release/src/router/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sign.c

   1
   2 #include <string.h>
   3
   4 #include "crypto_hash_sha512.h"
   5 #include "crypto_sign_ed25519.h"
   6 #include "utils.h"
   7 #include "private/curve25519_ref10.h"
   8
   9 int
  10 crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p,
  11                              const unsigned char *m, unsigned long long mlen,
  12                              const unsigned char *sk)
  13 {
  14     crypto_hash_sha512_state hs;
  15     unsigned char az[64];
  16     unsigned char nonce[64];
  17     unsigned char hram[64];
  18     ge_p3 R;
  19
  20     crypto_hash_sha512(az, sk, 32);
  21     az[0] &= 248;
  22     az[31] &= 63;
  23     az[31] |= 64;
  24
  25     crypto_hash_sha512_init(&hs);
  26     crypto_hash_sha512_update(&hs, az + 32, 32);
  27     crypto_hash_sha512_update(&hs, m, mlen);
  28     crypto_hash_sha512_final(&hs, nonce);
  29
  30     memmove(sig + 32, sk + 32, 32);
  31
  32     sc_reduce(nonce);
  33     ge_scalarmult_base(&R, nonce);
  34     ge_p3_tobytes(sig, &R);
  35
  36     crypto_hash_sha512_init(&hs);
  37     crypto_hash_sha512_update(&hs, sig, 64);
  38     crypto_hash_sha512_update(&hs, m, mlen);
  39     crypto_hash_sha512_final(&hs, hram);
  40
  41     sc_reduce(hram);
  42     sc_muladd(sig + 32, hram, az, nonce);
  43
  44     sodium_memzero(az, sizeof az);
  45
  46     if (siglen_p != NULL) {
  47         *siglen_p = 64U;
  48     }
  49     return 0;
  50 }
  51
  52 int
  53 crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p,
  54                     const unsigned char *m, unsigned long long mlen,
  55                     const unsigned char *sk)
  56 {
  57     unsigned long long siglen;
  58
  59     memmove(sm + crypto_sign_ed25519_BYTES, m, mlen);
  60 /* LCOV_EXCL_START */
  61     if (crypto_sign_ed25519_detached(sm, &siglen,
  62                                      sm + crypto_sign_ed25519_BYTES,
  63                                      mlen, sk) != 0 ||
  64         siglen != crypto_sign_ed25519_BYTES) {
  65         if (smlen_p != NULL) {
  66             *smlen_p = 0;
  67         }
  68         memset(sm, 0, mlen + crypto_sign_ed25519_BYTES);
  69         return -1;
  70     }
  71 /* LCOV_EXCL_STOP */
  72
  73     if (smlen_p != NULL) {
  74         *smlen_p = mlen + siglen;
  75     }
  76     return 0;
  77 }