ed25519.h
Go to the documentation of this file.
1 /**
2  * @file ed25519.h
3  * @brief Ed25519 elliptic curve (constant-time implementation)
4  *
5  * @section License
6  *
7  * Copyright (C) 2010-2018 Oryx Embedded SARL. All rights reserved.
8  *
9  * This file is part of CycloneCrypto Open.
10  *
11  * This program is free software; you can redistribute it and/or
12  * modify it under the terms of the GNU General Public License
13  * as published by the Free Software Foundation; either version 2
14  * of the License, or (at your option) any later version.
15  *
16  * This program is distributed in the hope that it will be useful,
17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19  * GNU General Public License for more details.
20  *
21  * You should have received a copy of the GNU General Public License
22  * along with this program; if not, write to the Free Software Foundation,
23  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
24  *
25  * @author Oryx Embedded SARL (www.oryx-embedded.com)
26  * @version 1.9.0
27  **/
28 
29 #ifndef _ED25519_H
30 #define _ED25519_H
31 
32 //Dependencies
33 #include "core/crypto.h"
34 #include "hash/sha512.h"
35 
36 //Length of EdDSA private keys
37 #define ED25519_PRIVATE_KEY_LEN 32
38 //Length of EdDSA public keys
39 #define ED25519_PUBLIC_KEY_LEN 32
40 //Length of EdDSA signatures
41 #define ED25519_SIGNATURE_LEN 64
42 
43 //Ed25519ph flag
44 #define ED25519_PH_FLAG 1
45 //Prehash function output size
46 #define ED25519_PH_SIZE 64
47 
48 //C++ guard
49 #ifdef __cplusplus
50  extern "C" {
51 #endif
52 
53 
54 /**
55  * @brief Extended point representation
56  **/
57 
58 typedef struct
59 {
60  uint32_t x[8];
61  uint32_t y[8];
62  uint32_t z[8];
63  uint32_t t[8];
64 } Ed25519Point;
65 
66 
67 /**
68  * @brief Ed25519 working state
69  **/
70 
71 typedef struct
72 {
74  uint8_t k[64];
75  uint8_t p[32];
76  uint8_t r[32];
77  uint8_t s[32];
83  uint32_t a[8];
84  uint32_t b[8];
85  uint32_t c[8];
86  uint32_t d[8];
87  uint32_t e[8];
88  uint32_t f[8];
89  uint32_t g[8];
90  uint32_t h[8];
91 } Ed25519State;
92 
93 
94 //Ed25519 related functions
95 error_t ed25519GenerateKeyPair(const PrngAlgo *prngAlgo, void *prngContext,
96  uint8_t *privateKey, uint8_t *publicKey);
97 
98 error_t ed25519GenerateSignature(const uint8_t *privateKey,
99  const uint8_t *publicKey, const void *message, size_t messageLen,
100  const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature);
101 
102 error_t ed25519VerifySignature(const uint8_t *publicKey, const void *message,
103  size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag,
104  const uint8_t *signature);
105 
106 void ed25519Mul(Ed25519State *state, Ed25519Point *r, const uint8_t *k,
107  const Ed25519Point *p);
108 
109 void ed25519Add(Ed25519State *state, Ed25519Point *r, const Ed25519Point *p,
110  const Ed25519Point *q);
111 
112 void ed25519Double(Ed25519State *state, Ed25519Point *r, const Ed25519Point *p);
113 
114 void ed25519Encode(Ed25519Point *p, uint8_t *data);
115 uint32_t ed25519Decode(Ed25519Point *p, const uint8_t *data);
116 
117 void ed25519RedInt(uint8_t *r, const uint8_t *a);
118 
119 void ed25519AddInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n);
120 uint8_t ed25519SubInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n);
121 
122 void ed25519MulInt(uint8_t *rl, uint8_t *rh, const uint8_t *a,
123  const uint8_t *b, uint_t n);
124 
125 void ed25519CopyInt(uint8_t *a, const uint8_t *b, uint_t n);
126 
127 void ed25519SelectInt(uint8_t *r, const uint8_t *a, const uint8_t *b,
128  uint8_t c, uint_t n);
129 
130 uint8_t ed25519CompInt(const uint8_t *a, const uint8_t *b, uint_t n);
131 
132 //C++ guard
133 #ifdef __cplusplus
134  }
135 #endif
136 
137 #endif
uint8_t ed25519CompInt(const uint8_t *a, const uint8_t *b, uint_t n)
Compare integers.
Definition: ed25519.c:810
void ed25519CopyInt(uint8_t *a, const uint8_t *b, uint_t n)
Copy an integer.
Definition: ed25519.c:763
Sha512Context sha512Context
Definition: ed25519.h:73
Ed25519Point ka
Definition: ed25519.h:78
uint8_t c
Definition: ndp.h:510
Extended point representation.
Definition: ed25519.h:58
uint8_t p
Definition: ndp.h:295
error_t ed25519GenerateKeyPair(const PrngAlgo *prngAlgo, void *prngContext, uint8_t *privateKey, uint8_t *publicKey)
EdDSA key pair generation.
Definition: ed25519.c:114
SHA-512 algorithm context.
Definition: sha512.h:54
uint8_t message[]
Definition: chap.h:150
void ed25519Double(Ed25519State *state, Ed25519Point *r, const Ed25519Point *p)
Point doubling.
Definition: ed25519.c:492
General definitions for cryptographic algorithms.
void ed25519SelectInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint8_t c, uint_t n)
Select an integer.
Definition: ed25519.c:784
uint8_t ed25519SubInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
Subtraction of two integers.
Definition: ed25519.c:680
uint16_t z
Definition: dns_common.h:173
void ed25519RedInt(uint8_t *r, const uint8_t *a)
Reduce an integer modulo L.
Definition: ed25519.c:620
uint32_t ed25519Decode(Ed25519Point *p, const uint8_t *data)
Point decoding.
Definition: ed25519.c:553
uint8_t a
Definition: ndp.h:407
error_t ed25519GenerateSignature(const uint8_t *privateKey, const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
EdDSA signature generation.
Definition: ed25519.c:183
void ed25519Encode(Ed25519Point *p, uint8_t *data)
Point encoding.
Definition: ed25519.c:528
Ed25519Point rb
Definition: ed25519.h:79
Ed25519Point sb
Definition: ed25519.h:80
uint8_t signature
Definition: tls.h:1364
uint8_t s
Ed25519Point v
Definition: ed25519.h:82
void ed25519AddInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
Addition of two integers.
Definition: ed25519.c:655
error_t
Error codes.
Definition: error.h:40
unsigned int uint_t
Definition: compiler_port.h:43
uint8_t data[]
Definition: dtls_misc.h:167
Common interface for pseudo-random number generators.
Definition: crypto.h:1091
void ed25519MulInt(uint8_t *rl, uint8_t *rh, const uint8_t *a, const uint8_t *b, uint_t n)
Multiplication of two integers.
Definition: ed25519.c:708
void ed25519Add(Ed25519State *state, Ed25519Point *r, const Ed25519Point *p, const Ed25519Point *q)
Point addition.
Definition: ed25519.c:449
uint32_t r
Definition: ndp.h:342
SHA-512 (Secure Hash Algorithm 512)
void ed25519Mul(Ed25519State *state, Ed25519Point *r, const uint8_t *k, const Ed25519Point *p)
Scalar multiplication on Ed25519 curve.
Definition: ed25519.c:402
uint8_t n
uint8_t h
Definition: ndp.h:297
Ed25519Point u
Definition: ed25519.h:81
error_t ed25519VerifySignature(const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
EdDSA signature verification.
Definition: ed25519.c:313
uint8_t b[6]
Definition: dtls_misc.h:130
Ed25519 working state.
Definition: ed25519.h:71