diff options
author | Niels Möller <nisse@lysator.liu.se> | 2019-12-30 22:43:48 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2019-12-30 22:43:48 +0100 |
commit | 1a85646bdb96855b261280bcf814c01e2b8d462d (patch) | |
tree | 3ba0bc867c0ec488863dcb5bf234f86b6db9004f /eddsa-sign.c | |
parent | d1d7d737457eaba5b51a98457cac06982638a8fd (diff) | |
download | nettle-1a85646bdb96855b261280bcf814c01e2b8d462d.tar.gz |
Reorganize eddsa, based on patch by Daiki Ueno.
* eddsa-internal.h (struct ecc_eddsa): New struct for eddsa
parameters.
* ed25519-sha512.c (_nettle_ed25519_sha512): New parameter struct.
* eddsa-expand.c (_eddsa_expand_key): Replace input
struct nettle_hash with struct ecc_eddsa, and generalize for
ed448. Update all callers.
* eddsa-sign.c (_eddsa_sign): Likewise.
* eddsa-verify.c (_eddsa_verify): Likewise.
* eddsa-compress.c (_eddsa_compress): Store sign bit in most
significant bit of last byte, as specified by RFC 8032.
* eddsa-decompress.c (_eddsa_decompress): Corresponding update.
Also generalize to support ed448, and make validity checks
stricter.
* testsuite/eddsa-sign-test.c (test_ed25519_sign): New function.
(test_main): Use it.
* testsuite/eddsa-verify-test.c (test_ed25519): New function.
(test_main): Use it.
Diffstat (limited to 'eddsa-sign.c')
-rw-r--r-- | eddsa-sign.c | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/eddsa-sign.c b/eddsa-sign.c index 13ae4799..5e39fe69 100644 --- a/eddsa-sign.c +++ b/eddsa-sign.c @@ -50,7 +50,7 @@ _eddsa_sign_itch (const struct ecc_curve *ecc) void _eddsa_sign (const struct ecc_curve *ecc, - const struct nettle_hash *H, + const struct ecc_eddsa *eddsa, const uint8_t *pub, void *ctx, const mp_limb_t *k2, @@ -71,18 +71,16 @@ _eddsa_sign (const struct ecc_curve *ecc, size = ecc->p.size; nbytes = 1 + ecc->p.bit_size / 8; - assert (H->digest_size >= 2 * nbytes); - - H->update (ctx, length, msg); - H->digest (ctx, 2*nbytes, hash); + eddsa->update (ctx, length, msg); + eddsa->digest (ctx, 2*nbytes, hash); _eddsa_hash (&ecc->q, rp, hash); ecc->mul_g (ecc, P, rp, scratch_out); _eddsa_compress (ecc, signature, P, scratch_out); - H->update (ctx, nbytes, signature); - H->update (ctx, nbytes, pub); - H->update (ctx, length, msg); - H->digest (ctx, 2*nbytes, hash); + eddsa->update (ctx, nbytes, signature); + eddsa->update (ctx, nbytes, pub); + eddsa->update (ctx, length, msg); + eddsa->digest (ctx, 2*nbytes, hash); _eddsa_hash (&ecc->q, hp, hash); ecc_modq_mul (ecc, sp, hp, k2); |