diff --git a/README.md b/README.md index 99cdeca..3f67876 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ $ cp out/zzz*.onion/hs_ed25519_secret_key.fixed /var/lib/tor/hidden_service/hs_e #### the ugly * i'm an amateur, the math might not check out * horrible code organization - i'm not familiar with this style of codebases at all -* depends on ed25519-donna +* no support for ref10, partial support for supercop amd64 * only works with slow key generation (-Z) ### Requirements diff --git a/ed25519/ed25519_impl_pre.h b/ed25519/ed25519_impl_pre.h index bc84ad9..e10686c 100644 --- a/ed25519/ed25519_impl_pre.h +++ b/ed25519/ed25519_impl_pre.h @@ -79,6 +79,7 @@ inline static void ge_initeightpoint(void) {} #define ge_p3 ge25519_p3 #define ge_p1p1_to_p3 ge25519_p1p1_to_p3 #define ge_p3_tobytes ge25519_pack +#define ge_frombytes_negate_vartime ge25519_unpackneg_vartime #define ge_add ge25519_pnielsadd_p1p1 #define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 @@ -190,6 +191,7 @@ static int ed25519_keypair(unsigned char *pk,unsigned char *sk) #define ge_p1p1_to_p3 ge25519_p1p1_to_full #define ge_p3_tobytes ge25519_pack +#define ge_frombytes_negate_vartime ge25519_unpack_negative_vartime #define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 #define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish diff --git a/main.c b/main.c index 1a9563c..c5417a8 100644 --- a/main.c +++ b/main.c @@ -274,6 +274,7 @@ enum worker_type { #include "ed25519/ed25519_impl_pre.h" static void genbase(const char *privpath, const char *pubpath) { +#ifdef ED25519_donna u8 base_sk[32]; u8 base_pk[32]; hash_512bits base_extsk; @@ -312,10 +313,15 @@ static void genbase(const char *privpath, const char *pubpath) fclose(fp); puts("done."); +#else + fprintf(stderr, "Please compile with ed25519-donna to use this flag.\n"); + exit(1); +#endif } static void combine(const char *privpath, const char *hs_secretkey) { +#ifdef ED25519_donna u8 base_sk[32], secret[96]; FILE *fp; @@ -414,6 +420,10 @@ static void combine(const char *privpath, const char *hs_secretkey) exit(1); } fclose(fp); +#else + fprintf(stderr, "Please compile with ed25519-donna to use this flag.\n"); + exit(1); +#endif } #include "ed25519/ed25519_impl_post.h" diff --git a/worker.c b/worker.c index 67a1da5..9ac975d 100644 --- a/worker.c +++ b/worker.c @@ -265,33 +265,30 @@ void worker_init(void) // so i just add them there // i don't understand how this codebase is organized :( -ge25519 ALIGN(16) PUBKEY_BASE = {0}; +ge_p3 ALIGN(16) PUBKEY_BASE = {0}; int pubkey_base_initialized; void ed25519_pubkey_setbase(const u8 base_pk[32]) { u8 tmp_pk[32]; - ge25519_unpack_negative_vartime(&PUBKEY_BASE, base_pk); + ge_frombytes_negate_vartime(&PUBKEY_BASE, base_pk); // dumb hack: unpack flips the point. to get the original point // back, i just pack and unpack it again - ge25519_pack(tmp_pk, &PUBKEY_BASE); - ge25519_unpack_negative_vartime(&PUBKEY_BASE, tmp_pk); + ge_p3_tobytes(tmp_pk, &PUBKEY_BASE); + ge_frombytes_negate_vartime(&PUBKEY_BASE, tmp_pk); pubkey_base_initialized = 1; } static int ed25519_pubkey_onbase(u8 *pk,const u8 *sk) { - bignum256modm a; - ge25519 ALIGN(16) A; + ge_p3 ALIGN(16) A; if (unlikely(pubkey_base_initialized == 0)) abort(); - // ge_scalarmult_base(&A, sk); - expand256_modm(a,sk,32); - ge25519_scalarmult_base_niels(&A,ge25519_niels_base_multiples,a); + ge_scalarmult_base(&A, sk); ge25519_add(&A, &A, &PUBKEY_BASE); - ge25519_pack(pk,&A); + ge_p3_tobytes(pk,&A); return 0; } diff --git a/worker_impl.inc.h b/worker_impl.inc.h index fbd7b0f..111ee8d 100644 --- a/worker_impl.inc.h +++ b/worker_impl.inc.h @@ -12,4 +12,4 @@ static size_t CRYPTO_NAMESPACE(worker_batch_memuse)(void) #include "worker_batch.inc.h" #include "worker_batch_pass.inc.h" -#include "ed25519/ed25519_impl_post.h" +// #include "ed25519/ed25519_impl_post.h"