eddsa_25519: API change
This commit is contained in:
NIIBE Yutaka
@@ -3,6 +3,7 @@
|
||||
* src/ecc-edwards.c (ed_add_25638): Remove the third argument.
|
||||
(compute_kG_25519): The curve is complete, we don't need to avoid
|
||||
identity element as NIST curve or secp256k1 curve.
|
||||
(eddsa_25519): Change the API, with A and the seed.
|
||||
|
||||
2014-03-26 Niibe Yutaka <gniibe@fsij.org>
|
||||
|
||||
|
||||
@@ -64,8 +64,6 @@ print_point (const ac *X)
|
||||
puts ("--");
|
||||
}
|
||||
|
||||
extern void eddsa_25519 (bn256 *r, bn256 *s,
|
||||
const uint8_t *input, size_t ilen, const bn256 *d);
|
||||
#define MAXLINE 4096
|
||||
|
||||
static int lineno;
|
||||
@@ -356,14 +354,16 @@ read_testcase (void)
|
||||
int
|
||||
main (int argc, char *argv[])
|
||||
{
|
||||
int all_good = 1;
|
||||
int r;
|
||||
ac pk_calculated[1];
|
||||
uint8_t hash[64];
|
||||
bn256 a[1];
|
||||
extern int compute_kG_25519 (ac *X, const bn256 *K);
|
||||
extern int mod25519_is_neg (const bn256 *a);
|
||||
extern void eddsa_25519 (bn256 *r, bn256 *s, const uint8_t *input,
|
||||
size_t ilen, const bn256 *d);
|
||||
extern void eddsa_25519 (bn256 *r, bn256 *s,
|
||||
const uint8_t *input, size_t ilen,
|
||||
const bn256 *a, const uint8_t *seed);
|
||||
|
||||
bn256 R[1], S[1];
|
||||
|
||||
@@ -397,10 +397,11 @@ main (int argc, char *argv[])
|
||||
print_be_bn256 (sk);
|
||||
print_point (pk);
|
||||
print_point (pk_calculated);
|
||||
all_good = 0;
|
||||
continue;
|
||||
}
|
||||
|
||||
eddsa_25519 (R, S, msg, msglen, sk);
|
||||
eddsa_25519 (R, S, msg, msglen, a, hash+32);
|
||||
if (memcmp (sig, R, sizeof (bn256)) != 0
|
||||
|| memcmp (((const uint8_t *)sig)+32, S, sizeof (bn256)) != 0)
|
||||
{
|
||||
@@ -409,10 +410,11 @@ main (int argc, char *argv[])
|
||||
print_le_bn256 (S);
|
||||
print_le_bn256 ((const bn256 *)sig);
|
||||
print_le_bn256 ((const bn256 *)(((const uint8_t *)sig)+32));
|
||||
all_good = 0;
|
||||
continue;
|
||||
}
|
||||
|
||||
printf ("%d\n", test_no);
|
||||
}
|
||||
return 0;
|
||||
return all_good == 1?0:1;
|
||||
}
|
||||
|
||||
@@ -566,27 +566,21 @@ mod_reduce_M (bn256 *R, const bn512 *A)
|
||||
|
||||
void
|
||||
eddsa_25519 (bn256 *r, bn256 *s, const uint8_t *input, size_t ilen,
|
||||
const bn256 *d)
|
||||
const bn256 *a, const uint8_t *seed)
|
||||
{
|
||||
sha512_context ctx;
|
||||
uint8_t hash[64];
|
||||
bn256 a[1], pk[1], tmp[1];
|
||||
bn256 pk[1], tmp[1];
|
||||
ac R[1];
|
||||
uint32_t carry, borrow;
|
||||
|
||||
sha512 ((uint8_t *)d, sizeof (bn256), hash);
|
||||
hash[0] &= 248;
|
||||
hash[31] &= 127;
|
||||
hash[31] |= 64;
|
||||
memcpy (a, hash, sizeof (bn256)); /* Lower half of hash */
|
||||
|
||||
compute_kG_25519 (R, a);
|
||||
/* EdDSA encoding. */
|
||||
memcpy (pk, R->y, sizeof (bn256));
|
||||
pk->word[7] ^= mod25519_is_neg (R->x) * 0x80000000;
|
||||
|
||||
sha512_start (&ctx);
|
||||
sha512_update (&ctx, hash+32, 32); /* Upper half of hash */
|
||||
sha512_update (&ctx, seed, sizeof (bn256)); /* It's upper half of the hash */
|
||||
sha512_update (&ctx, input, ilen);
|
||||
sha512_finish (&ctx, hash);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user