[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Add Curve25519->Ed25519 support to ed25519-donna (Not yet used).



commit be113f0bce4516df1ad5b7a7a50707c466bdf9a4
Author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Date:   Mon Jul 6 09:48:00 2015 +0000

    Add Curve25519->Ed25519 support to ed25519-donna (Not yet used).
    
    This needs to be done to allow for the possibility of removing the
    ref10 code at a later date, though it is not performance critical.
    When integrated by kludging it into tor, it passes unit tests, and is
    twice as fast.
---
 src/ext/ed25519/donna/README.tor          |    4 ++++
 src/ext/ed25519/donna/ed25519_donna_tor.h |    3 +++
 src/ext/ed25519/donna/ed25519_tor.c       |   23 +++++++++++++++++++++++
 3 files changed, 30 insertions(+)

diff --git a/src/ext/ed25519/donna/README.tor b/src/ext/ed25519/donna/README.tor
index fa11a36..212fb11 100644
--- a/src/ext/ed25519/donna/README.tor
+++ b/src/ext/ed25519/donna/README.tor
@@ -20,6 +20,10 @@ as of 8757bd4cd209cb032853ece0ce413f122eef212c.
     * There's an implementation of multiplicative key blinding so we
       can use it for next-gen hidden service descriptors.
 
+    * There's an implementation of 'convert a curve25519 key to an
+      ed25519 key' so we can do cross-certification with curve25519
+      keys.
+
  * `ED25519_FN(ed25519_randombytes_unsafe)` is now static.
 
  * `ed25519-randombytes-custom.h` has the appropriate code to call
diff --git a/src/ext/ed25519/donna/ed25519_donna_tor.h b/src/ext/ed25519/donna/ed25519_donna_tor.h
index a5a53f3..d225407 100644
--- a/src/ext/ed25519/donna/ed25519_donna_tor.h
+++ b/src/ext/ed25519/donna/ed25519_donna_tor.h
@@ -27,4 +27,7 @@ int ed25519_donna_blind_secret_key(unsigned char *out, const unsigned char *inp,
 int ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp,
   const unsigned char *param);
 
+int ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out,
+  const unsigned char *inp, int signbit);
+
 #endif
diff --git a/src/ext/ed25519/donna/ed25519_tor.c b/src/ext/ed25519/donna/ed25519_tor.c
index 5f2c9c9..7f5894d 100644
--- a/src/ext/ed25519/donna/ed25519_tor.c
+++ b/src/ext/ed25519/donna/ed25519_tor.c
@@ -139,6 +139,8 @@ ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25
     * Routines that deal with the private key now use the expanded form.
 
     * Support for multiplicative key blinding has been added.
+
+    * Support for converting a Curve25519 key to an Ed25519 key has been added.
  */
 
 int
@@ -317,5 +319,26 @@ ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp,
   return 0;
 }
 
+int
+ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out,
+  const unsigned char *inp, int signbit)
+{
+  static const bignum25519 one = { 1 };
+  bignum25519 ALIGN(16) u, uminus1, uplus1, inv_uplus1, y;
+
+  /* Prop228: y = (u-1)/(u+1) */
+  curve25519_expand(u, inp);
+  curve25519_sub(uminus1, u, one);
+  curve25519_add(uplus1, u, one);
+  curve25519_recip(inv_uplus1, uplus1);
+  curve25519_mul(y, uminus1, inv_uplus1);
+  curve25519_contract(out, y);
+
+  /* Propagate sign. */
+  out[31] |= (!!signbit) << 7;
+
+  return 0;
+}
+
 #include "test-internals.c"
 



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits