session-android/libaxolotl/jni/ed25519/additions/curve_sigs.h

51 lines
1.7 KiB
C
Raw Normal View History

2014-06-24 19:59:22 +00:00
#ifndef __CURVE_SIGS_H__
#define __CURVE_SIGS_H__
2014-09-13 17:31:34 +00:00
#define MAX_MSG_LEN 256
2014-07-24 18:24:54 +00:00
void curve25519_keygen(unsigned char* curve25519_pubkey_out, /* 32 bytes */
const unsigned char* curve25519_privkey_in); /* 32 bytes */
2014-06-24 19:59:22 +00:00
2014-09-13 17:31:34 +00:00
/* returns 0 on success */
int curve25519_sign(unsigned char* signature_out, /* 64 bytes */
2014-07-24 18:24:54 +00:00
const unsigned char* curve25519_privkey, /* 32 bytes */
const unsigned char* msg, const unsigned long msg_len,
const unsigned char* random); /* 64 bytes */
2014-06-24 19:59:22 +00:00
/* returns 0 on success */
2014-07-24 18:24:54 +00:00
int curve25519_verify(const unsigned char* signature, /* 64 bytes */
2014-09-13 17:31:34 +00:00
const unsigned char* curve25519_pubkey, /* 32 bytes */
2014-07-24 18:24:54 +00:00
const unsigned char* msg, const unsigned long msg_len);
2014-06-24 19:59:22 +00:00
/* helper function - modified version of crypto_sign() to use
2014-07-24 18:24:54 +00:00
explicit private key. In particular:
2014-09-13 17:31:34 +00:00
sk : private key
pk : public key
msg : message
2014-07-24 18:24:54 +00:00
prefix : 0xFE || [0xFF]*31
2014-09-13 17:31:34 +00:00
random : 64 bytes random
q : main subgroup order
2014-07-24 18:24:54 +00:00
The prefix is chosen to distinguish the two SHA512 uses below, since
prefix is an invalid encoding for R (it would encode a "field element"
of 2^255 - 2). 0xFF*32 is set aside for use in ECDH protocols, which
is why the first byte here ix 0xFE.
2014-09-13 17:31:34 +00:00
sig_nonce = SHA512(prefix || sk || msg || random) % q
2014-07-24 18:24:54 +00:00
R = g^sig_nonce
M = SHA512(R || pk || m)
S = sig_nonce + (m * sk)
signature = (R || S)
*/
2014-06-24 19:59:22 +00:00
int crypto_sign_modified(
unsigned char *sm,
2014-06-24 19:59:22 +00:00
const unsigned char *m,unsigned long long mlen,
2014-07-24 18:24:54 +00:00
const unsigned char *sk, /* Curve/Ed25519 private key */
const unsigned char *pk, /* Ed25519 public key */
2014-09-13 17:31:34 +00:00
const unsigned char *random /* 64 bytes random to hash into nonce */
2014-06-24 19:59:22 +00:00
);
#endif