int crypto_sign_ed25519( unsigned char *sm,unsigned long long *smlen, const unsigned char *m,unsigned long long mlen, const unsigned char *sk ) { sc25519 sck, scs, scsk; ge25519 ger; unsigned char r[32]; unsigned char s[32]; unsigned char extsk[64]; unsigned long long i; unsigned char hmg[crypto_hash_sha512_BYTES]; unsigned char hram[crypto_hash_sha512_BYTES]; crypto_hash_sha512(extsk, sk, 32); extsk[0] &= 248; extsk[31] &= 127; extsk[31] |= 64; *smlen = mlen+64; for(i=0;i<mlen;i++) sm[64 + i] = m[i]; for(i=0;i<32;i++) sm[32 + i] = extsk[32+i]; crypto_hash_sha512(hmg, sm+32, mlen+32); /* Generate k as h(extsk[32],...,extsk[63],m) */ /* Computation of R */ sc25519_from64bytes(&sck, hmg); ge25519_scalarmult_base(&ger, &sck); ge25519_pack(r, &ger); /* Computation of s */ for(i=0;i<32;i++) sm[i] = r[i]; get_hram(hram, sm, sk+32, sm, mlen+64); sc25519_from64bytes(&scs, hram); sc25519_from32bytes(&scsk, extsk); sc25519_mul(&scs, &scs, &scsk); sc25519_add(&scs, &scs, &sck); sc25519_to32bytes(s,&scs); /* cat s */ for(i=0;i<32;i++) sm[32 + i] = s[i]; return 0; }
// Step 3 // y = (sk_r + c * sk) mod #(B) with sk secret int schnorr_id_response(uint8_t response[SCHNORR_ID_RESPONSEBYTES], const uint8_t sk[SCHNORR_SECRETKEYBYTES], const uint8_t sk_r[SCHNORR_SECRETKEYBYTES], const uint8_t challenge[SCHNORR_ID_CHALLENGEBYTES]) { sc25519 sc_sk; sc25519 sc_sk_r; sc25519 sc_challenge; sc25519_from32bytes(&sc_sk, sk); sc25519_from32bytes(&sc_sk_r, sk_r); sc25519_from_challenge_bytes(&sc_challenge, challenge); sc25519_mul(&sc_sk, &sc_sk, &sc_challenge); sc25519_add(&sc_sk, &sc_sk, &sc_sk_r); sc25519_to32bytes(response, &sc_sk); return 0; }