diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2019-12-30 22:43:48 +0100 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2019-12-30 22:43:48 +0100 |
| commit | 1a85646bdb96855b261280bcf814c01e2b8d462d (patch) | |
| tree | 3ba0bc867c0ec488863dcb5bf234f86b6db9004f /eddsa-internal.h | |
| parent | d1d7d737457eaba5b51a98457cac06982638a8fd (diff) | |
| download | nettle-1a85646bdb96855b261280bcf814c01e2b8d462d.tar.gz | |
Reorganize eddsa, based on patch by Daiki Ueno.
* eddsa-internal.h (struct ecc_eddsa): New struct for eddsa
parameters.
* ed25519-sha512.c (_nettle_ed25519_sha512): New parameter struct.
* eddsa-expand.c (_eddsa_expand_key): Replace input
struct nettle_hash with struct ecc_eddsa, and generalize for
ed448. Update all callers.
* eddsa-sign.c (_eddsa_sign): Likewise.
* eddsa-verify.c (_eddsa_verify): Likewise.
* eddsa-compress.c (_eddsa_compress): Store sign bit in most
significant bit of last byte, as specified by RFC 8032.
* eddsa-decompress.c (_eddsa_decompress): Corresponding update.
Also generalize to support ed448, and make validity checks
stricter.
* testsuite/eddsa-sign-test.c (test_ed25519_sign): New function.
(test_main): Use it.
* testsuite/eddsa-verify-test.c (test_ed25519): New function.
(test_main): Use it.
Diffstat (limited to 'eddsa-internal.h')
| -rw-r--r-- | eddsa-internal.h | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/eddsa-internal.h b/eddsa-internal.h index f0d357f6..9c0a1eca 100644 --- a/eddsa-internal.h +++ b/eddsa-internal.h @@ -33,7 +33,7 @@ #define NETTLE_EDDSA_INTERNAL_H #include "nettle-types.h" -#include "nettle-meta.h" +#include "bignum.h" #define _eddsa_compress _nettle_eddsa_compress #define _eddsa_compress_itch _nettle_eddsa_compress_itch @@ -53,6 +53,18 @@ struct ecc_curve; struct ecc_modulo; +struct ecc_eddsa +{ + /* Hash function to use */ + nettle_hash_update_func *update; + nettle_hash_digest_func *digest; + /* For generating the secret scalar */ + mp_limb_t low_mask; + mp_limb_t high_bit; +}; + +extern const struct ecc_eddsa _nettle_ed25519_sha512; + mp_size_t _eddsa_compress_itch (const struct ecc_curve *ecc); void @@ -75,7 +87,7 @@ _eddsa_sign_itch (const struct ecc_curve *ecc); void _eddsa_sign (const struct ecc_curve *ecc, - const struct nettle_hash *H, + const struct ecc_eddsa *eddsa, const uint8_t *pub, void *ctx, const mp_limb_t *k2, @@ -89,7 +101,7 @@ _eddsa_verify_itch (const struct ecc_curve *ecc); int _eddsa_verify (const struct ecc_curve *ecc, - const struct nettle_hash *H, + const struct ecc_eddsa *eddsa, const uint8_t *pub, const mp_limb_t *A, void *ctx, @@ -100,7 +112,7 @@ _eddsa_verify (const struct ecc_curve *ecc, void _eddsa_expand_key (const struct ecc_curve *ecc, - const struct nettle_hash *H, + const struct ecc_eddsa *eddsa, void *ctx, const uint8_t *key, uint8_t *digest, |