1 /* ed25519.h
2  *
3  * Copyright (C) 2006-2021 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
22 /*!
23     \file wolfssl/wolfcrypt/ed25519.h
24 */
25 
26 
27 #ifndef WOLF_CRYPT_ED25519_H
28 #define WOLF_CRYPT_ED25519_H
29 
30 #include <wolfssl/wolfcrypt/types.h>
31 
32 #ifdef HAVE_ED25519
33 
34 #include <wolfssl/wolfcrypt/fe_operations.h>
35 #include <wolfssl/wolfcrypt/ge_operations.h>
36 #include <wolfssl/wolfcrypt/random.h>
37 #ifndef WOLFSSL_SHA512
38 #error ED25519 requires SHA512
39 #endif
40 #include <wolfssl/wolfcrypt/sha512.h>
41 
42 #ifdef WOLFSSL_ASYNC_CRYPT
43     #include <wolfssl/wolfcrypt/async.h>
44 #endif
45 
46 #ifdef __cplusplus
47     extern "C" {
48 #endif
49 
50 
51 /* info about EdDSA curve specifically ed25519, defined as an elliptic curve
52    over GF(p) */
53 /*
54     32,                key size
55     "ED25519",         curve name
56     "2^255-19",        prime number
57     "SHA512",          hash function
58     "-121665/121666",  value of d
59 */
60 
61 #define ED25519_KEY_SIZE     32 /* private key only */
62 #define ED25519_SIG_SIZE     64
63 
64 #define ED25519_PUB_KEY_SIZE 32 /* compressed */
65 /* both private and public key */
66 #define ED25519_PRV_KEY_SIZE (ED25519_PUB_KEY_SIZE+ED25519_KEY_SIZE)
67 
68 
69 enum {
70     Ed25519    = -1,
71     Ed25519ctx = 0,
72     Ed25519ph  = 1,
73 };
74 
75 #ifndef WC_ED25519KEY_TYPE_DEFINED
76     typedef struct ed25519_key ed25519_key;
77     #define WC_ED25519KEY_TYPE_DEFINED
78 #endif
79 
80 /* An ED25519 Key */
81 struct ed25519_key {
82     byte    p[ED25519_PUB_KEY_SIZE]; /* compressed public key */
83     byte    k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */
84 #ifdef FREESCALE_LTC_ECC
85     /* uncompressed point coordinates */
86     byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */
87     byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */
88 #endif
89 #ifdef WOLFSSL_SE050
90     int keyId;
91 #endif
92     word16 pubKeySet:1;
93 #ifdef WOLFSSL_ASYNC_CRYPT
94     WC_ASYNC_DEV asyncDev;
95 #endif
96 #if defined(WOLF_CRYPTO_CB)
97     int devId;
98 #endif
99     void *heap;
100 #ifdef WOLFSSL_ED25519_PERSISTENT_SHA
101     wc_Sha512 sha;
102     int sha_clean_flag;
103 #endif
104 };
105 
106 
107 WOLFSSL_API
108 int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey,
109                            word32 pubKeySz);
110 WOLFSSL_API
111 int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key);
112 #ifdef HAVE_ED25519_SIGN
113 WOLFSSL_API
114 int wc_ed25519_sign_msg(const byte* in, word32 inLen, byte* out,
115                         word32 *outLen, ed25519_key* key);
116 WOLFSSL_API
117 int wc_ed25519ctx_sign_msg(const byte* in, word32 inLen, byte* out,
118                            word32 *outLen, ed25519_key* key,
119                            const byte* context, byte contextLen);
120 WOLFSSL_API
121 int wc_ed25519ph_sign_hash(const byte* hash, word32 hashLen, byte* out,
122                            word32 *outLen, ed25519_key* key,
123                            const byte* context, byte contextLen);
124 WOLFSSL_API
125 int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out,
126                           word32 *outLen, ed25519_key* key, const byte* context,
127                           byte contextLen);
128 WOLFSSL_API
129 int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out,
130                             word32 *outLen, ed25519_key* key, byte type,
131                             const byte* context, byte contextLen);
132 #endif /* HAVE_ED25519_SIGN */
133 #ifdef HAVE_ED25519_VERIFY
134 WOLFSSL_API
135 int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
136                           word32 msgLen, int* stat, ed25519_key* key);
137 WOLFSSL_API
138 int wc_ed25519ctx_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
139                              word32 msgLen, int* stat, ed25519_key* key,
140                              const byte* context, byte contextLen);
141 WOLFSSL_API
142 int wc_ed25519ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash,
143                              word32 hashLen, int* stat, ed25519_key* key,
144                              const byte* context, byte contextLen);
145 WOLFSSL_API
146 int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg,
147                             word32 msgLen, int* stat, ed25519_key* key,
148                             const byte* context, byte contextLen);
149 WOLFSSL_API
150 int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg,
151                               word32 msgLen, int* res, ed25519_key* key,
152                               byte type, const byte* context, byte contextLen);
153 #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
154 WOLFSSL_API
155 int wc_ed25519_verify_msg_init(const byte* sig, word32 sigLen, ed25519_key* key,
156                                byte type, const byte* context, byte contextLen);
157 WOLFSSL_API
158 int wc_ed25519_verify_msg_update(const byte* msgSegment, word32 msgSegmentLen,
159                                ed25519_key* key);
160 WOLFSSL_API
161 int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res,
162                                 ed25519_key* key);
163 #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
164 #endif /* HAVE_ED25519_VERIFY */
165 
166 
167 WOLFSSL_API
168 int wc_ed25519_init(ed25519_key* key);
169 WOLFSSL_API
170 int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId);
171 WOLFSSL_API
172 void wc_ed25519_free(ed25519_key* key);
173 #ifdef HAVE_ED25519_KEY_IMPORT
174 WOLFSSL_API
175 int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
176 WOLFSSL_API
177 int wc_ed25519_import_private_only(const byte* priv, word32 privSz,
178                                                               ed25519_key* key);
179 WOLFSSL_API
180 int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
181                                const byte* pub, word32 pubSz, ed25519_key* key);
182 #endif /* HAVE_ED25519_KEY_IMPORT */
183 
184 #ifdef HAVE_ED25519_KEY_EXPORT
185 WOLFSSL_API
186 int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen);
187 WOLFSSL_API
188 int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen);
189 WOLFSSL_API
190 int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen);
191 WOLFSSL_API
192 int wc_ed25519_export_key(ed25519_key* key,
193                           byte* priv, word32 *privSz,
194                           byte* pub, word32 *pubSz);
195 #endif /* HAVE_ED25519_KEY_EXPORT */
196 
197 WOLFSSL_API
198 int wc_ed25519_check_key(ed25519_key* key);
199 
200 /* size helper */
201 WOLFSSL_API
202 int wc_ed25519_size(ed25519_key* key);
203 WOLFSSL_API
204 int wc_ed25519_priv_size(ed25519_key* key);
205 WOLFSSL_API
206 int wc_ed25519_pub_size(ed25519_key* key);
207 WOLFSSL_API
208 int wc_ed25519_sig_size(ed25519_key* key);
209 
210 #ifdef __cplusplus
211     }    /* extern "C" */
212 #endif
213 
214 #endif /* HAVE_ED25519 */
215 #endif /* WOLF_CRYPT_ED25519_H */
216