(gf_shortname)_prehash_ctx_s decaf_$(eddsa_hash)_ctx_s #define decaf_ed$(gf_shortname)_prehash_ctx_t decaf_$(eddsa_hash)_ctx_t @@ -49,7 +49,6 @@ void decaf_ed$(gf_shortname)_derive_public_key ( * @param [in] prehashed Nonzero if the message is actually the hash of something you want to sign. * @param [in] context A "context" for this signature of up to 255 bytes. * @param [in] context_len Length of the context. - * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported). * * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed * messages, at least without some very careful protocol-level disambiguation. For Ed448 it is @@ -64,8 +63,7 @@ void decaf_ed$(gf_shortname)_sign ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) API_VIS __attribute__((nonnull(1,2,3))) NOINLINE; /** @@ -113,7 +111,6 @@ void decaf_ed$(gf_shortname)_prehash_init ( * @param [in] prehashed Nonzero if the message is actually the hash of something you want to verify. * @param [in] context A "context" for this signature of up to 255 bytes. * @param [in] context_len Length of the context. - * @param [in] no_context Nonzero if no context should be used (only Ed25519 supported). * * @warning For Ed25519, it is unsafe to use the same key for both prehashed and non-prehashed * messages, at least without some very careful protocol-level disambiguation. For Ed448 it is @@ -127,8 +124,7 @@ decaf_error_t decaf_ed$(gf_shortname)_verify ( size_t message_len, uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - uint8_t no_context + uint8_t context_len ) API_VIS __attribute__((nonnull(1,2))) NOINLINE; /** diff --git a/src/per_curve/eddsa.tmpl.hxx b/src/per_curve/eddsa.tmpl.hxx index e56fcf0..4bdeddd 100644 --- a/src/per_curve/eddsa.tmpl.hxx +++ b/src/per_curve/eddsa.tmpl.hxx @@ -125,8 +125,7 @@ public: */ inline SecureBuffer sign ( const Block &message, - const Block &context = Block(NULL,0), - const bool no_context = false + const Block &context = Block(NULL,0) ) const /* TODO: this exn spec tickles a Clang bug? * throw(LengthException, std::bad_alloc) */ { @@ -143,8 +142,7 @@ public: message.size(), 0, context.data(), - context.size(), - no_context + context.size() ); return out; } @@ -231,8 +229,7 @@ public: inline decaf_error_t WARN_UNUSED verify_noexcept ( const FixedBlock &sig, const Block &message, - const Block &context = Block(NULL,0), - const bool no_context = false + const Block &context = Block(NULL,0) ) const /*NOEXCEPT*/ { if (context.size() > 255) { return DECAF_FAILURE; @@ -245,8 +242,7 @@ public: message.size(), 0, context.data(), - context.size(), - no_context + context.size() ); } @@ -260,14 +256,13 @@ public: inline void verify ( const FixedBlock &sig, const Block &message, - const Block &context = Block(NULL,0), - const bool no_context = false + const Block &context = Block(NULL,0) ) const /*throw(LengthException,CryptoException)*/ { if (context.size() > 255) { throw LengthException(); } - if (DECAF_SUCCESS != verify_noexcept( sig, message, context, no_context )) { + if (DECAF_SUCCESS != verify_noexcept( sig, message, context )) { throw CryptoException(); } } diff --git a/test/test_decaf.cxx b/test/test_decaf.cxx index a55fda2..5b0f7ec 100644 --- a/test/test_decaf.cxx +++ b/test/test_decaf.cxx @@ -469,7 +469,7 @@ static void test_cfrg_crypto() { } } -static const bool eddsa_prehashed[], eddsa_no_context[]; +static const bool eddsa_prehashed[]; static const Block eddsa_sk[], eddsa_pk[], eddsa_message[], eddsa_context[], eddsa_sig[]; static void test_cfrg_vectors() { @@ -499,7 +499,7 @@ static void test_cfrg_vectors() { typename EdDSA::PrivateKeyPh priv2(eddsa_sk[t]); sig = priv2.sign_with_prehash(eddsa_message[t],eddsa_context[t]); } else { - sig = priv.sign(eddsa_message[t],eddsa_context[t],eddsa_no_context[t]); + sig = priv.sign(eddsa_message[t],eddsa_context[t]); } if (!memeq(SecureBuffer(eddsa_sig[t]),sig)) { diff --git a/test/vectors.inc.cxx b/test/vectors.inc.cxx index 9560dea..4731598 100644 --- a/test/vectors.inc.cxx +++ b/test/vectors.inc.cxx @@ -346,15 +346,6 @@ template<> const Block Tests::eddsa_context[] = { Block(NULL,0), Block(ed448_eddsa_context[0],3) }; -template<> const bool Tests::eddsa_no_context[] = { - false, - false, - false, - false, - false, - false, - false -}; template<> const Block Tests::eddsa_sig[] = { Block(ed448_eddsa_sig[0],114), Block(ed448_eddsa_sig[1],114), @@ -516,21 +507,13 @@ template<> const Block Tests::eddsa_pk[] = { Block(ed25519_eddsa_pk[4],32) }; template<> const Block Tests::eddsa_context[] = { - Block(NULL,0), - Block(NULL,0), - Block(NULL,0), + Block(ED25519_NO_CONTEXT,0), + Block(ED25519_NO_CONTEXT,0), + Block(ED25519_NO_CONTEXT,0), Block(NULL,0), Block(ed25519_eddsa_context[0],3), Block(ed25519_eddsa_context[1],3) }; -template<> const bool Tests::eddsa_no_context[] = { - true, - true, - true, - false, - false, - false -}; template<> const Block Tests::eddsa_message[] = { Block(ed25519_eddsa_message[0],0), Block(ed25519_eddsa_message[1],1),