crypto_edx25519.c File Reference

An variant of EdDSA which allows for iterative derivation of key pairs. More...

#include "platform.h"
#include <sodium.h>
#include "gnunet_util_lib.h"

Include dependency graph for crypto_edx25519.c:

Go to the source code of this file.

Macros
#define	CURVE   "Ed25519"

Functions
void	GNUNET_CRYPTO_edx25519_key_clear (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
	Clear memory that was used to store a private key.
void	GNUNET_CRYPTO_edx25519_key_create_from_seed (const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
	Create a new private key for Edx25519 from a given seed.
void	GNUNET_CRYPTO_edx25519_key_create (struct GNUNET_CRYPTO_Edx25519PrivateKey *pk)
	Create a new private key.
void	GNUNET_CRYPTO_edx25519_key_get_public (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
	Extract the public key for the given private key.
enum GNUNET_GenericReturnValue	GNUNET_CRYPTO_edx25519_sign_ (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_Edx25519Signature *sig)
	This function operates the basically same way as the signature function for EdDSA.
enum GNUNET_GenericReturnValue	GNUNET_CRYPTO_edx25519_verify_ (uint32_t purpose, const struct GNUNET_CRYPTO_SignaturePurpose *validate, const struct GNUNET_CRYPTO_Edx25519Signature *sig, const struct GNUNET_CRYPTO_Edx25519PublicKey *pub)
	Verify Edx25519 signature.
static void	derive_h (const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_HashCode *phc)
	Derive the 'h' value for key derivation, where 'h = H(P ∥ seed) mod n' and 'n' is the size of the cyclic subroup.
void	GNUNET_CRYPTO_edx25519_private_key_derive (const struct GNUNET_CRYPTO_Edx25519PrivateKey *priv, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PrivateKey *result)
	Derive a private scalar from a given private key and a label.
void	GNUNET_CRYPTO_edx25519_public_key_derive (const struct GNUNET_CRYPTO_Edx25519PublicKey *pub, const void *seed, size_t seedsize, struct GNUNET_CRYPTO_Edx25519PublicKey *result)
	Derive a public key from a given public key and a label.

Detailed Description

An variant of EdDSA which allows for iterative derivation of key pairs.

Author

Özgür Kesim

Christian Grothoff

Florian Dold

Martin Schanzenbach

Definition in file crypto_edx25519.c.

Macro Definition Documentation

CURVE

#define CURVE   "Ed25519"

Definition at line 34 of file crypto_edx25519.c.

Function Documentation

derive_h()

static void derive_h ( const struct GNUNET_CRYPTO_Edx25519PublicKey *  pub, const void *  seed, size_t  seedsize, struct GNUNET_HashCode *  phc  )

static

Derive the 'h' value for key derivation, where 'h = H(P ∥ seed) mod n' and 'n' is the size of the cyclic subroup.

Parameters

	pub	public key for deriviation
	seed	seed for key the deriviation
	seedsize	the size of the seed
[out]	phc	if not NULL, the output of H() will be written into return h_mod_n (allocated by this function)

NOTE: While (H)KDF calls this value a salt it is not necessary for it to be a random value. It is more common to use a NULL value here (https://www.rfc-editor.org/rfc/rfc8446#section-7.1) But it is safe either way (See RFC 5869)

Definition at line 215 of file crypto_edx25519.c.

{
  static const char *const salt = "edx25519-derivation";
 
  GNUNET_CRYPTO_hkdf_gnunet (/* output*/
    phc, sizeof(*phc),
    /* salt */
    salt, strlen (salt),
    /* ikm */
    pub, sizeof(*pub),
    /* ctx chunks*/
    GNUNET_CRYPTO_kdf_arg (seed, seedsize));
 
}

References GNUNET_CRYPTO_hkdf_gnunet, GNUNET_CRYPTO_kdf_arg, pub, salt, and seed.

Referenced by GNUNET_CRYPTO_edx25519_private_key_derive(), and GNUNET_CRYPTO_edx25519_public_key_derive().

Here is the caller graph for this function: