crypto::ed25519+x86_64 +linux

ed25519: ed25519 cryptographic signature support

This module implements the ed25519 signature algorithm, as defined by RFC 8032.

Do not use the same secret key for both key exchanges and signatures. The public keys are different and revealing both may leak information.

This is a low-level module which implements cryptographic primitives. Direct use of cryptographic primitives is not recommended for non-experts, as incorrect use of these primitives can easily lead to the introduction of security vulnerabilities. Non-experts are advised to use the high-level operations available in the top-level crypto:: module.

Be advised that Hare's cryptography implementations have not been audited.

Index

Types

// Undocumented types:
type elem = [FIELDSZ]i64;
type hash = struct {
	h: sha512::digest,
	pub: []u8,
	point: point,
	sig: []u8,
};
type point = struct {
	x: elem,
	y: elem,
	z: elem,
	t: elem,
};
type privkey = [PRIVKEYSZ]u8;
type pubkey = [PUBKEYSZ]u8;
type seed = [SEEDSZ]u8;

Errors

type error = !(invalidsig | invalidkey);
type invalidkey = !void;
type invalidsig = !void;

Constants

def PRIVKEYSZ: size = 64;
def PUBKEYSZ: size = 32;
def SEEDSZ: size = 32;
def SIGNATURESZ: size = 64;

Functions

fn privkey_getpubkey(priv: []u8) pubkey;
fn privkey_init(priv: []u8, seed: []u8) void;
fn sign(priv: []u8, msg: []u8) [SIGNATURESZ]u8;
fn strerror(e: error) str;
fn verifier(pub: []u8, sig: []u8) (hash | invalidkey | invalidsig);
fn verify(h: *hash) (void | invalidsig);
fn verify_buf(pub: []u8, msg: []u8, sig: []u8) (void | error);

Types

type elem[permalink] [source]

Show undocumented member
type elem = [FIELDSZ]i64;

type hash[permalink] [source]

Show undocumented member
type hash = struct {
	h: sha512::digest,
	pub: []u8,
	point: point,
	sig: []u8,
};

type point[permalink] [source]

Show undocumented member
type point = struct {
	x: elem,
	y: elem,
	z: elem,
	t: elem,
};

type privkey[permalink] [source]

Show undocumented member
type privkey = [PRIVKEYSZ]u8;

type pubkey[permalink] [source]

Show undocumented member
type pubkey = [PUBKEYSZ]u8;

type seed[permalink] [source]

Show undocumented member
type seed = [SEEDSZ]u8;

Errors

type error[permalink] [source]

type error = !(invalidsig | invalidkey);

Possible errors returned by this module.

type invalidkey[permalink] [source]

type invalidkey = !void;

Invalid key

type invalidsig[permalink] [source]

type invalidsig = !void;

Invalid signature

Constants

def PRIVKEYSZ[permalink] [source]

def PRIVKEYSZ: size = 64;

The size of an Ed25519 private key.

def PUBKEYSZ[permalink] [source]

def PUBKEYSZ: size = 32;

The size of an Ed25519 public key.

def SEEDSZ[permalink] [source]

def SEEDSZ: size = 32;

The size of an Ed25519 seed.

def SIGNATURESZ[permalink] [source]

def SIGNATURESZ: size = 64;

The size of an Ed25519 signature.

Functions

fn privkey_getpubkey[permalink] [source]

fn privkey_getpubkey(priv: []u8) pubkey;

Derive the public key for a given private key. '

fn privkey_init[permalink] [source]

fn privkey_init(priv: []u8, seed: []u8) void;

Derives a new Ed25519 private key from a given seed. The seed must be initialized to cryptographically random data; crypto::random:: is recommended for this purpose.

fn sign[permalink] [source]

fn sign(priv: []u8, msg: []u8) [SIGNATURESZ]u8;

Signs a message with a private key, returning the signature.

fn strerror[permalink] [source]

fn strerror(e: error) str;

String representation of error 'e'.

fn verifier[permalink] [source]

fn verifier(pub: []u8, sig: []u8) (hash | invalidkey | invalidsig);

Creates a hash::hash function in that the message to be verified can be written into. verify needs to be called afterwards, to verify if the signature is valid for the given message.

fn verify[permalink] [source]

fn verify(h: *hash) (void | invalidsig);

Checks if the given hash 'h' is valid.

fn verify_buf[permalink] [source]

fn verify_buf(pub: []u8, msg: []u8, sig: []u8) (void | error);

Given a public key, verifies a signature produced with the corresponding private key for a given message, returning true if the signature is valid and false otherwise.