2
0

edsign.h 1.9 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364
  1. /* Edwards curve signature system
  2. * Daniel Beer <dlbeer@gmail.com>, 22 Apr 2014
  3. *
  4. * This file is in the public domain.
  5. */
  6. #ifndef EDSIGN_H_
  7. #define EDSIGN_H_
  8. #include <stdint.h>
  9. #include <stdbool.h>
  10. #include "sha512.h"
  11. /* This is the Ed25519 signature system, as described in:
  12. *
  13. * Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin
  14. * Yang. High-speed high-security signatures. Journal of Cryptographic
  15. * Engineering 2 (2012), 77–89. Document ID:
  16. * a1a62a2f76d23f65d622484ddd09caf8. URL:
  17. * http://cr.yp.to/papers.html#ed25519. Date: 2011.09.26.
  18. *
  19. * The format and calculation of signatures is compatible with the
  20. * Ed25519 implementation in SUPERCOP. Note, however, that our secret
  21. * keys are half the size: we don't store a copy of the public key in
  22. * the secret key (we generate it on demand).
  23. */
  24. /* Any string of 32 random bytes is a valid secret key. There is no
  25. * clamping of bits, because we don't use the key directly as an
  26. * exponent (the exponent is derived from part of a key expansion).
  27. */
  28. #define EDSIGN_SECRET_KEY_SIZE 32
  29. /* Given a secret key, produce the public key (a packed Edwards-curve
  30. * point).
  31. */
  32. #define EDSIGN_PUBLIC_KEY_SIZE 32
  33. void edsign_sec_to_pub(void *pub, const void *secret);
  34. /* Produce a signature for a message. */
  35. #define EDSIGN_SIGNATURE_SIZE 64
  36. void edsign_sign(uint8_t *signature, const uint8_t *pub,
  37. const uint8_t *secret,
  38. const uint8_t *message, size_t len);
  39. struct edsign_verify_state {
  40. struct sha512_state sha;
  41. };
  42. void edsign_verify_init(struct edsign_verify_state *st, const void *sig,
  43. const void *pub);
  44. static inline void
  45. edsign_verify_add(struct edsign_verify_state *st, const void *data, int len)
  46. {
  47. sha512_add(&st->sha, data, len);
  48. }
  49. /* Verify a message signature. Returns non-zero if ok. */
  50. bool edsign_verify(struct edsign_verify_state *st, const void *sig, const void *pub);
  51. #endif