From a7947fec9ba72d19703f9ae5e6e26513797ff36c Mon Sep 17 00:00:00 2001
From: Saleem Rashid <trezor@saleemrashid.com>
Date: Tue, 16 May 2017 19:26:35 +0100
Subject: [PATCH] ed25519-donna: Add ed25519-keccak

---
 CMakeLists.txt                             |  2 +-
 Makefile                                   |  2 +-
 ed25519-donna/ed25519-hash-custom-keccak.h | 23 ++++++++++++++++++++++
 ed25519-donna/ed25519-keccak.c             |  8 ++++++++
 ed25519-donna/ed25519-keccak.h             | 19 ++++++++++++++++++
 options.h                                  |  2 +-
 sha3.c                                     |  8 ++++++++
 sha3.h                                     |  1 +
 8 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 ed25519-donna/ed25519-hash-custom-keccak.h
 create mode 100644 ed25519-donna/ed25519-keccak.c
 create mode 100644 ed25519-donna/ed25519-keccak.h

diff --git a/CMakeLists.txt b/CMakeLists.txt
index fd59787671..816e0255ee 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,6 +1,6 @@
 cmake_minimum_required(VERSION 2.8)
 
-set(SOURCES address.c aes/aescrypt.c aes/aeskey.c aes/aes_modes.c aes/aestab.c base32.c base58.c bignum.c bip32.c bip39.c ecdsa.c hmac.c nist256p1.c pbkdf2.c rand.c ripemd160.c secp256k1.c sha2.c ed25519-donna/ed25519.c sha3.c ed25519-donna/ed25519-sha3.c)
+set(SOURCES address.c aes/aescrypt.c aes/aeskey.c aes/aes_modes.c aes/aestab.c base32.c base58.c bignum.c bip32.c bip39.c ecdsa.c hmac.c nist256p1.c pbkdf2.c rand.c ripemd160.c secp256k1.c sha2.c sha3.c ed25519-donna/ed25519.c ed25519-donna/ed25519-sha3.c ed25519-donna/ed25519-keccak.c)
 
 add_library(TrezorCrypto STATIC ${SOURCES})
 
diff --git a/Makefile b/Makefile
index 2afcee75d3..a69a2904b7 100644
--- a/Makefile
+++ b/Makefile
@@ -44,7 +44,7 @@ SRCS  += ripemd160.c
 SRCS  += sha2.c
 SRCS  += sha3.c
 SRCS  += aes/aescrypt.c aes/aeskey.c aes/aestab.c aes/aes_modes.c
-SRCS  += ed25519-donna/ed25519.c ed25519-donna/ed25519-sha3.c
+SRCS  += ed25519-donna/ed25519.c ed25519-donna/ed25519-sha3.c ed25519-donna/ed25519-keccak.c
 SRCS  += blake2b.c blake2s.c
 SRCS  += chacha20poly1305/chacha20poly1305.c chacha20poly1305/chacha_merged.c chacha20poly1305/poly1305-donna.c chacha20poly1305/rfc7539.c
 
diff --git a/ed25519-donna/ed25519-hash-custom-keccak.h b/ed25519-donna/ed25519-hash-custom-keccak.h
new file mode 100644
index 0000000000..4cfe148e5e
--- /dev/null
+++ b/ed25519-donna/ed25519-hash-custom-keccak.h
@@ -0,0 +1,23 @@
+/*
+	a custom hash must have a 512bit digest and implement:
+
+	struct ed25519_hash_context;
+
+	void ed25519_hash_init(ed25519_hash_context *ctx);
+	void ed25519_hash_update(ed25519_hash_context *ctx, const uint8_t *in, size_t inlen);
+	void ed25519_hash_final(ed25519_hash_context *ctx, uint8_t *hash);
+	void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen);
+*/
+
+#ifndef ED25519_HASH_CUSTOM
+#define ED25519_HASH_CUSTOM
+
+#include "sha3.h"
+
+#define ed25519_hash_context SHA3_CTX
+#define ed25519_hash_init(ctx) keccak_512_Init(ctx)
+#define ed25519_hash_update(ctx, in, inlen) keccak_Update((ctx), (in), (inlen))
+#define ed25519_hash_final(ctx, hash) keccak_Final((ctx), (hash))
+#define ed25519_hash(hash, in, inlen) keccak_512((in), (inlen), (hash))
+
+#endif // ED25519_HASH_CUSTOM
diff --git a/ed25519-donna/ed25519-keccak.c b/ed25519-donna/ed25519-keccak.c
new file mode 100644
index 0000000000..b109360a78
--- /dev/null
+++ b/ed25519-donna/ed25519-keccak.c
@@ -0,0 +1,8 @@
+#include <stddef.h>
+
+#include "ed25519-keccak.h"
+#include "ed25519-hash-custom-keccak.h"
+
+#define ED25519_SUFFIX _keccak
+
+#include "ed25519.c"
diff --git a/ed25519-donna/ed25519-keccak.h b/ed25519-donna/ed25519-keccak.h
new file mode 100644
index 0000000000..e122a9fda6
--- /dev/null
+++ b/ed25519-donna/ed25519-keccak.h
@@ -0,0 +1,19 @@
+#ifndef ED25519_KECCAK_H
+#define ED25519_KECCAK_H
+
+#include "ed25519.h"
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+void ed25519_publickey_keccak(const ed25519_secret_key sk, ed25519_public_key pk);
+
+int ed25519_sign_open_keccak(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
+void ed25519_sign_keccak(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif // ED25519_KECCAK_H
diff --git a/options.h b/options.h
index 6b7de989b8..a8a1f499df 100644
--- a/options.h
+++ b/options.h
@@ -68,7 +68,7 @@
 
 // support Keccak hashing
 #ifndef USE_KECCAK
-#define USE_KECCAK USE_ETHEREUM
+#define USE_KECCAK 1
 #endif
 
 #endif
diff --git a/sha3.c b/sha3.c
index 43fbc45095..8e1a7f4a1c 100644
--- a/sha3.c
+++ b/sha3.c
@@ -358,6 +358,14 @@ void keccak_Final(SHA3_CTX *ctx, unsigned char* result)
 	assert(block_size > digest_length);
 	if (result) me64_to_le_str(result, ctx->hash, digest_length);
 }
+
+void keccak_512(const unsigned char* data, size_t len, unsigned char* digest)
+{
+	SHA3_CTX ctx;
+	keccak_512_Init(&ctx);
+	keccak_Update(&ctx, data, len);
+	keccak_Final(&ctx, digest);
+}
 #endif /* USE_KECCAK */
 
 void sha3_256(const unsigned char* data, size_t len, unsigned char* digest)
diff --git a/sha3.h b/sha3.h
index 9d0d19b775..24547a2103 100644
--- a/sha3.h
+++ b/sha3.h
@@ -75,6 +75,7 @@ void sha3_Final(SHA3_CTX *ctx, unsigned char* result);
 #define keccak_512_Init sha3_512_Init
 #define keccak_Update sha3_Update
 void keccak_Final(SHA3_CTX *ctx, unsigned char* result);
+void keccak_512(const unsigned char* data, size_t len, unsigned char* digest);
 #endif
 
 void sha3_256(const unsigned char* data, size_t len, unsigned char* digest);