summaryrefslogtreecommitdiff
path: root/src/common/crypto_ed25519.h
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-08-29 09:24:27 -0400
committerNick Mathewson <nickm@torproject.org>2014-09-25 15:08:31 -0400
commitf0eb7ae79f54781bc00e51ff5e9630b2103e4df0 (patch)
tree78ae6d9e1cf9ff7ca931530081ec6f26b2aa4503 /src/common/crypto_ed25519.h
parent1d3b33e1ede15c787d0c2d1f8823cdad1a196008 (diff)
downloadtor-f0eb7ae79f54781bc00e51ff5e9630b2103e4df0.tar.gz
tor-f0eb7ae79f54781bc00e51ff5e9630b2103e4df0.zip
More documentation for ed25519 stuff.
Diffstat (limited to 'src/common/crypto_ed25519.h')
-rw-r--r--src/common/crypto_ed25519.h6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/common/crypto_ed25519.h b/src/common/crypto_ed25519.h
index 1271312dfe..13b05c7c1e 100644
--- a/src/common/crypto_ed25519.h
+++ b/src/common/crypto_ed25519.h
@@ -24,6 +24,12 @@ typedef struct {
/** An Ed25519 secret key */
typedef struct {
+ /** Note that we store secret keys in an expanded format that doesn't match
+ * the format from standard ed25519. Ed25519 stores a 32-byte value k and
+ * expands it into a 64-byte H(k), using the first 32 bytes for a multiplier
+ * of the base point, and second 32 bytes as an input to a hash function
+ * for deriving r. But because we implement key blinding, we need to store
+ * keys in the 64-byte expanded form. */
uint8_t seckey[ED25519_SECKEY_LEN];
} ed25519_secret_key_t;