|
Packit Service |
991b93 |
/* eddsa-expand.c
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
Copyright (C) 2014 Niels Möller
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
This file is part of GNU Nettle.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
GNU Nettle is free software: you can redistribute it and/or
|
|
Packit Service |
991b93 |
modify it under the terms of either:
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
* the GNU Lesser General Public License as published by the Free
|
|
Packit Service |
991b93 |
Software Foundation; either version 3 of the License, or (at your
|
|
Packit Service |
991b93 |
option) any later version.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
or
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
* the GNU General Public License as published by the Free
|
|
Packit Service |
991b93 |
Software Foundation; either version 2 of the License, or (at your
|
|
Packit Service |
991b93 |
option) any later version.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
or both in parallel, as here.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
GNU Nettle is distributed in the hope that it will be useful,
|
|
Packit Service |
991b93 |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
991b93 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
991b93 |
General Public License for more details.
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
You should have received copies of the GNU General Public License and
|
|
Packit Service |
991b93 |
the GNU Lesser General Public License along with this program. If
|
|
Packit Service |
991b93 |
not, see http://www.gnu.org/licenses/.
|
|
Packit Service |
991b93 |
*/
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
#if HAVE_CONFIG_H
|
|
Packit Service |
991b93 |
# include "config.h"
|
|
Packit Service |
991b93 |
#endif
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
#include <string.h>
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
#include "eddsa.h"
|
|
Packit Service |
991b93 |
#include "eddsa-internal.h"
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
#include <nettle/ecc.h>
|
|
Packit Service |
991b93 |
#include "ecc-internal.h"
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
/* Expands a private key, generating the secret scalar K2 and leaving
|
|
Packit Service |
991b93 |
the key K1 for nonce generation, at the end of the digest. */
|
|
Packit Service |
991b93 |
void
|
|
Packit Service |
991b93 |
_eddsa_expand_key (const struct ecc_curve *ecc,
|
|
Packit Service |
991b93 |
const struct ecc_eddsa *eddsa,
|
|
Packit Service |
991b93 |
void *ctx,
|
|
Packit Service |
991b93 |
const uint8_t *key,
|
|
Packit Service |
991b93 |
uint8_t *digest,
|
|
Packit Service |
991b93 |
mp_limb_t *k2)
|
|
Packit Service |
991b93 |
{
|
|
Packit Service |
991b93 |
size_t nbytes = 1 + ecc->p.bit_size / 8;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
eddsa->update (ctx, nbytes, key);
|
|
Packit Service |
991b93 |
eddsa->digest (ctx, 2*nbytes, digest);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
/* For ed448, ignores the most significant byte. */
|
|
Packit Service |
991b93 |
mpn_set_base256_le (k2, ecc->p.size, digest, (ecc->p.bit_size + 7) / 8);
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
/* Clear low c bits */
|
|
Packit Service |
991b93 |
k2[0] &= eddsa->low_mask;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
/* Clear higher bits. */
|
|
Packit Service |
991b93 |
k2[ecc->p.size - 1] &= eddsa->high_bit - 1;
|
|
Packit Service |
991b93 |
|
|
Packit Service |
991b93 |
/* Set bit number bit_size - 1 (bit 254 for curve25519, bit 447 for
|
|
Packit Service |
991b93 |
curve448) */
|
|
Packit Service |
991b93 |
k2[ecc->p.size - 1] |= eddsa->high_bit;
|
|
Packit Service |
991b93 |
}
|