Merge branch 'asn_bug22006_final_squashed'

author: Nick Mathewson <nickm@torproject.org> 2017-06-27 17:19:08 -0400
committer: Nick Mathewson <nickm@torproject.org> 2017-06-27 17:19:08 -0400
commit: 7fff6cfead76263c0ced736996dd7ed35e95a6f4 (patch)
tree: 48c1820e08727c0d08360244b9b20d3a4f13233e /src/ext/ed25519/donna
parent: 0576f9f433f20af756bdaba6df5ac270d147e007 (diff)
parent: a155035d208fb2c05efdad22fe64ea2d6be929a1 (diff)
download: tor-7fff6cfead76263c0ced736996dd7ed35e95a6f4.tar.gz
tor-7fff6cfead76263c0ced736996dd7ed35e95a6f4.zip
2 files changed, 32 insertions, 0 deletions
diff --git a/src/ext/ed25519/donna/ed25519_donna_tor.h b/src/ext/ed25519/donna/ed25519_donna_tor.h
index d225407b1c..7d7b8c0625 100644
--- a/src/ext/ed25519/donna/ed25519_donna_tor.h
+++ b/src/ext/ed25519/donna/ed25519_donna_tor.h
@@ -30,4 +30,9 @@ int ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp,
 int ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out,
   const unsigned char *inp, int signbit);
 
+
+int
+ed25519_donna_scalarmult_with_group_order(unsigned char *out,
+                                          const unsigned char *pubkey);
+
 #endif
diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c
index 9537ae66a1..bd11027efa 100644
--- a/src/ext/ed25519/donna/ed25519_tor.c
+++ b/src/ext/ed25519/donna/ed25519_tor.c
@@ -340,5 +340,32 @@ ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out,
   return 0;
 }
 
+/* Do the scalar multiplication of <b>pubkey</b> with the group order
+ * <b>modm_m</b>.  Place the result in <b>out</b> which must be at least 32
+ * bytes long. */
+int
+ed25519_donna_scalarmult_with_group_order(unsigned char *out,
+                                          const unsigned char *pubkey)
+{
+  static const bignum256modm ALIGN(16) zero = { 0 };
+  unsigned char pkcopy[32];
+  ge25519 ALIGN(16) Point, Result;
+
+  /* No "ge25519_unpack", negate the public key and unpack it back.
+   * See ed25519_donna_blind_public_key() */
+  memcpy(pkcopy, pubkey, 32);
+  pkcopy[31] ^= (1<<7);
+  if (!ge25519_unpack_negative_vartime(&Point, pkcopy)) {
+    return -1; /* error: bail out */
+  }
+
+  /* There is no regular scalarmult function so we have to do:
+   * Result = l*P + 0*B */
+  ge25519_double_scalarmult_vartime(&Result, &Point, modm_m, zero);
+  ge25519_pack(out, &Result);
+
+  return 0;
+}
+
 #include "test-internals.c"
author	Nick Mathewson <nickm@torproject.org>	2017-06-27 17:19:08 -0400
committer	Nick Mathewson <nickm@torproject.org>	2017-06-27 17:19:08 -0400
commit	7fff6cfead76263c0ced736996dd7ed35e95a6f4 (patch)
tree	48c1820e08727c0d08360244b9b20d3a4f13233e /src/ext/ed25519/donna
parent	0576f9f433f20af756bdaba6df5ac270d147e007 (diff)
parent	a155035d208fb2c05efdad22fe64ea2d6be929a1 (diff)
download	tor-7fff6cfead76263c0ced736996dd7ed35e95a6f4.tar.gz tor-7fff6cfead76263c0ced736996dd7ed35e95a6f4.zip