~mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
base/asm-common.h (x86), and knock-on: Add macros for full-size regs.
[catacomb]
/
pub
/
ed25519.h
diff --git
a/pub/ed25519.h
b/pub/ed25519.h
index
2fc7444
..
ac54df7
100644
(file)
--- a/
pub/ed25519.h
+++ b/
pub/ed25519.h
@@
-44,6
+44,10
@@
* https://ed25519.cr.yp.to/eddsa-20150704.pdf. HashEdEDSA can be
* implemented easily by presenting a hash of a message to the functions
* here, as the message to be signed or verified.
* https://ed25519.cr.yp.to/eddsa-20150704.pdf. HashEdEDSA can be
* implemented easily by presenting a hash of a message to the functions
* here, as the message to be signed or verified.
+ *
+ * It also implements `Ed25519ctx' and `Ed25519ph' as described in RFC8032,
+ * though in the latter case it assumes that you've already done the hashing
+ * and have provided the hash as the `message' input.
*/
/*----- Header files ------------------------------------------------------*/
*/
/*----- Header files ------------------------------------------------------*/
@@
-60,6
+64,8
@@
#define ED25519_PUBSZ 32u
#define ED25519_SIGSZ 64u
#define ED25519_PUBSZ 32u
#define ED25519_SIGSZ 64u
+#define ED25519_MAXPERSOSZ 255u
+
/*----- Key fetching ------------------------------------------------------*/
typedef struct ed25519_priv { key_bin priv, pub; } ed25519_priv;
/*----- Key fetching ------------------------------------------------------*/
typedef struct ed25519_priv { key_bin priv, pub; } ed25519_priv;
@@
-85,28
+91,46
@@
extern const key_fetchdef ed25519_pubfetch[], ed25519_privfetch[];
extern void ed25519_pubkey(octet /*K*/[ED25519_PUBSZ],
const void */*k*/, size_t /*ksz*/);
extern void ed25519_pubkey(octet /*K*/[ED25519_PUBSZ],
const void */*k*/, size_t /*ksz*/);
-/* --- @ed25519_sign@ --- *
+/* --- @ed25519_sign@
, @ed25519ctx_sign@
--- *
*
* Arguments: @octet sig[ED25519_SIGSZ]@ = where to put the signature
* @const void *k@ = private key
* @size_t ksz@ = length of private key
* @const octet K[ED25519_PUBSZ]@ = public key
*
* Arguments: @octet sig[ED25519_SIGSZ]@ = where to put the signature
* @const void *k@ = private key
* @size_t ksz@ = length of private key
* @const octet K[ED25519_PUBSZ]@ = public key
+ * @int phflag@ = whether the `message' has been hashed already
+ * @const void *p@ = personalization string
+ * @size_t psz@ = length of personalization string
* @const void *m@ = message to sign
* @size_t msz@ = length of message
*
* Returns: ---
*
* Use: Signs a message.
* @const void *m@ = message to sign
* @size_t msz@ = length of message
*
* Returns: ---
*
* Use: Signs a message.
+ *
+ * In @ed25519ctx_sign@, if @phflag@ is @-1@ then you get plain
+ * old Ed25519: the personalization string pointer @p@ will be
+ * ignored. If @phflag > 0@ then the `message' @m@ should be a
+ * SHA512 hash of the actual message.
*/
*/
+extern void ed25519ctx_sign(octet /*sig*/[ED25519_SIGSZ],
+ const void */*k*/, size_t /*ksz*/,
+ const octet /*K*/[ED25519_PUBSZ],
+ int /*phflag*/,
+ const void */*p*/, size_t /*psz*/,
+ const void */*m*/, size_t /*msz*/);
+
extern void ed25519_sign(octet /*sig*/[ED25519_SIGSZ],
const void */*k*/, size_t /*ksz*/,
const octet /*K*/[ED25519_PUBSZ],
const void */*m*/, size_t /*msz*/);
extern void ed25519_sign(octet /*sig*/[ED25519_SIGSZ],
const void */*k*/, size_t /*ksz*/,
const octet /*K*/[ED25519_PUBSZ],
const void */*m*/, size_t /*msz*/);
-/* --- @ed25519_verify@ --- *
+/* --- @ed25519_verify@
, @ed25519ctx_verify@
--- *
*
* Arguments: @const octet K[ED25519_PUBSZ]@ = public key
*
* Arguments: @const octet K[ED25519_PUBSZ]@ = public key
+ * @int phflag@ = whether the `message' has been hashed already
+ * @const void *p@ = personalization string
+ * @size_t psz@ = length of personalization string
* @const void *m@ = message to sign
* @size_t msz@ = length of message
* @const octet sig[ED25519_SIGSZ]@ = signature
* @const void *m@ = message to sign
* @size_t msz@ = length of message
* @const octet sig[ED25519_SIGSZ]@ = signature
@@
-114,8
+138,19
@@
extern void ed25519_sign(octet /*sig*/[ED25519_SIGSZ],
* Returns: Zero if OK, negative on failure.
*
* Use: Verify a signature.
* Returns: Zero if OK, negative on failure.
*
* Use: Verify a signature.
+ *
+ * In @ed25519ctx_verify@, if @phflag@ is @-1@ then you get
+ * plain old Ed25519: the personalization string pointer @p@
+ * will be ignored. If @phflag > 0@ then the `message' @m@
+ * should be a SHA512 hash of the actual message.
*/
*/
+extern int ed25519ctx_verify(const octet /*K*/[ED25519_PUBSZ],
+ int /*phflag*/,
+ const void */*p*/, size_t /*psz*/,
+ const void */*m*/, size_t /*msz*/,
+ const octet /*sig*/[ED25519_SIGSZ]);
+
extern int ed25519_verify(const octet /*K*/[ED25519_PUBSZ],
const void */*m*/, size_t /*msz*/,
const octet /*sig*/[ED25519_SIGSZ]);
extern int ed25519_verify(const octet /*K*/[ED25519_PUBSZ],
const void */*m*/, size_t /*msz*/,
const octet /*sig*/[ED25519_SIGSZ]);