Another ed25519 tweak: store secret keys in expanded format

This will be needed/helpful for the key blinding of prop224, I believe.
author: Nick Mathewson <nickm@torproject.org> 2014-08-26 21:35:25 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-09-25 15:08:31 -0400
commit: 006e6d3b6f52e193b14dc17db4502e14f9ffeb82 (patch)
tree: 0f7dc82793ca9191eb2d455f776d9957c77cb549 /src/ext/ed25519/ref10/keypair.c
parent: 9e43ee5b4ca3650ecd9c4ee8a1b77843b273d480 (diff)
download: tor-006e6d3b6f52e193b14dc17db4502e14f9ffeb82.tar.gz
tor-006e6d3b6f52e193b14dc17db4502e14f9ffeb82.zip
1 files changed, 18 insertions, 8 deletions
diff --git a/src/ext/ed25519/ref10/keypair.c b/src/ext/ed25519/ref10/keypair.c
index 26a17272d7..e861998071 100644
--- a/src/ext/ed25519/ref10/keypair.c
+++ b/src/ext/ed25519/ref10/keypair.c
@@ -8,22 +8,32 @@
 int
 crypto_sign_seckey(unsigned char *sk)
 {
-  randombytes(sk,32);
+  unsigned char seed[32];
+
+  randombytes(seed,32);
+
+  crypto_sign_seckey_expand(sk, seed);
+
+  memwipe(seed, 0, 32);
+
+  return 0;
+}
+
+int crypto_sign_seckey_expand(unsigned char *sk, const unsigned char *skseed)
+{
+  crypto_hash_sha512(sk,skseed,32);
+  sk[0] &= 248;
+  sk[31] &= 63;
+  sk[31] |= 64;
 
   return 0;
 }
 
 int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk)
 {
-  unsigned char az[64];
   ge_p3 A;
 
-  crypto_hash_sha512(az,sk,32);
-  az[0] &= 248;
-  az[31] &= 63;
-  az[31] |= 64;
-
-  ge_scalarmult_base(&A,az);
+  ge_scalarmult_base(&A,sk);
   ge_p3_tobytes(pk,&A);
 
   return 0;
author	Nick Mathewson <nickm@torproject.org>	2014-08-26 21:35:25 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-09-25 15:08:31 -0400
commit	006e6d3b6f52e193b14dc17db4502e14f9ffeb82 (patch)
tree	0f7dc82793ca9191eb2d455f776d9957c77cb549 /src/ext/ed25519/ref10/keypair.c
parent	9e43ee5b4ca3650ecd9c4ee8a1b77843b273d480 (diff)
download	tor-006e6d3b6f52e193b14dc17db4502e14f9ffeb82.tar.gz tor-006e6d3b6f52e193b14dc17db4502e14f9ffeb82.zip