1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
3 #include "tomcrypt_private.h"
4 
5 /**
6   @file ed25519_shared_secret.c
7   Create an Ed25519 signature, Steffen Jaeckel
8 */
9 
10 #ifdef LTC_CURVE25519
11 
s_ed25519_sign(const unsigned char * msg,unsigned long msglen,unsigned char * sig,unsigned long * siglen,const unsigned char * ctx,unsigned long ctxlen,const curve25519_key * private_key)12 static int s_ed25519_sign(const unsigned char  *msg, unsigned long  msglen,
13                                 unsigned char  *sig, unsigned long *siglen,
14                           const unsigned char  *ctx, unsigned long  ctxlen,
15                           const curve25519_key *private_key)
16 {
17    unsigned char *s;
18    unsigned long long smlen;
19    int err;
20 
21    LTC_ARGCHK(msg         != NULL);
22    LTC_ARGCHK(sig         != NULL);
23    LTC_ARGCHK(siglen      != NULL);
24    LTC_ARGCHK(private_key != NULL);
25 
26    if (private_key->algo != LTC_OID_ED25519) return CRYPT_PK_INVALID_TYPE;
27    if (private_key->type != PK_PRIVATE) return CRYPT_PK_INVALID_TYPE;
28 
29    if (*siglen < 64uL) {
30       *siglen = 64uL;
31       return CRYPT_BUFFER_OVERFLOW;
32    }
33 
34    smlen = msglen + 64;
35    s = XMALLOC(smlen);
36    if (s == NULL) return CRYPT_MEM;
37 
38    err = tweetnacl_crypto_sign(s, &smlen,
39                                msg, msglen,
40                                private_key->priv, private_key->pub,
41                                ctx, ctxlen);
42 
43    XMEMCPY(sig, s, 64uL);
44    *siglen = 64uL;
45 
46 #ifdef LTC_CLEAN_STACK
47    zeromem(s, smlen);
48 #endif
49    XFREE(s);
50 
51    return err;
52 }
53 
54 /**
55    Create an Ed25519ctx signature.
56    @param msg             The data to be signed
57    @param msglen          [in] The size of the date to be signed
58    @param sig             [out] The destination of the shared data
59    @param siglen          [in/out] The max size and resulting size of the shared data.
60    @param ctx             [in] The context is a constant null terminated string
61    @param private_key     The private Ed25519 key in the pair
62    @return CRYPT_OK if successful
63 */
ed25519ctx_sign(const unsigned char * msg,unsigned long msglen,unsigned char * sig,unsigned long * siglen,const unsigned char * ctx,unsigned long ctxlen,const curve25519_key * private_key)64 int ed25519ctx_sign(const  unsigned char *msg, unsigned long  msglen,
65                            unsigned char *sig, unsigned long *siglen,
66                     const  unsigned char *ctx, unsigned long  ctxlen,
67                     const curve25519_key *private_key)
68 {
69    int err;
70    unsigned char ctx_prefix[292];
71    unsigned long ctx_prefix_size = sizeof(ctx_prefix);
72 
73    LTC_ARGCHK(ctx != NULL);
74 
75    if ((err = ec25519_crypto_ctx(ctx_prefix, &ctx_prefix_size, 0, ctx, ctxlen)) != CRYPT_OK)
76       return err;
77 
78    return s_ed25519_sign(msg, msglen, sig, siglen, ctx_prefix, ctx_prefix_size, private_key);
79 }
80 
81 /**
82    Create an Ed25519ph signature.
83    @param msg             The data to be signed
84    @param msglen          [in] The size of the date to be signed
85    @param sig             [out] The destination of the shared data
86    @param siglen          [in/out] The max size and resulting size of the shared data.
87    @param ctx             [in] The context is a constant null terminated string
88    @param private_key     The private Ed25519 key in the pair
89    @return CRYPT_OK if successful
90 */
ed25519ph_sign(const unsigned char * msg,unsigned long msglen,unsigned char * sig,unsigned long * siglen,const unsigned char * ctx,unsigned long ctxlen,const curve25519_key * private_key)91 int ed25519ph_sign(const  unsigned char *msg, unsigned long  msglen,
92                           unsigned char *sig, unsigned long *siglen,
93                    const  unsigned char *ctx, unsigned long  ctxlen,
94                    const curve25519_key *private_key)
95 {
96    int err;
97    unsigned char msg_hash[64];
98    unsigned char ctx_prefix[292];
99    unsigned long ctx_prefix_size = sizeof(ctx_prefix);
100 
101    if ((err = ec25519_crypto_ctx(ctx_prefix, &ctx_prefix_size, 1, ctx, ctxlen)) != CRYPT_OK)
102       return err;
103 
104    if ((err = tweetnacl_crypto_ph(msg_hash, msg, msglen)) != CRYPT_OK)
105       return err;
106 
107    return s_ed25519_sign(msg_hash, sizeof(msg_hash), sig, siglen, ctx_prefix, ctx_prefix_size, private_key);
108 }
109 
110 /**
111    Create an Ed25519 signature.
112    @param msg             The data to be signed
113    @param msglen          [in] The size of the date to be signed
114    @param sig             [out] The destination of the shared data
115    @param siglen          [in/out] The max size and resulting size of the shared data.
116    @param private_key     The private Ed25519 key in the pair
117    @return CRYPT_OK if successful
118 */
ed25519_sign(const unsigned char * msg,unsigned long msglen,unsigned char * sig,unsigned long * siglen,const curve25519_key * private_key)119 int ed25519_sign(const  unsigned char *msg, unsigned long msglen,
120                         unsigned char *sig, unsigned long *siglen,
121                  const curve25519_key *private_key)
122 {
123    return s_ed25519_sign(msg, msglen, sig, siglen, NULL, 0, private_key);
124 }
125 
126 #endif
127