Commit Graph

8 Commits (cbebc040ccf044aeeb4dd2256e51a59658d756c2)

Author SHA1 Message Date
Moxie Marlinspike e7b6a852c5 Fix bug caused by 1mod8 compatibility issue.
In the switch from v3, we bind identities in the message MAC
instead of doing the 1mod8 trick.  Since identity keys were
never set as 1mod8, it seemed like we could just remove it.

However, PreKeys are durable.  If an old client upgrades to v3,
it has a bunch of keys that *were* set to 1mod8 floating around.
The Curve25519 donna code re-sets the private key bits on every
operation, which results in a different key, and breaks the output
of an agreement.

So now we don't intentionally generate keys with 1mod8, but we
have to remove the donna code to honor existing 1mod8 keys for
the rest of time.  Trevor is squarely to blame.

// FREEBIE
11 years ago
Moxie Marlinspike 54612159be Update ed25519 extract and tests 11 years ago
Moxie Marlinspike 238f29c90a Updated to latest of Trevor's ref10-extract 11 years ago
Moxie Marlinspike 27b5bf54cc Remove 1 mod 8. 11 years ago
Moxie Marlinspike 1eb3884b7a Update to latest ref10-extract ed25519 11 years ago
Moxie Marlinspike 144f269059 Upgrade curve25519-donna to latest. 11 years ago
Moxie Marlinspike 2ed8d333d9 Add ed25519 11 years ago
Moxie Marlinspike d902c12941 Break core ratchet out into libaxolotol.
1) Break the core cryptography functions out into libaxolotol.

2) The objective for this code is a Java library that isn't
   dependent on any Android functions.  However, while the
   code has been separated from any Android functionality,
   it is still an 'android library project' because of the
   JNI.
11 years ago