-
Notifications
You must be signed in to change notification settings - Fork 228
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a ed25519 library for the pair-verify process.
- Loading branch information
Showing
21 changed files
with
5,025 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| noinst_LTLIBRARIES = libed25519.la | ||
| libed25519_la_SOURCES = add_scalar.c fe.c ge.c keypair.c sc.c seed.c sha512.c sign.c verify.c | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| #include "ed25519.h" | ||
| #include "ge.h" | ||
| #include "sc.h" | ||
| #include "sha512.h" | ||
|
|
||
|
|
||
| /* see http://crypto.stackexchange.com/a/6215/4697 */ | ||
| void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar) { | ||
| const unsigned char SC_1[32] = {1}; /* scalar with value 1 */ | ||
|
|
||
| unsigned char n[32]; | ||
| ge_p3 nB; | ||
| ge_p1p1 A_p1p1; | ||
| ge_p3 A; | ||
| ge_p3 public_key_unpacked; | ||
| ge_cached T; | ||
|
|
||
| sha512_context hash; | ||
| unsigned char hashbuf[64]; | ||
|
|
||
| int i; | ||
|
|
||
| /* copy the scalar and clear highest bit */ | ||
| for (i = 0; i < 31; ++i) { | ||
| n[i] = scalar[i]; | ||
| } | ||
| n[31] = scalar[31] & 127; | ||
|
|
||
| /* private key: a = n + t */ | ||
| if (private_key) { | ||
| sc_muladd(private_key, SC_1, n, private_key); | ||
|
|
||
| // https://github.com/orlp/ed25519/issues/3 | ||
| sha512_init(&hash); | ||
| sha512_update(&hash, private_key + 32, 32); | ||
| sha512_update(&hash, scalar, 32); | ||
| sha512_final(&hash, hashbuf); | ||
| for (i = 0; i < 32; ++i) { | ||
| private_key[32 + i] = hashbuf[i]; | ||
| } | ||
| } | ||
|
|
||
| /* public key: A = nB + T */ | ||
| if (public_key) { | ||
| /* if we know the private key we don't need a point addition, which is faster */ | ||
| /* using a "timing attack" you could find out wether or not we know the private | ||
| key, but this information seems rather useless - if this is important pass | ||
| public_key and private_key seperately in 2 function calls */ | ||
| if (private_key) { | ||
| ge_scalarmult_base(&A, private_key); | ||
| } else { | ||
| /* unpack public key into T */ | ||
| ge_frombytes_negate_vartime(&public_key_unpacked, public_key); | ||
| fe_neg(public_key_unpacked.X, public_key_unpacked.X); /* undo negate */ | ||
| fe_neg(public_key_unpacked.T, public_key_unpacked.T); /* undo negate */ | ||
| ge_p3_to_cached(&T, &public_key_unpacked); | ||
|
|
||
| /* calculate n*B */ | ||
| ge_scalarmult_base(&nB, n); | ||
|
|
||
| /* A = n*B + T */ | ||
| ge_add(&A_p1p1, &nB, &T); | ||
| ge_p1p1_to_p3(&A, &A_p1p1); | ||
| } | ||
|
|
||
| /* pack public key */ | ||
| ge_p3_tobytes(public_key, &A); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| #ifndef ED25519_H | ||
| #define ED25519_H | ||
|
|
||
| #include <stddef.h> | ||
|
|
||
| #if defined(_WIN32) | ||
| #if defined(ED25519_BUILD_DLL) | ||
| #define ED25519_DECLSPEC __declspec(dllexport) | ||
| #elif defined(ED25519_DLL) | ||
| #define ED25519_DECLSPEC __declspec(dllimport) | ||
| #else | ||
| #define ED25519_DECLSPEC | ||
| #endif | ||
| #else | ||
| #define ED25519_DECLSPEC | ||
| #endif | ||
|
|
||
|
|
||
| #ifdef __cplusplus | ||
| extern "C" { | ||
| #endif | ||
|
|
||
| #ifndef ED25519_NO_SEED | ||
| int ED25519_DECLSPEC ed25519_create_seed(unsigned char *seed); | ||
| #endif | ||
|
|
||
| void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed); | ||
| void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key); | ||
| int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key); | ||
| void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar); | ||
| void ED25519_DECLSPEC ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key); | ||
|
|
||
|
|
||
| #ifdef __cplusplus | ||
| } | ||
| #endif | ||
|
|
||
| #endif |
Oops, something went wrong.