1 /* Edwards curve signature system 2 * Daniel Beer <dlbeer@gmail.com>, 22 Apr 2014 3 * 4 * This file is in the public domain. 5 */ 6 7 #ifndef EDSIGN_H_ 8 #define EDSIGN_H_ 9 10 #include <stdint.h> 11 #include <stdbool.h> 12 #include "sha512.h" 13 14 /* This is the Ed25519 signature system, as described in: 15 * 16 * Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, Bo-Yin 17 * Yang. High-speed high-security signatures. Journal of Cryptographic 18 * Engineering 2 (2012), 77–89. Document ID: 19 * a1a62a2f76d23f65d622484ddd09caf8. URL: 20 * http://cr.yp.to/papers.html#ed25519. Date: 2011.09.26. 21 * 22 * The format and calculation of signatures is compatible with the 23 * Ed25519 implementation in SUPERCOP. Note, however, that our secret 24 * keys are half the size: we don't store a copy of the public key in 25 * the secret key (we generate it on demand). 26 */ 27 28 /* Any string of 32 random bytes is a valid secret key. There is no 29 * clamping of bits, because we don't use the key directly as an 30 * exponent (the exponent is derived from part of a key expansion). 31 */ 32 #define EDSIGN_SECRET_KEY_SIZE 32 33 34 /* Given a secret key, produce the public key (a packed Edwards-curve 35 * point). 36 */ 37 #define EDSIGN_PUBLIC_KEY_SIZE 32 38 39 void edsign_sec_to_pub(void *pub, const void *secret); 40 41 /* Produce a signature for a message. */ 42 #define EDSIGN_SIGNATURE_SIZE 64 43 44 void edsign_sign(uint8_t *signature, const uint8_t *pub, 45 const uint8_t *secret, 46 const uint8_t *message, size_t len); 47 48 struct edsign_verify_state { 49 struct sha512_state sha; 50 }; 51 52 void edsign_verify_init(struct edsign_verify_state *st, const void *sig, 53 const void *pub); 54 55 static inline void 56 edsign_verify_add(struct edsign_verify_state *st, const void *data, int len) 57 { 58 sha512_add(&st->sha, data, len); 59 } 60 61 /* Verify a message signature. Returns non-zero if ok. */ 62 bool edsign_verify(struct edsign_verify_state *st, const void *sig, const void *pub); 63 64 #endif 65
This page was automatically generated by LXR 0.3.1. • OpenWrt