tor
master
|
Wrapper code for a curve25519 implementation. More...
#include "orconfig.h"
#include "container.h"
#include "crypto_curve25519.h"
#include "crypto_digest.h"
#include "crypto_format.h"
#include "crypto_rand.h"
#include "crypto_util.h"
#include "util.h"
#include "torlog.h"
#include "ed25519/donna/ed25519_donna_tor.h"
Wrapper code for a curve25519 implementation.
Curve25519 is an Elliptic-Curve Diffie Hellman handshake, designed by Dan Bernstein. For more information, see https://cr.yp.to/ecdh.html
Tor uses Curve25519 as the basis of its "ntor" circuit extension handshake, and in related code. The functions in this module are used to find the most suitable available Curve25519 implementation, to provide wrappers around it, and so on.
STATIC int curve25519_basepoint_impl | ( | uint8_t * | output, |
const uint8_t * | secret | ||
) |
Helper function: Multiply the scalar "secret" by the Curve25519 basepoint (X=9), and store the result in "output". Return 0 on success, -1 on failure.
void curve25519_handshake | ( | uint8_t * | output, |
const curve25519_secret_key_t * | skey, | ||
const curve25519_public_key_t * | pkey | ||
) |
Perform the curve25519 ECDH handshake with skey and pkey, writing CURVE25519_OUTPUT_LEN bytes of output into output.
STATIC int curve25519_impl | ( | uint8_t * | output, |
const uint8_t * | secret, | ||
const uint8_t * | point | ||
) |
Helper function: call the most appropriate backend to compute the scalar "secret" times the point "point". Store the result in "output". Return 0 on success, negative on failure.
void curve25519_init | ( | void | ) |
Initialize the curve25519 implementations. This is necessary if you're going to use them in a multithreaded setting, and not otherwise.
int curve25519_keypair_generate | ( | curve25519_keypair_t * | keypair_out, |
int | extra_strong | ||
) |
Construct a new keypair in *keypair_out. If extra_strong is true, this key is possibly going to get used more than once, so use a better-than-usual RNG. Return 0 on success, -1 on failure.
int curve25519_keypair_read_from_file | ( | curve25519_keypair_t * | keypair_out, |
char ** | tag_out, | ||
const char * | fname | ||
) |
Read a curve25519 keypair from a file named fname created by curve25519_keypair_write_to_file(). Store the keypair in keypair_out, and the associated tag string in tag_out. Return 0 on success, and -1 on failure.
int curve25519_keypair_write_to_file | ( | const curve25519_keypair_t * | keypair, |
const char * | fname, | ||
const char * | tag | ||
) |
Store the keypair keypair, including its secret and public parts, to the file fname. Use the string tag tag to distinguish this from other Curve25519 keypairs. Return 0 on success, -1 on failure.
See crypto_write_tagged_contents_to_file() for more information on the metaformat used for these keys.
void curve25519_public_key_generate | ( | curve25519_public_key_t * | key_out, |
const curve25519_secret_key_t * | seckey | ||
) |
Given a secret key in seckey, create the corresponding public key in key_out.
int curve25519_public_key_is_ok | ( | const curve25519_public_key_t * | key | ) |
Return true iff a curve25519_public_key_t seems valid. (It's not necessary to see if the point is on the curve, since the twist is also secure, but we do need to make sure that it isn't the point at infinity.)
int curve25519_rand_seckey_bytes | ( | uint8_t * | out, |
int | extra_strong | ||
) |
Generate CURVE25519_SECKEY_LEN random bytes in out. If extra_strong is true, this key is possibly going to get used more than once, so use a better-than-usual RNG. Return 0 on success, -1 on failure.
This function does not adjust the output of the RNG at all; the will caller will need to clear or set the appropriate bits to make curve25519 work.
int curve25519_secret_key_generate | ( | curve25519_secret_key_t * | key_out, |
int | extra_strong | ||
) |
Generate a new keypair and return the secret key. If extra_strong is true, this key is possibly going to get used more than once, so use a better-than-usual RNG. Return 0 on success, -1 on failure.
void curve25519_set_impl_params | ( | int | use_ed | ) |
Override the decision of whether to use the Ed25519-based basepoint multiply function. Used for testing.