crypto::ed25519 +linux +x86_64

This module implements the ed25519 signature algorithm, as defined by RFC 8032.

Do not use the same secret key for both key exchanges and signatures. The public keys are different and revealing both may leak information.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto module.

Be advised that Hare's cryptography implementations have not been audited.



// Undocumented types:
type privkey;
type pubkey;
type seed;


const PRIVKEYSZ: size;
const PUBKEYSZ: size;
const SEEDSZ: size;
const SIGNATURESZ: size;


fn privkey_getpubkey(*privkey) pubkey;
fn privkey_init(*privkey, *seed) void;
fn sign(*privkey, []u8) [SIGNATURESZ]u8;
fn verify(*pubkey, []u8, *[SIGNATURESZ]u8) bool;


type privkey[link]

Show undocumented member
type privkey = [PRIVKEYSZ]u8;

type pubkey[link]

Show undocumented member
type pubkey = [PUBKEYSZ]u8;

type seed[link]

Show undocumented member
type seed = [SEEDSZ]u8;


def PRIVKEYSZ[link]

def PRIVKEYSZ: size;

The size of an Ed25519 private key.

def PUBKEYSZ[link]

def PUBKEYSZ: size;

The size of an Ed25519 public key.

def SEEDSZ[link]

def SEEDSZ: size;

The size of an Ed25519 seed.


def SIGNATURESZ: size;

The size of an Ed25519 signature.


fn privkey_getpubkey[link]

fn privkey_getpubkey(priv: *privkey) pubkey;

Derive the public key for a given private key.

fn privkey_init[link]

fn privkey_init(out: *privkey, seed: *seed) void;

Derives a new Ed25519 private key from a given seed. The seed must be initialized to cryptographically random data; crypto::random is recommended for this purpose.

fn sign[link]

fn sign(priv: *privkey, msg: []u8) [SIGNATURESZ]u8;

Signs a message with a private key, returning the signature.

fn verify[link]

fn verify(pub: *pubkey, msg: []u8, sig: *[SIGNATURESZ]u8) bool;

Given a public key, verifies a signature produced with the corresponding private key for a given message, returning true if the signature is valid and false otherwise.