Module tor_llcrypto::pk::keymanip

Key manipulation functions for use with public keys.

Tor does some interesting and not-standard things with its curve25519 and ed25519 keys, for several reasons.

In order to prove ownership of a curve25519 private key, Tor converts it into an ed25519 key, and then uses that ed25519 key to sign its identity key. We implement this conversion with convert_curve25519_to_ed25519_public and convert_curve25519_to_ed25519_private.

In Tor’s v3 onion service design, Tor uses a key blinding algorithm to derive a publicly known Ed25519 key from a different Ed25519 key used as the .onion address. This algorithm allows directories to validate the signatures on onion service descriptors, without knowing which services they represent. We implement this blinding operation via blind_pubkey.

TODO

Recommend more standardized ways to do these things.

Enums

• BlindingError
  An error occurred during a key-blinding operation.

Functions

• blind_keypairhsv3-service
  Blind the ed25519 secret key sk using the blinding factor h, and return the blinded secret key.
• blind_pubkeyhsv3-client
  Blind the ed25519 public key pk using the blinding factor h, and return the blinded public key.
• convert_curve25519_to_ed25519_privatecvt-x25519
  Convert a curve25519 private key to an ed25519 private key (and give a sign bit) to use with it, for use in ntor key cross-certification.
• convert_curve25519_to_ed25519_public
  Convert a curve25519 public key (with sign bit) to an ed25519 public key, for use in ntor key cross-certification.
• convert_ed25519_to_curve25519_privateDeprecatedcvt-x25519
  Convert an ed25519 private key to a curve25519 private key.