From 7fa854c06b2adee605383e8019d2219f4b1eff98 Mon Sep 17 00:00:00 2001
From: Miguel Oliveira <miguel.oliveira4224@gmail.com>
Date: Tue, 1 Mar 2022 20:34:04 -0300
Subject: [PATCH] Remove Ed25519 exports for now

Old exports used masking which isn't supported anymore.
---
 ed25519.lua | 65 +----------------------------------------------------
 1 file changed, 1 insertion(+), 64 deletions(-)

diff --git a/ed25519.lua b/ed25519.lua
index a3044ed..bf4fe4b 100644
--- a/ed25519.lua
+++ b/ed25519.lua
@@ -228,67 +228,4 @@ local function mul(P, bits)
     return R
 end
 
-local function publicKey(sk)
-    expect(1, sk, "string")
-    assert(#sk == 32, "secret key length must be 32")
-    -- FIXME SHA512 isn't constant-time.
-    local h = sha512.digest(sk):sub(1, 32)
-    local kBits, xkInvBits = blinding.decodeBlinded(h)
-    local Y0 = mulG(xkInvBits)
-    local Y1 = mul(Y0, kBits)
-    return encode(scale(Y1))
-end
-
-local function sign(sk, pk, msg)
-    expect(1, sk, "string")
-    assert(#sk == 32, "secret key length must be 32")
-    expect(2, pk, "string")
-    assert(#pk == 32, "public key length must be 32")
-    expect(3, msg, "string")
-
-    -- Decode cwords and clamp with a mask.
-    local h = sha512.digest(sk):sub(1, 32)
-    local xm, m = fq.maskedDecode(h, random.random(32))
-
-    -- Commitment.
-    local k = fq.decodeWide(random.random(64))
-    local kBits = fq.bits(k)
-    local R = mulG(kBits)
-
-    -- Challenge.
-    local rStr = encode(scale(R))
-    local e = fq.decodeWide(sha512.digest(rStr .. pk .. msg))
-
-    -- Response.
-    local exm = fq.mul(e, xm)
-    local em = fq.mul(e, m)
-    local s = fq.add(fq.sub(k, exm), em)
-    local sStr = fq.encode(s)
-
-    return rStr .. sStr
-end
-
-local function verify(pk, msg, sig)
-    expect(1, pk, "string")
-    assert(#pk == 32, "public key length must be 32")
-    expect(2, msg, "string")
-    expect(3, sig, "string")
-    assert(#sig == 64, "public key length must be 32")
-
-    local rStr = sig:sub(1, 32)
-    local sStr = sig:sub(33)
-    local Y = decode(pk)
-
-    local ev = fq.decodeWide(sha512.digest(rStr .. pk .. msg))
-    local evBits = fq.bits(ev)
-    local sBits = util.rebaseLE({sStr:byte(1, -1)}, 256, 2)
-    local Rv = add(mulG(sBits), mul(Y, evBits))
-
-    return encode(scale(Rv)) == rStr
-end
-
-return {
-    publicKey = publicKey,
-    sign = sign,
-    verify = verify,
-}
+error("TODO")