Another ed25519 tweak: store secret keys in expanded format

This will be needed/helpful for the key blinding of prop224, I
believe.

2 files changed, 14 insertions, 1 deletions

diff --git a/src/common/crypto_ed25519.c b/src/common/crypto_ed25519.c
index 5486c8977a..44c9e5e31b 100644
--- a/src/common/crypto_ed25519.c
+++ b/src/common/crypto_ed25519.c
@@ -28,6 +28,15 @@ ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
 }
 
 int
+ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
+                             const uint8_t *seed)
+{
+  if (ed25519_ref10_seckey_expand(seckey_out->seckey, seed) < 0)
+    return -1;
+  return 0;
+}
+
+int
 ed25519_public_key_generate(ed25519_public_key_t *pubkey_out,
                         const ed25519_secret_key_t *seckey)
 {
diff --git a/src/common/crypto_ed25519.h b/src/common/crypto_ed25519.h
index 6b00c3d043..a68f2ec2b1 100644
--- a/src/common/crypto_ed25519.h
+++ b/src/common/crypto_ed25519.h
@@ -8,7 +8,8 @@
 #include "torint.h"
 
 #define ED25519_PUBKEY_LEN 32
-#define ED25519_SECKEY_LEN 32
+#define ED25519_SECKEY_LEN 64
+#define ED25519_SECKEY_SEED_LEN 32
 #define ED25519_SIG_LEN 64
 
 /** An Ed25519 signature. */
@@ -35,6 +36,9 @@ typedef struct {
 #ifdef CURVE25519_ENABLED
 int ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
                             int extra_strong);
+int ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
+                                 const uint8_t *seed);
+
 int ed25519_public_key_generate(ed25519_public_key_t *pubkey_out,
                             const ed25519_secret_key_t *seckey);
 int ed25519_keypair_generate(ed25519_keypair_t *keypair_out, int extra_strong);