diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-08-26 10:08:44 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-08-26 10:08:44 -0400 |
| commit | b40ac6808f8a31f2f95de435036a6a7af111fdff (patch) | |
| tree | a668d3a32778547b5f91086507cb6be56ab9cad9 /src/ext/ed25519/ref10/sign.c | |
| parent | fdb7fc70d03d21d967db4928960241a624483a24 (diff) | |
| download | tor-b40ac6808f8a31f2f95de435036a6a7af111fdff.tar.gz tor-b40ac6808f8a31f2f95de435036a6a7af111fdff.zip | |
Add the ed25519 ref10 code verbatim from supercop-20140622
We might use libsodium or ed25519-donna later on, but for now, let's
see whether this is fast enough. We should use it in all cases when
performance doesn't matter.
Diffstat (limited to 'src/ext/ed25519/ref10/sign.c')
| -rw-r--r-- | src/ext/ed25519/ref10/sign.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/ext/ed25519/ref10/sign.c b/src/ext/ed25519/ref10/sign.c new file mode 100644 index 0000000000..de53742a6c --- /dev/null +++ b/src/ext/ed25519/ref10/sign.c @@ -0,0 +1,41 @@ +#include <string.h> +#include "crypto_sign.h" +#include "crypto_hash_sha512.h" +#include "ge.h" +#include "sc.h" + +int crypto_sign( + unsigned char *sm,unsigned long long *smlen, + const unsigned char *m,unsigned long long mlen, + const unsigned char *sk +) +{ + unsigned char pk[32]; + unsigned char az[64]; + unsigned char nonce[64]; + unsigned char hram[64]; + ge_p3 R; + + memmove(pk,sk + 32,32); + + crypto_hash_sha512(az,sk,32); + az[0] &= 248; + az[31] &= 63; + az[31] |= 64; + + *smlen = mlen + 64; + memmove(sm + 64,m,mlen); + memmove(sm + 32,az + 32,32); + crypto_hash_sha512(nonce,sm + 32,mlen + 32); + memmove(sm + 32,pk,32); + + sc_reduce(nonce); + ge_scalarmult_base(&R,nonce); + ge_p3_tobytes(sm,&R); + + crypto_hash_sha512(hram,sm,mlen + 64); + sc_reduce(hram); + sc_muladd(sm + 32,hram,az,nonce); + + return 0; +} |