partial support for supercop amd64

README.md

@@ -26,7 +26,7 @@ $ cp out/zzz*.onion/hs_ed25519_secret_key.fixed /var/lib/tor/hidden_service/hs_e
 #### the ugly
 * i'm an amateur, the math might not check out
 * horrible code organization - i'm not familiar with this style of codebases at all
-* depends on ed25519-donna
+* no support for ref10, partial support for supercop amd64
 * only works with slow key generation (-Z)
 
 ### Requirements

ed25519/ed25519_impl_pre.h

@@ -79,6 +79,7 @@ inline static void ge_initeightpoint(void) {}
 #define ge_p3         ge25519_p3
 #define ge_p1p1_to_p3 ge25519_p1p1_to_p3
 #define ge_p3_tobytes ge25519_pack
+#define ge_frombytes_negate_vartime ge25519_unpackneg_vartime
 #define ge_add        ge25519_pnielsadd_p1p1
 
 #define ge_p3_batchtobytes_destructive_1      ge25519_batchpack_destructive_1
@@ -190,6 +191,7 @@ static int ed25519_keypair(unsigned char *pk,unsigned char *sk)
 
 #define ge_p1p1_to_p3 ge25519_p1p1_to_full
 #define ge_p3_tobytes ge25519_pack
+#define ge_frombytes_negate_vartime ge25519_unpack_negative_vartime
 
 #define ge_p3_batchtobytes_destructive_1      ge25519_batchpack_destructive_1
 #define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish

main.c

@@ -274,6 +274,7 @@ enum worker_type {
 #include "ed25519/ed25519_impl_pre.h"
 static void genbase(const char *privpath, const char *pubpath)
 {
+#ifdef ED25519_donna
 	u8 base_sk[32];
 	u8 base_pk[32];
 	hash_512bits base_extsk;
@@ -312,10 +313,15 @@ static void genbase(const char *privpath, const char *pubpath)
 	fclose(fp);
 
 	puts("done.");
+#else
+	fprintf(stderr, "Please compile with ed25519-donna to use this flag.\n");
+	exit(1);
+#endif
 }
 
 static void combine(const char *privpath, const char *hs_secretkey)
 {
+#ifdef ED25519_donna
 	u8 base_sk[32], secret[96];
 	FILE *fp;
  
@@ -414,6 +420,10 @@ static void combine(const char *privpath, const char *hs_secretkey)
 		exit(1);
 	}
 	fclose(fp);
+#else
+	fprintf(stderr, "Please compile with ed25519-donna to use this flag.\n");
+	exit(1);
+#endif
 }
 #include "ed25519/ed25519_impl_post.h"
 

worker.c

@@ -265,33 +265,30 @@ void worker_init(void)
 // so i just add them there
 // i don't understand how this codebase is organized :(
 
-ge25519 ALIGN(16) PUBKEY_BASE = {0};
+ge_p3 ALIGN(16) PUBKEY_BASE = {0};
 int pubkey_base_initialized;
 
 void ed25519_pubkey_setbase(const u8 base_pk[32])
 {
 	u8 tmp_pk[32];
-	ge25519_unpack_negative_vartime(&PUBKEY_BASE, base_pk);
+	ge_frombytes_negate_vartime(&PUBKEY_BASE, base_pk);
 	// dumb hack: unpack flips the point. to get the original point
 	//            back, i just pack and unpack it again
-	ge25519_pack(tmp_pk, &PUBKEY_BASE);
+	ge_p3_tobytes(tmp_pk, &PUBKEY_BASE);
-	ge25519_unpack_negative_vartime(&PUBKEY_BASE, tmp_pk);
+	ge_frombytes_negate_vartime(&PUBKEY_BASE, tmp_pk);
 	pubkey_base_initialized = 1;
 }
 
 static int ed25519_pubkey_onbase(u8 *pk,const u8 *sk)
 {
-	bignum256modm a;
+	ge_p3 ALIGN(16) A;
-	ge25519 ALIGN(16) A;
 
 	if (unlikely(pubkey_base_initialized == 0))
 		abort();
 
-	// ge_scalarmult_base(&A, sk);
+	ge_scalarmult_base(&A, sk);
-	expand256_modm(a,sk,32);
-	ge25519_scalarmult_base_niels(&A,ge25519_niels_base_multiples,a);
 	ge25519_add(&A, &A, &PUBKEY_BASE);
-	ge25519_pack(pk,&A);
+	ge_p3_tobytes(pk,&A);
 
 	return 0;
 }

worker_impl.inc.h

@@ -12,4 +12,4 @@ static size_t CRYPTO_NAMESPACE(worker_batch_memuse)(void)
 #include "worker_batch.inc.h"
 #include "worker_batch_pass.inc.h"
 
-#include "ed25519/ed25519_impl_post.h"
+// #include "ed25519/ed25519_impl_post.h"