diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2017-04-05 16:09:57 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-05-30 20:38:19 +0100 |
commit | d4d001df371f2ccd13eee7f9d7f4c6594a080168 (patch) | |
tree | b1ffc906785628cb6f3498a8af6f26d849ef0aea /crypto | |
parent | 06c6d05faea05ced44a580c5a2f8bf38a4f3017a (diff) |
Make Ed25519 consistent with X25519
Rename and change ED25519_keypair_from_seed to ED25519_public_from_private
to be consistent with X25519 API.
Modidy ED25519_sign to take separate public key argument instead of
requiring it to follow the private key.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3503)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/ec/curve25519.c | 22 | ||||
-rw-r--r-- | crypto/ec/ec_lcl.h | 8 |
2 files changed, 9 insertions, 21 deletions
diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index a8b664ec26..72580334ff 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -4590,15 +4590,9 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, s[30] = s11 >> 9; s[31] = s11 >> 17; } -#if 0 -void ED25519_keypair(uint8_t out_public_key[32], uint8_t out_private_key[64]) { - uint8_t seed[32]; - RAND_bytes(seed, 32); - ED25519_keypair_from_seed(out_public_key, out_private_key, seed); -} -#endif + int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t private_key[64]) { + const uint8_t public_key[32], const uint8_t private_key[32]) { uint8_t az[SHA512_DIGEST_LENGTH]; uint8_t nonce[SHA512_DIGEST_LENGTH]; ge_p3 R; @@ -4622,7 +4616,7 @@ int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, SHA512_Init(&hash_ctx); SHA512_Update(&hash_ctx, out_sig, 32); - SHA512_Update(&hash_ctx, private_key + 32, 32); + SHA512_Update(&hash_ctx, public_key, 32); SHA512_Update(&hash_ctx, message, message_len); SHA512_Final(hram, &hash_ctx); @@ -4670,13 +4664,12 @@ int ED25519_verify(const uint8_t *message, size_t message_len, return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0; } -void ED25519_keypair_from_seed(uint8_t out_public_key[32], - uint8_t out_private_key[64], - const uint8_t seed[32]) { +void ED25519_public_from_private(uint8_t out_public_key[32], + const uint8_t private_key[32]) { uint8_t az[SHA512_DIGEST_LENGTH]; ge_p3 A; - SHA512(seed, 32, az); + SHA512(private_key, 32, az); az[0] &= 248; az[31] &= 63; @@ -4684,9 +4677,6 @@ void ED25519_keypair_from_seed(uint8_t out_public_key[32], ge_scalarmult_base(&A, az); ge_p3_tobytes(out_public_key, &A); - - memcpy(out_private_key, seed, 32); - memcpy(out_private_key + 32, out_public_key, 32); } int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 7d2c27c9f3..10c0ac140f 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -608,14 +608,12 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, EC_KEY *eckey); -void ED25519_keypair(uint8_t out_public_key[32], uint8_t out_private_key[64]); int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t private_key[64]); + const uint8_t public_key[32], const uint8_t private_key[32]); int ED25519_verify(const uint8_t *message, size_t message_len, const uint8_t signature[64], const uint8_t public_key[32]); -void ED25519_keypair_from_seed(uint8_t out_public_key[32], - uint8_t out_private_key[64], - const uint8_t seed[32]); +void ED25519_public_from_private(uint8_t out_public_key[32], + const uint8_t private_key[32]); int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], const uint8_t peer_public_value[32]); |