|
|
|
|
@ -43,32 +43,11 @@ ed25519_hram(hash_512bits hram, const ed25519_public_key R, const ed25519_public
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
|
|
|
|
|
bignum256modm a = {0};
|
|
|
|
|
ge25519 ALIGN(16) A;
|
|
|
|
|
hash_512bits extsk = {0};
|
|
|
|
|
|
|
|
|
|
ed25519_extsk(extsk, sk);
|
|
|
|
|
expand256_modm(a, extsk, 32);
|
|
|
|
|
ed25519_publickey_ext(extsk, pk);
|
|
|
|
|
memzero(&extsk, sizeof(extsk));
|
|
|
|
|
|
|
|
|
|
/* A = aB */
|
|
|
|
|
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
|
|
|
|
memzero(&a, sizeof(a));
|
|
|
|
|
ge25519_pack(pk, &A);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if USE_CARDANO
|
|
|
|
|
void
|
|
|
|
|
ED25519_FN(ed25519_publickey_ext) (const ed25519_secret_key extsk, ed25519_public_key pk) {
|
|
|
|
|
bignum256modm a = {0};
|
|
|
|
|
ge25519 ALIGN(16) A;
|
|
|
|
|
|
|
|
|
|
expand256_modm(a, extsk, 32);
|
|
|
|
|
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
|
|
|
|
memzero(&a, sizeof(a));
|
|
|
|
|
ge25519_pack(pk, &A);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key nonce, const ed25519_public_key R, const ed25519_public_key pk, ed25519_cosi_signature sig) {
|
|
|
|
|
@ -100,55 +79,6 @@ ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed2551
|
|
|
|
|
contract256_modm(sig, S);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS) {
|
|
|
|
|
ed25519_hash_context ctx;
|
|
|
|
|
bignum256modm r = {0}, S = {0}, a = {0};
|
|
|
|
|
ge25519 ALIGN(16) R = {0};
|
|
|
|
|
ge25519 ALIGN(16) A = {0};
|
|
|
|
|
ed25519_public_key pk = {0};
|
|
|
|
|
hash_512bits extsk = {0}, hashr = {0}, hram = {0};
|
|
|
|
|
|
|
|
|
|
ed25519_extsk(extsk, sk);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* r = H(aExt[32..64], m) */
|
|
|
|
|
ed25519_hash_init(&ctx);
|
|
|
|
|
ed25519_hash_update(&ctx, extsk + 32, 32);
|
|
|
|
|
ed25519_hash_update(&ctx, m, mlen);
|
|
|
|
|
ed25519_hash_final(&ctx, hashr);
|
|
|
|
|
expand256_modm(r, hashr, 64);
|
|
|
|
|
memzero(&hashr, sizeof(hashr));
|
|
|
|
|
|
|
|
|
|
/* R = rB */
|
|
|
|
|
ge25519_scalarmult_base_niels(&R, ge25519_niels_base_multiples, r);
|
|
|
|
|
ge25519_pack(RS, &R);
|
|
|
|
|
|
|
|
|
|
/* a = aExt[0..31] */
|
|
|
|
|
expand256_modm(a, extsk, 32);
|
|
|
|
|
memzero(&extsk, sizeof(extsk));
|
|
|
|
|
|
|
|
|
|
/* A = aB */
|
|
|
|
|
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
|
|
|
|
ge25519_pack(pk, &A);
|
|
|
|
|
|
|
|
|
|
/* S = H(R,A,m).. */
|
|
|
|
|
ed25519_hram(hram, RS, pk, m, mlen);
|
|
|
|
|
expand256_modm(S, hram, 64);
|
|
|
|
|
|
|
|
|
|
/* S = H(R,A,m)a */
|
|
|
|
|
mul256_modm(S, S, a);
|
|
|
|
|
memzero(&a, sizeof(a));
|
|
|
|
|
|
|
|
|
|
/* S = (r + H(R,A,m)a) */
|
|
|
|
|
add256_modm(S, S, r);
|
|
|
|
|
memzero(&r, sizeof(r));
|
|
|
|
|
|
|
|
|
|
/* S = (r + H(R,A,m)a) mod L */
|
|
|
|
|
contract256_modm(RS + 32, S);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if USE_CARDANO
|
|
|
|
|
void
|
|
|
|
|
ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_signature RS) {
|
|
|
|
|
ed25519_hash_context ctx;
|
|
|
|
|
@ -199,7 +129,14 @@ ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519
|
|
|
|
|
/* S = (r + H(R,A,m)a) mod L */
|
|
|
|
|
contract256_modm(RS + 32, S);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS) {
|
|
|
|
|
hash_512bits extsk = {0};
|
|
|
|
|
ed25519_extsk(extsk, sk);
|
|
|
|
|
ED25519_FN(ed25519_sign_ext)(m, mlen, extsk, extsk + 32, RS);
|
|
|
|
|
memzero(&extsk, sizeof(extsk));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
|
|
|
|
|
@ -254,6 +191,19 @@ ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key
|
|
|
|
|
|
|
|
|
|
#include "curve25519-donna-scalarmult-base.h"
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk) {
|
|
|
|
|
bignum256modm a = {0};
|
|
|
|
|
ge25519 ALIGN(16) A;
|
|
|
|
|
|
|
|
|
|
expand256_modm(a, extsk, 32);
|
|
|
|
|
|
|
|
|
|
/* A = aB */
|
|
|
|
|
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
|
|
|
|
memzero(&a, sizeof(a));
|
|
|
|
|
ge25519_pack(pk, &A);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key *pks, size_t n) {
|
|
|
|
|
size_t i = 0;
|
|
|
|
|
|
Andrew Kozlik
2 years ago
committed by