Line data Source code
1 : #ifndef HEADER_fd_src_ballet_ed25519_fd_ed25519_h 2 : #define HEADER_fd_src_ballet_ed25519_fd_ed25519_h 3 : 4 : /* fd_ed25519 provides APIs for ED25519 signature computations */ 5 : 6 : #include "../sha512/fd_sha512.h" 7 : 8 : /* FD_ED25519_ERR_* gives a number of error codes used by fd_ed25519 9 : APIs. */ 10 : 11 312831 : #define FD_ED25519_SUCCESS ( 0) /* Operation was successful */ 12 271525 : #define FD_ED25519_ERR_SIG (-1) /* Operation failed because the signature was obviously invalid */ 13 83957 : #define FD_ED25519_ERR_PUBKEY (-2) /* Operation failed because the public key was obviously invalid */ 14 371466 : #define FD_ED25519_ERR_MSG (-3) /* Operation failed because the message didn't match the signature for the given key */ 15 : 16 : /* FD_ED25519_SIG_SZ: the size of an Ed25519 signature in bytes. */ 17 101464197 : #define FD_ED25519_SIG_SZ (64UL) 18 : 19 : /* An Ed25519 signature. */ 20 : typedef uchar fd_ed25519_sig_t[ FD_ED25519_SIG_SZ ]; 21 : 22 : FD_PROTOTYPES_BEGIN 23 : 24 : /* fd_ed25519_public_from_private computes the public_key corresponding 25 : to the given private key. 26 : 27 : public_key is assumed to point to the first byte of a 32-byte memory 28 : region which will hold the public key on return. 29 : 30 : private_key assumed to point to first byte of a 32-byte memory region 31 : private key for which the public key is desired. 32 : 33 : sha is a handle of a local join to a sha512 calculator. 34 : 35 : Does no input argument checking. The caller takes a write interest 36 : in public_key and sha and a read interest in public_key for the 37 : duration the call. Sanitizes the sha and stack to minimize risk of 38 : leaking private key info before returning. Returns public_key. */ 39 : 40 : uchar * FD_FN_SENSITIVE 41 : fd_ed25519_public_from_private( uchar public_key [ 32 ], 42 : uchar const private_key[ 32 ], 43 : fd_sha512_t * sha ); 44 : 45 : /* fd_ed25519_sign signs a message according to the ED25519 standard. 46 : 47 : sig is assumed to point to the first byte of a 64-byte memory region 48 : which will hold the signature on return. 49 : 50 : msg is assumed to point to the first byte of a sz byte memory region 51 : which holds the message to sign (sz==0 fine, msg==NULL fine if 52 : sz==0). 53 : 54 : public_key is assumed to point to first byte of a 32-byte memory 55 : region that holds the public key to use to sign this message. 56 : 57 : private_key is assumed to point to first byte of a 32-byte memory 58 : region that holds the private key to use to sign this message. 59 : 60 : sha is a handle of a local join to a sha512 calculator. 61 : 62 : Does no input argument checking. Sanitizes the sha and stack to 63 : minimize risk of leaking private key info after return. The caller 64 : takes a write interest in sig and sha and a read interest in msg, 65 : public_key and private_key for the duration the call. Returns sig. */ 66 : 67 : uchar * FD_FN_SENSITIVE 68 : fd_ed25519_sign( uchar sig[ 64 ], 69 : uchar const msg[], /* msg_sz */ 70 : ulong msg_sz, 71 : uchar const public_key[ 32 ], 72 : uchar const private_key[ 32 ], 73 : fd_sha512_t * sha ); 74 : 75 : /* fd_ed25519_verify verifies message according to the ED25519 standard. 76 : 77 : msg is assumed to point to the first byte of a sz byte memory region 78 : which holds the message to verify (sz==0 fine, msg==NULL fine if 79 : sz==0). 80 : 81 : sig is assumed to point to the first byte of a 64 byte memory region 82 : which holds the signature of the message. 83 : 84 : public_key is assumed to point to first byte of a 32-byte memory 85 : region that holds the public key to use to verify this message. 86 : 87 : sha is a handle of a local join to a sha512 calculator. 88 : 89 : Does no input argument checking. This function takes a write 90 : interest in sig and sha and a read interest in msg, public_key and 91 : private_key for the duration the call. Sanitizes the sha and stack 92 : to minimize risk of leaking private key info after return. Returns 93 : FD_ED25519_SUCCESS (0) if the message verified successfully or a 94 : FD_ED25519_ERR_* code indicating the failure reason otherwise. */ 95 : 96 : int 97 : fd_ed25519_verify( uchar const msg[], /* msg_sz */ 98 : ulong msg_sz, 99 : uchar const sig[ 64 ], 100 : uchar const public_key[ 32 ], 101 : fd_sha512_t * sha ); 102 : 103 : /* fd_ed25519_verify_batch_single_msg verifies a batch of signatures 104 : over a single message, according to the ED25519 standard. 105 : 106 : msg is assumed to point to the first byte of a msg_sz byte memory region 107 : which holds the message to verify (msg_sz==0 fine, msg==NULL fine if 108 : msg_sz==0). 109 : 110 : signatures is assumed to point to the first byte of a memory region 111 : which holds the signatures of the message. Each signature is 64-byte long. 112 : 113 : pubkeys is assumed to point to first byte of a memory region 114 : that holds the public keys to use to verify these signatures. 115 : Each public key is 64-byte long. 116 : 117 : shas is an array of handles of a local join to sha512 calculators. 118 : 119 : batch_sz is the size of signatures, pubkeys and shas. 120 : batch_sz must be greater than zero. 121 : 122 : See fd_ed25519_verify for more details. */ 123 : 124 : int 125 : fd_ed25519_verify_batch_single_msg( uchar const msg[], /* msg_sz */ 126 : ulong const msg_sz, 127 : uchar const signatures[ 64 ], /* 64 * batch_sz */ 128 : uchar const pubkeys[ 32 ], /* 32 * batch_sz */ 129 : fd_sha512_t * shas[ 1 ], /* batch_sz */ 130 : uchar const batch_sz ); 131 : 132 : /* fd_ed25519_strerror converts an FD_ED25519_SUCCESS / FD_ED25519_ERR_* 133 : code into a human readable cstr. The lifetime of the returned 134 : pointer is infinite. The returned pointer is always to a non-NULL 135 : cstr. */ 136 : 137 : FD_FN_CONST char const * 138 : fd_ed25519_strerror( int err ); 139 : 140 : FD_PROTOTYPES_END 141 : 142 : #endif /* HEADER_fd_src_ballet_ed25519_fd_ed25519_h */
