1 #ifndef LIBWALLY_CORE_ANTI_EXFIL_H
2 #define LIBWALLY_CORE_ANTI_EXFIL_H
3 
4 #include "wally_core.h"
5 
6 #ifdef __cplusplus
7 extern "C" {
8 #endif
9 
10 /** The length of the commitment to the host provided randomness */
11 #define WALLY_HOST_COMMITMENT_LEN 32
12 
13 /**
14  * Create the initial commitment to host randomness.
15  *
16  * :param entropy: Randomness to commit to. It must come from a
17  *|    cryptographically secure RNG. As per the protocol, this value must not
18  *|    be revealed to the client until after the host has received the client
19  *|    commitment.
20  * :param entropy_len: The length of ``entropy`` in bytes. Must be
21  *|    ``WALLY_S2C_DATA_LEN``.
22  * :param flags: Must be ``EC_FLAG_ECDSA``.
23  * :param bytes_out: Destination for the resulting compact signature.
24  * :param len: The length of ``bytes_out`` in bytes. Must be ``WALLY_HOST_COMMITMENT_LEN``.
25  */
26 WALLY_CORE_API int wally_ae_host_commit_from_bytes(
27     const unsigned char *entropy,
28     size_t entropy_len,
29     uint32_t flags,
30     unsigned char *bytes_out,
31     size_t len);
32 
33 /**
34  * Compute signer's original nonce.
35  *
36  * :param priv_key: The private key used for signing.
37  * :param priv_key_len: The length of ``priv_key`` in bytes. Must be ``EC_PRIVATE_KEY_LEN``.
38  * :param bytes: The message hash to be signed.
39  * :param bytes_len: The length of ``bytes`` in bytes. Must be ``EC_MESSAGE_HASH_LEN``.
40  * :param commitment: Randomness commitment from the host.
41  * :param commitment_len: The length of ``commitment`` in bytes. Must be
42  *|    ``WALLY_HOST_COMMITMENT_LEN``.
43  * :param flags: Must be ``EC_FLAG_ECDSA``.
44  * :param s2c_opening_out: Destination for the resulting opening information.
45  * :param s2c_opening_out_len: The length of ``s2c_opening_out`` in bytes. Must be
46  *|    ``WALLY_S2C_OPENING_LEN``.
47  */
48 WALLY_CORE_API int wally_ae_signer_commit_from_bytes(
49     const unsigned char *priv_key,
50     size_t priv_key_len,
51     const unsigned char *bytes,
52     size_t bytes_len,
53     const unsigned char *commitment,
54     size_t commitment_len,
55     uint32_t flags,
56     unsigned char *s2c_opening_out,
57     size_t s2c_opening_out_len);
58 
59 /**
60  * Same as ``wally_ec_sig_from_bytes``, but commits to the host randomness.
61  *
62  * :param priv_key: The private key to sign with.
63  * :param priv_key_len: The length of ``priv_key`` in bytes. Must be ``EC_PRIVATE_KEY_LEN``.
64  * :param bytes: The message hash to sign.
65  * :param bytes_len: The length of ``bytes`` in bytes. Must be ``EC_MESSAGE_HASH_LEN``.
66  * :param entropy: Host provided randomness.
67  * :param entropy_len: The length of ``entropy`` in bytes. Must be ``WALLY_S2C_DATA_LEN``.
68  * :param flags: Must be ``EC_FLAG_ECDSA``.
69  * :param bytes_out: Destination for the resulting compact signature.
70  * :param len: The length of ``bytes_out`` in bytes. Must be ``EC_SIGNATURE_LEN``.
71  */
72 WALLY_CORE_API int wally_ae_sig_from_bytes(
73     const unsigned char *priv_key,
74     size_t priv_key_len,
75     const unsigned char *bytes,
76     size_t bytes_len,
77     const unsigned char *entropy,
78     size_t entropy_len,
79     uint32_t flags,
80     unsigned char *bytes_out,
81     size_t len);
82 
83 /**
84  * Verify a signature was correctly constructed using the Anti-Exfil Protocol.
85  *
86  * :param pub_key: The public key to verify with.
87  * :param pub_key_len: The length of ``pub_key`` in bytes. Must be ``EC_PUBLIC_KEY_LEN``.
88  * :param bytes: The message hash to verify.
89  * :param bytes_len: The length of ``bytes`` in bytes. Must be ``EC_MESSAGE_HASH_LEN``.
90  * :param entropy: Randomness provided by the host.
91  * :param entropy_len: The length of ``entropy`` in bytes. Must be ``WALLY_S2C_DATA_LEN``.
92  * :param s2c_opening: Opening information provided by the signer.
93  * :param s2c_opening_len: The length of ``s2c_opening`` in bytes. Must be
94  *|    ``WALLY_S2C_OPENING_LEN``.
95  * :param flags: Must be ``EC_FLAG_ECDSA``.
96  * :param sig: The compact signature of the message in ``bytes``.
97  * :param sig_len: The length of ``sig`` in bytes. Must be ``EC_SIGNATURE_LEN``.
98  */
99 WALLY_CORE_API int wally_ae_verify(
100     const unsigned char *pub_key,
101     size_t pub_key_len,
102     const unsigned char *bytes,
103     size_t bytes_len,
104     const unsigned char *entropy,
105     size_t entropy_len,
106     const unsigned char *s2c_opening,
107     size_t s2c_opening_len,
108     uint32_t flags,
109     const unsigned char *sig,
110     size_t sig_len);
111 
112 #ifdef __cplusplus
113 }
114 #endif
115 
116 #endif /* LIBWALLY_CORE_ANTI_EXFIL_H */
117