diff options
author | Yawning Angel <yawning@schwanenlied.me> | 2015-07-06 09:48:00 +0000 |
---|---|---|
committer | Yawning Angel <yawning@schwanenlied.me> | 2015-07-06 09:48:00 +0000 |
commit | be113f0bce4516df1ad5b7a7a50707c466bdf9a4 (patch) | |
tree | 915ff11d5dec53143fce70337c7f5d294ddb4508 /src | |
parent | b7aa3074fc34515c99e91168762fa8f4163d6882 (diff) | |
download | tor-be113f0bce4516df1ad5b7a7a50707c466bdf9a4.tar.gz tor-be113f0bce4516df1ad5b7a7a50707c466bdf9a4.zip |
Add Curve25519->Ed25519 support to ed25519-donna (Not yet used).
This needs to be done to allow for the possibility of removing the
ref10 code at a later date, though it is not performance critical.
When integrated by kludging it into tor, it passes unit tests, and is
twice as fast.
Diffstat (limited to 'src')
-rw-r--r-- | src/ext/ed25519/donna/README.tor | 4 | ||||
-rw-r--r-- | src/ext/ed25519/donna/ed25519_donna_tor.h | 3 | ||||
-rw-r--r-- | src/ext/ed25519/donna/ed25519_tor.c | 23 |
3 files changed, 30 insertions, 0 deletions
diff --git a/src/ext/ed25519/donna/README.tor b/src/ext/ed25519/donna/README.tor index fa11a36771..212fb119a2 100644 --- a/src/ext/ed25519/donna/README.tor +++ b/src/ext/ed25519/donna/README.tor @@ -20,6 +20,10 @@ as of 8757bd4cd209cb032853ece0ce413f122eef212c. * There's an implementation of multiplicative key blinding so we can use it for next-gen hidden service descriptors. + * There's an implementation of 'convert a curve25519 key to an + ed25519 key' so we can do cross-certification with curve25519 + keys. + * `ED25519_FN(ed25519_randombytes_unsafe)` is now static. * `ed25519-randombytes-custom.h` has the appropriate code to call diff --git a/src/ext/ed25519/donna/ed25519_donna_tor.h b/src/ext/ed25519/donna/ed25519_donna_tor.h index a5a53f38bb..d225407b1c 100644 --- a/src/ext/ed25519/donna/ed25519_donna_tor.h +++ b/src/ext/ed25519/donna/ed25519_donna_tor.h @@ -27,4 +27,7 @@ int ed25519_donna_blind_secret_key(unsigned char *out, const unsigned char *inp, int ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp, const unsigned char *param); +int ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out, + const unsigned char *inp, int signbit); + #endif diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c index 5f2c9c9561..7f5894da79 100644 --- a/src/ext/ed25519/donna/ed25519_tor.c +++ b/src/ext/ed25519/donna/ed25519_tor.c @@ -139,6 +139,8 @@ ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25 * Routines that deal with the private key now use the expanded form. * Support for multiplicative key blinding has been added. + + * Support for converting a Curve25519 key to an Ed25519 key has been added. */ int @@ -317,5 +319,26 @@ ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp, return 0; } +int +ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out, + const unsigned char *inp, int signbit) +{ + static const bignum25519 one = { 1 }; + bignum25519 ALIGN(16) u, uminus1, uplus1, inv_uplus1, y; + + /* Prop228: y = (u-1)/(u+1) */ + curve25519_expand(u, inp); + curve25519_sub(uminus1, u, one); + curve25519_add(uplus1, u, one); + curve25519_recip(inv_uplus1, uplus1); + curve25519_mul(y, uminus1, inv_uplus1); + curve25519_contract(out, y); + + /* Propagate sign. */ + out[31] |= (!!signbit) << 7; + + return 0; +} + #include "test-internals.c" |