crypton 1.0.2 → 1.0.3
raw patch · 4 files changed
+52/−4 lines, 4 filesPVP ok
version bump matches the API change (PVP)
API changes (from Hackage documentation)
+ Crypto.PubKey.Ed25519: unsafeSign :: ByteArrayAccess ba => SecretKey -> PublicKey -> ba -> Signature
+ Crypto.PubKey.Ed448: unsafeSign :: ByteArrayAccess ba => SecretKey -> PublicKey -> ba -> Signature
Files
- CHANGELOG.md +8/−0
- Crypto/PubKey/Ed25519.hs +22/−2
- Crypto/PubKey/Ed448.hs +21/−1
- crypton.cabal +1/−1
CHANGELOG.md view
@@ -1,3 +1,11 @@+## 1.0.3++* Make sign of Ed25519/Ed448 safer. The public key parameter is+ ignored and its public key is generated from the secret key+ parameter to prevent Double Public Key Signing Function Oracle+ Attack.+ [#47](https://github.com/kazu-yamamoto/crypton/pull/47)+ ## 1.0.2 * Deterministic Nonce Generation for ECDSA
Crypto/PubKey/Ed25519.hs view
@@ -27,6 +27,7 @@ -- * Methods toPublic, sign,+ unsafeSign, verify, generateSecretKey, ) where@@ -100,9 +101,28 @@ ccrypton_ed25519_publickey psec result {-# NOINLINE toPublic #-} --- | Sign a message using the key pair+-- | Sign a message using the key pair.+-- The public key parameter is ignored and its public key+-- is generated from the secret key parameter to prevent+-- Double Public Key Signing Function Oracle Attack. sign :: ByteArrayAccess ba => SecretKey -> PublicKey -> ba -> Signature-sign secret public message =+sign secret _public message =+ Signature $ B.allocAndFreeze signatureSize $ \sig ->+ withByteArray secret $ \sec ->+ withByteArray public $ \pub ->+ withByteArray message $ \msg ->+ ccrypton_ed25519_sign msg (fromIntegral msgLen) sec pub sig+ where+ !msgLen = B.length message+ public = toPublic secret++-- | Sign a message using the key pair. This is old `sign`, which is+-- vulnerable to private key compromise if the given public key does+-- not correspond to the secret key. This function is provided for+-- performance critical applications. To use it safely, applications+-- must verify or derive the public key.+unsafeSign :: ByteArrayAccess ba => SecretKey -> PublicKey -> ba -> Signature+unsafeSign secret public message = Signature $ B.allocAndFreeze signatureSize $ \sig -> withByteArray secret $ \sec -> withByteArray public $ \pub ->
Crypto/PubKey/Ed448.hs view
@@ -31,6 +31,7 @@ -- * Methods toPublic, sign,+ unsafeSign, verify, generateSecretKey, ) where@@ -105,8 +106,27 @@ {-# NOINLINE toPublic #-} -- | Sign a message using the key pair+-- The public key parameter is ignored and its public key+-- is generated from the secret key parameter to prevent+-- Double Public Key Signing Function Oracle Attack. sign :: ByteArrayAccess ba => SecretKey -> PublicKey -> ba -> Signature-sign secret public message =+sign secret _public message =+ Signature $ B.allocAndFreeze signatureSize $ \sig ->+ withByteArray secret $ \sec ->+ withByteArray public $ \pub ->+ withByteArray message $ \msg ->+ decaf_ed448_sign sig sec pub msg (fromIntegral msgLen) 0 no_context 0+ where+ !msgLen = B.length message+ public = toPublic secret++-- | Sign a message using the key pair. This is old `sign`, which is+-- vulnerable to private key compromise if the given public key does+-- not correspond to the secret key. This function is provided for+-- performance critical applications. To use it safely, applications+-- must verify or derive the public key.+unsafeSign :: ByteArrayAccess ba => SecretKey -> PublicKey -> ba -> Signature+unsafeSign secret public message = Signature $ B.allocAndFreeze signatureSize $ \sig -> withByteArray secret $ \sec -> withByteArray public $ \pub ->
crypton.cabal view
@@ -1,6 +1,6 @@ cabal-version: 1.18 name: crypton-version: 1.0.2+version: 1.0.3 license: BSD3 license-file: LICENSE copyright: Vincent Hanquez <vincent@snarc.org>