1 files changed, 78 insertions, 0 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 43cdfdfac..a334b50d0 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -275,6 +275,19 @@ struct GNUNET_CRYPTO_EddsaPrivateKey
 /**
+ * Private ECC scalar encoded for transmission.  To be used only for EdDSA
+ * signatures.
+ */
+struct GNUNET_CRYPTO_EddsaPrivateScalar
+{
+  /**
+   * s is the expandedprivate 512-bit scalar of a private key.
+   */
+  unsigned char s[512 / 8];
+};
+/**
 * @brief type for session keys
 */
 struct GNUNET_CRYPTO_SymmetricSessionKey
@@ -1907,6 +1920,71 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (
 /**
+ * @ingroup crypto
+ * Derive a private scalar from a given private key and a label.
+ * Essentially calculates a private key 'h = H(l,P) * d mod n'
+ * where n is the size of the ECC group and P is the public
+ * key associated with the private key 'd'.
+ * The result is the derived private _scalar_, not the private
+ * key as for EdDSA we cannot derive before we hash the
+ * private key.
+ *
+ * @param priv original private key
+ * @param label label to use for key deriviation
+ * @param context additional context to use for HKDF of 'h';
+ *        typically the name of the subsystem/application
+ * @param result derived private scalar
+ */
+void
+GNUNET_CRYPTO_eddsa_private_key_derive (
+  const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
+  const char *label,
+  const char *context,
+  struct GNUNET_CRYPTO_EddsaPrivateScalar *result);
+/**
+ * @ingroup crypto
+ * Derive a public key from a given public key and a label.
+ * Essentially calculates a public key 'V = H(l,P) * P'.
+ *
+ * @param pub original public key
+ * @param label label to use for key deriviation
+ * @param context additional context to use for HKDF of 'h'.
+ *        typically the name of the subsystem/application
+ * @param result where to write the derived public key
+ */
+void
+GNUNET_CRYPTO_eddsa_public_key_derive (
+  const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
+  const char *label,
+  const char *context,
+  struct GNUNET_CRYPTO_EddsaPublicKey *result);
+/**
+ * This is a signature function for EdDSA which takes the
+ * secret scalar sk instead of the private seed which is
+ * usually the case for crypto APIs. We require this functionality
+ * in order to use derived private keys for signatures we
+ * cannot calculate the inverse of a sk to find the seed
+ * efficiently.
+ *
+ * The resulting signature is a standard EdDSA signature
+ * which can be verified using the usual APIs.
+ *
+ * @param sk the secret scalar
+ * @param purp the signature purpose
+ * @param sig the resulting signature
+ */
+void
+GNUNET_CRYPTO_eddsa_sign_with_scalar (
+  const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv,
+  const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+  struct GNUNET_CRYPTO_EddsaSignature *sig);
+/**
 * Output the given MPI value to the given buffer in network
 * byte order.  The MPI @a val may not be negative.
 *

diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 43cdfdfac..a334b50d0 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h
@@ -275,6 +275,19 @@ struct GNUNET_CRYPTO_EddsaPrivateKey
275		275
276		276
277	/**	277	/**
		278	* Private ECC scalar encoded for transmission. To be used only for EdDSA
		279	* signatures.
		280	*/
		281	struct GNUNET_CRYPTO_EddsaPrivateScalar
		282	{
		283	/**
		284	* s is the expandedprivate 512-bit scalar of a private key.
		285	*/
		286	unsigned char s[512 / 8];
		287	};
		288
		289
		290	/**
278	* @brief type for session keys	291	* @brief type for session keys
279	*/	292	*/
280	struct GNUNET_CRYPTO_SymmetricSessionKey	293	struct GNUNET_CRYPTO_SymmetricSessionKey
@@ -1907,6 +1920,71 @@ GNUNET_CRYPTO_ecdsa_public_key_derive (
1907		1920
1908		1921
1909	/**	1922	/**
		1923	* @ingroup crypto
		1924	* Derive a private scalar from a given private key and a label.
		1925	* Essentially calculates a private key 'h = H(l,P) * d mod n'
		1926	* where n is the size of the ECC group and P is the public
		1927	* key associated with the private key 'd'.
		1928	* The result is the derived private _scalar_, not the private
		1929	* key as for EdDSA we cannot derive before we hash the
		1930	* private key.
		1931	*
		1932	* @param priv original private key
		1933	* @param label label to use for key deriviation
		1934	* @param context additional context to use for HKDF of 'h';
		1935	* typically the name of the subsystem/application
		1936	* @param result derived private scalar
		1937	*/
		1938	void
		1939	GNUNET_CRYPTO_eddsa_private_key_derive (
		1940	const struct GNUNET_CRYPTO_EddsaPrivateKey *priv,
		1941	const char *label,
		1942	const char *context,
		1943	struct GNUNET_CRYPTO_EddsaPrivateScalar *result);
		1944
		1945
		1946	/**
		1947	* @ingroup crypto
		1948	* Derive a public key from a given public key and a label.
		1949	* Essentially calculates a public key 'V = H(l,P) * P'.
		1950	*
		1951	* @param pub original public key
		1952	* @param label label to use for key deriviation
		1953	* @param context additional context to use for HKDF of 'h'.
		1954	* typically the name of the subsystem/application
		1955	* @param result where to write the derived public key
		1956	*/
		1957	void
		1958	GNUNET_CRYPTO_eddsa_public_key_derive (
		1959	const struct GNUNET_CRYPTO_EddsaPublicKey *pub,
		1960	const char *label,
		1961	const char *context,
		1962	struct GNUNET_CRYPTO_EddsaPublicKey *result);
		1963
		1964
		1965	/**
		1966	* This is a signature function for EdDSA which takes the
		1967	* secret scalar sk instead of the private seed which is
		1968	* usually the case for crypto APIs. We require this functionality
		1969	* in order to use derived private keys for signatures we
		1970	* cannot calculate the inverse of a sk to find the seed
		1971	* efficiently.
		1972	*
		1973	* The resulting signature is a standard EdDSA signature
		1974	* which can be verified using the usual APIs.
		1975	*
		1976	* @param sk the secret scalar
		1977	* @param purp the signature purpose
		1978	* @param sig the resulting signature
		1979	*/
		1980	void
		1981	GNUNET_CRYPTO_eddsa_sign_with_scalar (
		1982	const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv,
		1983	const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
		1984	struct GNUNET_CRYPTO_EddsaSignature *sig);
		1985
		1986
		1987	/**
1910	* Output the given MPI value to the given buffer in network	1988	* Output the given MPI value to the given buffer in network
1911	* byte order. The MPI @a val may not be negative.	1989	* byte order. The MPI @a val may not be negative.
1912	*	1990	*