From e5a1cf993765c9343e636f5e85298afd0b489c7f Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Tue, 26 Aug 2014 12:32:00 -0400
Subject: [PATCH] Tweak ref10 keygen APIs to be more sane.

---
 src/ext/ed25519/ref10/crypto_sign.h   |  2 ++
 src/ext/ed25519/ref10/ed25519_ref10.h |  2 ++
 src/ext/ed25519/ref10/keypair.c       | 23 ++++++++++++++++++++---
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/ext/ed25519/ref10/crypto_sign.h b/src/ext/ed25519/ref10/crypto_sign.h
index 627ba0a421..4a13fb30ab 100644
--- a/src/ext/ed25519/ref10/crypto_sign.h
+++ b/src/ext/ed25519/ref10/crypto_sign.h
@@ -1,6 +1,8 @@
 /* Added for Tor */
 #define crypto_sign ed25519_ref10_sign
 #define crypto_sign_keypair ed25519_ref10_keygen
+#define crypto_sign_seckey ed25519_ref10_seckey
+#define crypto_sign_pubkey ed25519_ref10_pubkey
 #define crypto_sign_open ed25519_ref10_open
 
 #include "ed25519_ref10.h"
diff --git a/src/ext/ed25519/ref10/ed25519_ref10.h b/src/ext/ed25519/ref10/ed25519_ref10.h
index fc10a26700..33a24bd6a4 100644
--- a/src/ext/ed25519/ref10/ed25519_ref10.h
+++ b/src/ext/ed25519/ref10/ed25519_ref10.h
@@ -3,6 +3,8 @@
 #define SRC_EXT_ED25519_REF10_H_INCLUDED_
 #include <torint.h>
 
+int ed25519_ref10_seckey(unsigned char *sk);
+int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk);
 int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk);
 int ed25519_ref10_open(
   unsigned char *m,uint64_t *mlen,
diff --git a/src/ext/ed25519/ref10/keypair.c b/src/ext/ed25519/ref10/keypair.c
index ac6cea2b7a..26a17272d7 100644
--- a/src/ext/ed25519/ref10/keypair.c
+++ b/src/ext/ed25519/ref10/keypair.c
@@ -1,15 +1,23 @@
+/* Modified for Tor: new API, 32-byte secret keys. */
 #include <string.h>
 #include "randombytes.h"
 #include "crypto_sign.h"
 #include "crypto_hash_sha512.h"
 #include "ge.h"
 
-int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
+int
+crypto_sign_seckey(unsigned char *sk)
+{
+  randombytes(sk,32);
+
+  return 0;
+}
+
+int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk)
 {
   unsigned char az[64];
   ge_p3 A;
 
-  randombytes(sk,32);
   crypto_hash_sha512(az,sk,32);
   az[0] &= 248;
   az[31] &= 63;
@@ -18,6 +26,15 @@ int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
   ge_scalarmult_base(&A,az);
   ge_p3_tobytes(pk,&A);
 
-  memmove(sk + 32,pk,32);
   return 0;
 }
+
+
+int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
+{
+  crypto_sign_seckey(sk);
+  crypto_sign_pubkey(pk, sk);
+
+  return 0;
+}
+