Tweak ref10 keygen APIs to be more sane.

src/ext/ed25519/ref10/crypto_sign.h

@@ -1,6 +1,8 @@
 /* Added for Tor */
 #define crypto_sign ed25519_ref10_sign
 #define crypto_sign_keypair ed25519_ref10_keygen
+#define crypto_sign_seckey ed25519_ref10_seckey
+#define crypto_sign_pubkey ed25519_ref10_pubkey
 #define crypto_sign_open ed25519_ref10_open
 
 #include "ed25519_ref10.h"

src/ext/ed25519/ref10/ed25519_ref10.h

@@ -3,6 +3,8 @@
 #define SRC_EXT_ED25519_REF10_H_INCLUDED_
 #include <torint.h>
 
+int ed25519_ref10_seckey(unsigned char *sk);
+int ed25519_ref10_pubkey(unsigned char *pk,const unsigned char *sk);
 int ed25519_ref10_keygen(unsigned char *pk,unsigned char *sk);
 int ed25519_ref10_open(
   unsigned char *m,uint64_t *mlen,

src/ext/ed25519/ref10/keypair.c

@@ -1,15 +1,23 @@
+/* Modified for Tor: new API, 32-byte secret keys. */
 #include <string.h>
 #include "randombytes.h"
 #include "crypto_sign.h"
 #include "crypto_hash_sha512.h"
 #include "ge.h"
 
-int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
+int
+crypto_sign_seckey(unsigned char *sk)
+{
+  randombytes(sk,32);
+
+  return 0;
+}
+
+int crypto_sign_pubkey(unsigned char *pk,const unsigned char *sk)
 {
   unsigned char az[64];
   ge_p3 A;
 
-  randombytes(sk,32);
   crypto_hash_sha512(az,sk,32);
   az[0] &= 248;
   az[31] &= 63;
@@ -18,6 +26,15 @@ int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
   ge_scalarmult_base(&A,az);
   ge_p3_tobytes(pk,&A);
 
-  memmove(sk + 32,pk,32);
   return 0;
 }
+
+
+int crypto_sign_keypair(unsigned char *pk,unsigned char *sk)
+{
+  crypto_sign_seckey(sk);
+  crypto_sign_pubkey(pk, sk);
+
+  return 0;
+}
+