1
0

ed25519.h 36 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088
  1. /*!
  2. \ingroup ED25519
  3. \brief This function generates the Ed25519 public key from the private key,
  4. stored in the ed25519_key object. It stores the public key in the buffer
  5. pubKey.
  6. \return 0 Returned upon successfully making the public key.
  7. \return BAD_FUNC_ARG Returned if key or pubKey evaluate to NULL, or if the
  8. specified key size is not 32 bytes (Ed25519 has 32 byte keys).
  9. \return ECC_PRIV_KEY_E returned if the ed25519_key object does not have
  10. the private key in it.
  11. \return MEMORY_E Returned if there is an error allocating memory
  12. during function execution.
  13. \param [in] key Pointer to the ed25519_key for which to generate a key.
  14. \param [out] pubKey Pointer to the buffer in which to store the public key.
  15. \param [in] pubKeySz Size of the public key. Should be ED25519_PUB_KEY_SIZE.
  16. _Example_
  17. \code
  18. int ret;
  19. ed25519_key key;
  20. byte priv[] = { initialize with 32 byte private key };
  21. byte pub[32];
  22. word32 pubSz = sizeof(pub);
  23. wc_ed25519_init(&key);
  24. wc_ed25519_import_private_only(priv, sizeof(priv), &key);
  25. ret = wc_ed25519_make_public(&key, pub, &pubSz);
  26. if (ret != 0) {
  27. // error making public key
  28. }
  29. \endcode
  30. \sa wc_ed25519_init
  31. \sa wc_ed25519_import_private_only
  32. \sa wc_ed25519_make_key
  33. */
  34. int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey,
  35. word32 pubKeySz);
  36. /*!
  37. \ingroup ED25519
  38. \brief This function generates a new Ed25519 key and stores it in key.
  39. \return 0 Returned upon successfully making an ed25519_key.
  40. \return BAD_FUNC_ARG Returned if rng or key evaluate to NULL, or if the
  41. specified key size is not 32 bytes (Ed25519 has 32 byte keys).
  42. \return MEMORY_E Returned if there is an error allocating memory
  43. during function execution.
  44. \param [in] rng Pointer to an initialized RNG object with which to
  45. generate the key.
  46. \param [in] keysize Length of key to generate. Should always be 32 for
  47. Ed25519.
  48. \param [in,out] key Pointer to the ed25519_key for which to generate a key.
  49. _Example_
  50. \code
  51. int ret;
  52. WC_RNG rng;
  53. ed25519_key key;
  54. wc_InitRng(&rng);
  55. wc_ed25519_init(&key);
  56. wc_ed25519_make_key(&rng, 32, &key);
  57. if (ret != 0) {
  58. // error making key
  59. }
  60. \endcode
  61. \sa wc_ed25519_init
  62. */
  63. int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key);
  64. /*!
  65. \ingroup ED25519
  66. \brief This function signs a message using an ed25519_key object
  67. to guarantee authenticity.
  68. \return 0 Returned upon successfully generating a signature for the
  69. message.
  70. \return BAD_FUNC_ARG Returned if any of the input parameters evaluate to
  71. NULL, or if the output buffer is too small to store the generated signature.
  72. \return MEMORY_E Returned if there is an error allocating memory during
  73. function execution.
  74. \param [in] in Pointer to the buffer containing the message to sign.
  75. \param [in] inlen Length of the message to sign.
  76. \param [out] out Buffer in which to store the generated signature.
  77. \param [in,out] outlen Maximum length of the output buffer. Will store the
  78. bytes written to out upon successfully generating a message signature.
  79. \param [in] key Pointer to a private ed25519_key with which to generate the
  80. signature.
  81. _Example_
  82. \code
  83. ed25519_key key;
  84. WC_RNG rng;
  85. int ret, sigSz;
  86. byte sig[64]; // will hold generated signature
  87. sigSz = sizeof(sig);
  88. byte message[] = { initialize with message };
  89. wc_InitRng(&rng); // initialize rng
  90. wc_ed25519_init(&key); // initialize key
  91. wc_ed25519_make_key(&rng, 32, &key); // make public/private key pair
  92. ret = wc_ed25519_sign_msg(message, sizeof(message), sig, &sigSz, &key);
  93. if (ret != 0) {
  94. // error generating message signature
  95. }
  96. \endcode
  97. \sa wc_ed25519ctx_sign_msg
  98. \sa wc_ed25519ph_sign_hash
  99. \sa wc_ed25519ph_sign_msg
  100. \sa wc_ed25519_verify_msg
  101. */
  102. int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
  103. word32 *outlen, ed25519_key* key);
  104. /*!
  105. \ingroup ED25519
  106. \brief This function signs a message using an ed25519_key object
  107. to guarantee authenticity. The context is part of the data signed.
  108. \return 0 Returned upon successfully generating a signature for the
  109. message.
  110. \return BAD_FUNC_ARG Returned any of the input parameters evaluate to
  111. NULL, or if the output buffer is too small to store the generated signature.
  112. \return MEMORY_E Returned if there is an error allocating memory during
  113. function execution.
  114. \param [in] in Pointer to the buffer containing the message to sign.
  115. \param [in] inlen Length of the message to sign.
  116. \param [out] out Buffer in which to store the generated signature.
  117. \param [in,out] outlen Maximum length of the output buffer. Will store the
  118. bytes written to out upon successfully generating a message signature.
  119. \param [in] key Pointer to a private ed25519_key with which to generate the
  120. signature.
  121. \param [in] context Pointer to the buffer containing the context for which
  122. message is being signed.
  123. \param [in] contextLen Length of the context buffer.
  124. _Example_
  125. \code
  126. ed25519_key key;
  127. WC_RNG rng;
  128. int ret, sigSz;
  129. byte sig[64]; // will hold generated signature
  130. sigSz = sizeof(sig);
  131. byte message[] = { initialize with message };
  132. byte context[] = { initialize with context of signing };
  133. wc_InitRng(&rng); // initialize rng
  134. wc_ed25519_init(&key); // initialize key
  135. wc_ed25519_make_key(&rng, 32, &key); // make public/private key pair
  136. ret = wc_ed25519ctx_sign_msg(message, sizeof(message), sig, &sigSz, &key,
  137. context, sizeof(context));
  138. if (ret != 0) {
  139. // error generating message signature
  140. }
  141. \endcode
  142. \sa wc_ed25519_sign_msg
  143. \sa wc_ed25519ph_sign_hash
  144. \sa wc_ed25519ph_sign_msg
  145. \sa wc_ed25519_verify_msg
  146. */
  147. int wc_ed25519ctx_sign_msg(const byte* in, word32 inlen, byte* out,
  148. word32 *outlen, ed25519_key* key,
  149. const byte* context, byte contextLen);
  150. /*!
  151. \ingroup ED25519
  152. \brief This function signs a message digest using an ed25519_key object
  153. to guarantee authenticity. The context is included as part of the data
  154. signed. The message is pre-hashed before signature calculation. The hash
  155. algorithm used to create message digest must be SHAKE-256.
  156. \return 0 Returned upon successfully generating a signature for the
  157. message digest.
  158. \return BAD_FUNC_ARG Returned any of the input parameters evaluate to
  159. NULL, or if the output buffer is too small to store the generated signature.
  160. \return MEMORY_E Returned if there is an error allocating memory during
  161. function execution.
  162. \param [in] hash Pointer to the buffer containing the hash of the message
  163. to sign.
  164. \param [in] hashLen Length of the hash of the message to sign.
  165. \param [out] out Buffer in which to store the generated signature.
  166. \param [in,out] outlen Maximum length of the output buffer. Will store the
  167. bytes written to out upon successfully generating a message signature.
  168. \param [in] key Pointer to a private ed25519_key with which to generate the
  169. signature.
  170. \param [in] context Pointer to the buffer containing the context for which
  171. message is being signed.
  172. \param [in] contextLen Length of the context buffer.
  173. _Example_
  174. \code
  175. ed25519_key key;
  176. WC_RNG rng;
  177. int ret, sigSz;
  178. byte sig[64]; // will hold generated signature
  179. sigSz = sizeof(sig);
  180. byte hash[] = { initialize with SHA-512 hash of message };
  181. byte context[] = { initialize with context of signing };
  182. wc_InitRng(&rng); // initialize rng
  183. wc_ed25519_init(&key); // initialize key
  184. wc_ed25519_make_key(&rng, 32, &key); // make public/private key pair
  185. ret = wc_ed25519ph_sign_hash(hash, sizeof(hash), sig, &sigSz, &key,
  186. context, sizeof(context));
  187. if (ret != 0) {
  188. // error generating message signature
  189. }
  190. \endcode
  191. \sa wc_ed25519_sign_msg
  192. \sa wc_ed25519ctx_sign_msg
  193. \sa wc_ed25519ph_sign_msg
  194. \sa wc_ed25519_verify_msg
  195. */
  196. int wc_ed25519ph_sign_hash(const byte* hash, word32 hashLen, byte* out,
  197. word32 *outLen, ed25519_key* key,
  198. const byte* context, byte contextLen);
  199. /*!
  200. \ingroup ED25519
  201. \brief This function signs a message using an ed25519_key object
  202. to guarantee authenticity. The context is included as part of the data
  203. signed. The message is pre-hashed before signature calculation.
  204. \return 0 Returned upon successfully generating a signature for the
  205. message.
  206. \return BAD_FUNC_ARG Returned any of the input parameters evaluate to
  207. NULL, or if the output buffer is too small to store the generated signature.
  208. \return MEMORY_E Returned if there is an error allocating memory during
  209. function execution.
  210. \param [in] in Pointer to the buffer containing the message to sign.
  211. \param [in] inlen Length of the message to sign.
  212. \param [out] out Buffer in which to store the generated signature.
  213. \param [in,out] outlen Maximum length of the output buffer. Will store the
  214. bytes written to out upon successfully generating a message signature.
  215. \param [in] key Pointer to a private ed25519_key with which to generate the
  216. signature.
  217. \param [in] context Pointer to the buffer containing the context for which
  218. message is being signed.
  219. \param [in] contextLen Length of the context buffer.
  220. _Example_
  221. \code
  222. ed25519_key key;
  223. WC_RNG rng;
  224. int ret, sigSz;
  225. byte sig[64]; // will hold generated signature
  226. sigSz = sizeof(sig);
  227. byte message[] = { initialize with message };
  228. byte context[] = { initialize with context of signing };
  229. wc_InitRng(&rng); // initialize rng
  230. wc_ed25519_init(&key); // initialize key
  231. wc_ed25519_make_key(&rng, 32, &key); // make public/private key pair
  232. ret = wc_ed25519ph_sign_msg(message, sizeof(message), sig, &sigSz, &key,
  233. context, sizeof(context));
  234. if (ret != 0) {
  235. // error generating message signature
  236. }
  237. \endcode
  238. \sa wc_ed25519_sign_msg
  239. \sa wc_ed25519ctx_sign_msg
  240. \sa wc_ed25519ph_sign_hash
  241. \sa wc_ed25519_verify_msg
  242. */
  243. int wc_ed25519ph_sign_msg(const byte* in, word32 inlen, byte* out,
  244. word32 *outlen, ed25519_key* key,
  245. const byte* context, byte contextLen);
  246. /*!
  247. \ingroup ED25519
  248. \brief This function verifies the Ed25519 signature of a message to ensure
  249. authenticity. It returns the answer through ret, with 1 corresponding to
  250. a valid signature, and 0 corresponding to an invalid signature.
  251. \return 0 Returned upon successfully performing the signature
  252. verification and authentication.
  253. \return BAD_FUNC_ARG Returned if any of the input parameters evaluate to
  254. NULL, or if the siglen does not match the actual length of a signature.
  255. \return SIG_VERIFY_E Returned if verification completes, but the signature
  256. generated does not match the signature provided.
  257. \param [in] sig Pointer to the buffer containing the signature to verify.
  258. \param [in] siglen Length of the signature to verify.
  259. \param [in] msg Pointer to the buffer containing the message to verify.
  260. \param [in] msgLen Length of the message to verify.
  261. \param [out] ret Pointer to the result of the verification. 1 indicates the
  262. message was successfully verified.
  263. \param [in] key Pointer to a public Ed25519 key with which to verify the
  264. signature.
  265. _Example_
  266. \code
  267. ed25519_key key;
  268. int ret, verified = 0;
  269. byte sig[] { initialize with received signature };
  270. byte msg[] = { initialize with message };
  271. // initialize key with received public key
  272. ret = wc_ed25519_verify_msg(sig, sizeof(sig), msg, sizeof(msg), &verified,
  273. &key);
  274. if (ret < 0) {
  275. // error performing verification
  276. } else if (verified == 0)
  277. // the signature is invalid
  278. }
  279. \endcode
  280. \sa wc_ed25519ctx_verify_msg
  281. \sa wc_ed25519ph_verify_hash
  282. \sa wc_ed25519ph_verify_msg
  283. \sa wc_ed25519_sign_msg
  284. */
  285. int wc_ed25519_verify_msg(const byte* sig, word32 siglen, const byte* msg,
  286. word32 msgLen, int* ret, ed25519_key* key);
  287. /*!
  288. \ingroup ED25519
  289. \brief This function verifies the Ed25519 signature of a message to ensure
  290. authenticity. The context is included as part of the data
  291. verified. It returns the answer through ret, with 1 corresponding to
  292. a valid signature, and 0 corresponding to an invalid signature.
  293. \return 0 Returned upon successfully performing the signature
  294. verification and authentication.
  295. \return BAD_FUNC_ARG Returned if any of the input parameters evaluate to
  296. NULL, or if the siglen does not match the actual length of a signature.
  297. \return SIG_VERIFY_E Returned if verification completes, but the signature
  298. generated does not match the signature provided.
  299. \param [in] sig Pointer to the buffer containing the signature to verify.
  300. \param [in] siglen Length of the signature to verify.
  301. \param [in] msg Pointer to the buffer containing the message to verify.
  302. \param [in] msgLen Length of the message to verify.
  303. \param [out] ret Pointer to the result of the verification. 1 indicates the
  304. message was successfully verified.
  305. \param [in] key Pointer to a public Ed25519 key with which to verify the
  306. signature.
  307. \param [in] context Pointer to the buffer containing the context for which
  308. the message was signed.
  309. \param [in] contextLen Length of the context buffer.
  310. _Example_
  311. \code
  312. ed25519_key key;
  313. int ret, verified = 0;
  314. byte sig[] { initialize with received signature };
  315. byte msg[] = { initialize with message };
  316. byte context[] = { initialize with context of signature };
  317. // initialize key with received public key
  318. ret = wc_ed25519ctx_verify_msg(sig, sizeof(sig), msg, sizeof(msg),
  319. &verified, &key, );
  320. if (ret < 0) {
  321. // error performing verification
  322. } else if (verified == 0)
  323. // the signature is invalid
  324. }
  325. \endcode
  326. \sa wc_ed25519_verify_msg
  327. \sa wc_ed25519ph_verify_hash
  328. \sa wc_ed25519ph_verify_msg
  329. \sa wc_ed25519_sign_msg
  330. */
  331. int wc_ed25519ctx_verify_msg(const byte* sig, word32 siglen, const byte* msg,
  332. word32 msgLen, int* ret, ed25519_key* key,
  333. const byte* context, byte contextLen);
  334. /*!
  335. \ingroup ED25519
  336. \brief This function verifies the Ed25519 signature of the digest of a
  337. message to ensure authenticity. The context is included as part of the data
  338. verified. The hash is the pre-hashed message before signature calculation.
  339. The hash algorithm used to create message digest must be SHA-512.
  340. The answer is returned through ret, with 1 corresponding to a valid
  341. signature, and 0 corresponding to an invalid signature.
  342. \return 0 Returned upon successfully performing the signature
  343. verification and authentication.
  344. \return BAD_FUNC_ARG Returned if any of the input parameters evaluate to
  345. NULL, or if the siglen does not match the actual length of a signature.
  346. \return SIG_VERIFY_E Returned if verification completes, but the signature
  347. generated does not match the signature provided.
  348. \param [in] sig Pointer to the buffer containing the signature to verify.
  349. \param [in] siglen Length of the signature to verify.
  350. \param [in] hash Pointer to the buffer containing the hash of the message
  351. to verify.
  352. \param [in] hashLen Length of the hash to verify.
  353. \param [out] ret Pointer to the result of the verification. 1 indicates the
  354. message was successfully verified.
  355. \param [in] key Pointer to a public Ed25519 key with which to verify the
  356. signature.
  357. \param [in] context Pointer to the buffer containing the context for which
  358. the message was signed.
  359. \param [in] contextLen Length of the context buffer.
  360. _Example_
  361. \code
  362. ed25519_key key;
  363. int ret, verified = 0;
  364. byte sig[] { initialize with received signature };
  365. byte hash[] = { initialize with SHA-512 hash of message };
  366. byte context[] = { initialize with context of signature };
  367. // initialize key with received public key
  368. ret = wc_ed25519ph_verify_hash(sig, sizeof(sig), msg, sizeof(msg),
  369. &verified, &key, );
  370. if (ret < 0) {
  371. // error performing verification
  372. } else if (verified == 0)
  373. // the signature is invalid
  374. }
  375. \endcode
  376. \sa wc_ed25519_verify_msg
  377. \sa wc_ed25519ctx_verify_msg
  378. \sa wc_ed25519ph_verify_msg
  379. \sa wc_ed25519_sign_msg
  380. */
  381. int wc_ed25519ph_verify_hash(const byte* sig, word32 siglen, const byte* hash,
  382. word32 hashLen, int* ret, ed25519_key* key,
  383. const byte* context, byte contextLen);
  384. /*!
  385. \ingroup ED25519
  386. \brief This function verifies the Ed25519 signature of a message to ensure
  387. authenticity. The context is included as part of the data
  388. verified. The message is pre-hashed before verification. It returns the
  389. answer through ret, with 1 corresponding to a valid signature, and 0
  390. corresponding to an invalid signature.
  391. \return 0 Returned upon successfully performing the signature
  392. verification and authentication.
  393. \return BAD_FUNC_ARG Returned if any of the input parameters evaluate to
  394. NULL, or if the siglen does not match the actual length of a signature.
  395. \return SIG_VERIFY_E Returned if verification completes, but the signature
  396. generated does not match the signature provided.
  397. \param [in] sig Pointer to the buffer containing the signature to verify.
  398. \param [in] siglen Length of the signature to verify.
  399. \param [in] msg Pointer to the buffer containing the message to verify.
  400. \param [in] msgLen Length of the message to verify.
  401. \param [out] ret Pointer to the result of the verification. 1 indicates the
  402. message was successfully verified.
  403. \param [in] key Pointer to a public Ed25519 key with which to verify the
  404. signature.
  405. \param [in] context Pointer to the buffer containing the context for which
  406. the message was signed.
  407. \param [in] contextLen Length of the context buffer.
  408. _Example_
  409. \code
  410. ed25519_key key;
  411. int ret, verified = 0;
  412. byte sig[] { initialize with received signature };
  413. byte msg[] = { initialize with message };
  414. byte context[] = { initialize with context of signature };
  415. // initialize key with received public key
  416. ret = wc_ed25519ctx_verify_msg(sig, sizeof(sig), msg, sizeof(msg),
  417. &verified, &key, );
  418. if (ret < 0) {
  419. // error performing verification
  420. } else if (verified == 0)
  421. // the signature is invalid
  422. }
  423. \endcode
  424. \sa wc_ed25519_verify_msg
  425. \sa wc_ed25519ph_verify_hash
  426. \sa wc_ed25519ph_verify_msg
  427. \sa wc_ed25519_sign_msg
  428. */
  429. int wc_ed25519ph_verify_msg(const byte* sig, word32 siglen, const byte* msg,
  430. word32 msgLen, int* ret, ed25519_key* key,
  431. const byte* context, byte contextLen);
  432. /*!
  433. \ingroup ED25519
  434. \brief This function initializes an ed25519_key object for future use
  435. with message verification.
  436. \return 0 Returned upon successfully initializing the ed25519_key object.
  437. \return BAD_FUNC_ARG Returned if key is NULL.
  438. \param [in,out] key Pointer to the ed25519_key object to initialize.
  439. _Example_
  440. \code
  441. ed25519_key key;
  442. wc_ed25519_init(&key);
  443. \endcode
  444. \sa wc_ed25519_make_key
  445. \sa wc_ed25519_free
  446. */
  447. int wc_ed25519_init(ed25519_key* key);
  448. /*!
  449. \ingroup ED25519
  450. \brief This function frees an Ed25519 object after it has been used.
  451. \param [in,out] key Pointer to the ed25519_key object to free
  452. _Example_
  453. \code
  454. ed25519_key key;
  455. // initialize key and perform secure exchanges
  456. ...
  457. wc_ed25519_free(&key);
  458. \endcode
  459. \sa wc_ed25519_init
  460. */
  461. void wc_ed25519_free(ed25519_key* key);
  462. /*!
  463. \ingroup ED25519
  464. \brief This function imports a public ed25519_key from a buffer
  465. containing the public key. This function will handle both compressed and
  466. uncompressed keys. The public key is checked that it matches the private
  467. key when one is present.
  468. \return 0 Returned on successfully importing the ed25519_key.
  469. \return BAD_FUNC_ARG Returned if in or key evaluate to NULL, or inLen is
  470. less than the size of an Ed25519 key.
  471. \param [in] in Pointer to the buffer containing the public key.
  472. \param [in] inLen Length of the buffer containing the public key.
  473. \param [in,out] key Pointer to the ed25519_key object in which to store the
  474. public key.
  475. _Example_
  476. \code
  477. int ret;
  478. byte pub[] = { initialize Ed25519 public key };
  479. ed_25519 key;
  480. wc_ed25519_init_key(&key);
  481. ret = wc_ed25519_import_public(pub, sizeof(pub), &key);
  482. if (ret != 0) {
  483. // error importing key
  484. }
  485. \endcode
  486. \sa wc_ed25519_import_public_ex
  487. \sa wc_ed25519_import_private_key
  488. \sa wc_ed25519_import_private_key_ex
  489. \sa wc_ed25519_export_public
  490. */
  491. int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
  492. /*!
  493. \ingroup ED25519
  494. \brief This function imports a public ed25519_key from a buffer
  495. containing the public key. This function will handle both compressed and
  496. uncompressed keys. Check public key matches private key, when present,
  497. when not trusted.
  498. \return 0 Returned on successfully importing the ed25519_key.
  499. \return BAD_FUNC_ARG Returned if in or key evaluate to NULL, or inLen is
  500. less than the size of an Ed25519 key.
  501. \param [in] in Pointer to the buffer containing the public key.
  502. \param [in] inLen Length of the buffer containing the public key.
  503. \param [in,out] key Pointer to the ed25519_key object in which to store the
  504. public key.
  505. \param [in] trusted Public key data is trusted or not.
  506. _Example_
  507. \code
  508. int ret;
  509. byte pub[] = { initialize Ed25519 public key };
  510. ed_25519 key;
  511. wc_ed25519_init_key(&key);
  512. ret = wc_ed25519_import_public_ex(pub, sizeof(pub), &key, 1);
  513. if (ret != 0) {
  514. // error importing key
  515. }
  516. \endcode
  517. \sa wc_ed25519_import_public
  518. \sa wc_ed25519_import_private_key
  519. \sa wc_ed25519_import_private_key_ex
  520. \sa wc_ed25519_export_public
  521. */
  522. int wc_ed25519_import_public_ex(const byte* in, word32 inLen, ed25519_key* key,
  523. int trusted);
  524. /*!
  525. \ingroup ED25519
  526. \brief This function imports an Ed25519 private key only from a
  527. buffer.
  528. \return 0 Returned on successfully importing the Ed25519 key.
  529. \return BAD_FUNC_ARG Returned if priv or key evaluate to NULL, or if
  530. privSz is not equal to ED25519_KEY_SIZE.
  531. \param [in] priv Pointer to the buffer containing the private key.
  532. \param [in] privSz Length of the private key.
  533. \param [in,out] key Pointer to the ed25519_key object in which to store the
  534. imported private key.
  535. _Example_
  536. \code
  537. int ret;
  538. byte priv[] = { initialize with 32 byte private key };
  539. ed25519_key key;
  540. wc_ed25519_init_key(&key);
  541. ret = wc_ed25519_import_private_only(priv, sizeof(priv), &key);
  542. if (ret != 0) {
  543. // error importing private key
  544. }
  545. \endcode
  546. \sa wc_ed25519_import_public
  547. \sa wc_ed25519_import_public_ex
  548. \sa wc_ed25519_import_private_key
  549. \sa wc_ed25519_import_private_key_ex
  550. \sa wc_ed25519_export_private_only
  551. */
  552. int wc_ed25519_import_private_only(const byte* priv, word32 privSz,
  553. ed25519_key* key);
  554. /*!
  555. \ingroup ED25519
  556. \brief This function imports a public/private Ed25519 key pair from a
  557. pair of buffers. This function will handle both compressed and
  558. uncompressed keys. The public key is assumed to be untrusted and is
  559. checked against the private key.
  560. \return 0 Returned on successfully importing the ed25519_key.
  561. \return BAD_FUNC_ARG Returned if priv or key evaluate to NULL; or if
  562. either privSz is not equal to ED25519_KEY_SIZE nor ED25519_PRV_KEY_SIZE, or
  563. pubSz is less than ED25519_PUB_KEY_SIZE.
  564. \param [in] priv Pointer to the buffer containing the private key.
  565. \param [in] privSz Length of the private key.
  566. \param [in] pub Pointer to the buffer containing the public key.
  567. \param [in] pubSz Length of the public key.
  568. \param [in,out] key Pointer to the ed25519_key object in which to store the
  569. imported private/public key pair.
  570. _Example_
  571. \code
  572. int ret;
  573. byte priv[] = { initialize with 32 byte private key };
  574. byte pub[] = { initialize with the corresponding public key };
  575. ed25519_key key;
  576. wc_ed25519_init_key(&key);
  577. ret = wc_ed25519_import_private_key(priv, sizeof(priv), pub, sizeof(pub),
  578. &key);
  579. if (ret != 0) {
  580. // error importing key
  581. }
  582. \endcode
  583. \sa wc_ed25519_import_public
  584. \sa wc_ed25519_import_public_ex
  585. \sa wc_ed25519_import_private_only
  586. \sa wc_ed25519_import_private_key_ex
  587. \sa wc_ed25519_export_private
  588. */
  589. int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
  590. const byte* pub, word32 pubSz, ed25519_key* key);
  591. /*!
  592. \ingroup ED25519
  593. \brief This function imports a public/private Ed25519 key pair from a
  594. pair of buffers. This function will handle both compressed and
  595. uncompressed keys. The public is checked against private key if not trusted.
  596. \return 0 Returned on successfully importing the ed25519_key.
  597. \return BAD_FUNC_ARG Returned if priv or key evaluate to NULL; or if
  598. either privSz is not equal to ED25519_KEY_SIZE nor ED25519_PRV_KEY_SIZE, or
  599. pubSz is less than ED25519_PUB_KEY_SIZE.
  600. \param [in] priv Pointer to the buffer containing the private key.
  601. \param [in] privSz Length of the private key.
  602. \param [in] pub Pointer to the buffer containing the public key.
  603. \param [in] pubSz Length of the public key.
  604. \param [in,out] key Pointer to the ed25519_key object in which to store the
  605. imported private/public key pair.
  606. \param [in] trusted Public key data is trusted or not.
  607. _Example_
  608. \code
  609. int ret;
  610. byte priv[] = { initialize with 32 byte private key };
  611. byte pub[] = { initialize with the corresponding public key };
  612. ed25519_key key;
  613. wc_ed25519_init_key(&key);
  614. ret = wc_ed25519_import_private_key(priv, sizeof(priv), pub, sizeof(pub),
  615. &key, 1);
  616. if (ret != 0) {
  617. // error importing key
  618. }
  619. \endcode
  620. \sa wc_ed25519_import_public
  621. \sa wc_ed25519_import_public_ex
  622. \sa wc_ed25519_import_private_only
  623. \sa wc_ed25519_import_private_key
  624. \sa wc_ed25519_export_private
  625. */
  626. int wc_ed25519_import_private_key_ex(const byte* priv, word32 privSz,
  627. const byte* pub, word32 pubSz, ed25519_key* key, int trusted);
  628. /*!
  629. \ingroup ED25519
  630. \brief This function exports the private key from an ed25519_key
  631. structure. It stores the public key in the buffer out, and sets the bytes
  632. written to this buffer in outLen.
  633. \return 0 Returned upon successfully exporting the public key.
  634. \return BAD_FUNC_ARG Returned if any of the input values evaluate to NULL.
  635. \return BUFFER_E Returned if the buffer provided is not large enough to
  636. store the private key. Upon returning this error, the function sets the
  637. size required in outLen.
  638. \param [in] key Pointer to an ed25519_key structure from which to export the
  639. public key.
  640. \param [out] out Pointer to the buffer in which to store the public key.
  641. \param [in,out] outLen Pointer to a word32 object with the size available
  642. in out. Set with the number of bytes written to out after successfully
  643. exporting the public key.
  644. _Example_
  645. \code
  646. int ret;
  647. ed25519_key key;
  648. // initialize key, make key
  649. char pub[32];
  650. word32 pubSz = sizeof(pub);
  651. ret = wc_ed25519_export_public(&key, pub, &pubSz);
  652. if (ret != 0) {
  653. // error exporting public key
  654. }
  655. \endcode
  656. \sa wc_ed25519_import_public
  657. \sa wc_ed25519_import_public_ex
  658. \sa wc_ed25519_export_private_only
  659. */
  660. int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen);
  661. /*!
  662. \ingroup ED25519
  663. \brief This function exports only the private key from an ed25519_key
  664. structure. It stores the private key in the buffer out, and sets
  665. the bytes written to this buffer in outLen.
  666. \return 0 Returned upon successfully exporting the private key.
  667. \return BAD_FUNC_ARG Returned if any of the input values evaluate to NULL.
  668. \return BUFFER_E Returned if the buffer provided is not large enough
  669. to store the private key.
  670. \param [in] key Pointer to an ed25519_key structure from which to export
  671. the private key.
  672. \param [out] out Pointer to the buffer in which to store the private key.
  673. \param [in,out] outLen Pointer to a word32 object with the size available in
  674. out. Set with the number of bytes written to out after successfully
  675. exporting the private key.
  676. _Example_
  677. \code
  678. int ret;
  679. ed25519_key key;
  680. // initialize key, make key
  681. char priv[32]; // 32 bytes because only private key
  682. word32 privSz = sizeof(priv);
  683. ret = wc_ed25519_export_private_only(&key, priv, &privSz);
  684. if (ret != 0) {
  685. // error exporting private key
  686. }
  687. \endcode
  688. \sa wc_ed25519_export_public
  689. \sa wc_ed25519_import_private_key
  690. \sa wc_ed25519_import_private_key_ex
  691. */
  692. int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen);
  693. /*!
  694. \ingroup ED25519
  695. \brief This function exports the key pair from an ed25519_key
  696. structure. It stores the key pair in the buffer out, and sets
  697. the bytes written to this buffer in outLen.
  698. \return 0 Returned upon successfully exporting the key pair.
  699. \return BAD_FUNC_ARG Returned if any of the input values evaluate to NULL.
  700. \return BUFFER_E Returned if the buffer provided is not large enough
  701. to store the key pair.
  702. \param [in] key Pointer to an ed25519_key structure from which to export
  703. the key pair.
  704. \param [out] out Pointer to the buffer in which to store the key pair.
  705. \param [in,out] outLen Pointer to a word32 object with the size available in
  706. out. Set with the number of bytes written to out after successfully
  707. exporting the key pair.
  708. _Example_
  709. \code
  710. ed25519_key key;
  711. wc_ed25519_init(&key);
  712. WC_RNG rng;
  713. wc_InitRng(&rng);
  714. wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte Ed25519 key
  715. byte out[64]; // out needs to be a sufficient buffer size
  716. word32 outLen = sizeof(out);
  717. int key_size = wc_ed25519_export_private(&key, out, &outLen);
  718. if (key_size == BUFFER_E) {
  719. // Check size of out compared to outLen to see if function reset outLen
  720. }
  721. \endcode
  722. \sa wc_ed25519_import_private_key
  723. \sa wc_ed25519_import_private_key_ex
  724. \sa wc_ed25519_export_private_only
  725. */
  726. int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen);
  727. /*!
  728. \ingroup ED25519
  729. \brief This function exports the private and public key separately from an
  730. ed25519_key structure. It stores the private key in the buffer priv, and
  731. sets the bytes written to this buffer in privSz. It stores the public key
  732. in the buffer pub, and sets the bytes written to this buffer in pubSz.
  733. \return 0 Returned upon successfully exporting the key pair.
  734. \return BAD_FUNC_ARG Returned if any of the input values evaluate to NULL.
  735. \return BUFFER_E Returned if the buffer provided is not large enough
  736. to store the key pair.
  737. \param [in] key Pointer to an ed25519_key structure from which to export
  738. the key pair.
  739. \param [out] priv Pointer to the buffer in which to store the private key.
  740. \param [in,out] privSz Pointer to a word32 object with the size available in
  741. out. Set with the number of bytes written to out after successfully
  742. exporting the private key.
  743. \param [out] pub Pointer to the buffer in which to store the public key.
  744. \param [in,out] pubSz Pointer to a word32 object with the size available in
  745. out. Set with the number of bytes written to out after successfully
  746. exporting the public key.
  747. _Example_
  748. \code
  749. int ret;
  750. ed25519_key key;
  751. // initialize key, make key
  752. char pub[32];
  753. word32 pubSz = sizeof(pub);
  754. char priv[32];
  755. word32 privSz = sizeof(priv);
  756. ret = wc_ed25519_export_key(&key, priv, &pubSz, pub, &pubSz);
  757. if (ret != 0) {
  758. // error exporting public key
  759. }
  760. \endcode
  761. \sa wc_ed25519_export_private
  762. \sa wc_ed25519_export_public
  763. */
  764. int wc_ed25519_export_key(ed25519_key* key,
  765. byte* priv, word32 *privSz,
  766. byte* pub, word32 *pubSz);
  767. /*!
  768. \ingroup ED25519
  769. \brief This function checks the public key in ed25519_key structure matches
  770. the private key.
  771. \return 0 Returned if the private and public key matched.
  772. \return BAD_FUNC_ARG Returned if the given key is NULL.
  773. \return PUBLIC_KEY_E Returned if the no public key available or is invalid.
  774. \param [in] key Pointer to an ed25519_key structure holding a private and
  775. public key.
  776. _Example_
  777. \code
  778. int ret;
  779. byte priv[] = { initialize with 57 byte private key };
  780. byte pub[] = { initialize with the corresponding public key };
  781. ed25519_key key;
  782. wc_ed25519_init_key(&key);
  783. wc_ed25519_import_private_key_ex(priv, sizeof(priv), pub, sizeof(pub), &key,
  784. 1);
  785. ret = wc_ed25519_check_key(&key);
  786. if (ret != 0) {
  787. // error checking key
  788. }
  789. \endcode
  790. \sa wc_ed25519_import_private_key
  791. \sa wc_ed25519_import_private_key_ex
  792. */
  793. int wc_ed25519_check_key(ed25519_key* key);
  794. /*!
  795. \ingroup ED25519
  796. \brief This function returns the size of an Ed25519 - 32 bytes.
  797. \return ED25519_KEY_SIZE The size of a valid private key (32 bytes).
  798. \return BAD_FUNC_ARG Returned if the given key is NULL.
  799. \param [in] key Pointer to an ed25519_key structure for which to get the
  800. key size.
  801. _Example_
  802. \code
  803. int keySz;
  804. ed25519_key key;
  805. // initialize key, make key
  806. keySz = wc_ed25519_size(&key);
  807. if (keySz == 0) {
  808. // error determining key size
  809. }
  810. \endcode
  811. \sa wc_ed25519_make_key
  812. */
  813. int wc_ed25519_size(ed25519_key* key);
  814. /*!
  815. \ingroup ED25519
  816. \brief This function returns the private key size (secret + public) in
  817. bytes.
  818. \return ED25519_PRV_KEY_SIZE The size of the private key (64 bytes).
  819. \return BAD_FUNC_ARG Returned if key argument is NULL.
  820. \param [in] key Pointer to an ed25519_key structure for which to get the
  821. key size.
  822. _Example_
  823. \code
  824. ed25519_key key;
  825. wc_ed25519_init(&key);
  826. WC_RNG rng;
  827. wc_InitRng(&rng);
  828. wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte Ed25519 key
  829. int key_size = wc_ed25519_priv_size(&key);
  830. \endcode
  831. \sa wc_ed25519_pub_size
  832. */
  833. int wc_ed25519_priv_size(ed25519_key* key);
  834. /*!
  835. \ingroup ED25519
  836. \brief This function returns the compressed key size in bytes (public key).
  837. \return ED25519_PUB_KEY_SIZE The size of the compressed public key
  838. (32 bytes).
  839. \return BAD_FUNC_ARG Returns if key argument is NULL.
  840. \param [in] key Pointer to an ed25519_key structure for which to get the
  841. key size.
  842. _Example_
  843. \code
  844. ed25519_key key;
  845. wc_ed25519_init(&key);
  846. WC_RNG rng;
  847. wc_InitRng(&rng);
  848. wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte Ed25519 key
  849. int key_size = wc_ed25519_pub_size(&key);
  850. \endcode
  851. \sa wc_ed25519_priv_size
  852. */
  853. int wc_ed25519_pub_size(ed25519_key* key);
  854. /*!
  855. \ingroup ED25519
  856. \brief This function returns the size of an Ed25519 signature (64 in bytes).
  857. \return ED25519_SIG_SIZE The size of an Ed25519 signature (64 bytes).
  858. \return BAD_FUNC_ARG Returns if key argument is NULL.
  859. \param [in] key Pointer to an ed25519_key structure for which to get the
  860. signature size.
  861. _Example_
  862. \code
  863. int sigSz;
  864. ed25519_key key;
  865. // initialize key, make key
  866. sigSz = wc_ed25519_sig_size(&key);
  867. if (sigSz == 0) {
  868. // error determining sig size
  869. }
  870. \endcode
  871. \sa wc_ed25519_sign_msg
  872. */
  873. int wc_ed25519_sig_size(ed25519_key* key);