occ_ed25519.h 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
  1. /**
  2. * Copyright (c) 2016 - 2018, Nordic Semiconductor ASA
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without modification,
  7. * are permitted provided that the following conditions are met:
  8. *
  9. * 1. Redistributions of source code must retain the above copyright notice, this
  10. * list of conditions and the following disclaimer.
  11. *
  12. * 2. Redistributions in binary form, except as embedded into a Nordic
  13. * Semiconductor ASA integrated circuit in a product or a software update for
  14. * such product, must reproduce the above copyright notice, this list of
  15. * conditions and the following disclaimer in the documentation and/or other
  16. * materials provided with the distribution.
  17. *
  18. * 3. Neither the name of Nordic Semiconductor ASA nor the names of its
  19. * contributors may be used to endorse or promote products derived from this
  20. * software without specific prior written permission.
  21. *
  22. * 4. This software, with or without modification, must only be used with a
  23. * Nordic Semiconductor ASA integrated circuit.
  24. *
  25. * 5. Any software provided in binary form under this license must not be reverse
  26. * engineered, decompiled, modified and/or disassembled.
  27. *
  28. * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
  29. * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  30. * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
  31. * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
  32. * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  33. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
  34. * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  35. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  36. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  37. * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  38. *
  39. */
  40. /**@file
  41. * Ed25519 is a specific implementation of EdDSA, a digital signature scheme.
  42. * EdDSA is based on Twisted Edwards curves and is designed to be faster than
  43. * existing digital signature schemes without sacrificing security. It was
  44. * developed by Daniel J. Bernstein, et al. Ed25519 is intended to provide
  45. * attack resistance comparable to quality 128-bit symmetric ciphers.
  46. *
  47. * @see [Ed25519: high-speed high-security signatures](https://ed25519.cr.yp.to)
  48. */
  49. #ifndef OCC_ED25519_H
  50. #define OCC_ED25519_H
  51. #include <stdint.h>
  52. #include <stddef.h>
  53. /**
  54. * Length of a public key.
  55. */
  56. #define occ_ed25519_PUBLIC_KEY_BYTES (32)
  57. /**
  58. * Length of a secret key.
  59. */
  60. #define occ_ed25519_SECRET_KEY_BYTES (32)
  61. /**
  62. * Length of a signature.
  63. */
  64. #define occ_ed25519_BYTES (64)
  65. /**
  66. * Ed25519 signature key pair generation.
  67. *
  68. * Given a secret key `sk`, the corresponding public key is computed and put
  69. * into `pk`. The key pair can then be used to sign and verify message signatures.
  70. *
  71. * **Example**
  72. * @include occ_ed25519_public_key.c
  73. *
  74. * @param[out] pk Generated public key.
  75. * @param sk Secret key. Must be prefilled with random data.
  76. */
  77. void occ_ed25519_public_key(uint8_t pk[occ_ed25519_PUBLIC_KEY_BYTES],
  78. const uint8_t sk[occ_ed25519_SECRET_KEY_BYTES]);
  79. /**
  80. * Ed25519 signature generate.
  81. *
  82. * The message @p m is signed using the secret key @p sk and the corresponding
  83. * public key @p pk. The signature is put into @p sig.
  84. *
  85. * **Example**
  86. * @include occ_ed25519_sign.c
  87. *
  88. * @param[out] sig Generated signature.
  89. * @param m Input message.
  90. * @param m_len Length of @p m.
  91. * @param sk Secret key.
  92. * @param pk Public key.
  93. */
  94. void occ_ed25519_sign(uint8_t sig[occ_ed25519_BYTES],
  95. const uint8_t *m, size_t m_len,
  96. const uint8_t sk[occ_ed25519_SECRET_KEY_BYTES],
  97. const uint8_t pk[occ_ed25519_PUBLIC_KEY_BYTES]);
  98. /**
  99. * Ed25519 signature verification.
  100. *
  101. * The signature @p sig of the input message @p m is verified using the signer's
  102. * public key @p pk.
  103. *
  104. * **Example**
  105. * @include occ_ed25519_verify.c
  106. *
  107. * @param sig Input signature.
  108. * @param m Input message.
  109. * @param m_len Length of @p m.
  110. * @param pk Signer's public key.
  111. *
  112. * @returns 0 If signature OK.
  113. * @returns -1 Otherwise.
  114. */
  115. int occ_ed25519_verify(const uint8_t sig[occ_ed25519_BYTES],
  116. const uint8_t *m, size_t m_len,
  117. const uint8_t pk[occ_ed25519_PUBLIC_KEY_BYTES]);
  118. #endif