1 #include "crypto_sign.h"
3 #include "crypto_verify_32.h"
4 #include "crypto_hash_sha512.h"
5 #include "randombytes.h"
9 static void get_hram(unsigned char *hram
, const unsigned char *sm
, const unsigned char *pk
, unsigned char *playground
, unsigned long long smlen
)
13 for (i
= 0;i
< 32;++i
) playground
[i
] = sm
[i
];
14 for (i
= 32;i
< 64;++i
) playground
[i
] = pk
[i
-32];
15 for (i
= 64;i
< smlen
;++i
) playground
[i
] = sm
[i
];
17 crypto_hash_sha512(hram
,playground
,smlen
);
21 int crypto_sign_keypair(
28 unsigned char extsk
[64];
32 crypto_hash_sha512(extsk
, sk
, 32);
37 sc25519_from32bytes(&scsk
,extsk
);
39 ge25519_scalarmult_base(&gepk
, &scsk
);
40 ge25519_pack(pk
, &gepk
);
47 unsigned char *sm
,unsigned long long *smlen
,
48 const unsigned char *m
,unsigned long long mlen
,
49 const unsigned char *sk
52 sc25519 sck
, scs
, scsk
;
56 unsigned char extsk
[64];
58 unsigned char hmg
[crypto_hash_sha512_BYTES
];
59 unsigned char hram
[crypto_hash_sha512_BYTES
];
61 crypto_hash_sha512(extsk
, sk
, 32);
70 sm
[32 + i
] = extsk
[32+i
];
72 crypto_hash_sha512(hmg
, sm
+32, mlen
+32); /* Generate k as h(extsk[32],...,extsk[63],m) */
74 /* Computation of R */
75 sc25519_from64bytes(&sck
, hmg
);
76 ge25519_scalarmult_base(&ger
, &sck
);
77 ge25519_pack(r
, &ger
);
79 /* Computation of s */
83 get_hram(hram
, sm
, sk
+32, sm
, mlen
+64);
85 sc25519_from64bytes(&scs
, hram
);
86 sc25519_from32bytes(&scsk
, extsk
);
87 sc25519_mul(&scs
, &scs
, &scsk
);
89 sc25519_add(&scs
, &scs
, &sck
);
91 sc25519_to32bytes(s
,&scs
); /* cat s */
99 unsigned char *m
,unsigned long long *mlen
,
100 const unsigned char *sm
,unsigned long long smlen
,
101 const unsigned char *pk
105 unsigned char t2
[32];
108 unsigned char hram
[crypto_hash_sha512_BYTES
];
110 if (ge25519_unpackneg_vartime(&get1
, pk
)) return -1;
112 get_hram(hram
,sm
,pk
,m
,smlen
);
114 sc25519_from64bytes(&schram
, hram
);
116 sc25519_from32bytes(&scs
, sm
+32);
118 ge25519_double_scalarmult_vartime(&get2
, &get1
, &schram
, &ge25519_base
, &scs
);
119 ge25519_pack(t2
, &get2
);
121 ret
= crypto_verify_32(sm
, t2
);
125 for(i
=0;i
<smlen
-64;i
++)
131 for(i
=0;i
<smlen
-64;i
++)
133 *mlen
= (unsigned long long) -1;