Electroneum
ed25519.h File Reference
#include <stdlib.h>
Include dependency graph for ed25519.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Typedefs

typedef unsigned char ed25519_signature[64]
 
typedef unsigned char ed25519_public_key[32]
 
typedef unsigned char ed25519_secret_key[32]
 
typedef unsigned char curved25519_key[32]
 

Functions

void ed25519_publickey (const ed25519_secret_key sk, ed25519_public_key pk)
 
int ed25519_sign_open (const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS)
 
void ed25519_sign (const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS)
 
int ed25519_sign_open_batch (const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid)
 
void ed25519_randombytes_unsafe (void *out, size_t count)
 
void curved25519_scalarmult_basepoint (curved25519_key pk, const curved25519_key e)
 

Typedef Documentation

◆ curved25519_key

typedef unsigned char curved25519_key[32]

Definition at line 14 of file ed25519.h.

◆ ed25519_public_key

typedef unsigned char ed25519_public_key[32]

Definition at line 11 of file ed25519.h.

◆ ed25519_secret_key

typedef unsigned char ed25519_secret_key[32]

Definition at line 12 of file ed25519.h.

◆ ed25519_signature

typedef unsigned char ed25519_signature[64]

Definition at line 10 of file ed25519.h.

Function Documentation

◆ curved25519_scalarmult_basepoint()

void curved25519_scalarmult_basepoint ( curved25519_key  pk,
const curved25519_key  e 
)

◆ ed25519_publickey()

void ed25519_publickey ( const ed25519_secret_key  sk,
ed25519_public_key  pk 
)

◆ ed25519_randombytes_unsafe()

void ed25519_randombytes_unsafe ( void *  out,
size_t  count 
)

Definition at line 86 of file ed25519-randombytes.h.

86  {
87 
88  RAND_bytes(p, (int) len);
89 
90 }

◆ ed25519_sign()

void ed25519_sign ( const unsigned char *  m,
size_t  mlen,
const ed25519_secret_key  sk,
const ed25519_public_key  pk,
ed25519_signature  RS 
)

◆ ed25519_sign_open()

int ed25519_sign_open ( const unsigned char *  m,
size_t  mlen,
const ed25519_public_key  pk,
const ed25519_signature  RS 
)

◆ ed25519_sign_open_batch()

int ed25519_sign_open_batch ( const unsigned char **  m,
size_t *  mlen,
const unsigned char **  pk,
const unsigned char **  RS,
size_t  num,
int *  valid 
)

Definition at line 205 of file ed25519-donna-batchverify.h.

205  {
206  batch_heap ALIGN(16) batch;
207  ge25519 ALIGN(16) p;
208  bignum256modm *r_scalars;
209  size_t i, batchsize;
210  unsigned char hram[64];
211  int ret = 0;
212 
213  for (i = 0; i < num; i++)
214  valid[i] = 1;
215 
216  while (num > 3) {
217  batchsize = (num > max_batch_size) ? max_batch_size : num;
218 
219  /* generate r (scalars[batchsize+1]..scalars[2*batchsize] */
220  ED25519_FN(ed25519_randombytes_unsafe) (batch.r, batchsize * 16);
221  r_scalars = &batch.scalars[batchsize + 1];
222  for (i = 0; i < batchsize; i++)
223  expand256_modm(r_scalars[i], batch.r[i], 16);
224 
225  /* compute scalars[0] = ((r1s1 + r2s2 + ...)) */
226  for (i = 0; i < batchsize; i++) {
227  expand256_modm(batch.scalars[i], RS[i] + 32, 32);
228  mul256_modm(batch.scalars[i], batch.scalars[i], r_scalars[i]);
229  }
230  for (i = 1; i < batchsize; i++)
231  add256_modm(batch.scalars[0], batch.scalars[0], batch.scalars[i]);
232 
233  /* compute scalars[1]..scalars[batchsize] as r[i]*H(R[i],A[i],m[i]) */
234  for (i = 0; i < batchsize; i++) {
235  ed25519_hram(hram, RS[i], pk[i], m[i], mlen[i]);
236  expand256_modm(batch.scalars[i+1], hram, 64);
237  mul256_modm(batch.scalars[i+1], batch.scalars[i+1], r_scalars[i]);
238  }
239 
240  /* compute points */
241  batch.points[0] = ge25519_basepoint;
242  for (i = 0; i < batchsize; i++)
243  if (!ge25519_unpack_negative_vartime(&batch.points[i+1], pk[i]))
244  goto fallback;
245  for (i = 0; i < batchsize; i++)
246  if (!ge25519_unpack_negative_vartime(&batch.points[batchsize+i+1], RS[i]))
247  goto fallback;
248 
249  ge25519_multi_scalarmult_vartime(&p, &batch, (batchsize * 2) + 1);
250  if (!ge25519_is_neutral_vartime(&p)) {
251  ret |= 2;
252 
253  fallback:
254  for (i = 0; i < batchsize; i++) {
255  valid[i] = ED25519_FN(ed25519_sign_open) (m[i], mlen[i], pk[i], RS[i]) ? 0 : 1;
256  ret |= (valid[i] ^ 1);
257  }
258  }
259 
260  m += batchsize;
261  mlen += batchsize;
262  pk += batchsize;
263  RS += batchsize;
264  num -= batchsize;
265  valid += batchsize;
266  }
267 
268  for (i = 0; i < num; i++) {
269  valid[i] = ED25519_FN(ed25519_sign_open) (m[i], mlen[i], pk[i], RS[i]) ? 0 : 1;
270  ret |= (valid[i] ^ 1);
271  }
272 
273  return ret;
274 }
#define ALIGN(x)
for(i=1;i< 1;++i) fe_sq(t0
void ED25519_FN() ed25519_randombytes_unsafe(void *p, size_t len)
#define max_batch_size
bignum256modm_element_t bignum256modm[9]
int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS)