15 #ifndef __DECAF_ED255_H__
16 #define __DECAF_ED255_H__ 1
20 #include <decaf/sha512.h>
27 #define DECAF_EDDSA_25519_PUBLIC_BYTES 32
30 #define DECAF_EDDSA_25519_PRIVATE_BYTES DECAF_EDDSA_25519_PUBLIC_BYTES
33 #define DECAF_EDDSA_25519_SIGNATURE_BYTES (DECAF_EDDSA_25519_PUBLIC_BYTES + DECAF_EDDSA_25519_PRIVATE_BYTES)
37 #define DECAF_EDDSA_25519_SUPPORTS_CONTEXTLESS_SIGS 1
38 extern const DECAF_API_VIS uint8_t *
const DECAF_ED25519_NO_CONTEXT;
41 #define DECAF_EDDSA_25519_SUPPORTS_CONTEXTLESS_SIGS 1
42 DECAF_API_VIS
extern const uint8_t *
const DECAF_ED25519_NO_CONTEXT;
47 #define decaf_ed25519_prehash_ctx_s decaf_sha512_ctx_s
50 #define decaf_ed25519_prehash_ctx_t decaf_sha512_ctx_t
53 #define decaf_ed25519_prehash_update decaf_sha512_update
56 #define decaf_ed25519_prehash_destroy decaf_sha512_destroy
59 #define DECAF_255_EDDSA_ENCODE_RATIO 4
62 #define DECAF_255_EDDSA_DECODE_RATIO (8 / 4)
64 #ifndef DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED
66 #define DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED 0
71 typedef struct decaf_eddsa_25519_keypair_s {
74 } decaf_eddsa_25519_keypair_s, decaf_eddsa_25519_keypair_t[1];
87 ) DECAF_NONNULL DECAF_NOINLINE;
97 decaf_eddsa_25519_keypair_t keypair,
99 ) DECAF_NONNULL DECAF_NOINLINE;
109 const decaf_eddsa_25519_keypair_t keypair
110 ) DECAF_NONNULL DECAF_NOINLINE;
120 const decaf_eddsa_25519_keypair_t keypair
121 ) DECAF_NONNULL DECAF_NOINLINE;
128 decaf_eddsa_25519_keypair_t keypair
129 ) DECAF_NONNULL DECAF_NOINLINE;
156 const uint8_t *message,
159 const uint8_t *context,
161 ) __attribute__((nonnull(1,2,3))) DECAF_NOINLINE
162 #if DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED
163 __attribute__((deprecated(
"Passing the pubkey and privkey separately is unsafe",
164 "decaf_ed25519_keypair_sign")))
187 const uint8_t *context,
189 ) __attribute__((nonnull(1,2,3,4))) DECAF_NOINLINE
190 #if DECAF_EDDSA_NON_KEYPAIR_API_IS_DEPRECATED
191 __attribute__((deprecated(
"Passing the pubkey and privkey separately is unsafe",
192 "decaf_ed25519_keypair_sign_prehash")))
209 const decaf_eddsa_25519_keypair_t keypair,
210 const uint8_t *message,
213 const uint8_t *context,
215 ) __attribute__((nonnull(1,2,3))) DECAF_NOINLINE;
228 const decaf_eddsa_25519_keypair_t keypair,
230 const uint8_t *context,
232 ) __attribute__((nonnull(1,2,3,4))) DECAF_NOINLINE;
241 ) __attribute__((nonnull(1))) DECAF_NOINLINE;
264 const uint8_t *message,
267 const uint8_t *context,
269 ) __attribute__((nonnull(1,2))) DECAF_NOINLINE;
291 const uint8_t *context,
293 ) __attribute__((nonnull(1,2))) DECAF_NOINLINE;
322 ) DECAF_NONNULL DECAF_NOINLINE;
336 ) DECAF_NONNULL DECAF_NOINLINE;
352 ) DECAF_NONNULL DECAF_NOINLINE;
365 ) DECAF_NONNULL DECAF_NOINLINE;
decaf_error_t
Another boolean type used to indicate success or failure.
Definition: common.h:120
void DECAF_API_VIS decaf_ed25519_prehash_init(decaf_ed25519_prehash_ctx_t hash) DECAF_NOINLINE
Prehash initialization, with contexts if supported.
void DECAF_API_VIS decaf_255_point_mul_by_ratio_and_encode_like_eddsa(uint8_t enc[DECAF_EDDSA_25519_PUBLIC_BYTES], const decaf_255_point_t p) DECAF_NONNULL DECAF_NOINLINE
EdDSA point encoding.
void DECAF_API_VIS decaf_ed25519_keypair_sign_prehash(uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const decaf_eddsa_25519_keypair_t keypair, const decaf_ed25519_prehash_ctx_t hash, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signing with prehash.
void DECAF_API_VIS decaf_ed25519_convert_private_key_to_x25519(uint8_t x[DECAF_X25519_PRIVATE_BYTES], const uint8_t ed[DECAF_EDDSA_25519_PRIVATE_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA to ECDH private key conversion Using the appropriate hash function, hash the EdDSA private key ...
decaf_error_t DECAF_API_VIS decaf_ed25519_verify_prehash(const uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const decaf_ed25519_prehash_ctx_t hash, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signature verification.
#define DECAF_EDDSA_25519_PRIVATE_BYTES
Number of bytes in an EdDSA private key.
Definition: ed255.h:30
void DECAF_API_VIS decaf_ed25519_keypair_destroy(decaf_eddsa_25519_keypair_t keypair) DECAF_NONNULL DECAF_NOINLINE
EdDSA keypair destructor.
#define decaf_ed25519_prehash_ctx_t
Prehash context, array[1] form.
Definition: ed255.h:50
void DECAF_API_VIS decaf_ed25519_derive_public_key(uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA key generation.
void DECAF_API_VIS decaf_ed25519_convert_public_key_to_x25519(uint8_t x[DECAF_X25519_PUBLIC_BYTES], const uint8_t ed[DECAF_EDDSA_25519_PUBLIC_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA to ECDH public key conversion Deserialize the point to get y on Edwards curve,...
Definition: decaf.c:1335
void DECAF_API_VIS decaf_ed25519_derive_keypair(decaf_eddsa_25519_keypair_t keypair, const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA keypair scheduling.
void DECAF_API_VIS decaf_ed25519_keypair_sign(uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const decaf_eddsa_25519_keypair_t keypair, const uint8_t *message, size_t message_len, uint8_t prehashed, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signing.
decaf_error_t DECAF_API_VIS decaf_255_point_decode_like_eddsa_and_mul_by_ratio(decaf_255_point_t p, const uint8_t enc[DECAF_EDDSA_25519_PUBLIC_BYTES]) DECAF_NONNULL DECAF_NOINLINE
EdDSA point decoding.
void DECAF_API_VIS decaf_ed25519_keypair_extract_private_key(uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES], const decaf_eddsa_25519_keypair_t keypair) DECAF_NONNULL DECAF_NOINLINE
Extract the private key from an EdDSA keypair.
void DECAF_API_VIS decaf_ed25519_sign_prehash(uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES], const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const decaf_ed25519_prehash_ctx_t hash, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signing with prehash.
decaf_error_t DECAF_API_VIS decaf_ed25519_verify(const uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const uint8_t *message, size_t message_len, uint8_t prehashed, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signature verification.
void DECAF_API_VIS decaf_ed25519_keypair_extract_public_key(uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const decaf_eddsa_25519_keypair_t keypair) DECAF_NONNULL DECAF_NOINLINE
Extract the public key from an EdDSA keypair.
#define DECAF_EDDSA_25519_PUBLIC_BYTES
Number of bytes in an EdDSA public key.
Definition: ed255.h:27
#define DECAF_EDDSA_25519_SIGNATURE_BYTES
Number of bytes in an EdDSA private key.
Definition: ed255.h:33
void DECAF_API_VIS decaf_ed25519_sign(uint8_t signature[DECAF_EDDSA_25519_SIGNATURE_BYTES], const uint8_t privkey[DECAF_EDDSA_25519_PRIVATE_BYTES], const uint8_t pubkey[DECAF_EDDSA_25519_PUBLIC_BYTES], const uint8_t *message, size_t message_len, uint8_t prehashed, const uint8_t *context, uint8_t context_len) DECAF_NOINLINE
EdDSA signing.
A group of prime order p, based on Curve25519.
struct decaf_255_point_s decaf_255_point_t[1]
Representation of a point on the elliptic curve.
#define DECAF_X25519_PRIVATE_BYTES
Number of bytes in an x25519 private key.
Definition: point_255.h:65
#define DECAF_X25519_PUBLIC_BYTES
Number of bytes in an x25519 public key.
Definition: point_255.h:62