Add Curve25519->Ed25519 support to ed25519-donna (Not yet used).

This needs to be done to allow for the possibility of removing the ref10 code at a later date, though it is not performance critical. When integrated by kludging it into tor, it passes unit tests, and is twice as fast.
2024-11-11 05:33:47 +01:00 · 2015-07-06 09:48:00 +00:00 · 2015-07-06 09:48:00 +00:00 · be113f0bce
commit be113f0bce
parent b7aa3074fc
3 changed files with 30 additions and 0 deletions
--- a/src/ext/ed25519/donna/README.tor
+++ b/src/ext/ed25519/donna/README.tor
@ -20,6 +20,10 @@ as of 8757bd4cd209cb032853ece0ce413f122eef212c.
    * There's an implementation of multiplicative key blinding so we
      can use it for next-gen hidden service descriptors.

+    * There's an implementation of 'convert a curve25519 key to an
+      ed25519 key' so we can do cross-certification with curve25519
+      keys.
+
 * `ED25519_FN(ed25519_randombytes_unsafe)` is now static.

 * `ed25519-randombytes-custom.h` has the appropriate code to call
--- a/src/ext/ed25519/donna/ed25519_donna_tor.h
+++ b/src/ext/ed25519/donna/ed25519_donna_tor.h
@ -27,4 +27,7 @@ int ed25519_donna_blind_secret_key(unsigned char *out, const unsigned char *inp,
 int ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp,
  const unsigned char *param);

+int ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out,
+  const unsigned char *inp, int signbit);
+
 #endif
--- a/src/ext/ed25519/donna/ed25519_tor.c
+++ b/src/ext/ed25519/donna/ed25519_tor.c
@ -139,6 +139,8 @@ ED25519_FN(curved25519_scalarmult_basepoint) (curved25519_key pk, const curved25
    * Routines that deal with the private key now use the expanded form.

    * Support for multiplicative key blinding has been added.
+
+    * Support for converting a Curve25519 key to an Ed25519 key has been added.
 */

 int
@ -317,5 +319,26 @@ ed25519_donna_blind_public_key(unsigned char *out, const unsigned char *inp,
  return 0;
 }

+int
+ed25519_donna_pubkey_from_curve25519_pubkey(unsigned char *out,
+  const unsigned char *inp, int signbit)
+{
+  static const bignum25519 one = { 1 };
+  bignum25519 ALIGN(16) u, uminus1, uplus1, inv_uplus1, y;
+
+  /* Prop228: y = (u-1)/(u+1) */
+  curve25519_expand(u, inp);
+  curve25519_sub(uminus1, u, one);
+  curve25519_add(uplus1, u, one);
+  curve25519_recip(inv_uplus1, uplus1);
+  curve25519_mul(y, uminus1, inv_uplus1);
+  curve25519_contract(out, y);
+
+  /* Propagate sign. */
+  out[31] |= (!!signbit) << 7;
+
+  return 0;
+}
+
 #include "test-internals.c"