mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-25 00:48:19 +00:00
refactor(crypto): Reduce code duplication in ed25519.c.
This commit is contained in:
parent
093fbecb7a
commit
c0cf84c03d
@ -43,33 +43,12 @@ ed25519_hram(hash_512bits hram, const ed25519_public_key R, const ed25519_public
|
||||
|
||||
void
|
||||
ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
|
||||
bignum256modm a = {0};
|
||||
ge25519 ALIGN(16) A;
|
||||
hash_512bits extsk = {0};
|
||||
|
||||
ed25519_extsk(extsk, sk);
|
||||
expand256_modm(a, extsk, 32);
|
||||
ed25519_publickey_ext(extsk, pk);
|
||||
memzero(&extsk, sizeof(extsk));
|
||||
|
||||
/* A = aB */
|
||||
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
||||
memzero(&a, sizeof(a));
|
||||
ge25519_pack(pk, &A);
|
||||
}
|
||||
|
||||
#if USE_CARDANO
|
||||
void
|
||||
ED25519_FN(ed25519_publickey_ext) (const ed25519_secret_key extsk, ed25519_public_key pk) {
|
||||
bignum256modm a = {0};
|
||||
ge25519 ALIGN(16) A;
|
||||
|
||||
expand256_modm(a, extsk, 32);
|
||||
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
||||
memzero(&a, sizeof(a));
|
||||
ge25519_pack(pk, &A);
|
||||
}
|
||||
#endif
|
||||
|
||||
void
|
||||
ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key nonce, const ed25519_public_key R, const ed25519_public_key pk, ed25519_cosi_signature sig) {
|
||||
bignum256modm r = {0}, S = {0}, a = {0};
|
||||
@ -100,55 +79,6 @@ ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed2551
|
||||
contract256_modm(sig, S);
|
||||
}
|
||||
|
||||
void
|
||||
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS) {
|
||||
ed25519_hash_context ctx;
|
||||
bignum256modm r = {0}, S = {0}, a = {0};
|
||||
ge25519 ALIGN(16) R = {0};
|
||||
ge25519 ALIGN(16) A = {0};
|
||||
ed25519_public_key pk = {0};
|
||||
hash_512bits extsk = {0}, hashr = {0}, hram = {0};
|
||||
|
||||
ed25519_extsk(extsk, sk);
|
||||
|
||||
|
||||
/* r = H(aExt[32..64], m) */
|
||||
ed25519_hash_init(&ctx);
|
||||
ed25519_hash_update(&ctx, extsk + 32, 32);
|
||||
ed25519_hash_update(&ctx, m, mlen);
|
||||
ed25519_hash_final(&ctx, hashr);
|
||||
expand256_modm(r, hashr, 64);
|
||||
memzero(&hashr, sizeof(hashr));
|
||||
|
||||
/* R = rB */
|
||||
ge25519_scalarmult_base_niels(&R, ge25519_niels_base_multiples, r);
|
||||
ge25519_pack(RS, &R);
|
||||
|
||||
/* a = aExt[0..31] */
|
||||
expand256_modm(a, extsk, 32);
|
||||
memzero(&extsk, sizeof(extsk));
|
||||
|
||||
/* A = aB */
|
||||
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
||||
ge25519_pack(pk, &A);
|
||||
|
||||
/* S = H(R,A,m).. */
|
||||
ed25519_hram(hram, RS, pk, m, mlen);
|
||||
expand256_modm(S, hram, 64);
|
||||
|
||||
/* S = H(R,A,m)a */
|
||||
mul256_modm(S, S, a);
|
||||
memzero(&a, sizeof(a));
|
||||
|
||||
/* S = (r + H(R,A,m)a) */
|
||||
add256_modm(S, S, r);
|
||||
memzero(&r, sizeof(r));
|
||||
|
||||
/* S = (r + H(R,A,m)a) mod L */
|
||||
contract256_modm(RS + 32, S);
|
||||
}
|
||||
|
||||
#if USE_CARDANO
|
||||
void
|
||||
ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_signature RS) {
|
||||
ed25519_hash_context ctx;
|
||||
@ -199,7 +129,14 @@ ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519
|
||||
/* S = (r + H(R,A,m)a) mod L */
|
||||
contract256_modm(RS + 32, S);
|
||||
}
|
||||
#endif
|
||||
|
||||
void
|
||||
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS) {
|
||||
hash_512bits extsk = {0};
|
||||
ed25519_extsk(extsk, sk);
|
||||
ED25519_FN(ed25519_sign_ext)(m, mlen, extsk, extsk + 32, RS);
|
||||
memzero(&extsk, sizeof(extsk));
|
||||
}
|
||||
|
||||
int
|
||||
ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
|
||||
@ -254,6 +191,19 @@ ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key
|
||||
|
||||
#include "curve25519-donna-scalarmult-base.h"
|
||||
|
||||
void
|
||||
ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk) {
|
||||
bignum256modm a = {0};
|
||||
ge25519 ALIGN(16) A;
|
||||
|
||||
expand256_modm(a, extsk, 32);
|
||||
|
||||
/* A = aB */
|
||||
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
||||
memzero(&a, sizeof(a));
|
||||
ge25519_pack(pk, &A);
|
||||
}
|
||||
|
||||
int
|
||||
ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key *pks, size_t n) {
|
||||
size_t i = 0;
|
||||
|
@ -16,15 +16,11 @@ typedef unsigned char curve25519_key[32];
|
||||
typedef unsigned char ed25519_cosi_signature[32];
|
||||
|
||||
void ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk);
|
||||
#if USE_CARDANO
|
||||
void ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk);
|
||||
#endif
|
||||
|
||||
int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
|
||||
void ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS);
|
||||
#if USE_CARDANO
|
||||
void ed25519_sign_ext(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_signature RS);
|
||||
#endif
|
||||
|
||||
int ed25519_scalarmult(ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user