mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-25 08:58:14 +00:00
refactor(crypto): Reduce code duplication in ed25519.c.
This commit is contained in:
Andrew Kozlik
Andrew Kozlik
parent
093fbecb7a
commit
c0cf84c03d
@ -43,33 +43,12 @@ ed25519_hram(hash_512bits hram, const ed25519_public_key R, const ed25519_public
|
|||||||
|
|
||||||
void
|
void
|
||||||
ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
|
ED25519_FN(ed25519_publickey) (const ed25519_secret_key sk, ed25519_public_key pk) {
|
||||||
bignum256modm a = {0};
|
|
||||||
ge25519 ALIGN(16) A;
|
|
||||||
hash_512bits extsk = {0};
|
hash_512bits extsk = {0};
|
||||||
|
|
||||||
ed25519_extsk(extsk, sk);
|
ed25519_extsk(extsk, sk);
|
||||||
expand256_modm(a, extsk, 32);
|
ed25519_publickey_ext(extsk, pk);
|
||||||
memzero(&extsk, sizeof(extsk));
|
memzero(&extsk, sizeof(extsk));
|
||||||
|
|
||||||
/* A = aB */
|
|
||||||
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
|
||||||
memzero(&a, sizeof(a));
|
|
||||||
ge25519_pack(pk, &A);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if USE_CARDANO
|
|
||||||
void
|
|
||||||
ED25519_FN(ed25519_publickey_ext) (const ed25519_secret_key extsk, ed25519_public_key pk) {
|
|
||||||
bignum256modm a = {0};
|
|
||||||
ge25519 ALIGN(16) A;
|
|
||||||
|
|
||||||
expand256_modm(a, extsk, 32);
|
|
||||||
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
|
||||||
memzero(&a, sizeof(a));
|
|
||||||
ge25519_pack(pk, &A);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void
|
void
|
||||||
ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key nonce, const ed25519_public_key R, const ed25519_public_key pk, ed25519_cosi_signature sig) {
|
ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key nonce, const ed25519_public_key R, const ed25519_public_key pk, ed25519_cosi_signature sig) {
|
||||||
bignum256modm r = {0}, S = {0}, a = {0};
|
bignum256modm r = {0}, S = {0}, a = {0};
|
||||||
@ -100,55 +79,6 @@ ED25519_FN(ed25519_cosi_sign) (const unsigned char *m, size_t mlen, const ed2551
|
|||||||
contract256_modm(sig, S);
|
contract256_modm(sig, S);
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
|
||||||
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS) {
|
|
||||||
ed25519_hash_context ctx;
|
|
||||||
bignum256modm r = {0}, S = {0}, a = {0};
|
|
||||||
ge25519 ALIGN(16) R = {0};
|
|
||||||
ge25519 ALIGN(16) A = {0};
|
|
||||||
ed25519_public_key pk = {0};
|
|
||||||
hash_512bits extsk = {0}, hashr = {0}, hram = {0};
|
|
||||||
|
|
||||||
ed25519_extsk(extsk, sk);
|
|
||||||
|
|
||||||
|
|
||||||
/* r = H(aExt[32..64], m) */
|
|
||||||
ed25519_hash_init(&ctx);
|
|
||||||
ed25519_hash_update(&ctx, extsk + 32, 32);
|
|
||||||
ed25519_hash_update(&ctx, m, mlen);
|
|
||||||
ed25519_hash_final(&ctx, hashr);
|
|
||||||
expand256_modm(r, hashr, 64);
|
|
||||||
memzero(&hashr, sizeof(hashr));
|
|
||||||
|
|
||||||
/* R = rB */
|
|
||||||
ge25519_scalarmult_base_niels(&R, ge25519_niels_base_multiples, r);
|
|
||||||
ge25519_pack(RS, &R);
|
|
||||||
|
|
||||||
/* a = aExt[0..31] */
|
|
||||||
expand256_modm(a, extsk, 32);
|
|
||||||
memzero(&extsk, sizeof(extsk));
|
|
||||||
|
|
||||||
/* A = aB */
|
|
||||||
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
|
||||||
ge25519_pack(pk, &A);
|
|
||||||
|
|
||||||
/* S = H(R,A,m).. */
|
|
||||||
ed25519_hram(hram, RS, pk, m, mlen);
|
|
||||||
expand256_modm(S, hram, 64);
|
|
||||||
|
|
||||||
/* S = H(R,A,m)a */
|
|
||||||
mul256_modm(S, S, a);
|
|
||||||
memzero(&a, sizeof(a));
|
|
||||||
|
|
||||||
/* S = (r + H(R,A,m)a) */
|
|
||||||
add256_modm(S, S, r);
|
|
||||||
memzero(&r, sizeof(r));
|
|
||||||
|
|
||||||
/* S = (r + H(R,A,m)a) mod L */
|
|
||||||
contract256_modm(RS + 32, S);
|
|
||||||
}
|
|
||||||
|
|
||||||
#if USE_CARDANO
|
|
||||||
void
|
void
|
||||||
ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_signature RS) {
|
ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_signature RS) {
|
||||||
ed25519_hash_context ctx;
|
ed25519_hash_context ctx;
|
||||||
@ -199,7 +129,14 @@ ED25519_FN(ed25519_sign_ext) (const unsigned char *m, size_t mlen, const ed25519
|
|||||||
/* S = (r + H(R,A,m)a) mod L */
|
/* S = (r + H(R,A,m)a) mod L */
|
||||||
contract256_modm(RS + 32, S);
|
contract256_modm(RS + 32, S);
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
void
|
||||||
|
ED25519_FN(ed25519_sign) (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS) {
|
||||||
|
hash_512bits extsk = {0};
|
||||||
|
ed25519_extsk(extsk, sk);
|
||||||
|
ED25519_FN(ed25519_sign_ext)(m, mlen, extsk, extsk + 32, RS);
|
||||||
|
memzero(&extsk, sizeof(extsk));
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
|
ED25519_FN(ed25519_sign_open) (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS) {
|
||||||
@ -254,6 +191,19 @@ ED25519_FN(ed25519_scalarmult) (ed25519_public_key res, const ed25519_secret_key
|
|||||||
|
|
||||||
#include "curve25519-donna-scalarmult-base.h"
|
#include "curve25519-donna-scalarmult-base.h"
|
||||||
|
|
||||||
|
void
|
||||||
|
ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk) {
|
||||||
|
bignum256modm a = {0};
|
||||||
|
ge25519 ALIGN(16) A;
|
||||||
|
|
||||||
|
expand256_modm(a, extsk, 32);
|
||||||
|
|
||||||
|
/* A = aB */
|
||||||
|
ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a);
|
||||||
|
memzero(&a, sizeof(a));
|
||||||
|
ge25519_pack(pk, &A);
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key *pks, size_t n) {
|
ed25519_cosi_combine_publickeys(ed25519_public_key res, CONST ed25519_public_key *pks, size_t n) {
|
||||||
size_t i = 0;
|
size_t i = 0;
|
||||||
|
|||||||
@ -16,15 +16,11 @@ typedef unsigned char curve25519_key[32];
|
|||||||
typedef unsigned char ed25519_cosi_signature[32];
|
typedef unsigned char ed25519_cosi_signature[32];
|
||||||
|
|
||||||
void ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk);
|
void ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk);
|
||||||
#if USE_CARDANO
|
|
||||||
void ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk);
|
void ed25519_publickey_ext(const ed25519_secret_key extsk, ed25519_public_key pk);
|
||||||
#endif
|
|
||||||
|
|
||||||
int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
|
int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS);
|
||||||
void ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS);
|
void ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, ed25519_signature RS);
|
||||||
#if USE_CARDANO
|
|
||||||
void ed25519_sign_ext(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_signature RS);
|
void ed25519_sign_ext(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_secret_key skext, ed25519_signature RS);
|
||||||
#endif
|
|
||||||
|
|
||||||
int ed25519_scalarmult(ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk);
|
int ed25519_scalarmult(ed25519_public_key res, const ed25519_secret_key sk, const ed25519_public_key pk);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user