|
|
@@ -4613,20 +4613,7 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, |
|
|
|
void ED25519_keypair(uint8_t out_public_key[32], uint8_t out_private_key[64]) { |
|
|
|
uint8_t seed[32]; |
|
|
|
RAND_bytes(seed, 32); |
|
|
|
|
|
|
|
uint8_t az[SHA512_DIGEST_LENGTH]; |
|
|
|
SHA512(seed, 32, az); |
|
|
|
|
|
|
|
az[0] &= 248; |
|
|
|
az[31] &= 63; |
|
|
|
az[31] |= 64; |
|
|
|
|
|
|
|
ge_p3 A; |
|
|
|
x25519_ge_scalarmult_base(&A, az); |
|
|
|
ge_p3_tobytes(out_public_key, &A); |
|
|
|
|
|
|
|
memcpy(out_private_key, seed, 32); |
|
|
|
memmove(out_private_key + 32, out_public_key, 32); |
|
|
|
ED25519_keypair_from_seed(out_public_key, out_private_key, seed); |
|
|
|
} |
|
|
|
|
|
|
|
int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, |
|
|
@@ -4700,6 +4687,24 @@ int ED25519_verify(const uint8_t *message, size_t message_len, |
|
|
|
return CRYPTO_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0; |
|
|
|
} |
|
|
|
|
|
|
|
void ED25519_keypair_from_seed(uint8_t out_public_key[32], |
|
|
|
uint8_t out_private_key[64], |
|
|
|
const uint8_t seed[32]) { |
|
|
|
uint8_t az[SHA512_DIGEST_LENGTH]; |
|
|
|
SHA512(seed, 32, az); |
|
|
|
|
|
|
|
az[0] &= 248; |
|
|
|
az[31] &= 63; |
|
|
|
az[31] |= 64; |
|
|
|
|
|
|
|
ge_p3 A; |
|
|
|
x25519_ge_scalarmult_base(&A, az); |
|
|
|
ge_p3_tobytes(out_public_key, &A); |
|
|
|
|
|
|
|
memcpy(out_private_key, seed, 32); |
|
|
|
memcpy(out_private_key + 32, out_public_key, 32); |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
#if defined(BORINGSSL_X25519_X86_64) |
|
|
|
|
|
|
|