Function tor_llcrypto::pk::keymanip::convert_ed25519_to_curve25519_private
source · pub fn convert_ed25519_to_curve25519_private(keypair: &Keypair) -> StaticSecret
cvt-x25519
only.Expand description
Convert an ed25519 private key to a curve25519 private key.
This creates a curve25519 key as described in section-5.1.5 of RFC8032: the bytes of the secret
part of keypair
are hashed using SHA-512, and the result is clamped (the first 3 bits of the
first byte are cleared, the highest bit of the last byte is cleared, the second highest bit of
the last byte is set).
Note: Using the same keypair for multiple purposes (such as key-exchange and signing) is considered bad practice. Don’t use this function unless you know what you’re doing. See On using the same key pair for Ed25519 and an X25519 based KEM.
This function is needed by the ArtiNativeKeystore
from tor-keymgr
to convert ed25519
private keys to x25519. This is because ArtiNativeKeystore
stores x25519 private keys as
ssh-ed25519 OpenSSH keys. Other similar use cases are also valid.
It’s important to note that converting a private key from ed25519 -> curve25519 -> ed25519 will
yield an ExpandedKeypair
that is not identical to the
expanded version of the original Keypair
: the lower halves (the keys) of
the expanded key pairs will be the same, but their upper halves (the nonces) will be different.
§Panics
If the debug_assertions
feature is enabled, this function will double-check that the key it
is about to return is clamped.
This panic should be impossible unless we have upgraded x25519-dalek without auditing this function.