diff options
-rw-r--r-- | src/util/Makefile.am | 1 | ||||
-rw-r--r-- | src/util/crypto_ecc.c | 109 | ||||
-rw-r--r-- | src/util/tweetnacl-gnunet.c | 530 | ||||
-rw-r--r-- | src/util/tweetnacl-gnunet.h | 85 |
4 files changed, 724 insertions, 1 deletions
diff --git a/src/util/Makefile.am b/src/util/Makefile.am index b89250711..fce064d0c 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am | |||
@@ -93,6 +93,7 @@ libgnunetutil_la_SOURCES = \ | |||
93 | strings.c \ | 93 | strings.c \ |
94 | time.c \ | 94 | time.c \ |
95 | tun.c \ | 95 | tun.c \ |
96 | tweetnacl-gnunet.c \ | ||
96 | speedup.c speedup.h \ | 97 | speedup.c speedup.h \ |
97 | proc_compat.c | 98 | proc_compat.c |
98 | 99 | ||
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index 12284a7a9..86beb9109 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -22,15 +22,20 @@ | |||
22 | * @file util/crypto_ecc.c | 22 | * @file util/crypto_ecc.c |
23 | * @brief public key cryptography (ECC) with libgcrypt | 23 | * @brief public key cryptography (ECC) with libgcrypt |
24 | * @author Christian Grothoff | 24 | * @author Christian Grothoff |
25 | * @author Florian Dold | ||
25 | */ | 26 | */ |
26 | #include "platform.h" | 27 | #include "platform.h" |
27 | #include <gcrypt.h> | 28 | #include <gcrypt.h> |
28 | #include "gnunet_crypto_lib.h" | 29 | #include "gnunet_crypto_lib.h" |
29 | #include "gnunet_strings_lib.h" | 30 | #include "gnunet_strings_lib.h" |
30 | #include "benchmark.h" | 31 | #include "benchmark.h" |
32 | #include "tweetnacl-gnunet.h" | ||
31 | 33 | ||
32 | #define EXTRA_CHECKS 0 | 34 | #define EXTRA_CHECKS 0 |
33 | 35 | ||
36 | #define NEW_CRYPTO 0 | ||
37 | |||
38 | |||
34 | /** | 39 | /** |
35 | * Name of the curve we are using. Note that we have hard-coded | 40 | * Name of the curve we are using. Note that we have hard-coded |
36 | * structs that use 256 bits, so using a bigger curve will require | 41 | * structs that use 256 bits, so using a bigger curve will require |
@@ -159,6 +164,7 @@ decode_private_ecdsa_key (const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv) | |||
159 | } | 164 | } |
160 | 165 | ||
161 | 166 | ||
167 | #if !NEW_CRYPTO | ||
162 | /** | 168 | /** |
163 | * Convert the given private key from the network format to the | 169 | * Convert the given private key from the network format to the |
164 | * S-expression that can be used by libgcrypt. | 170 | * S-expression that can be used by libgcrypt. |
@@ -192,8 +198,10 @@ decode_private_eddsa_key (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv) | |||
192 | #endif | 198 | #endif |
193 | return result; | 199 | return result; |
194 | } | 200 | } |
201 | #endif /* !NEW_CRYPTO */ | ||
195 | 202 | ||
196 | 203 | ||
204 | #if !NEW_CRYPTO | ||
197 | /** | 205 | /** |
198 | * Convert the given private key from the network format to the | 206 | * Convert the given private key from the network format to the |
199 | * S-expression that can be used by libgcrypt. | 207 | * S-expression that can be used by libgcrypt. |
@@ -227,6 +235,7 @@ decode_private_ecdhe_key (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv) | |||
227 | #endif | 235 | #endif |
228 | return result; | 236 | return result; |
229 | } | 237 | } |
238 | #endif /* !NEW_CRYPTO */ | ||
230 | 239 | ||
231 | 240 | ||
232 | /** | 241 | /** |
@@ -271,6 +280,11 @@ GNUNET_CRYPTO_eddsa_key_get_public ( | |||
271 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | 280 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, |
272 | struct GNUNET_CRYPTO_EddsaPublicKey *pub) | 281 | struct GNUNET_CRYPTO_EddsaPublicKey *pub) |
273 | { | 282 | { |
283 | #if NEW_CRYPTO | ||
284 | BENCHMARK_START (eddsa_key_get_public); | ||
285 | crypto_sign_pk_from_seed (pub->q_y, priv->d); | ||
286 | BENCHMARK_END (eddsa_key_get_public); | ||
287 | #else | ||
274 | gcry_sexp_t sexp; | 288 | gcry_sexp_t sexp; |
275 | gcry_ctx_t ctx; | 289 | gcry_ctx_t ctx; |
276 | gcry_mpi_t q; | 290 | gcry_mpi_t q; |
@@ -288,6 +302,7 @@ GNUNET_CRYPTO_eddsa_key_get_public ( | |||
288 | gcry_ctx_release (ctx); | 302 | gcry_ctx_release (ctx); |
289 | 303 | ||
290 | BENCHMARK_END (eddsa_key_get_public); | 304 | BENCHMARK_END (eddsa_key_get_public); |
305 | #endif | ||
291 | } | 306 | } |
292 | 307 | ||
293 | 308 | ||
@@ -302,6 +317,11 @@ GNUNET_CRYPTO_ecdhe_key_get_public ( | |||
302 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | 317 | const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, |
303 | struct GNUNET_CRYPTO_EcdhePublicKey *pub) | 318 | struct GNUNET_CRYPTO_EcdhePublicKey *pub) |
304 | { | 319 | { |
320 | #if NEW_CRYPTO | ||
321 | BENCHMARK_START (ecdhe_key_get_public); | ||
322 | crypto_scalarmult_curve25519_base (pub->q_y, priv->d); | ||
323 | BENCHMARK_END (ecdhe_key_get_public); | ||
324 | #else | ||
305 | gcry_sexp_t sexp; | 325 | gcry_sexp_t sexp; |
306 | gcry_ctx_t ctx; | 326 | gcry_ctx_t ctx; |
307 | gcry_mpi_t q; | 327 | gcry_mpi_t q; |
@@ -319,6 +339,7 @@ GNUNET_CRYPTO_ecdhe_key_get_public ( | |||
319 | gcry_ctx_release (ctx); | 339 | gcry_ctx_release (ctx); |
320 | 340 | ||
321 | BENCHMARK_END (ecdhe_key_get_public); | 341 | BENCHMARK_END (ecdhe_key_get_public); |
342 | #endif | ||
322 | } | 343 | } |
323 | 344 | ||
324 | 345 | ||
@@ -629,6 +650,14 @@ GNUNET_CRYPTO_ecdhe_key_create () | |||
629 | int | 650 | int |
630 | GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) | 651 | GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) |
631 | { | 652 | { |
653 | #if NEW_CRYPTO | ||
654 | BENCHMARK_START (ecdhe_key_create); | ||
655 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, | ||
656 | pk, | ||
657 | sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
658 | BENCHMARK_END (ecdhe_key_create); | ||
659 | return GNUNET_OK; | ||
660 | #else | ||
632 | gcry_sexp_t priv_sexp; | 661 | gcry_sexp_t priv_sexp; |
633 | gcry_sexp_t s_keyparam; | 662 | gcry_sexp_t s_keyparam; |
634 | gcry_mpi_t d; | 663 | gcry_mpi_t d; |
@@ -676,6 +705,7 @@ GNUNET_CRYPTO_ecdhe_key_create2 (struct GNUNET_CRYPTO_EcdhePrivateKey *pk) | |||
676 | BENCHMARK_END (ecdhe_key_create); | 705 | BENCHMARK_END (ecdhe_key_create); |
677 | 706 | ||
678 | return GNUNET_OK; | 707 | return GNUNET_OK; |
708 | #endif | ||
679 | } | 709 | } |
680 | 710 | ||
681 | 711 | ||
@@ -743,6 +773,18 @@ GNUNET_CRYPTO_ecdsa_key_create () | |||
743 | struct GNUNET_CRYPTO_EddsaPrivateKey * | 773 | struct GNUNET_CRYPTO_EddsaPrivateKey * |
744 | GNUNET_CRYPTO_eddsa_key_create () | 774 | GNUNET_CRYPTO_eddsa_key_create () |
745 | { | 775 | { |
776 | #if NEW_CRYPTO | ||
777 | struct GNUNET_CRYPTO_EddsaPrivateKey *priv; | ||
778 | |||
779 | BENCHMARK_START (eddsa_key_create); | ||
780 | priv = GNUNET_new (struct GNUNET_CRYPTO_EddsaPrivateKey); | ||
781 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, | ||
782 | priv, | ||
783 | sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey)); | ||
784 | BENCHMARK_END (eddsa_key_create); | ||
785 | |||
786 | return priv; | ||
787 | #else | ||
746 | struct GNUNET_CRYPTO_EddsaPrivateKey *priv; | 788 | struct GNUNET_CRYPTO_EddsaPrivateKey *priv; |
747 | gcry_sexp_t priv_sexp; | 789 | gcry_sexp_t priv_sexp; |
748 | gcry_sexp_t s_keyparam; | 790 | gcry_sexp_t s_keyparam; |
@@ -752,7 +794,7 @@ GNUNET_CRYPTO_eddsa_key_create () | |||
752 | BENCHMARK_START (eddsa_key_create); | 794 | BENCHMARK_START (eddsa_key_create); |
753 | 795 | ||
754 | #if CRYPTO_BUG | 796 | #if CRYPTO_BUG |
755 | again: | 797 | again: |
756 | #endif | 798 | #endif |
757 | if (0 != (rc = gcry_sexp_build (&s_keyparam, | 799 | if (0 != (rc = gcry_sexp_build (&s_keyparam, |
758 | NULL, | 800 | NULL, |
@@ -800,6 +842,7 @@ again: | |||
800 | BENCHMARK_END (eddsa_key_create); | 842 | BENCHMARK_END (eddsa_key_create); |
801 | 843 | ||
802 | return priv; | 844 | return priv; |
845 | #endif | ||
803 | } | 846 | } |
804 | 847 | ||
805 | 848 | ||
@@ -828,6 +871,7 @@ GNUNET_CRYPTO_ecdsa_key_get_anonymous () | |||
828 | } | 871 | } |
829 | 872 | ||
830 | 873 | ||
874 | #if !NEW_CRYPTO | ||
831 | /** | 875 | /** |
832 | * Convert the data specified in the given purpose argument to an | 876 | * Convert the data specified in the given purpose argument to an |
833 | * S-expression suitable for signature operations. | 877 | * S-expression suitable for signature operations. |
@@ -870,6 +914,7 @@ data_to_eddsa_value (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose) | |||
870 | #endif | 914 | #endif |
871 | return data; | 915 | return data; |
872 | } | 916 | } |
917 | #endif /* !NEW_CRYPTO */ | ||
873 | 918 | ||
874 | 919 | ||
875 | /** | 920 | /** |
@@ -988,6 +1033,22 @@ GNUNET_CRYPTO_eddsa_sign ( | |||
988 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, | 1033 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, |
989 | struct GNUNET_CRYPTO_EddsaSignature *sig) | 1034 | struct GNUNET_CRYPTO_EddsaSignature *sig) |
990 | { | 1035 | { |
1036 | |||
1037 | #if NEW_CRYPTO | ||
1038 | size_t mlen = ntohl (purpose->size); | ||
1039 | unsigned char sk[crypto_sign_SECRETKEYBYTES]; | ||
1040 | int res; | ||
1041 | |||
1042 | BENCHMARK_START (eddsa_sign); | ||
1043 | crypto_sign_sk_from_seed (sk, priv->d); | ||
1044 | res = crypto_sign_detached ((uint8_t *) sig, | ||
1045 | (uint8_t *) purpose, | ||
1046 | mlen, | ||
1047 | sk); | ||
1048 | BENCHMARK_END (eddsa_sign); | ||
1049 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; | ||
1050 | #else | ||
1051 | |||
991 | gcry_sexp_t priv_sexp; | 1052 | gcry_sexp_t priv_sexp; |
992 | gcry_sexp_t sig_sexp; | 1053 | gcry_sexp_t sig_sexp; |
993 | gcry_sexp_t data; | 1054 | gcry_sexp_t data; |
@@ -1029,6 +1090,7 @@ GNUNET_CRYPTO_eddsa_sign ( | |||
1029 | BENCHMARK_END (eddsa_sign); | 1090 | BENCHMARK_END (eddsa_sign); |
1030 | 1091 | ||
1031 | return GNUNET_OK; | 1092 | return GNUNET_OK; |
1093 | #endif | ||
1032 | } | 1094 | } |
1033 | 1095 | ||
1034 | 1096 | ||
@@ -1116,6 +1178,21 @@ GNUNET_CRYPTO_eddsa_verify ( | |||
1116 | const struct GNUNET_CRYPTO_EddsaSignature *sig, | 1178 | const struct GNUNET_CRYPTO_EddsaSignature *sig, |
1117 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub) | 1179 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub) |
1118 | { | 1180 | { |
1181 | #if NEW_CRYPTO | ||
1182 | unsigned char *m = (void *) validate; | ||
1183 | size_t mlen = ntohl (validate->size); | ||
1184 | unsigned char *s = (void *) sig; | ||
1185 | |||
1186 | int res; | ||
1187 | |||
1188 | if (purpose != ntohl (validate->purpose)) | ||
1189 | return GNUNET_SYSERR; /* purpose mismatch */ | ||
1190 | |||
1191 | BENCHMARK_START (eddsa_verify); | ||
1192 | res = crypto_sign_detached_verify (s, m, mlen, pub->q_y); | ||
1193 | BENCHMARK_END (eddsa_verify); | ||
1194 | return (res == 0) ? GNUNET_OK : GNUNET_SYSERR; | ||
1195 | #else | ||
1119 | gcry_sexp_t data; | 1196 | gcry_sexp_t data; |
1120 | gcry_sexp_t sig_sexpr; | 1197 | gcry_sexp_t sig_sexpr; |
1121 | gcry_sexp_t pub_sexpr; | 1198 | gcry_sexp_t pub_sexpr; |
@@ -1167,6 +1244,7 @@ GNUNET_CRYPTO_eddsa_verify ( | |||
1167 | } | 1244 | } |
1168 | BENCHMARK_END (eddsa_verify); | 1245 | BENCHMARK_END (eddsa_verify); |
1169 | return GNUNET_OK; | 1246 | return GNUNET_OK; |
1247 | #endif | ||
1170 | } | 1248 | } |
1171 | 1249 | ||
1172 | 1250 | ||
@@ -1183,6 +1261,12 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
1183 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, | 1261 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, |
1184 | struct GNUNET_HashCode *key_material) | 1262 | struct GNUNET_HashCode *key_material) |
1185 | { | 1263 | { |
1264 | #if NEW_CRYPTO | ||
1265 | uint8_t p[crypto_scalarmult_BYTES]; | ||
1266 | crypto_scalarmult_curve25519 (p, priv->d, pub->q_y); | ||
1267 | GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material); | ||
1268 | return GNUNET_OK; | ||
1269 | #else | ||
1186 | gcry_mpi_point_t result; | 1270 | gcry_mpi_point_t result; |
1187 | gcry_mpi_point_t q; | 1271 | gcry_mpi_point_t q; |
1188 | gcry_mpi_t d; | 1272 | gcry_mpi_t d; |
@@ -1238,6 +1322,7 @@ GNUNET_CRYPTO_ecc_ecdh (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
1238 | gcry_mpi_release (result_x); | 1322 | gcry_mpi_release (result_x); |
1239 | BENCHMARK_END (ecc_ecdh); | 1323 | BENCHMARK_END (ecc_ecdh); |
1240 | return GNUNET_OK; | 1324 | return GNUNET_OK; |
1325 | #endif | ||
1241 | } | 1326 | } |
1242 | 1327 | ||
1243 | 1328 | ||
@@ -1384,6 +1469,7 @@ GNUNET_CRYPTO_ecdsa_public_key_derive ( | |||
1384 | } | 1469 | } |
1385 | 1470 | ||
1386 | 1471 | ||
1472 | #if !NEW_CRYPTO | ||
1387 | /** | 1473 | /** |
1388 | * Reverse the sequence of the bytes in @a buffer | 1474 | * Reverse the sequence of the bytes in @a buffer |
1389 | * | 1475 | * |
@@ -1447,6 +1533,7 @@ eddsa_d_to_a (gcry_mpi_t d) | |||
1447 | GNUNET_CRYPTO_mpi_scan_unsigned (&a, digest, 32); | 1533 | GNUNET_CRYPTO_mpi_scan_unsigned (&a, digest, 32); |
1448 | return a; | 1534 | return a; |
1449 | } | 1535 | } |
1536 | #endif | ||
1450 | 1537 | ||
1451 | 1538 | ||
1452 | /** | 1539 | /** |
@@ -1503,6 +1590,16 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | |||
1503 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, | 1590 | const struct GNUNET_CRYPTO_EcdhePublicKey *pub, |
1504 | struct GNUNET_HashCode *key_material) | 1591 | struct GNUNET_HashCode *key_material) |
1505 | { | 1592 | { |
1593 | #if NEW_CRYPTO | ||
1594 | struct GNUNET_HashCode hc; | ||
1595 | uint8_t a[crypto_scalarmult_BYTES]; | ||
1596 | uint8_t p[crypto_scalarmult_BYTES]; | ||
1597 | GNUNET_CRYPTO_hash (priv, sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey), &hc); | ||
1598 | memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)); | ||
1599 | crypto_scalarmult_curve25519 (p, a, pub->q_y); | ||
1600 | GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material); | ||
1601 | return GNUNET_OK; | ||
1602 | #else | ||
1506 | gcry_mpi_point_t result; | 1603 | gcry_mpi_point_t result; |
1507 | gcry_mpi_point_t q; | 1604 | gcry_mpi_point_t q; |
1508 | gcry_mpi_t d; | 1605 | gcry_mpi_t d; |
@@ -1542,6 +1639,7 @@ GNUNET_CRYPTO_eddsa_ecdh (const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | |||
1542 | gcry_ctx_release (ctx); | 1639 | gcry_ctx_release (ctx); |
1543 | BENCHMARK_END (eddsa_ecdh); | 1640 | BENCHMARK_END (eddsa_ecdh); |
1544 | return ret; | 1641 | return ret; |
1642 | #endif | ||
1545 | } | 1643 | } |
1546 | 1644 | ||
1547 | 1645 | ||
@@ -1613,6 +1711,14 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
1613 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub, | 1711 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub, |
1614 | struct GNUNET_HashCode *key_material) | 1712 | struct GNUNET_HashCode *key_material) |
1615 | { | 1713 | { |
1714 | #if NEW_CRYPTO | ||
1715 | uint8_t p[crypto_scalarmult_BYTES]; | ||
1716 | uint8_t curve25510_pk[crypto_sign_PUBLICKEYBYTES]; | ||
1717 | crypto_sign_ed25519_pk_to_curve25519 (curve25510_pk, pub->q_y); | ||
1718 | crypto_scalarmult_curve25519 (p, priv->d, curve25510_pk); | ||
1719 | GNUNET_CRYPTO_hash (p, crypto_scalarmult_BYTES, key_material); | ||
1720 | return GNUNET_OK; | ||
1721 | #else | ||
1616 | gcry_mpi_point_t result; | 1722 | gcry_mpi_point_t result; |
1617 | gcry_mpi_point_t q; | 1723 | gcry_mpi_point_t q; |
1618 | gcry_mpi_t d; | 1724 | gcry_mpi_t d; |
@@ -1648,6 +1754,7 @@ GNUNET_CRYPTO_ecdh_eddsa (const struct GNUNET_CRYPTO_EcdhePrivateKey *priv, | |||
1648 | gcry_ctx_release (ctx); | 1754 | gcry_ctx_release (ctx); |
1649 | BENCHMARK_END (ecdh_eddsa); | 1755 | BENCHMARK_END (ecdh_eddsa); |
1650 | return ret; | 1756 | return ret; |
1757 | #endif | ||
1651 | } | 1758 | } |
1652 | 1759 | ||
1653 | 1760 | ||
diff --git a/src/util/tweetnacl-gnunet.c b/src/util/tweetnacl-gnunet.c new file mode 100644 index 000000000..b0d87c2fe --- /dev/null +++ b/src/util/tweetnacl-gnunet.c | |||
@@ -0,0 +1,530 @@ | |||
1 | /* | ||
2 | This file has been placed in the public domain. | ||
3 | |||
4 | Based on TweetNaCl version 20140427 | ||
5 | |||
6 | Originally obtained from: | ||
7 | https://tweetnacl.cr.yp.to/20140427/tweetnacl.h | ||
8 | */ | ||
9 | |||
10 | #include "platform.h" | ||
11 | #include "gnunet_crypto_lib.h" | ||
12 | #include "tweetnacl-gnunet.h" | ||
13 | #define FOR(i,n) for (i = 0; i < n; ++i) | ||
14 | #define sv static void | ||
15 | |||
16 | typedef uint8_t u8; | ||
17 | typedef uint32_t u32; | ||
18 | typedef uint64_t u64; | ||
19 | typedef int64_t i64; | ||
20 | typedef i64 gf[16]; | ||
21 | |||
22 | static void randombytes (u8 *data,u64 len) | ||
23 | { | ||
24 | GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, data, len); | ||
25 | } | ||
26 | |||
27 | static const u8 _9[32] = {9}; | ||
28 | static const gf | ||
29 | gf0, | ||
30 | gf1 = {1}, | ||
31 | _121665 = {0xDB41,1}, | ||
32 | D = {0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, | ||
33 | 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203}, | ||
34 | D2 = {0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, | ||
35 | 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406}, | ||
36 | X = {0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, | ||
37 | 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169}, | ||
38 | Y = {0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, | ||
39 | 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666}, | ||
40 | I = {0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, | ||
41 | 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83}; | ||
42 | |||
43 | static int vn (const u8 *x,const u8 *y,int n) | ||
44 | { | ||
45 | u32 i,d = 0; | ||
46 | FOR (i,n) d |= x[i] ^ y[i]; | ||
47 | return (1 & ((d - 1) >> 8)) - 1; | ||
48 | } | ||
49 | |||
50 | int crypto_verify_16 (const u8 *x,const u8 *y) | ||
51 | { | ||
52 | return vn (x,y,16); | ||
53 | } | ||
54 | |||
55 | int crypto_verify_32 (const u8 *x,const u8 *y) | ||
56 | { | ||
57 | return vn (x,y,32); | ||
58 | } | ||
59 | |||
60 | sv set25519 (gf r, const gf a) | ||
61 | { | ||
62 | int i; | ||
63 | FOR (i,16) r[i] = a[i]; | ||
64 | } | ||
65 | |||
66 | sv car25519 (gf o) | ||
67 | { | ||
68 | int i; | ||
69 | i64 c; | ||
70 | FOR (i,16) { | ||
71 | o[i] += (1LL << 16); | ||
72 | c = o[i] >> 16; | ||
73 | o[(i + 1) * (i<15)] += c - 1 + 37 * (c - 1) * (i==15); | ||
74 | o[i] -= c << 16; | ||
75 | } | ||
76 | } | ||
77 | |||
78 | sv sel25519 (gf p,gf q,int b) | ||
79 | { | ||
80 | i64 t,i,c = ~(b - 1); | ||
81 | FOR (i,16) { | ||
82 | t = c & (p[i] ^ q[i]); | ||
83 | p[i] ^= t; | ||
84 | q[i] ^= t; | ||
85 | } | ||
86 | } | ||
87 | |||
88 | sv pack25519 (u8 *o,const gf n) | ||
89 | { | ||
90 | int i,j,b; | ||
91 | gf m,t; | ||
92 | FOR (i,16) t[i] = n[i]; | ||
93 | car25519 (t); | ||
94 | car25519 (t); | ||
95 | car25519 (t); | ||
96 | FOR (j,2) { | ||
97 | m[0] = t[0] - 0xffed; | ||
98 | for (i = 1; i<15; i++) { | ||
99 | m[i] = t[i] - 0xffff - ((m[i - 1] >> 16) & 1); | ||
100 | m[i - 1] &= 0xffff; | ||
101 | } | ||
102 | m[15] = t[15] - 0x7fff - ((m[14] >> 16) & 1); | ||
103 | b = (m[15] >> 16) & 1; | ||
104 | m[14] &= 0xffff; | ||
105 | sel25519 (t,m,1 - b); | ||
106 | } | ||
107 | FOR (i,16) { | ||
108 | o[2 * i] = t[i] & 0xff; | ||
109 | o[2 * i + 1] = t[i] >> 8; | ||
110 | } | ||
111 | } | ||
112 | |||
113 | static int neq25519 (const gf a, const gf b) | ||
114 | { | ||
115 | u8 c[32],d[32]; | ||
116 | pack25519 (c,a); | ||
117 | pack25519 (d,b); | ||
118 | return crypto_verify_32 (c,d); | ||
119 | } | ||
120 | |||
121 | static u8 par25519 (const gf a) | ||
122 | { | ||
123 | u8 d[32]; | ||
124 | pack25519 (d,a); | ||
125 | return d[0] & 1; | ||
126 | } | ||
127 | |||
128 | sv unpack25519 (gf o, const u8 *n) | ||
129 | { | ||
130 | int i; | ||
131 | FOR (i,16) o[i] = n[2 * i] + ((i64) n[2 * i + 1] << 8); | ||
132 | o[15] &= 0x7fff; | ||
133 | } | ||
134 | |||
135 | sv A (gf o,const gf a,const gf b) | ||
136 | { | ||
137 | int i; | ||
138 | FOR (i,16) o[i] = a[i] + b[i]; | ||
139 | } | ||
140 | |||
141 | sv Z (gf o,const gf a,const gf b) | ||
142 | { | ||
143 | int i; | ||
144 | FOR (i,16) o[i] = a[i] - b[i]; | ||
145 | } | ||
146 | |||
147 | sv M (gf o,const gf a,const gf b) | ||
148 | { | ||
149 | i64 i,j,t[31]; | ||
150 | FOR (i,31) t[i] = 0; | ||
151 | FOR (i,16) FOR (j,16) t[i + j] += a[i] * b[j]; | ||
152 | FOR (i,15) t[i] += 38 * t[i + 16]; | ||
153 | FOR (i,16) o[i] = t[i]; | ||
154 | car25519 (o); | ||
155 | car25519 (o); | ||
156 | } | ||
157 | |||
158 | sv S (gf o,const gf a) | ||
159 | { | ||
160 | M (o,a,a); | ||
161 | } | ||
162 | |||
163 | sv inv25519 (gf o,const gf i) | ||
164 | { | ||
165 | gf c; | ||
166 | int a; | ||
167 | FOR (a,16) c[a] = i[a]; | ||
168 | for (a = 253; a>=0; a--) { | ||
169 | S (c,c); | ||
170 | if ((a!=2)&&(a!=4)) | ||
171 | M (c,c,i); | ||
172 | } | ||
173 | FOR (a,16) o[a] = c[a]; | ||
174 | } | ||
175 | |||
176 | sv pow2523 (gf o,const gf i) | ||
177 | { | ||
178 | gf c; | ||
179 | int a; | ||
180 | FOR (a,16) c[a] = i[a]; | ||
181 | for (a = 250; a>=0; a--) { | ||
182 | S (c,c); | ||
183 | if (a!=1) | ||
184 | M (c,c,i); | ||
185 | } | ||
186 | FOR (a,16) o[a] = c[a]; | ||
187 | } | ||
188 | |||
189 | int crypto_scalarmult (u8 *q,const u8 *n,const u8 *p) | ||
190 | { | ||
191 | u8 z[32]; | ||
192 | i64 x[80],r,i; | ||
193 | gf a,b,c,d,e,f; | ||
194 | FOR (i,31) z[i] = n[i]; | ||
195 | z[31] = (n[31] & 127) | 64; | ||
196 | z[0] &= 248; | ||
197 | unpack25519 (x,p); | ||
198 | FOR (i,16) { | ||
199 | b[i] = x[i]; | ||
200 | d[i] = a[i] = c[i] = 0; | ||
201 | } | ||
202 | a[0] = d[0] = 1; | ||
203 | for (i = 254; i>=0; --i) { | ||
204 | r = (z[i >> 3] >> (i & 7)) & 1; | ||
205 | sel25519 (a,b,r); | ||
206 | sel25519 (c,d,r); | ||
207 | A (e,a,c); | ||
208 | Z (a,a,c); | ||
209 | A (c,b,d); | ||
210 | Z (b,b,d); | ||
211 | S (d,e); | ||
212 | S (f,a); | ||
213 | M (a,c,a); | ||
214 | M (c,b,e); | ||
215 | A (e,a,c); | ||
216 | Z (a,a,c); | ||
217 | S (b,a); | ||
218 | Z (c,d,f); | ||
219 | M (a,c,_121665); | ||
220 | A (a,a,d); | ||
221 | M (c,c,a); | ||
222 | M (a,d,f); | ||
223 | M (d,b,x); | ||
224 | S (b,e); | ||
225 | sel25519 (a,b,r); | ||
226 | sel25519 (c,d,r); | ||
227 | } | ||
228 | FOR (i,16) { | ||
229 | x[i + 16] = a[i]; | ||
230 | x[i + 32] = c[i]; | ||
231 | x[i + 48] = b[i]; | ||
232 | x[i + 64] = d[i]; | ||
233 | } | ||
234 | inv25519 (x + 32,x + 32); | ||
235 | M (x + 16,x + 16,x + 32); | ||
236 | pack25519 (q,x + 16); | ||
237 | return 0; | ||
238 | } | ||
239 | |||
240 | int crypto_scalarmult_base (u8 *q,const u8 *n) | ||
241 | { | ||
242 | return crypto_scalarmult (q,n,_9); | ||
243 | } | ||
244 | |||
245 | int crypto_box_keypair (u8 *y,u8 *x) | ||
246 | { | ||
247 | randombytes (x,32); | ||
248 | return crypto_scalarmult_base (y,x); | ||
249 | } | ||
250 | |||
251 | int crypto_hash (u8 *out,const u8 *m,u64 n) | ||
252 | { | ||
253 | struct GNUNET_HashCode *hc = (void *) out; | ||
254 | GNUNET_CRYPTO_hash (m, n, hc); | ||
255 | return 0; | ||
256 | } | ||
257 | |||
258 | sv add (gf p[4],gf q[4]) | ||
259 | { | ||
260 | gf a,b,c,d,t,e,f,g,h; | ||
261 | |||
262 | Z (a, p[1], p[0]); | ||
263 | Z (t, q[1], q[0]); | ||
264 | M (a, a, t); | ||
265 | A (b, p[0], p[1]); | ||
266 | A (t, q[0], q[1]); | ||
267 | M (b, b, t); | ||
268 | M (c, p[3], q[3]); | ||
269 | M (c, c, D2); | ||
270 | M (d, p[2], q[2]); | ||
271 | A (d, d, d); | ||
272 | Z (e, b, a); | ||
273 | Z (f, d, c); | ||
274 | A (g, d, c); | ||
275 | A (h, b, a); | ||
276 | |||
277 | M (p[0], e, f); | ||
278 | M (p[1], h, g); | ||
279 | M (p[2], g, f); | ||
280 | M (p[3], e, h); | ||
281 | } | ||
282 | |||
283 | sv cswap (gf p[4],gf q[4],u8 b) | ||
284 | { | ||
285 | int i; | ||
286 | FOR (i,4) | ||
287 | sel25519 (p[i],q[i],b); | ||
288 | } | ||
289 | |||
290 | sv pack (u8 *r,gf p[4]) | ||
291 | { | ||
292 | gf tx, ty, zi; | ||
293 | inv25519 (zi, p[2]); | ||
294 | M (tx, p[0], zi); | ||
295 | M (ty, p[1], zi); | ||
296 | pack25519 (r, ty); | ||
297 | r[31] ^= par25519 (tx) << 7; | ||
298 | } | ||
299 | |||
300 | sv scalarmult (gf p[4],gf q[4],const u8 *s) | ||
301 | { | ||
302 | int i; | ||
303 | set25519 (p[0],gf0); | ||
304 | set25519 (p[1],gf1); | ||
305 | set25519 (p[2],gf1); | ||
306 | set25519 (p[3],gf0); | ||
307 | for (i = 255; i >= 0; --i) { | ||
308 | u8 b = (s[i / 8] >> (i & 7)) & 1; | ||
309 | cswap (p,q,b); | ||
310 | add (q,p); | ||
311 | add (p,p); | ||
312 | cswap (p,q,b); | ||
313 | } | ||
314 | } | ||
315 | |||
316 | sv scalarbase (gf p[4],const u8 *s) | ||
317 | { | ||
318 | gf q[4]; | ||
319 | set25519 (q[0],X); | ||
320 | set25519 (q[1],Y); | ||
321 | set25519 (q[2],gf1); | ||
322 | M (q[3],X,Y); | ||
323 | scalarmult (p,q,s); | ||
324 | } | ||
325 | |||
326 | static const u64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, | ||
327 | 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, | ||
328 | 0, 0, 0, 0, 0, 0, 0, 0, | ||
329 | 0, 0, 0, 0x10}; | ||
330 | |||
331 | sv modL (u8 *r,i64 x[64]) | ||
332 | { | ||
333 | i64 carry,i,j; | ||
334 | for (i = 63; i >= 32; --i) { | ||
335 | carry = 0; | ||
336 | for (j = i - 32; j < i - 12; ++j) { | ||
337 | x[j] += carry - 16 * x[i] * L[j - (i - 32)]; | ||
338 | carry = (x[j] + 128) >> 8; | ||
339 | x[j] -= carry << 8; | ||
340 | } | ||
341 | x[j] += carry; | ||
342 | x[i] = 0; | ||
343 | } | ||
344 | carry = 0; | ||
345 | FOR (j,32) { | ||
346 | x[j] += carry - (x[31] >> 4) * L[j]; | ||
347 | carry = x[j] >> 8; | ||
348 | x[j] &= 255; | ||
349 | } | ||
350 | FOR (j,32) x[j] -= carry * L[j]; | ||
351 | FOR (i,32) { | ||
352 | x[i + 1] += x[i] >> 8; | ||
353 | r[i] = x[i] & 255; | ||
354 | } | ||
355 | } | ||
356 | |||
357 | sv reduce (u8 *r) | ||
358 | { | ||
359 | i64 x[64],i; | ||
360 | FOR (i,64) x[i] = (u64) r[i]; | ||
361 | FOR (i,64) r[i] = 0; | ||
362 | modL (r,x); | ||
363 | } | ||
364 | |||
365 | static int unpackneg (gf r[4],const u8 p[32]) | ||
366 | { | ||
367 | gf t, chk, num, den, den2, den4, den6; | ||
368 | set25519 (r[2],gf1); | ||
369 | unpack25519 (r[1],p); | ||
370 | S (num,r[1]); | ||
371 | M (den,num,D); | ||
372 | Z (num,num,r[2]); | ||
373 | A (den,r[2],den); | ||
374 | |||
375 | S (den2,den); | ||
376 | S (den4,den2); | ||
377 | M (den6,den4,den2); | ||
378 | M (t,den6,num); | ||
379 | M (t,t,den); | ||
380 | |||
381 | pow2523 (t,t); | ||
382 | M (t,t,num); | ||
383 | M (t,t,den); | ||
384 | M (t,t,den); | ||
385 | M (r[0],t,den); | ||
386 | |||
387 | S (chk,r[0]); | ||
388 | M (chk,chk,den); | ||
389 | if (neq25519 (chk, num)) | ||
390 | M (r[0],r[0],I); | ||
391 | |||
392 | S (chk,r[0]); | ||
393 | M (chk,chk,den); | ||
394 | if (neq25519 (chk, num)) | ||
395 | return -1; | ||
396 | |||
397 | if (par25519 (r[0]) == (p[31] >> 7)) | ||
398 | Z (r[0],gf0,r[0]); | ||
399 | |||
400 | M (r[3],r[0],r[1]); | ||
401 | return 0; | ||
402 | } | ||
403 | |||
404 | /* The following functions have been added for GNUnet */ | ||
405 | |||
406 | void | ||
407 | crypto_sign_pk_from_seed (u8 *pk, const u8 *seed) | ||
408 | { | ||
409 | u8 d[64]; | ||
410 | gf p[4]; | ||
411 | |||
412 | crypto_hash (d, seed, 32); | ||
413 | d[0] &= 248; | ||
414 | d[31] &= 127; | ||
415 | d[31] |= 64; | ||
416 | |||
417 | scalarbase (p,d); | ||
418 | pack (pk,p); | ||
419 | } | ||
420 | |||
421 | void | ||
422 | crypto_sign_sk_from_seed (u8 *sk, const u8 *seed) | ||
423 | { | ||
424 | u8 d[64]; | ||
425 | gf p[4]; | ||
426 | u8 pk[32]; | ||
427 | int i; | ||
428 | |||
429 | crypto_hash (d, seed, 32); | ||
430 | d[0] &= 248; | ||
431 | d[31] &= 127; | ||
432 | d[31] |= 64; | ||
433 | |||
434 | scalarbase (p,d); | ||
435 | pack (pk,p); | ||
436 | |||
437 | FOR (i,32) sk[i] = seed[i]; | ||
438 | FOR (i,32) sk[32 + i] = pk[i]; | ||
439 | } | ||
440 | |||
441 | |||
442 | int | ||
443 | crypto_sign_ed25519_pk_to_curve25519 (u8 *x25519_pk, const u8 *ed25519_pk) | ||
444 | { | ||
445 | gf ge_a[4]; | ||
446 | gf x; | ||
447 | gf one_minus_y; | ||
448 | |||
449 | if (0 != unpackneg (ge_a, ed25519_pk)) | ||
450 | return -1; | ||
451 | |||
452 | set25519 (one_minus_y, gf1); | ||
453 | Z (one_minus_y, one_minus_y, ge_a[1]); | ||
454 | |||
455 | set25519 (x, gf1); | ||
456 | A (x, x, ge_a[1]); | ||
457 | |||
458 | inv25519 (one_minus_y, one_minus_y); | ||
459 | M (x, x, one_minus_y); | ||
460 | pack25519 (x25519_pk, x); | ||
461 | |||
462 | return 0; | ||
463 | } | ||
464 | |||
465 | |||
466 | int crypto_sign_detached_verify (const u8 *sig,const u8 *m,u64 n,const u8 *pk) | ||
467 | { | ||
468 | struct GNUNET_HashContext *hc; | ||
469 | u8 t[32],h[64]; | ||
470 | gf p[4],q[4]; | ||
471 | |||
472 | if (unpackneg (q,pk)) | ||
473 | return -1; | ||
474 | |||
475 | hc = GNUNET_CRYPTO_hash_context_start (); | ||
476 | GNUNET_CRYPTO_hash_context_read (hc, sig, 32); | ||
477 | GNUNET_CRYPTO_hash_context_read (hc, pk, 32); | ||
478 | GNUNET_CRYPTO_hash_context_read (hc, m, n); | ||
479 | GNUNET_CRYPTO_hash_context_finish (hc, (void *) h); | ||
480 | |||
481 | reduce (h); | ||
482 | scalarmult (p,q,h); | ||
483 | |||
484 | scalarbase (q,sig+32); | ||
485 | add (p,q); | ||
486 | pack (t,p); | ||
487 | |||
488 | if (crypto_verify_32 (sig, t)) | ||
489 | return -1; | ||
490 | return 0; | ||
491 | } | ||
492 | |||
493 | |||
494 | int | ||
495 | crypto_sign_detached (u8 *sig,const u8 *m,u64 n,const u8 *sk) | ||
496 | { | ||
497 | struct GNUNET_HashContext *hc; | ||
498 | u8 d[64],h[64],r[64]; | ||
499 | i64 i,j,x[64]; | ||
500 | gf p[4]; | ||
501 | |||
502 | crypto_hash (d, sk, 32); | ||
503 | d[0] &= 248; | ||
504 | d[31] &= 127; | ||
505 | d[31] |= 64; | ||
506 | |||
507 | hc = GNUNET_CRYPTO_hash_context_start (); | ||
508 | GNUNET_CRYPTO_hash_context_read (hc, d + 32, 32); | ||
509 | GNUNET_CRYPTO_hash_context_read (hc, m, n); | ||
510 | GNUNET_CRYPTO_hash_context_finish (hc, (void *) r); | ||
511 | |||
512 | reduce (r); | ||
513 | scalarbase (p,r); | ||
514 | pack (sig,p); | ||
515 | |||
516 | hc = GNUNET_CRYPTO_hash_context_start (); | ||
517 | GNUNET_CRYPTO_hash_context_read (hc, sig, 32); | ||
518 | GNUNET_CRYPTO_hash_context_read (hc, sk + 32, 32); | ||
519 | GNUNET_CRYPTO_hash_context_read (hc, m, n); | ||
520 | GNUNET_CRYPTO_hash_context_finish (hc, (void *) h); | ||
521 | |||
522 | reduce (h); | ||
523 | |||
524 | FOR (i,64) x[i] = 0; | ||
525 | FOR (i,32) x[i] = (u64) r[i]; | ||
526 | FOR (i,32) FOR (j,32) x[i + j] += h[i] * (u64) d[j]; | ||
527 | modL (sig + 32,x); | ||
528 | |||
529 | return 0; | ||
530 | } | ||
diff --git a/src/util/tweetnacl-gnunet.h b/src/util/tweetnacl-gnunet.h new file mode 100644 index 000000000..776e0d355 --- /dev/null +++ b/src/util/tweetnacl-gnunet.h | |||
@@ -0,0 +1,85 @@ | |||
1 | /* | ||
2 | This file has been placed in the public domain. | ||
3 | |||
4 | Based on TweetNaCl version 20140427 | ||
5 | |||
6 | Originally obtained from: | ||
7 | https://tweetnacl.cr.yp.to/20140427/tweetnacl.h | ||
8 | */ | ||
9 | |||
10 | |||
11 | #ifndef TWEETNACL_H | ||
12 | #define TWEETNACL_H | ||
13 | #include <stdint.h> | ||
14 | #define crypto_scalarmult_PRIMITIVE "curve25519" | ||
15 | #define crypto_scalarmult crypto_scalarmult_curve25519 | ||
16 | #define crypto_scalarmult_base crypto_scalarmult_curve25519_base | ||
17 | #define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES | ||
18 | #define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES | ||
19 | #define crypto_scalarmult_IMPLEMENTATION \ | ||
20 | crypto_scalarmult_curve25519_IMPLEMENTATION | ||
21 | #define crypto_scalarmult_VERSION crypto_scalarmult_curve25519_VERSION | ||
22 | #define crypto_scalarmult_curve25519_tweet_BYTES 32 | ||
23 | #define crypto_scalarmult_curve25519_tweet_SCALARBYTES 32 | ||
24 | extern int crypto_scalarmult_curve25519_tweet (uint8_t *, | ||
25 | const uint8_t *, | ||
26 | const uint8_t *); | ||
27 | extern int crypto_scalarmult_curve25519_tweet_base (uint8_t *, | ||
28 | const uint8_t *); | ||
29 | #define crypto_scalarmult_curve25519_tweet_VERSION "-" | ||
30 | #define crypto_scalarmult_curve25519 crypto_scalarmult_curve25519_tweet | ||
31 | #define crypto_scalarmult_curve25519_base \ | ||
32 | crypto_scalarmult_curve25519_tweet_base | ||
33 | #define crypto_scalarmult_curve25519_BYTES \ | ||
34 | crypto_scalarmult_curve25519_tweet_BYTES | ||
35 | #define crypto_scalarmult_curve25519_SCALARBYTES \ | ||
36 | crypto_scalarmult_curve25519_tweet_SCALARBYTES | ||
37 | #define crypto_scalarmult_curve25519_VERSION \ | ||
38 | crypto_scalarmult_curve25519_tweet_VERSION | ||
39 | #define crypto_scalarmult_curve25519_IMPLEMENTATION \ | ||
40 | "crypto_scalarmult/curve25519/tweet" | ||
41 | #define crypto_sign_PRIMITIVE "ed25519" | ||
42 | #define crypto_sign crypto_sign_ed25519 | ||
43 | #define crypto_sign_BYTES crypto_sign_ed25519_BYTES | ||
44 | #define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES | ||
45 | #define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES | ||
46 | #define crypto_sign_IMPLEMENTATION crypto_sign_ed25519_IMPLEMENTATION | ||
47 | #define crypto_sign_VERSION crypto_sign_ed25519_VERSION | ||
48 | #define crypto_sign_ed25519_tweet_BYTES 64 | ||
49 | #define crypto_sign_ed25519_tweet_PUBLICKEYBYTES 32 | ||
50 | #define crypto_sign_ed25519_tweet_SECRETKEYBYTES 64 | ||
51 | extern int crypto_sign_ed25519_tweet (uint8_t *, | ||
52 | uint64_t *, | ||
53 | const uint8_t *, | ||
54 | uint64_t, | ||
55 | const uint8_t *); | ||
56 | extern int crypto_sign_ed25519_tweet_open (uint8_t *, | ||
57 | uint64_t *, | ||
58 | const uint8_t *, | ||
59 | uint64_t, | ||
60 | const uint8_t *); | ||
61 | extern int crypto_sign_ed25519_tweet_keypair (uint8_t *,uint8_t *); | ||
62 | #define crypto_sign_ed25519_tweet_VERSION "-" | ||
63 | #define crypto_sign_ed25519 crypto_sign_ed25519_tweet | ||
64 | #define crypto_sign_ed25519_open crypto_sign_ed25519_tweet_open | ||
65 | #define crypto_sign_ed25519_keypair crypto_sign_ed25519_tweet_keypair | ||
66 | #define crypto_sign_ed25519_BYTES crypto_sign_ed25519_tweet_BYTES | ||
67 | #define crypto_sign_ed25519_PUBLICKEYBYTES \ | ||
68 | crypto_sign_ed25519_tweet_PUBLICKEYBYTES | ||
69 | #define crypto_sign_ed25519_SECRETKEYBYTES \ | ||
70 | crypto_sign_ed25519_tweet_SECRETKEYBYTES | ||
71 | #define crypto_sign_ed25519_VERSION crypto_sign_ed25519_tweet_VERSION | ||
72 | #define crypto_sign_ed25519_IMPLEMENTATION "crypto_sign/ed25519/tweet" | ||
73 | void crypto_sign_pk_from_seed (uint8_t *pk, const uint8_t *seed); | ||
74 | void crypto_sign_sk_from_seed (uint8_t *sk, const uint8_t *seed); | ||
75 | int crypto_sign_ed25519_pk_to_curve25519 (uint8_t *x25519_pk, | ||
76 | const uint8_t *ed25519_pk); | ||
77 | int crypto_sign_detached_verify (const uint8_t *sig, | ||
78 | const uint8_t *m, | ||
79 | uint64_t n, | ||
80 | const uint8_t *pk); | ||
81 | int crypto_sign_detached (uint8_t *sig, | ||
82 | const uint8_t *m, | ||
83 | uint64_t n, | ||
84 | const uint8_t *sk); | ||
85 | #endif | ||