15 #ifndef __DECAF_ED255_H__ 16 #define __DECAF_ED255_H__ 1 20 #include <decaf/sha512.h> 27 #define DECAF_EDDSA_25519_PUBLIC_BYTES 32 30 #define DECAF_EDDSA_25519_PRIVATE_BYTES DECAF_EDDSA_25519_PUBLIC_BYTES 33 #define DECAF_EDDSA_25519_SIGNATURE_BYTES (DECAF_EDDSA_25519_PUBLIC_BYTES + DECAF_EDDSA_25519_PRIVATE_BYTES) 37 #define DECAF_EDDSA_25519_SUPPORTS_CONTEXTLESS_SIGS 1 38 extern const DECAF_API_VIS uint8_t *
const DECAF_ED25519_NO_CONTEXT;
41 #define DECAF_EDDSA_25519_SUPPORTS_CONTEXTLESS_SIGS 1 42 DECAF_API_VIS
extern const uint8_t *
const DECAF_ED25519_NO_CONTEXT;
47 #define decaf_ed25519_prehash_ctx_s decaf_sha512_ctx_s 50 #define decaf_ed25519_prehash_ctx_t decaf_sha512_ctx_t 53 #define decaf_ed25519_prehash_update decaf_sha512_update 56 #define decaf_ed25519_prehash_destroy decaf_sha512_destroy 59 #define DECAF_255_EDDSA_ENCODE_RATIO 4 62 #define DECAF_255_EDDSA_DECODE_RATIO (8 / 4) 64 #ifndef DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED 66 #define DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED 0 71 typedef struct decaf_eddsa_25519_keypair_s {
74 } decaf_eddsa_25519_keypair_s, decaf_eddsa_25519_keypair_t[1];
87 ) DECAF_NONNULL DECAF_NOINLINE;
97 decaf_eddsa_25519_keypair_t keypair,
98 const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES]
99 ) DECAF_NONNULL DECAF_NOINLINE;
108 uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES],
109 const decaf_eddsa_25519_keypair_t keypair
110 ) DECAF_NONNULL DECAF_NOINLINE;
119 uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES],
120 const decaf_eddsa_25519_keypair_t keypair
121 ) DECAF_NONNULL DECAF_NOINLINE;
128 decaf_eddsa_25519_keypair_t keypair
129 ) DECAF_NONNULL DECAF_NOINLINE;
154 const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES],
155 const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES],
156 const uint8_t *message,
159 const uint8_t *context,
161 ) __attribute__((nonnull(1,2,3))) DECAF_NOINLINE
162 #if DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED 163 __attribute__((deprecated(
"Passing the pubkey and privkey separately is unsafe",
164 "decaf_ed25519_keypair_sign")))
183 uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES],
184 const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES],
185 const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES],
187 const uint8_t *context,
189 ) __attribute__((nonnull(1,2,3,4))) DECAF_NOINLINE
190 #if DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED 191 __attribute__((deprecated(
"Passing the pubkey and privkey separately is unsafe",
192 "decaf_ed25519_keypair_sign_prehash")))
208 uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES],
209 const decaf_eddsa_25519_keypair_t keypair,
210 const uint8_t *message,
213 const uint8_t *context,
215 ) __attribute__((nonnull(1,2,3))) DECAF_NOINLINE;
227 uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES],
228 const decaf_eddsa_25519_keypair_t keypair,
230 const uint8_t *context,
232 ) __attribute__((nonnull(1,2,3,4))) DECAF_NOINLINE;
241 ) __attribute__((nonnull(1))) DECAF_NOINLINE;
262 const uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES],
263 const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES],
264 const uint8_t *message,
267 const uint8_t *context,
269 ) __attribute__((nonnull(1,2))) DECAF_NOINLINE;
288 const uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES],
289 const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES],
291 const uint8_t *context,
293 ) __attribute__((nonnull(1,2))) DECAF_NOINLINE;
320 uint8_t enc[DECAF_EDDSA_25519_PUBLIC_BYTES],
322 ) DECAF_NONNULL DECAF_NOINLINE;
335 const uint8_t enc[DECAF_EDDSA_25519_PUBLIC_BYTES]
336 ) DECAF_NONNULL DECAF_NOINLINE;
351 const uint8_t ed[DECAF_EDDSA_25519_PUBLIC_BYTES]
352 ) DECAF_NONNULL DECAF_NOINLINE;
364 const uint8_t ed[DECAF_EDDSA_25519_PRIVATE_BYTES]
365 ) DECAF_NONNULL DECAF_NOINLINE;
void DECAF_API_VIS decaf_ed25519_convert_public_key_to_x25519(uint8_t x[DECAF_X25519_PUBLIC_BYTES], const uint8_t ed[DECAF_EDDSA_25519_PUBLIC_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA to ECDH public key conversion Deserialize the point to get y on Edwards curve, Convert it to u coordinate on Montgomery curve.
Definition: decaf.c:1335
decaf_error_t DECAF_API_VIS decaf_ed25519_verify(const uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const uint8_t *message, size_t message_len, uint8_t prehashed, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signature verification.
void DECAF_API_VIS decaf_ed25519_keypair_extract_private_key(uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES], const decaf_eddsa_25519_keypair_t keypair) DECAF_NONNULL DECAF_NOINLINE
Extract the private key from an EdDSA keypair.
decaf_error_t DECAF_API_VIS decaf_255_point_decode_like_eddsa_and_mul_by_ratio(decaf_255_point_t p, const uint8_t enc[DECAF_EDDSA_25519_PUBLIC_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA point decoding.
decaf_error_t
Another boolean type used to indicate success or failure.
Definition: common.h:120
#define DECAF_X25519_PUBLIC_BYTES
Number of bytes in an x25519 public key.
Definition: point_255.h:62
void DECAF_API_VIS decaf_ed25519_keypair_extract_public_key(uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const decaf_eddsa_25519_keypair_t keypair) DECAF_NONNULL DECAF_NOINLINE
Extract the public key from an EdDSA keypair.
void DECAF_API_VIS decaf_255_point_mul_by_ratio_and_encode_like_eddsa(uint8_t enc[DECAF_EDDSA_25519_PUBLIC_BYTES], const decaf_255_point_t p) DECAF_NONNULL DECAF_NOINLINE
EdDSA point encoding.
decaf_error_t DECAF_API_VIS decaf_ed25519_verify_prehash(const uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const decaf_ed25519_prehash_ctx_t hash, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signature verification.
struct decaf_255_point_s decaf_255_point_t[1]
Representation of a point on the elliptic curve.
#define decaf_ed25519_prehash_ctx_t
Prehash context, array[1] form.
Definition: ed255.h:50
void DECAF_API_VIS decaf_ed25519_sign_prehash(uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES], const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const decaf_ed25519_prehash_ctx_t hash, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signing with prehash.
void DECAF_API_VIS decaf_ed25519_prehash_init(decaf_ed25519_prehash_ctx_t hash) DECAF_NOINLINE
Prehash initialization, with contexts if supported.
void DECAF_API_VIS decaf_ed25519_derive_keypair(decaf_eddsa_25519_keypair_t keypair, const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA keypair scheduling.
#define DECAF_EDDSA_25519_SIGNATURE_BYTES
Number of bytes in an EdDSA private key.
Definition: ed255.h:33
A group of prime order p, based on Curve25519.
void DECAF_API_VIS decaf_ed25519_sign(uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES], const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const uint8_t *message, size_t message_len, uint8_t prehashed, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signing.
void DECAF_API_VIS decaf_ed25519_keypair_sign(uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const decaf_eddsa_25519_keypair_t keypair, const uint8_t *message, size_t message_len, uint8_t prehashed, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signing.
#define DECAF_EDDSA_25519_PRIVATE_BYTES
Number of bytes in an EdDSA private key.
Definition: ed255.h:30
void DECAF_API_VIS decaf_ed25519_derive_public_key(uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA key generation.
#define DECAF_EDDSA_25519_PUBLIC_BYTES
Number of bytes in an EdDSA public key.
Definition: ed255.h:27
#define DECAF_X25519_PRIVATE_BYTES
Number of bytes in an x25519 private key.
Definition: point_255.h:65
void DECAF_API_VIS decaf_ed25519_keypair_sign_prehash(uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const decaf_eddsa_25519_keypair_t keypair, const decaf_ed25519_prehash_ctx_t hash, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signing with prehash.
void DECAF_API_VIS decaf_ed25519_convert_private_key_to_x25519(uint8_t x[DECAF_X25519_PRIVATE_BYTES], const uint8_t ed[DECAF_EDDSA_25519_PRIVATE_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA to ECDH private key conversion Using the appropriate hash function, hash the EdDSA private key ...
void DECAF_API_VIS decaf_ed25519_keypair_destroy(decaf_eddsa_25519_keypair_t keypair) DECAF_NONNULL DECAF_NOINLINE
EdDSA keypair destructor.