1 /* ed25519.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /*! 23 \file wolfssl/wolfcrypt/ed25519.h 24 */ 25 26 27 #ifndef WOLF_CRYPT_ED25519_H 28 #define WOLF_CRYPT_ED25519_H 29 30 #include <wolfssl/wolfcrypt/types.h> 31 32 #ifdef HAVE_ED25519 33 34 #include <wolfssl/wolfcrypt/fe_operations.h> 35 #include <wolfssl/wolfcrypt/ge_operations.h> 36 #include <wolfssl/wolfcrypt/random.h> 37 #ifndef WOLFSSL_SHA512 38 #error ED25519 requires SHA512 39 #endif 40 #include <wolfssl/wolfcrypt/sha512.h> 41 42 #ifdef WOLFSSL_ASYNC_CRYPT 43 #include <wolfssl/wolfcrypt/async.h> 44 #endif 45 46 #ifdef __cplusplus 47 extern "C" { 48 #endif 49 50 51 /* info about EdDSA curve specifically ed25519, defined as an elliptic curve 52 over GF(p) */ 53 /* 54 32, key size 55 "ED25519", curve name 56 "2^255-19", prime number 57 "SHA512", hash function 58 "-121665/121666", value of d 59 */ 60 61 #define ED25519_KEY_SIZE 32 /* private key only */ 62 #define ED25519_SIG_SIZE 64 63 64 #define ED25519_PUB_KEY_SIZE 32 /* compressed */ 65 /* both private and public key */ 66 #define ED25519_PRV_KEY_SIZE (ED25519_PUB_KEY_SIZE+ED25519_KEY_SIZE) 67 68 69 enum { 70 Ed25519 = -1, 71 Ed25519ctx = 0, 72 Ed25519ph = 1, 73 }; 74 75 #ifndef WC_ED25519KEY_TYPE_DEFINED 76 typedef struct ed25519_key ed25519_key; 77 #define WC_ED25519KEY_TYPE_DEFINED 78 #endif 79 80 /* An ED25519 Key */ 81 struct ed25519_key { 82 byte p[ED25519_PUB_KEY_SIZE]; /* compressed public key */ 83 byte k[ED25519_PRV_KEY_SIZE]; /* private key : 32 secret -- 32 public */ 84 #ifdef FREESCALE_LTC_ECC 85 /* uncompressed point coordinates */ 86 byte pointX[ED25519_KEY_SIZE]; /* recovered X coordinate */ 87 byte pointY[ED25519_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ 88 #endif 89 #ifdef WOLFSSL_SE050 90 int keyId; 91 #endif 92 word16 pubKeySet:1; 93 #ifdef WOLFSSL_ASYNC_CRYPT 94 WC_ASYNC_DEV asyncDev; 95 #endif 96 #if defined(WOLF_CRYPTO_CB) 97 int devId; 98 #endif 99 void *heap; 100 #ifdef WOLFSSL_ED25519_PERSISTENT_SHA 101 wc_Sha512 sha; 102 int sha_clean_flag; 103 #endif 104 }; 105 106 107 WOLFSSL_API 108 int wc_ed25519_make_public(ed25519_key* key, unsigned char* pubKey, 109 word32 pubKeySz); 110 WOLFSSL_API 111 int wc_ed25519_make_key(WC_RNG* rng, int keysize, ed25519_key* key); 112 #ifdef HAVE_ED25519_SIGN 113 WOLFSSL_API 114 int wc_ed25519_sign_msg(const byte* in, word32 inLen, byte* out, 115 word32 *outLen, ed25519_key* key); 116 WOLFSSL_API 117 int wc_ed25519ctx_sign_msg(const byte* in, word32 inLen, byte* out, 118 word32 *outLen, ed25519_key* key, 119 const byte* context, byte contextLen); 120 WOLFSSL_API 121 int wc_ed25519ph_sign_hash(const byte* hash, word32 hashLen, byte* out, 122 word32 *outLen, ed25519_key* key, 123 const byte* context, byte contextLen); 124 WOLFSSL_API 125 int wc_ed25519ph_sign_msg(const byte* in, word32 inLen, byte* out, 126 word32 *outLen, ed25519_key* key, const byte* context, 127 byte contextLen); 128 WOLFSSL_API 129 int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, 130 word32 *outLen, ed25519_key* key, byte type, 131 const byte* context, byte contextLen); 132 #endif /* HAVE_ED25519_SIGN */ 133 #ifdef HAVE_ED25519_VERIFY 134 WOLFSSL_API 135 int wc_ed25519_verify_msg(const byte* sig, word32 sigLen, const byte* msg, 136 word32 msgLen, int* stat, ed25519_key* key); 137 WOLFSSL_API 138 int wc_ed25519ctx_verify_msg(const byte* sig, word32 sigLen, const byte* msg, 139 word32 msgLen, int* stat, ed25519_key* key, 140 const byte* context, byte contextLen); 141 WOLFSSL_API 142 int wc_ed25519ph_verify_hash(const byte* sig, word32 sigLen, const byte* hash, 143 word32 hashLen, int* stat, ed25519_key* key, 144 const byte* context, byte contextLen); 145 WOLFSSL_API 146 int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, 147 word32 msgLen, int* stat, ed25519_key* key, 148 const byte* context, byte contextLen); 149 WOLFSSL_API 150 int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, const byte* msg, 151 word32 msgLen, int* res, ed25519_key* key, 152 byte type, const byte* context, byte contextLen); 153 #ifdef WOLFSSL_ED25519_STREAMING_VERIFY 154 WOLFSSL_API 155 int wc_ed25519_verify_msg_init(const byte* sig, word32 sigLen, ed25519_key* key, 156 byte type, const byte* context, byte contextLen); 157 WOLFSSL_API 158 int wc_ed25519_verify_msg_update(const byte* msgSegment, word32 msgSegmentLen, 159 ed25519_key* key); 160 WOLFSSL_API 161 int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res, 162 ed25519_key* key); 163 #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ 164 #endif /* HAVE_ED25519_VERIFY */ 165 166 167 WOLFSSL_API 168 int wc_ed25519_init(ed25519_key* key); 169 WOLFSSL_API 170 int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId); 171 WOLFSSL_API 172 void wc_ed25519_free(ed25519_key* key); 173 #ifdef HAVE_ED25519_KEY_IMPORT 174 WOLFSSL_API 175 int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); 176 WOLFSSL_API 177 int wc_ed25519_import_private_only(const byte* priv, word32 privSz, 178 ed25519_key* key); 179 WOLFSSL_API 180 int wc_ed25519_import_private_key(const byte* priv, word32 privSz, 181 const byte* pub, word32 pubSz, ed25519_key* key); 182 #endif /* HAVE_ED25519_KEY_IMPORT */ 183 184 #ifdef HAVE_ED25519_KEY_EXPORT 185 WOLFSSL_API 186 int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen); 187 WOLFSSL_API 188 int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen); 189 WOLFSSL_API 190 int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen); 191 WOLFSSL_API 192 int wc_ed25519_export_key(ed25519_key* key, 193 byte* priv, word32 *privSz, 194 byte* pub, word32 *pubSz); 195 #endif /* HAVE_ED25519_KEY_EXPORT */ 196 197 WOLFSSL_API 198 int wc_ed25519_check_key(ed25519_key* key); 199 200 /* size helper */ 201 WOLFSSL_API 202 int wc_ed25519_size(ed25519_key* key); 203 WOLFSSL_API 204 int wc_ed25519_priv_size(ed25519_key* key); 205 WOLFSSL_API 206 int wc_ed25519_pub_size(ed25519_key* key); 207 WOLFSSL_API 208 int wc_ed25519_sig_size(ed25519_key* key); 209 210 #ifdef __cplusplus 211 } /* extern "C" */ 212 #endif 213 214 #endif /* HAVE_ED25519 */ 215 #endif /* WOLF_CRYPT_ED25519_H */ 216