monocypher-ed25519.h (5449B)
1 // Monocypher version 4.0.2 2 // 3 // This file is dual-licensed. Choose whichever licence you want from 4 // the two licences listed below. 5 // 6 // The first licence is a regular 2-clause BSD licence. The second licence 7 // is the CC-0 from Creative Commons. It is intended to release Monocypher 8 // to the public domain. The BSD licence serves as a fallback option. 9 // 10 // SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0 11 // 12 // ------------------------------------------------------------------------ 13 // 14 // Copyright (c) 2017-2019, Loup Vaillant 15 // All rights reserved. 16 // 17 // 18 // Redistribution and use in source and binary forms, with or without 19 // modification, are permitted provided that the following conditions are 20 // met: 21 // 22 // 1. Redistributions of source code must retain the above copyright 23 // notice, this list of conditions and the following disclaimer. 24 // 25 // 2. Redistributions in binary form must reproduce the above copyright 26 // notice, this list of conditions and the following disclaimer in the 27 // documentation and/or other materials provided with the 28 // distribution. 29 // 30 // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 31 // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 32 // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 33 // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 34 // HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 35 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 36 // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 37 // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 38 // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 39 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 40 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 41 // 42 // ------------------------------------------------------------------------ 43 // 44 // Written in 2017-2019 by Loup Vaillant 45 // 46 // To the extent possible under law, the author(s) have dedicated all copyright 47 // and related neighboring rights to this software to the public domain 48 // worldwide. This software is distributed without any warranty. 49 // 50 // You should have received a copy of the CC0 Public Domain Dedication along 51 // with this software. If not, see 52 // <https://creativecommons.org/publicdomain/zero/1.0/> 53 54 #ifndef ED25519_H 55 #define ED25519_H 56 57 #include "monocypher.h" 58 59 #ifdef MONOCYPHER_CPP_NAMESPACE 60 namespace MONOCYPHER_CPP_NAMESPACE { 61 #elif defined(__cplusplus) 62 extern "C" { 63 #endif 64 65 //////////////////////// 66 /// Type definitions /// 67 //////////////////////// 68 69 // Do not rely on the size or content on any of those types, 70 // they may change without notice. 71 typedef struct { 72 uint64_t hash[8]; 73 uint64_t input[16]; 74 uint64_t input_size[2]; 75 size_t input_idx; 76 } crypto_sha512_ctx; 77 78 typedef struct { 79 uint8_t key[128]; 80 crypto_sha512_ctx ctx; 81 } crypto_sha512_hmac_ctx; 82 83 84 // SHA 512 85 // ------- 86 void crypto_sha512_init (crypto_sha512_ctx *ctx); 87 void crypto_sha512_update(crypto_sha512_ctx *ctx, 88 const uint8_t *message, size_t message_size); 89 void crypto_sha512_final (crypto_sha512_ctx *ctx, uint8_t hash[64]); 90 void crypto_sha512(uint8_t hash[64], 91 const uint8_t *message, size_t message_size); 92 93 // SHA 512 HMAC 94 // ------------ 95 void crypto_sha512_hmac_init(crypto_sha512_hmac_ctx *ctx, 96 const uint8_t *key, size_t key_size); 97 void crypto_sha512_hmac_update(crypto_sha512_hmac_ctx *ctx, 98 const uint8_t *message, size_t message_size); 99 void crypto_sha512_hmac_final(crypto_sha512_hmac_ctx *ctx, uint8_t hmac[64]); 100 void crypto_sha512_hmac(uint8_t hmac[64], 101 const uint8_t *key , size_t key_size, 102 const uint8_t *message, size_t message_size); 103 104 // SHA 512 HKDF 105 // ------------ 106 void crypto_sha512_hkdf_expand(uint8_t *okm, size_t okm_size, 107 const uint8_t *prk, size_t prk_size, 108 const uint8_t *info, size_t info_size); 109 void crypto_sha512_hkdf(uint8_t *okm , size_t okm_size, 110 const uint8_t *ikm , size_t ikm_size, 111 const uint8_t *salt, size_t salt_size, 112 const uint8_t *info, size_t info_size); 113 114 // Ed25519 115 // ------- 116 // Signatures (EdDSA with curve25519 + SHA-512) 117 // -------------------------------------------- 118 void crypto_ed25519_key_pair(uint8_t secret_key[64], 119 uint8_t public_key[32], 120 uint8_t seed[32]); 121 void crypto_ed25519_sign(uint8_t signature [64], 122 const uint8_t secret_key[64], 123 const uint8_t *message, size_t message_size); 124 int crypto_ed25519_check(const uint8_t signature [64], 125 const uint8_t public_key[32], 126 const uint8_t *message, size_t message_size); 127 128 // Pre-hash variants 129 void crypto_ed25519_ph_sign(uint8_t signature [64], 130 const uint8_t secret_key [64], 131 const uint8_t message_hash[64]); 132 int crypto_ed25519_ph_check(const uint8_t signature [64], 133 const uint8_t public_key [32], 134 const uint8_t message_hash[64]); 135 136 #ifdef __cplusplus 137 } 138 #endif 139 140 #endif // ED25519_H