4 #include "crypto_hash_sha512.h"
5 #include "crypto_sign_ed25519.h"
7 #include "private/curve25519_ref10.h"
10 crypto_sign_ed25519_detached(unsigned char *sig
, unsigned long long *siglen_p
,
11 const unsigned char *m
, unsigned long long mlen
,
12 const unsigned char *sk
)
14 crypto_hash_sha512_state hs
;
16 unsigned char nonce
[64];
17 unsigned char hram
[64];
20 crypto_hash_sha512(az
, sk
, 32);
25 crypto_hash_sha512_init(&hs
);
26 crypto_hash_sha512_update(&hs
, az
+ 32, 32);
27 crypto_hash_sha512_update(&hs
, m
, mlen
);
28 crypto_hash_sha512_final(&hs
, nonce
);
30 memmove(sig
+ 32, sk
+ 32, 32);
33 ge_scalarmult_base(&R
, nonce
);
34 ge_p3_tobytes(sig
, &R
);
36 crypto_hash_sha512_init(&hs
);
37 crypto_hash_sha512_update(&hs
, sig
, 64);
38 crypto_hash_sha512_update(&hs
, m
, mlen
);
39 crypto_hash_sha512_final(&hs
, hram
);
42 sc_muladd(sig
+ 32, hram
, az
, nonce
);
44 sodium_memzero(az
, sizeof az
);
46 if (siglen_p
!= NULL
) {
53 crypto_sign_ed25519(unsigned char *sm
, unsigned long long *smlen_p
,
54 const unsigned char *m
, unsigned long long mlen
,
55 const unsigned char *sk
)
57 unsigned long long siglen
;
59 memmove(sm
+ crypto_sign_ed25519_BYTES
, m
, mlen
);
61 if (crypto_sign_ed25519_detached(sm
, &siglen
,
62 sm
+ crypto_sign_ed25519_BYTES
,
64 siglen
!= crypto_sign_ed25519_BYTES
) {
65 if (smlen_p
!= NULL
) {
68 memset(sm
, 0, mlen
+ crypto_sign_ed25519_BYTES
);
73 if (smlen_p
!= NULL
) {
74 *smlen_p
= mlen
+ siglen
;