diff options
| author | Nick Mathewson <nickm@torproject.org> | 2014-08-26 21:35:25 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2014-09-25 15:08:31 -0400 |
| commit | 006e6d3b6f52e193b14dc17db4502e14f9ffeb82 (patch) | |
| tree | 0f7dc82793ca9191eb2d455f776d9957c77cb549 /src/ext | |
| parent | 9e43ee5b4ca3650ecd9c4ee8a1b77843b273d480 (diff) | |
| download | tor-006e6d3b6f52e193b14dc17db4502e14f9ffeb82.tar.gz tor-006e6d3b6f52e193b14dc17db4502e14f9ffeb82.zip | |
Another ed25519 tweak: store secret keys in expanded format
This will be needed/helpful for the key blinding of prop224, I
believe.
Diffstat (limited to 'src/ext')
| -rw-r--r-- | src/ext/ed25519/ref10/crypto_sign.h | 1 | ||||
| -rw-r--r-- | src/ext/ed25519/ref10/ed25519_ref10.h | 1 | ||||
| -rw-r--r-- | src/ext/ed25519/ref10/keypair.c | 26 | ||||
| -rw-r--r-- | src/ext/ed25519/ref10/sign.c | 10 |
4 files changed, 22 insertions, 16 deletions
diff --git a/src/ext/ed25519/ref10/crypto_sign.h b/src/ext/ed25519/ref10/crypto_sign.h index 4a13fb30ab..549626793a 100644 --- a/src/ext/ed25519/ref10/crypto_sign.h +++ b/src/ext/ed25519/ref10/crypto_sign.h @@ -2,6 +2,7 @@ #define crypto_sign ed25519_ref10_sign #define crypto_sign_keypair ed25519_ref10_keygen #define crypto_sign_seckey ed25519_ref10_seckey +#define crypto_sign_seckey_expand ed25519_ref10_seckey_expand #define crypto_sign_pubkey ed25519_ref10_pubkey #define crypto_sign_open ed25519_ref10_open diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h index bd1e46133f..cd0244f306 100644 --- a/src/ext/ed25519/ref10/ed25519_ref10.h +++ b/src/ext/ed25519/ref10/ed25519_ref10.h @@ -4,6 +4,7 @@ #include <torint.h> int ed25519_ref10_seckey(unsigned char *sk); +int ed25519_ref10_seckey_expand(unsigned char *sk, const unsigned char *sk_seed); int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk); int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk); int ed25519_ref10_open( diff --git a/src/ext/ed25519/ref10/keypair.c b/src/ext/ed25519/ref10/keypair.c index 26a17272d7..e861998071 100644 --- a/src/ext/ed25519/ref10/keypair.c +++ b/src/ext/ed25519/ref10/keypair.c @@ -8,22 +8,32 @@ int crypto_sign_seckey(unsigned char *sk) { - randombytes(sk,32); + unsigned char seed[32]; + + randombytes(seed,32); + + crypto_sign_seckey_expand(sk, seed); + + memwipe(seed, 0, 32); + + return 0; +} + +int crypto_sign_seckey_expand(unsigned char *sk, const unsigned char *skseed) +{ + crypto_hash_sha512(sk,skseed,32); + sk[0] &= 248; + sk[31] &= 63; + sk[31] |= 64; return 0; } int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk) { - unsigned char az[64]; ge_p3 A; - crypto_hash_sha512(az,sk,32); - az[0] &= 248; - az[31] &= 63; - az[31] |= 64; - - ge_scalarmult_base(&A,az); + ge_scalarmult_base(&A,sk); ge_p3_tobytes(pk,&A); return 0; diff --git a/src/ext/ed25519/ref10/sign.c b/src/ext/ed25519/ref10/sign.c index 7eb23c6c79..c11fca9122 100644 --- a/src/ext/ed25519/ref10/sign.c +++ b/src/ext/ed25519/ref10/sign.c @@ -10,17 +10,11 @@ int crypto_sign( const unsigned char *sk,const unsigned char *pk ) { - unsigned char az[64]; unsigned char nonce[64]; unsigned char hram[64]; ge_p3 R; - crypto_hash_sha512(az,sk,32); - az[0] &= 248; - az[31] &= 63; - az[31] |= 64; - - crypto_hash_sha512_2(nonce, az+32, 32, m, mlen); + crypto_hash_sha512_2(nonce, sk+32, 32, m, mlen); sc_reduce(nonce); ge_scalarmult_base(&R,nonce); @@ -28,7 +22,7 @@ int crypto_sign( crypto_hash_sha512_3(hram, sig, 32, pk, 32, m, mlen); sc_reduce(hram); - sc_muladd(sig + 32,hram,az,nonce); + sc_muladd(sig + 32,hram,sk,nonce); return 0; } |