From 656502b797c49c33af1e94163560fbdc42c14c35 Mon Sep 17 00:00:00 2001 From: dzwdz Date: Sun, 6 Nov 2022 12:19:55 +0100 Subject: [PATCH] full supercop amd64 support --- README.md | 4 ++- ed25519/ed25519_impl_pre.h | 21 +++++++++++- main.c | 67 ++++++++------------------------------ 3 files changed, 36 insertions(+), 56 deletions(-) diff --git a/README.md b/README.md index 3f67876..23df768 100644 --- a/README.md +++ b/README.md @@ -22,11 +22,13 @@ saving to out/zzzkzmpje34nnp2yvgz7slr7rgpajzlpihsr3rpzgmekrjosnpprf2id.onion/hs_ $ cp out/zzz*.onion/hs_ed25519_secret_key.fixed /var/lib/tor/hidden_service/hs_ed25519_secret_key ``` +I recommend doing a test run with a short filter before mining "for real". Some settings are currently broken. #### the ugly * i'm an amateur, the math might not check out * horrible code organization - i'm not familiar with this style of codebases at all -* no support for ref10, partial support for supercop amd64 +* no support for ref10 +* no automated tests * only works with slow key generation (-Z) ### Requirements diff --git a/ed25519/ed25519_impl_pre.h b/ed25519/ed25519_impl_pre.h index e10686c..37cae16 100644 --- a/ed25519/ed25519_impl_pre.h +++ b/ed25519/ed25519_impl_pre.h @@ -186,6 +186,7 @@ static int ed25519_keypair(unsigned char *pk,unsigned char *sk) } #define fe bignum25519 +#define sc25519 bignum256modm #define ge_p1p1 ge25519_p1p1 #define ge_p3 ge25519 @@ -196,10 +197,28 @@ static int ed25519_keypair(unsigned char *pk,unsigned char *sk) #define ge_p3_batchtobytes_destructive_1 ge25519_batchpack_destructive_1 #define ge_p3_batchtobytes_destructive_finish ge25519_batchpack_destructive_finish - #define ge_add CRYPTO_NAMESPACE(ge_add) #define ge_scalarmult_base CRYPTO_NAMESPACE(ge_scalarmult_base) +static void sc25519_from32bytes(bignum256modm *r, const unsigned char x[32]) +{ + expand256_modm(*r, x, 32); +} + +static void sc25519_to32bytes(unsigned char r[32], const sc25519 *x) +{ + contract256_modm(r, *x); +} + +static void sc25519_add(bignum256modm *r, const bignum256modm *x, const bignum256modm *y) +{ + add256_modm(*r, *x, *y); +} + +static void ge25519_scalarmult_base(ge25519 *r, const bignum256modm *s) +{ + ge25519_scalarmult_base_niels(r,ge25519_niels_base_multiples,*s); +} DONNA_INLINE static void ge_add(ge25519_p1p1 *r,const ge25519 *p,const ge25519_pniels *q) { diff --git a/main.c b/main.c index c5417a8..c2ab96c 100644 --- a/main.c +++ b/main.c @@ -274,18 +274,15 @@ enum worker_type { #include "ed25519/ed25519_impl_pre.h" static void genbase(const char *privpath, const char *pubpath) { -#ifdef ED25519_donna u8 base_sk[32]; u8 base_pk[32]; - hash_512bits base_extsk; - ge25519 ALIGN(16) A; - bignum256modm ALIGN(16) base; + u8 base_extsk[64]; + ge_p3 ALIGN(16) A; FILE *fp; randombytes(base_sk, sizeof base_sk); ed25519_seckey_expand(base_extsk, base_sk); - expand256_modm(base, base_extsk, 32); - ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, base); + ge_scalarmult_base(&A, base_extsk); ge25519_pack(base_pk, &A); printf("writing private base key to '%s'\n", privpath); @@ -313,15 +310,10 @@ static void genbase(const char *privpath, const char *pubpath) fclose(fp); puts("done."); -#else - fprintf(stderr, "Please compile with ed25519-donna to use this flag.\n"); - exit(1); -#endif } static void combine(const char *privpath, const char *hs_secretkey) { -#ifdef ED25519_donna u8 base_sk[32], secret[96]; FILE *fp; @@ -351,53 +343,24 @@ static void combine(const char *privpath, const char *hs_secretkey) } fclose(fp); -#if 0 + u8 base_extsk[64];; + sc25519 ALIGN(16) a, b; + ge_p3 ALIGN(16) A; u8 pk[32]; - hash_512bits base_extsk; + sc25519_from32bytes(&a, &secret[32]); ed25519_seckey_expand(base_extsk, base_sk); + sc25519_from32bytes(&b, base_extsk); - bignum256modm ALIGN(16) base; - expand256_modm(base, base_extsk, 32); + sc25519_add(&a, &a, &b); - ge25519 ALIGN(16) A, B; - ge25519_scalarmult_base_niels(&B, ge25519_niels_base_multiples, base); - u8 base_pk[32]; - ge25519_pack(base_pk, &B); - ge25519_unpack_negative_vartime(&B, base_pk); - ge25519_pack(base_pk, &B); - ge25519_unpack_negative_vartime(&B, base_pk); - - bignum256modm ALIGN(16) a; - expand256_modm(a, &secret[SKPREFIX_SIZE], 32); - ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a); - ge25519_add(&A, &A, &B); + ge25519_scalarmult_base(&A, &a); ge25519_pack(pk, &A); - printf("pk from public: "); - for (size_t i = 0; i < sizeof(pk); i++) - printf("%02x ", pk[i]); - puts(""); -#endif + sc25519_to32bytes(&secret[32], &a); - hash_512bits base_extsk; - bignum256modm ALIGN(16) a, b; - ge25519 ALIGN(16) A; - u8 pk[32]; - - expand256_modm(a, &secret[32], 32); - ed25519_seckey_expand(base_extsk, base_sk); - expand256_modm(b, base_extsk, 32); - - add256_modm(a, a, b); - - ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a); - ge25519_pack(pk, &A); - - contract256_modm(&secret[32], a); - - expand256_modm(a, &secret[32], 32); - ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a); + sc25519_from32bytes(&a, &secret[32]); + ge25519_scalarmult_base(&A, &a); ge25519_pack(pk, &A); printf("new pk: "); @@ -420,10 +383,6 @@ static void combine(const char *privpath, const char *hs_secretkey) exit(1); } fclose(fp); -#else - fprintf(stderr, "Please compile with ed25519-donna to use this flag.\n"); - exit(1); -#endif } #include "ed25519/ed25519_impl_post.h"