From 1caade58b3cb8d6d60821b22ecd6a90dfbb06042 Mon Sep 17 00:00:00 2001
From: Saleem Rashid <trezor@saleemrashid.com>
Date: Thu, 1 Jun 2017 16:08:55 +0100
Subject: [PATCH] ed25519-donna: Add ed25519_scalarmult

---
 ed25519-donna/ed25519-keccak.h |  2 ++
 ed25519-donna/ed25519-sha3.h   |  2 ++
 ed25519-donna/ed25519.c        | 20 ++++++++++++++++++++
 ed25519-donna/ed25519.h        |  2 ++
 4 files changed, 26 insertions(+)

diff --git a/ed25519-donna/ed25519-keccak.h b/ed25519-donna/ed25519-keccak.h
index e122a9fda..d5321800e 100644
--- a/ed25519-donna/ed25519-keccak.h
+++ b/ed25519-donna/ed25519-keccak.h
@@ -12,6 +12,8 @@ void ed25519_publickey_keccak(const ed25519_secret_key sk, ed25519_public_key pk
 int ed25519_sign_open_keccak(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
 void ed25519_sign_keccak(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS);
 
+int ed25519_scalarmult_keccak(ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk);
+
 #if defined(__cplusplus)
 }
 #endif
diff --git a/ed25519-donna/ed25519-sha3.h b/ed25519-donna/ed25519-sha3.h
index 0779c5559..58748a555 100644
--- a/ed25519-donna/ed25519-sha3.h
+++ b/ed25519-donna/ed25519-sha3.h
@@ -12,6 +12,8 @@ void ed25519_publickey_sha3(const ed25519_secret_key sk, ed25519_public_key pk);
 int ed25519_sign_open_sha3(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
 void ed25519_sign_sha3(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS);
 
+int ed25519_scalarmult_sha3(ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk);
+
 #if defined(__cplusplus)
 }
 #endif
diff --git a/ed25519-donna/ed25519.c b/ed25519-donna/ed25519.c
index b54d505db..a8946cbbf 100644
--- a/ed25519-donna/ed25519.c
+++ b/ed25519-donna/ed25519.c
@@ -139,6 +139,26 @@ ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed2551
 	return ed25519_verify(RS, checkR, 32) ? 0 : -1;
 }
 
+int
+ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk) {
+	bignum256modm a;
+	ge25519 ALIGN(16) A, P;
+	hash_512bits extsk;
+
+	ed25519_extsk(extsk, sk);
+	expand256_modm(a, extsk, 32);
+
+	if (!ge25519_unpack_negative_vartime(&P, pk)) {
+		return -1;
+	}
+
+	ge25519_scalarmult(&A, &P, a);
+	curve25519_neg(A.x, A.x);
+	ge25519_pack(res, &A);
+	return 0;
+}
+
+
 #ifndef ED25519_SUFFIX
 
 #include "curve25519-donna-scalarmult-base.h"
diff --git a/ed25519-donna/ed25519.h b/ed25519-donna/ed25519.h
index af5cbb277..b42afdc1b 100644
--- a/ed25519-donna/ed25519.h
+++ b/ed25519-donna/ed25519.h
@@ -18,6 +18,8 @@ void ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk);
 int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
 void ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS);
 
+int ed25519_scalarmult(ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk);
+
 void curve25519_scalarmult(curve25519_key mypublic, const curve25519_key secret, const curve25519_key basepoint);
 void curve25519_scalarmult_basepoint(curve25519_key mypublic, const curve25519_key secret);