return 0;
}
+int
+ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
+ const uint8_t *seed)
+{
+ if (ed25519_ref10_seckey_expand(seckey_out->seckey, seed) < 0)
+ return -1;
+ return 0;
+}
+
int
ed25519_public_key_generate(ed25519_public_key_t *pubkey_out,
const ed25519_secret_key_t *seckey)
#include "torint.h"
#define ED25519_PUBKEY_LEN 32
-#define ED25519_SECKEY_LEN 32
+#define ED25519_SECKEY_LEN 64
+#define ED25519_SECKEY_SEED_LEN 32
#define ED25519_SIG_LEN 64
/** An Ed25519 signature. */
#ifdef CURVE25519_ENABLED
int ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
int extra_strong);
+int ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
+ const uint8_t *seed);
+
int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out,
const ed25519_secret_key_t *seckey);
int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong);
#define crypto_sign ed25519_ref10_sign
#define crypto_sign_keypair ed25519_ref10_keygen
#define crypto_sign_seckey ed25519_ref10_seckey
+#define crypto_sign_seckey_expand ed25519_ref10_seckey_expand
#define crypto_sign_pubkey ed25519_ref10_pubkey
#define crypto_sign_open ed25519_ref10_open
#include <torint.h>
int ed25519_ref10_seckey(unsigned char *sk);
+int ed25519_ref10_seckey_expand(unsigned char *sk, const unsigned char *sk_seed);
int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk);
int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk);
int ed25519_ref10_open(
int
crypto_sign_seckey(unsigned char *sk)
{
- randombytes(sk,32);
+ unsigned char seed[32];
+
+ randombytes(seed,32);
+
+ crypto_sign_seckey_expand(sk, seed);
+
+ memwipe(seed, 0, 32);
+
+ return 0;
+}
+
+int crypto_sign_seckey_expand(unsigned char *sk, const unsigned char *skseed)
+{
+ crypto_hash_sha512(sk,skseed,32);
+ sk[0] &= 248;
+ sk[31] &= 63;
+ sk[31] |= 64;
return 0;
}
int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk)
{
- unsigned char az[64];
ge_p3 A;
- crypto_hash_sha512(az,sk,32);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
-
- ge_scalarmult_base(&A,az);
+ ge_scalarmult_base(&A,sk);
ge_p3_tobytes(pk,&A);
return 0;
const unsigned char *sk,const unsigned char *pk
)
{
- unsigned char az[64];
unsigned char nonce[64];
unsigned char hram[64];
ge_p3 R;
- crypto_hash_sha512(az,sk,32);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
-
- crypto_hash_sha512_2(nonce, az+32, 32, m, mlen);
+ crypto_hash_sha512_2(nonce, sk+32, 32, m, mlen);
sc_reduce(nonce);
ge_scalarmult_base(&R,nonce);
crypto_hash_sha512_3(hram, sig, 32, pk, 32, m, mlen);
sc_reduce(hram);
- sc_muladd(sig + 32,hram,az,nonce);
+ sc_muladd(sig + 32,hram,sk,nonce);
return 0;
}
for (i = 0; items[i].pk; ++i) {
ed25519_keypair_t kp;
ed25519_signature_t sig;
+ uint8_t sk_seed[32];
uint8_t *msg;
size_t msg_len;
- base16_decode((char*)kp.seckey.seckey, sizeof(kp.seckey.seckey),
+ base16_decode((char*)sk_seed, sizeof(sk_seed),
items[i].sk, 64);
+ ed25519_secret_key_from_seed(&kp.seckey, sk_seed);
tt_int_op(0, ==, ed25519_public_key_generate(&kp.pubkey, &kp.seckey));
test_memeq_hex(kp.pubkey.pubkey, items[i].pk);
projects / thirdparty / tor.git / commitdiff
