aboutsummaryrefslogtreecommitdiff
path: root/src/ext
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-08-26 21:35:25 -0400
committerNick Mathewson <nickm@torproject.org>2014-09-25 15:08:31 -0400
commit006e6d3b6f52e193b14dc17db4502e14f9ffeb82 (patch)
tree0f7dc82793ca9191eb2d455f776d9957c77cb549 /src/ext
parent9e43ee5b4ca3650ecd9c4ee8a1b77843b273d480 (diff)
downloadtor-006e6d3b6f52e193b14dc17db4502e14f9ffeb82.tar.gz
tor-006e6d3b6f52e193b14dc17db4502e14f9ffeb82.zip
Another ed25519 tweak: store secret keys in expanded format
This will be needed/helpful for the key blinding of prop224, I believe.
Diffstat (limited to 'src/ext')
-rw-r--r--src/ext/ed25519/ref10/crypto_sign.h1
-rw-r--r--src/ext/ed25519/ref10/ed25519_ref10.h1
-rw-r--r--src/ext/ed25519/ref10/keypair.c26
-rw-r--r--src/ext/ed25519/ref10/sign.c10
4 files changed, 22 insertions, 16 deletions
diff --git a/src/ext/ed25519/ref10/crypto_sign.h b/src/ext/ed25519/ref10/crypto_sign.h
index 4a13fb30ab..549626793a 100644
--- a/src/ext/ed25519/ref10/crypto_sign.h
+++ b/src/ext/ed25519/ref10/crypto_sign.h
@@ -2,6 +2,7 @@
#define crypto_sign ed25519_ref10_sign
#define crypto_sign_keypair ed25519_ref10_keygen
#define crypto_sign_seckey ed25519_ref10_seckey
+#define crypto_sign_seckey_expand ed25519_ref10_seckey_expand
#define crypto_sign_pubkey ed25519_ref10_pubkey
#define crypto_sign_open ed25519_ref10_open
diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h
index bd1e46133f..cd0244f306 100644
--- a/src/ext/ed25519/ref10/ed25519_ref10.h
+++ b/src/ext/ed25519/ref10/ed25519_ref10.h
@@ -4,6 +4,7 @@
#include <torint.h>
int ed25519_ref10_seckey(unsigned char *sk);
+int ed25519_ref10_seckey_expand(unsigned char *sk, const unsigned char *sk_seed);
int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk);
int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk);
int ed25519_ref10_open(
diff --git a/src/ext/ed25519/ref10/keypair.c b/src/ext/ed25519/ref10/keypair.c
index 26a17272d7..e861998071 100644
--- a/src/ext/ed25519/ref10/keypair.c
+++ b/src/ext/ed25519/ref10/keypair.c
@@ -8,22 +8,32 @@
int
crypto_sign_seckey(unsigned char *sk)
{
- randombytes(sk,32);
+ unsigned char seed[32];
+
+ randombytes(seed,32);
+
+ crypto_sign_seckey_expand(sk, seed);
+
+ memwipe(seed, 0, 32);
+
+ return 0;
+}
+
+int crypto_sign_seckey_expand(unsigned char *sk, const unsigned char *skseed)
+{
+ crypto_hash_sha512(sk,skseed,32);
+ sk[0] &= 248;
+ sk[31] &= 63;
+ sk[31] |= 64;
return 0;
}
int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk)
{
- unsigned char az[64];
ge_p3 A;
- crypto_hash_sha512(az,sk,32);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
-
- ge_scalarmult_base(&A,az);
+ ge_scalarmult_base(&A,sk);
ge_p3_tobytes(pk,&A);
return 0;
diff --git a/src/ext/ed25519/ref10/sign.c b/src/ext/ed25519/ref10/sign.c
index 7eb23c6c79..c11fca9122 100644
--- a/src/ext/ed25519/ref10/sign.c
+++ b/src/ext/ed25519/ref10/sign.c
@@ -10,17 +10,11 @@ int crypto_sign(
const unsigned char *sk,const unsigned char *pk
)
{
- unsigned char az[64];
unsigned char nonce[64];
unsigned char hram[64];
ge_p3 R;
- crypto_hash_sha512(az,sk,32);
- az[0] &= 248;
- az[31] &= 63;
- az[31] |= 64;
-
- crypto_hash_sha512_2(nonce, az+32, 32, m, mlen);
+ crypto_hash_sha512_2(nonce, sk+32, 32, m, mlen);
sc_reduce(nonce);
ge_scalarmult_base(&R,nonce);
@@ -28,7 +22,7 @@ int crypto_sign(
crypto_hash_sha512_3(hram, sig, 32, pk, 32, m, mlen);
sc_reduce(hram);
- sc_muladd(sig + 32,hram,az,nonce);
+ sc_muladd(sig + 32,hram,sk,nonce);
return 0;
}