diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 17:32:43 +0000 |
commit | 6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch) | |
tree | a68f146d7fa01f0134297619fbe7e33db084e0aa /comm/third_party/botan/src/lib/pubkey/ed25519/ed25519.cpp | |
parent | Initial commit. (diff) | |
download | thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.tar.xz thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.zip |
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'comm/third_party/botan/src/lib/pubkey/ed25519/ed25519.cpp')
-rw-r--r-- | comm/third_party/botan/src/lib/pubkey/ed25519/ed25519.cpp | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/lib/pubkey/ed25519/ed25519.cpp b/comm/third_party/botan/src/lib/pubkey/ed25519/ed25519.cpp new file mode 100644 index 0000000000..624f82657a --- /dev/null +++ b/comm/third_party/botan/src/lib/pubkey/ed25519/ed25519.cpp @@ -0,0 +1,102 @@ +/* +* Ed25519 +* (C) 2017 Ribose Inc +* +* Based on the public domain code from SUPERCOP ref10 by +* Peter Schwabe, Daniel J. Bernstein, Niels Duif, Tanja Lange, Bo-Yin Yang +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include <botan/ed25519.h> +#include <botan/internal/ed25519_internal.h> +#include <botan/sha2_64.h> +#include <botan/rng.h> + +namespace Botan { + +void ed25519_gen_keypair(uint8_t* pk, uint8_t* sk, const uint8_t seed[32]) + { + uint8_t az[64]; + + SHA_512 sha; + sha.update(seed, 32); + sha.final(az); + az[0] &= 248; + az[31] &= 63; + az[31] |= 64; + + ge_scalarmult_base(pk, az); + + // todo copy_mem + copy_mem(sk, seed, 32); + copy_mem(sk + 32, pk, 32); + } + +void ed25519_sign(uint8_t sig[64], + const uint8_t m[], size_t mlen, + const uint8_t sk[64], + const uint8_t domain_sep[], size_t domain_sep_len) + { + uint8_t az[64]; + uint8_t nonce[64]; + uint8_t hram[64]; + + SHA_512 sha; + + sha.update(sk, 32); + sha.final(az); + az[0] &= 248; + az[31] &= 63; + az[31] |= 64; + + sha.update(domain_sep, domain_sep_len); + sha.update(az + 32, 32); + sha.update(m, mlen); + sha.final(nonce); + + sc_reduce(nonce); + ge_scalarmult_base(sig, nonce); + + sha.update(domain_sep, domain_sep_len); + sha.update(sig, 32); + sha.update(sk + 32, 32); + sha.update(m, mlen); + sha.final(hram); + + sc_reduce(hram); + sc_muladd(sig + 32, hram, az, nonce); + } + +bool ed25519_verify(const uint8_t* m, size_t mlen, + const uint8_t sig[64], + const uint8_t* pk, + const uint8_t domain_sep[], size_t domain_sep_len) + { + uint8_t h[64]; + uint8_t rcheck[32]; + ge_p3 A; + SHA_512 sha; + + if(sig[63] & 224) + { + return false; + } + if(ge_frombytes_negate_vartime(&A, pk) != 0) + { + return false; + } + + sha.update(domain_sep, domain_sep_len); + sha.update(sig, 32); + sha.update(pk, 32); + sha.update(m, mlen); + sha.final(h); + sc_reduce(h); + + ge_double_scalarmult_vartime(rcheck, h, &A, sig + 32); + + return constant_time_compare(rcheck, sig, 32); + } + +} |