diff options
Diffstat (limited to 'src/include/gnunet_crypto_lib.h')
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 43cdfdfac..a334b50d0 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -275,6 +275,19 @@ struct GNUNET_CRYPTO_EddsaPrivateKey | |||
275 | 275 | ||
276 | 276 | ||
277 | /** | 277 | /** |
278 | * Private ECC scalar encoded for transmission. To be used only for EdDSA | ||
279 | * signatures. | ||
280 | */ | ||
281 | struct GNUNET_CRYPTO_EddsaPrivateScalar | ||
282 | { | ||
283 | /** | ||
284 | * s is the expandedprivate 512-bit scalar of a private key. | ||
285 | */ | ||
286 | unsigned char s[512 / 8]; | ||
287 | }; | ||
288 | |||
289 | |||
290 | /** | ||
278 | * @brief type for session keys | 291 | * @brief type for session keys |
279 | */ | 292 | */ |
280 | struct GNUNET_CRYPTO_SymmetricSessionKey | 293 | struct GNUNET_CRYPTO_SymmetricSessionKey |
@@ -1907,6 +1920,71 @@ GNUNET_CRYPTO_ecdsa_public_key_derive ( | |||
1907 | 1920 | ||
1908 | 1921 | ||
1909 | /** | 1922 | /** |
1923 | * @ingroup crypto | ||
1924 | * Derive a private scalar from a given private key and a label. | ||
1925 | * Essentially calculates a private key 'h = H(l,P) * d mod n' | ||
1926 | * where n is the size of the ECC group and P is the public | ||
1927 | * key associated with the private key 'd'. | ||
1928 | * The result is the derived private _scalar_, not the private | ||
1929 | * key as for EdDSA we cannot derive before we hash the | ||
1930 | * private key. | ||
1931 | * | ||
1932 | * @param priv original private key | ||
1933 | * @param label label to use for key deriviation | ||
1934 | * @param context additional context to use for HKDF of 'h'; | ||
1935 | * typically the name of the subsystem/application | ||
1936 | * @param result derived private scalar | ||
1937 | */ | ||
1938 | void | ||
1939 | GNUNET_CRYPTO_eddsa_private_key_derive ( | ||
1940 | const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, | ||
1941 | const char *label, | ||
1942 | const char *context, | ||
1943 | struct GNUNET_CRYPTO_EddsaPrivateScalar *result); | ||
1944 | |||
1945 | |||
1946 | /** | ||
1947 | * @ingroup crypto | ||
1948 | * Derive a public key from a given public key and a label. | ||
1949 | * Essentially calculates a public key 'V = H(l,P) * P'. | ||
1950 | * | ||
1951 | * @param pub original public key | ||
1952 | * @param label label to use for key deriviation | ||
1953 | * @param context additional context to use for HKDF of 'h'. | ||
1954 | * typically the name of the subsystem/application | ||
1955 | * @param result where to write the derived public key | ||
1956 | */ | ||
1957 | void | ||
1958 | GNUNET_CRYPTO_eddsa_public_key_derive ( | ||
1959 | const struct GNUNET_CRYPTO_EddsaPublicKey *pub, | ||
1960 | const char *label, | ||
1961 | const char *context, | ||
1962 | struct GNUNET_CRYPTO_EddsaPublicKey *result); | ||
1963 | |||
1964 | |||
1965 | /** | ||
1966 | * This is a signature function for EdDSA which takes the | ||
1967 | * secret scalar sk instead of the private seed which is | ||
1968 | * usually the case for crypto APIs. We require this functionality | ||
1969 | * in order to use derived private keys for signatures we | ||
1970 | * cannot calculate the inverse of a sk to find the seed | ||
1971 | * efficiently. | ||
1972 | * | ||
1973 | * The resulting signature is a standard EdDSA signature | ||
1974 | * which can be verified using the usual APIs. | ||
1975 | * | ||
1976 | * @param sk the secret scalar | ||
1977 | * @param purp the signature purpose | ||
1978 | * @param sig the resulting signature | ||
1979 | */ | ||
1980 | void | ||
1981 | GNUNET_CRYPTO_eddsa_sign_with_scalar ( | ||
1982 | const struct GNUNET_CRYPTO_EddsaPrivateScalar *priv, | ||
1983 | const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, | ||
1984 | struct GNUNET_CRYPTO_EddsaSignature *sig); | ||
1985 | |||
1986 | |||
1987 | /** | ||
1910 | * Output the given MPI value to the given buffer in network | 1988 | * Output the given MPI value to the given buffer in network |
1911 | * byte order. The MPI @a val may not be negative. | 1989 | * byte order. The MPI @a val may not be negative. |
1912 | * | 1990 | * |