wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/ed25519.c@13:f67a6c6013ca, 2017-08-22 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue Aug 22 10:48:22 2017 +0000
- Revision:
- 13:f67a6c6013ca
wolfSSL3.12.0 with TLS1.3
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 13:f67a6c6013ca | 1 | /* ed25519.c |
wolfSSL | 13:f67a6c6013ca | 2 | * |
wolfSSL | 13:f67a6c6013ca | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 13:f67a6c6013ca | 4 | * |
wolfSSL | 13:f67a6c6013ca | 5 | * This file is part of wolfSSL. |
wolfSSL | 13:f67a6c6013ca | 6 | * |
wolfSSL | 13:f67a6c6013ca | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 13:f67a6c6013ca | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 13:f67a6c6013ca | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 13:f67a6c6013ca | 10 | * (at your option) any later version. |
wolfSSL | 13:f67a6c6013ca | 11 | * |
wolfSSL | 13:f67a6c6013ca | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 13:f67a6c6013ca | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 13:f67a6c6013ca | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 13:f67a6c6013ca | 15 | * GNU General Public License for more details. |
wolfSSL | 13:f67a6c6013ca | 16 | * |
wolfSSL | 13:f67a6c6013ca | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 13:f67a6c6013ca | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 13:f67a6c6013ca | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 13:f67a6c6013ca | 20 | */ |
wolfSSL | 13:f67a6c6013ca | 21 | |
wolfSSL | 13:f67a6c6013ca | 22 | |
wolfSSL | 13:f67a6c6013ca | 23 | /* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */ |
wolfSSL | 13:f67a6c6013ca | 24 | |
wolfSSL | 13:f67a6c6013ca | 25 | #ifdef HAVE_CONFIG_H |
wolfSSL | 13:f67a6c6013ca | 26 | #include <config.h> |
wolfSSL | 13:f67a6c6013ca | 27 | #endif |
wolfSSL | 13:f67a6c6013ca | 28 | |
wolfSSL | 13:f67a6c6013ca | 29 | /* in case user set HAVE_ED25519 there */ |
wolfSSL | 13:f67a6c6013ca | 30 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 13:f67a6c6013ca | 31 | |
wolfSSL | 13:f67a6c6013ca | 32 | #ifdef HAVE_ED25519 |
wolfSSL | 13:f67a6c6013ca | 33 | |
wolfSSL | 13:f67a6c6013ca | 34 | #include <wolfssl/wolfcrypt/ed25519.h> |
wolfSSL | 13:f67a6c6013ca | 35 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 13:f67a6c6013ca | 36 | #include <wolfssl/wolfcrypt/hash.h> |
wolfSSL | 13:f67a6c6013ca | 37 | #ifdef NO_INLINE |
wolfSSL | 13:f67a6c6013ca | 38 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 13:f67a6c6013ca | 39 | #else |
wolfSSL | 13:f67a6c6013ca | 40 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 13:f67a6c6013ca | 41 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 13:f67a6c6013ca | 42 | #endif |
wolfSSL | 13:f67a6c6013ca | 43 | |
wolfSSL | 13:f67a6c6013ca | 44 | #ifdef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 45 | #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h> |
wolfSSL | 13:f67a6c6013ca | 46 | #endif |
wolfSSL | 13:f67a6c6013ca | 47 | |
wolfSSL | 13:f67a6c6013ca | 48 | /* generate an ed25519 key pair. |
wolfSSL | 13:f67a6c6013ca | 49 | * returns 0 on success |
wolfSSL | 13:f67a6c6013ca | 50 | */ |
wolfSSL | 13:f67a6c6013ca | 51 | int wc_ed25519_make_key(WC_RNG* rng, int keySz, ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 52 | { |
wolfSSL | 13:f67a6c6013ca | 53 | byte az[ED25519_PRV_KEY_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 54 | int ret; |
wolfSSL | 13:f67a6c6013ca | 55 | #if !defined(FREESCALE_LTC_ECC) |
wolfSSL | 13:f67a6c6013ca | 56 | ge_p3 A; |
wolfSSL | 13:f67a6c6013ca | 57 | #endif |
wolfSSL | 13:f67a6c6013ca | 58 | |
wolfSSL | 13:f67a6c6013ca | 59 | if (rng == NULL || key == NULL) |
wolfSSL | 13:f67a6c6013ca | 60 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 61 | |
wolfSSL | 13:f67a6c6013ca | 62 | /* ed25519 has 32 byte key sizes */ |
wolfSSL | 13:f67a6c6013ca | 63 | if (keySz != ED25519_KEY_SIZE) |
wolfSSL | 13:f67a6c6013ca | 64 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 65 | |
wolfSSL | 13:f67a6c6013ca | 66 | ret = wc_RNG_GenerateBlock(rng, key->k, ED25519_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 67 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 68 | return ret; |
wolfSSL | 13:f67a6c6013ca | 69 | ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); |
wolfSSL | 13:f67a6c6013ca | 70 | if (ret != 0) { |
wolfSSL | 13:f67a6c6013ca | 71 | ForceZero(key->k, ED25519_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 72 | return ret; |
wolfSSL | 13:f67a6c6013ca | 73 | } |
wolfSSL | 13:f67a6c6013ca | 74 | |
wolfSSL | 13:f67a6c6013ca | 75 | /* apply clamp */ |
wolfSSL | 13:f67a6c6013ca | 76 | az[0] &= 248; |
wolfSSL | 13:f67a6c6013ca | 77 | az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ |
wolfSSL | 13:f67a6c6013ca | 78 | az[31] |= 64; |
wolfSSL | 13:f67a6c6013ca | 79 | |
wolfSSL | 13:f67a6c6013ca | 80 | #ifdef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 81 | ltc_pkha_ecc_point_t publicKey = {0}; |
wolfSSL | 13:f67a6c6013ca | 82 | publicKey.X = key->pointX; |
wolfSSL | 13:f67a6c6013ca | 83 | publicKey.Y = key->pointY; |
wolfSSL | 13:f67a6c6013ca | 84 | LTC_PKHA_Ed25519_PointMul(LTC_PKHA_Ed25519_BasePoint(), az, ED25519_KEY_SIZE, &publicKey, kLTC_Ed25519 /* result on Ed25519 */); |
wolfSSL | 13:f67a6c6013ca | 85 | LTC_PKHA_Ed25519_Compress(&publicKey, key->p); |
wolfSSL | 13:f67a6c6013ca | 86 | #else |
wolfSSL | 13:f67a6c6013ca | 87 | ge_scalarmult_base(&A, az); |
wolfSSL | 13:f67a6c6013ca | 88 | ge_p3_tobytes(key->p, &A); |
wolfSSL | 13:f67a6c6013ca | 89 | #endif |
wolfSSL | 13:f67a6c6013ca | 90 | /* put public key after private key, on the same buffer */ |
wolfSSL | 13:f67a6c6013ca | 91 | XMEMMOVE(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 92 | |
wolfSSL | 13:f67a6c6013ca | 93 | return ret; |
wolfSSL | 13:f67a6c6013ca | 94 | } |
wolfSSL | 13:f67a6c6013ca | 95 | |
wolfSSL | 13:f67a6c6013ca | 96 | |
wolfSSL | 13:f67a6c6013ca | 97 | #ifdef HAVE_ED25519_SIGN |
wolfSSL | 13:f67a6c6013ca | 98 | /* |
wolfSSL | 13:f67a6c6013ca | 99 | in contains the message to sign |
wolfSSL | 13:f67a6c6013ca | 100 | inlen is the length of the message to sign |
wolfSSL | 13:f67a6c6013ca | 101 | out is the buffer to write the signature |
wolfSSL | 13:f67a6c6013ca | 102 | outLen [in/out] input size of out buf |
wolfSSL | 13:f67a6c6013ca | 103 | output gets set as the final length of out |
wolfSSL | 13:f67a6c6013ca | 104 | key is the ed25519 key to use when signing |
wolfSSL | 13:f67a6c6013ca | 105 | return 0 on success |
wolfSSL | 13:f67a6c6013ca | 106 | */ |
wolfSSL | 13:f67a6c6013ca | 107 | int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out, |
wolfSSL | 13:f67a6c6013ca | 108 | word32 *outLen, ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 109 | { |
wolfSSL | 13:f67a6c6013ca | 110 | #ifdef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 111 | byte tempBuf[ED25519_PRV_KEY_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 112 | #else |
wolfSSL | 13:f67a6c6013ca | 113 | ge_p3 R; |
wolfSSL | 13:f67a6c6013ca | 114 | #endif |
wolfSSL | 13:f67a6c6013ca | 115 | byte nonce[SHA512_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 116 | byte hram[SHA512_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 117 | byte az[ED25519_PRV_KEY_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 118 | Sha512 sha; |
wolfSSL | 13:f67a6c6013ca | 119 | int ret; |
wolfSSL | 13:f67a6c6013ca | 120 | |
wolfSSL | 13:f67a6c6013ca | 121 | /* sanity check on arguments */ |
wolfSSL | 13:f67a6c6013ca | 122 | if (in == NULL || out == NULL || outLen == NULL || key == NULL) |
wolfSSL | 13:f67a6c6013ca | 123 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 124 | |
wolfSSL | 13:f67a6c6013ca | 125 | /* check and set up out length */ |
wolfSSL | 13:f67a6c6013ca | 126 | if (*outLen < ED25519_SIG_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 127 | *outLen = ED25519_SIG_SIZE; |
wolfSSL | 13:f67a6c6013ca | 128 | return BUFFER_E; |
wolfSSL | 13:f67a6c6013ca | 129 | } |
wolfSSL | 13:f67a6c6013ca | 130 | *outLen = ED25519_SIG_SIZE; |
wolfSSL | 13:f67a6c6013ca | 131 | |
wolfSSL | 13:f67a6c6013ca | 132 | /* step 1: create nonce to use where nonce is r in |
wolfSSL | 13:f67a6c6013ca | 133 | r = H(h_b, ... ,h_2b-1,M) */ |
wolfSSL | 13:f67a6c6013ca | 134 | ret = wc_Sha512Hash(key->k, ED25519_KEY_SIZE, az); |
wolfSSL | 13:f67a6c6013ca | 135 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 136 | return ret; |
wolfSSL | 13:f67a6c6013ca | 137 | |
wolfSSL | 13:f67a6c6013ca | 138 | /* apply clamp */ |
wolfSSL | 13:f67a6c6013ca | 139 | az[0] &= 248; |
wolfSSL | 13:f67a6c6013ca | 140 | az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ |
wolfSSL | 13:f67a6c6013ca | 141 | az[31] |= 64; |
wolfSSL | 13:f67a6c6013ca | 142 | |
wolfSSL | 13:f67a6c6013ca | 143 | ret = wc_InitSha512(&sha); |
wolfSSL | 13:f67a6c6013ca | 144 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 145 | return ret; |
wolfSSL | 13:f67a6c6013ca | 146 | ret = wc_Sha512Update(&sha, az + ED25519_KEY_SIZE, ED25519_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 147 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 148 | return ret; |
wolfSSL | 13:f67a6c6013ca | 149 | ret = wc_Sha512Update(&sha, in, inlen); |
wolfSSL | 13:f67a6c6013ca | 150 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 151 | return ret; |
wolfSSL | 13:f67a6c6013ca | 152 | ret = wc_Sha512Final(&sha, nonce); |
wolfSSL | 13:f67a6c6013ca | 153 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 154 | return ret; |
wolfSSL | 13:f67a6c6013ca | 155 | |
wolfSSL | 13:f67a6c6013ca | 156 | #ifdef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 157 | ltc_pkha_ecc_point_t ltcPoint = {0}; |
wolfSSL | 13:f67a6c6013ca | 158 | ltcPoint.X = &tempBuf[0]; |
wolfSSL | 13:f67a6c6013ca | 159 | ltcPoint.Y = &tempBuf[32]; |
wolfSSL | 13:f67a6c6013ca | 160 | LTC_PKHA_sc_reduce(nonce); |
wolfSSL | 13:f67a6c6013ca | 161 | LTC_PKHA_Ed25519_PointMul(LTC_PKHA_Ed25519_BasePoint(), nonce, ED25519_KEY_SIZE, <cPoint, kLTC_Ed25519 /* result on Ed25519 */); |
wolfSSL | 13:f67a6c6013ca | 162 | LTC_PKHA_Ed25519_Compress(<cPoint, out); |
wolfSSL | 13:f67a6c6013ca | 163 | #else |
wolfSSL | 13:f67a6c6013ca | 164 | sc_reduce(nonce); |
wolfSSL | 13:f67a6c6013ca | 165 | |
wolfSSL | 13:f67a6c6013ca | 166 | /* step 2: computing R = rB where rB is the scalar multiplication of |
wolfSSL | 13:f67a6c6013ca | 167 | r and B */ |
wolfSSL | 13:f67a6c6013ca | 168 | ge_scalarmult_base(&R,nonce); |
wolfSSL | 13:f67a6c6013ca | 169 | ge_p3_tobytes(out,&R); |
wolfSSL | 13:f67a6c6013ca | 170 | #endif |
wolfSSL | 13:f67a6c6013ca | 171 | |
wolfSSL | 13:f67a6c6013ca | 172 | /* step 3: hash R + public key + message getting H(R,A,M) then |
wolfSSL | 13:f67a6c6013ca | 173 | creating S = (r + H(R,A,M)a) mod l */ |
wolfSSL | 13:f67a6c6013ca | 174 | ret = wc_InitSha512(&sha); |
wolfSSL | 13:f67a6c6013ca | 175 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 176 | return ret; |
wolfSSL | 13:f67a6c6013ca | 177 | ret = wc_Sha512Update(&sha, out, ED25519_SIG_SIZE/2); |
wolfSSL | 13:f67a6c6013ca | 178 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 179 | return ret; |
wolfSSL | 13:f67a6c6013ca | 180 | ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 181 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 182 | return ret; |
wolfSSL | 13:f67a6c6013ca | 183 | ret = wc_Sha512Update(&sha, in, inlen); |
wolfSSL | 13:f67a6c6013ca | 184 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 185 | return ret; |
wolfSSL | 13:f67a6c6013ca | 186 | ret = wc_Sha512Final(&sha, hram); |
wolfSSL | 13:f67a6c6013ca | 187 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 188 | return ret; |
wolfSSL | 13:f67a6c6013ca | 189 | |
wolfSSL | 13:f67a6c6013ca | 190 | #ifdef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 191 | LTC_PKHA_sc_reduce(hram); |
wolfSSL | 13:f67a6c6013ca | 192 | LTC_PKHA_sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce); |
wolfSSL | 13:f67a6c6013ca | 193 | #else |
wolfSSL | 13:f67a6c6013ca | 194 | sc_reduce(hram); |
wolfSSL | 13:f67a6c6013ca | 195 | sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce); |
wolfSSL | 13:f67a6c6013ca | 196 | #endif |
wolfSSL | 13:f67a6c6013ca | 197 | |
wolfSSL | 13:f67a6c6013ca | 198 | return ret; |
wolfSSL | 13:f67a6c6013ca | 199 | } |
wolfSSL | 13:f67a6c6013ca | 200 | |
wolfSSL | 13:f67a6c6013ca | 201 | #endif /* HAVE_ED25519_SIGN */ |
wolfSSL | 13:f67a6c6013ca | 202 | |
wolfSSL | 13:f67a6c6013ca | 203 | #ifdef HAVE_ED25519_VERIFY |
wolfSSL | 13:f67a6c6013ca | 204 | |
wolfSSL | 13:f67a6c6013ca | 205 | /* |
wolfSSL | 13:f67a6c6013ca | 206 | sig is array of bytes containing the signature |
wolfSSL | 13:f67a6c6013ca | 207 | siglen is the length of sig byte array |
wolfSSL | 13:f67a6c6013ca | 208 | msg the array of bytes containing the message |
wolfSSL | 13:f67a6c6013ca | 209 | msglen length of msg array |
wolfSSL | 13:f67a6c6013ca | 210 | res will be 1 on successful verify and 0 on unsuccessful |
wolfSSL | 13:f67a6c6013ca | 211 | return 0 and res of 1 on success |
wolfSSL | 13:f67a6c6013ca | 212 | */ |
wolfSSL | 13:f67a6c6013ca | 213 | int wc_ed25519_verify_msg(const byte* sig, word32 siglen, const byte* msg, |
wolfSSL | 13:f67a6c6013ca | 214 | word32 msglen, int* res, ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 215 | { |
wolfSSL | 13:f67a6c6013ca | 216 | byte rcheck[ED25519_KEY_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 217 | byte h[SHA512_DIGEST_SIZE]; |
wolfSSL | 13:f67a6c6013ca | 218 | #ifndef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 219 | ge_p3 A; |
wolfSSL | 13:f67a6c6013ca | 220 | ge_p2 R; |
wolfSSL | 13:f67a6c6013ca | 221 | #endif |
wolfSSL | 13:f67a6c6013ca | 222 | int ret; |
wolfSSL | 13:f67a6c6013ca | 223 | Sha512 sha; |
wolfSSL | 13:f67a6c6013ca | 224 | |
wolfSSL | 13:f67a6c6013ca | 225 | /* sanity check on arguments */ |
wolfSSL | 13:f67a6c6013ca | 226 | if (sig == NULL || msg == NULL || res == NULL || key == NULL) |
wolfSSL | 13:f67a6c6013ca | 227 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 228 | |
wolfSSL | 13:f67a6c6013ca | 229 | /* set verification failed by default */ |
wolfSSL | 13:f67a6c6013ca | 230 | *res = 0; |
wolfSSL | 13:f67a6c6013ca | 231 | |
wolfSSL | 13:f67a6c6013ca | 232 | /* check on basics needed to verify signature */ |
wolfSSL | 13:f67a6c6013ca | 233 | if (siglen < ED25519_SIG_SIZE || (sig[ED25519_SIG_SIZE-1] & 224)) |
wolfSSL | 13:f67a6c6013ca | 234 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 235 | |
wolfSSL | 13:f67a6c6013ca | 236 | /* uncompress A (public key), test if valid, and negate it */ |
wolfSSL | 13:f67a6c6013ca | 237 | #ifndef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 238 | if (ge_frombytes_negate_vartime(&A, key->p) != 0) |
wolfSSL | 13:f67a6c6013ca | 239 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 240 | #endif |
wolfSSL | 13:f67a6c6013ca | 241 | |
wolfSSL | 13:f67a6c6013ca | 242 | /* find H(R,A,M) and store it as h */ |
wolfSSL | 13:f67a6c6013ca | 243 | ret = wc_InitSha512(&sha); |
wolfSSL | 13:f67a6c6013ca | 244 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 245 | return ret; |
wolfSSL | 13:f67a6c6013ca | 246 | ret = wc_Sha512Update(&sha, sig, ED25519_SIG_SIZE/2); |
wolfSSL | 13:f67a6c6013ca | 247 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 248 | return ret; |
wolfSSL | 13:f67a6c6013ca | 249 | ret = wc_Sha512Update(&sha, key->p, ED25519_PUB_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 250 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 251 | return ret; |
wolfSSL | 13:f67a6c6013ca | 252 | ret = wc_Sha512Update(&sha, msg, msglen); |
wolfSSL | 13:f67a6c6013ca | 253 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 254 | return ret; |
wolfSSL | 13:f67a6c6013ca | 255 | ret = wc_Sha512Final(&sha, h); |
wolfSSL | 13:f67a6c6013ca | 256 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 257 | return ret; |
wolfSSL | 13:f67a6c6013ca | 258 | |
wolfSSL | 13:f67a6c6013ca | 259 | #ifdef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 260 | LTC_PKHA_sc_reduce(h); |
wolfSSL | 13:f67a6c6013ca | 261 | LTC_PKHA_SignatureForVerify(rcheck, h, sig + (ED25519_SIG_SIZE/2), key); |
wolfSSL | 13:f67a6c6013ca | 262 | #else |
wolfSSL | 13:f67a6c6013ca | 263 | sc_reduce(h); |
wolfSSL | 13:f67a6c6013ca | 264 | |
wolfSSL | 13:f67a6c6013ca | 265 | /* |
wolfSSL | 13:f67a6c6013ca | 266 | Uses a fast single-signature verification SB = R + H(R,A,M)A becomes |
wolfSSL | 13:f67a6c6013ca | 267 | SB - H(R,A,M)A saving decompression of R |
wolfSSL | 13:f67a6c6013ca | 268 | */ |
wolfSSL | 13:f67a6c6013ca | 269 | ret = ge_double_scalarmult_vartime(&R, h, &A, sig + (ED25519_SIG_SIZE/2)); |
wolfSSL | 13:f67a6c6013ca | 270 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 271 | return ret; |
wolfSSL | 13:f67a6c6013ca | 272 | |
wolfSSL | 13:f67a6c6013ca | 273 | ge_tobytes(rcheck, &R); |
wolfSSL | 13:f67a6c6013ca | 274 | #endif /* FREESCALE_LTC_ECC */ |
wolfSSL | 13:f67a6c6013ca | 275 | |
wolfSSL | 13:f67a6c6013ca | 276 | /* comparison of R created to R in sig */ |
wolfSSL | 13:f67a6c6013ca | 277 | ret = ConstantCompare(rcheck, sig, ED25519_SIG_SIZE/2); |
wolfSSL | 13:f67a6c6013ca | 278 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 279 | return SIG_VERIFY_E; |
wolfSSL | 13:f67a6c6013ca | 280 | |
wolfSSL | 13:f67a6c6013ca | 281 | /* set the verification status */ |
wolfSSL | 13:f67a6c6013ca | 282 | *res = 1; |
wolfSSL | 13:f67a6c6013ca | 283 | |
wolfSSL | 13:f67a6c6013ca | 284 | return ret; |
wolfSSL | 13:f67a6c6013ca | 285 | } |
wolfSSL | 13:f67a6c6013ca | 286 | |
wolfSSL | 13:f67a6c6013ca | 287 | #endif /* HAVE_ED25519_VERIFY */ |
wolfSSL | 13:f67a6c6013ca | 288 | |
wolfSSL | 13:f67a6c6013ca | 289 | |
wolfSSL | 13:f67a6c6013ca | 290 | /* initialize information and memory for key */ |
wolfSSL | 13:f67a6c6013ca | 291 | int wc_ed25519_init(ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 292 | { |
wolfSSL | 13:f67a6c6013ca | 293 | if (key == NULL) |
wolfSSL | 13:f67a6c6013ca | 294 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 295 | |
wolfSSL | 13:f67a6c6013ca | 296 | XMEMSET(key, 0, sizeof(ed25519_key)); |
wolfSSL | 13:f67a6c6013ca | 297 | |
wolfSSL | 13:f67a6c6013ca | 298 | return 0; |
wolfSSL | 13:f67a6c6013ca | 299 | } |
wolfSSL | 13:f67a6c6013ca | 300 | |
wolfSSL | 13:f67a6c6013ca | 301 | |
wolfSSL | 13:f67a6c6013ca | 302 | /* clear memory of key */ |
wolfSSL | 13:f67a6c6013ca | 303 | void wc_ed25519_free(ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 304 | { |
wolfSSL | 13:f67a6c6013ca | 305 | if (key == NULL) |
wolfSSL | 13:f67a6c6013ca | 306 | return; |
wolfSSL | 13:f67a6c6013ca | 307 | |
wolfSSL | 13:f67a6c6013ca | 308 | ForceZero(key, sizeof(ed25519_key)); |
wolfSSL | 13:f67a6c6013ca | 309 | } |
wolfSSL | 13:f67a6c6013ca | 310 | |
wolfSSL | 13:f67a6c6013ca | 311 | |
wolfSSL | 13:f67a6c6013ca | 312 | #ifdef HAVE_ED25519_KEY_EXPORT |
wolfSSL | 13:f67a6c6013ca | 313 | |
wolfSSL | 13:f67a6c6013ca | 314 | /* |
wolfSSL | 13:f67a6c6013ca | 315 | outLen should contain the size of out buffer when input. outLen is than set |
wolfSSL | 13:f67a6c6013ca | 316 | to the final output length. |
wolfSSL | 13:f67a6c6013ca | 317 | returns 0 on success |
wolfSSL | 13:f67a6c6013ca | 318 | */ |
wolfSSL | 13:f67a6c6013ca | 319 | int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen) |
wolfSSL | 13:f67a6c6013ca | 320 | { |
wolfSSL | 13:f67a6c6013ca | 321 | /* sanity check on arguments */ |
wolfSSL | 13:f67a6c6013ca | 322 | if (key == NULL || out == NULL || outLen == NULL) |
wolfSSL | 13:f67a6c6013ca | 323 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 324 | |
wolfSSL | 13:f67a6c6013ca | 325 | if (*outLen < ED25519_PUB_KEY_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 326 | *outLen = ED25519_PUB_KEY_SIZE; |
wolfSSL | 13:f67a6c6013ca | 327 | return BUFFER_E; |
wolfSSL | 13:f67a6c6013ca | 328 | } |
wolfSSL | 13:f67a6c6013ca | 329 | |
wolfSSL | 13:f67a6c6013ca | 330 | *outLen = ED25519_PUB_KEY_SIZE; |
wolfSSL | 13:f67a6c6013ca | 331 | XMEMCPY(out, key->p, ED25519_PUB_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 332 | |
wolfSSL | 13:f67a6c6013ca | 333 | return 0; |
wolfSSL | 13:f67a6c6013ca | 334 | } |
wolfSSL | 13:f67a6c6013ca | 335 | |
wolfSSL | 13:f67a6c6013ca | 336 | #endif /* HAVE_ED25519_KEY_EXPORT */ |
wolfSSL | 13:f67a6c6013ca | 337 | |
wolfSSL | 13:f67a6c6013ca | 338 | |
wolfSSL | 13:f67a6c6013ca | 339 | #ifdef HAVE_ED25519_KEY_IMPORT |
wolfSSL | 13:f67a6c6013ca | 340 | /* |
wolfSSL | 13:f67a6c6013ca | 341 | Imports a compressed/uncompressed public key. |
wolfSSL | 13:f67a6c6013ca | 342 | in the byte array containing the public key |
wolfSSL | 13:f67a6c6013ca | 343 | inLen the length of the byte array being passed in |
wolfSSL | 13:f67a6c6013ca | 344 | key ed25519 key struct to put the public key in |
wolfSSL | 13:f67a6c6013ca | 345 | */ |
wolfSSL | 13:f67a6c6013ca | 346 | int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 347 | { |
wolfSSL | 13:f67a6c6013ca | 348 | int ret; |
wolfSSL | 13:f67a6c6013ca | 349 | |
wolfSSL | 13:f67a6c6013ca | 350 | /* sanity check on arguments */ |
wolfSSL | 13:f67a6c6013ca | 351 | if (in == NULL || key == NULL) |
wolfSSL | 13:f67a6c6013ca | 352 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 353 | |
wolfSSL | 13:f67a6c6013ca | 354 | if (inLen < ED25519_PUB_KEY_SIZE) |
wolfSSL | 13:f67a6c6013ca | 355 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 356 | |
wolfSSL | 13:f67a6c6013ca | 357 | /* compressed prefix according to draft |
wolfSSL | 13:f67a6c6013ca | 358 | http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-02.txt */ |
wolfSSL | 13:f67a6c6013ca | 359 | if (in[0] == 0x40 && inLen > ED25519_PUB_KEY_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 360 | /* key is stored in compressed format so just copy in */ |
wolfSSL | 13:f67a6c6013ca | 361 | XMEMCPY(key->p, (in + 1), ED25519_PUB_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 362 | #ifdef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 363 | /* recover X coordinate */ |
wolfSSL | 13:f67a6c6013ca | 364 | ltc_pkha_ecc_point_t pubKey; |
wolfSSL | 13:f67a6c6013ca | 365 | pubKey.X = key->pointX; |
wolfSSL | 13:f67a6c6013ca | 366 | pubKey.Y = key->pointY; |
wolfSSL | 13:f67a6c6013ca | 367 | LTC_PKHA_Ed25519_PointDecompress(key->p, ED25519_PUB_KEY_SIZE, &pubKey); |
wolfSSL | 13:f67a6c6013ca | 368 | #endif |
wolfSSL | 13:f67a6c6013ca | 369 | return 0; |
wolfSSL | 13:f67a6c6013ca | 370 | } |
wolfSSL | 13:f67a6c6013ca | 371 | |
wolfSSL | 13:f67a6c6013ca | 372 | /* importing uncompressed public key */ |
wolfSSL | 13:f67a6c6013ca | 373 | if (in[0] == 0x04 && inLen > 2*ED25519_PUB_KEY_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 374 | #ifdef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 375 | /* reverse bytes for little endian byte order */ |
wolfSSL | 13:f67a6c6013ca | 376 | for (int i = 0; i < ED25519_KEY_SIZE; i++) |
wolfSSL | 13:f67a6c6013ca | 377 | { |
wolfSSL | 13:f67a6c6013ca | 378 | key->pointX[i] = *(in + ED25519_KEY_SIZE - i); |
wolfSSL | 13:f67a6c6013ca | 379 | key->pointY[i] = *(in + 2*ED25519_KEY_SIZE - i); |
wolfSSL | 13:f67a6c6013ca | 380 | } |
wolfSSL | 13:f67a6c6013ca | 381 | XMEMCPY(key->p, key->pointY, ED25519_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 382 | ret = 0; |
wolfSSL | 13:f67a6c6013ca | 383 | #else |
wolfSSL | 13:f67a6c6013ca | 384 | /* pass in (x,y) and store compressed key */ |
wolfSSL | 13:f67a6c6013ca | 385 | ret = ge_compress_key(key->p, in+1, |
wolfSSL | 13:f67a6c6013ca | 386 | in+1+ED25519_PUB_KEY_SIZE, ED25519_PUB_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 387 | #endif /* FREESCALE_LTC_ECC */ |
wolfSSL | 13:f67a6c6013ca | 388 | return ret; |
wolfSSL | 13:f67a6c6013ca | 389 | } |
wolfSSL | 13:f67a6c6013ca | 390 | |
wolfSSL | 13:f67a6c6013ca | 391 | /* if not specified compressed or uncompressed check key size |
wolfSSL | 13:f67a6c6013ca | 392 | if key size is equal to compressed key size copy in key */ |
wolfSSL | 13:f67a6c6013ca | 393 | if (inLen == ED25519_PUB_KEY_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 394 | XMEMCPY(key->p, in, ED25519_PUB_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 395 | #ifdef FREESCALE_LTC_ECC |
wolfSSL | 13:f67a6c6013ca | 396 | /* recover X coordinate */ |
wolfSSL | 13:f67a6c6013ca | 397 | ltc_pkha_ecc_point_t pubKey; |
wolfSSL | 13:f67a6c6013ca | 398 | pubKey.X = key->pointX; |
wolfSSL | 13:f67a6c6013ca | 399 | pubKey.Y = key->pointY; |
wolfSSL | 13:f67a6c6013ca | 400 | LTC_PKHA_Ed25519_PointDecompress(key->p, ED25519_PUB_KEY_SIZE, &pubKey); |
wolfSSL | 13:f67a6c6013ca | 401 | #endif |
wolfSSL | 13:f67a6c6013ca | 402 | return 0; |
wolfSSL | 13:f67a6c6013ca | 403 | } |
wolfSSL | 13:f67a6c6013ca | 404 | |
wolfSSL | 13:f67a6c6013ca | 405 | /* bad public key format */ |
wolfSSL | 13:f67a6c6013ca | 406 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 407 | } |
wolfSSL | 13:f67a6c6013ca | 408 | |
wolfSSL | 13:f67a6c6013ca | 409 | |
wolfSSL | 13:f67a6c6013ca | 410 | /* |
wolfSSL | 13:f67a6c6013ca | 411 | For importing a private key. |
wolfSSL | 13:f67a6c6013ca | 412 | */ |
wolfSSL | 13:f67a6c6013ca | 413 | int wc_ed25519_import_private_only(const byte* priv, word32 privSz, |
wolfSSL | 13:f67a6c6013ca | 414 | ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 415 | { |
wolfSSL | 13:f67a6c6013ca | 416 | /* sanity check on arguments */ |
wolfSSL | 13:f67a6c6013ca | 417 | if (priv == NULL || key == NULL) |
wolfSSL | 13:f67a6c6013ca | 418 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 419 | |
wolfSSL | 13:f67a6c6013ca | 420 | /* key size check */ |
wolfSSL | 13:f67a6c6013ca | 421 | if (privSz < ED25519_KEY_SIZE) |
wolfSSL | 13:f67a6c6013ca | 422 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 423 | |
wolfSSL | 13:f67a6c6013ca | 424 | XMEMCPY(key->k, priv, ED25519_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 425 | |
wolfSSL | 13:f67a6c6013ca | 426 | return 0; |
wolfSSL | 13:f67a6c6013ca | 427 | } |
wolfSSL | 13:f67a6c6013ca | 428 | |
wolfSSL | 13:f67a6c6013ca | 429 | /* |
wolfSSL | 13:f67a6c6013ca | 430 | For importing a private key and its associated public key. |
wolfSSL | 13:f67a6c6013ca | 431 | */ |
wolfSSL | 13:f67a6c6013ca | 432 | int wc_ed25519_import_private_key(const byte* priv, word32 privSz, |
wolfSSL | 13:f67a6c6013ca | 433 | const byte* pub, word32 pubSz, ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 434 | { |
wolfSSL | 13:f67a6c6013ca | 435 | int ret; |
wolfSSL | 13:f67a6c6013ca | 436 | |
wolfSSL | 13:f67a6c6013ca | 437 | /* sanity check on arguments */ |
wolfSSL | 13:f67a6c6013ca | 438 | if (priv == NULL || pub == NULL || key == NULL) |
wolfSSL | 13:f67a6c6013ca | 439 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 440 | |
wolfSSL | 13:f67a6c6013ca | 441 | /* key size check */ |
wolfSSL | 13:f67a6c6013ca | 442 | if (privSz < ED25519_KEY_SIZE || pubSz < ED25519_PUB_KEY_SIZE) |
wolfSSL | 13:f67a6c6013ca | 443 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 444 | |
wolfSSL | 13:f67a6c6013ca | 445 | /* import public key */ |
wolfSSL | 13:f67a6c6013ca | 446 | ret = wc_ed25519_import_public(pub, pubSz, key); |
wolfSSL | 13:f67a6c6013ca | 447 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 448 | return ret; |
wolfSSL | 13:f67a6c6013ca | 449 | |
wolfSSL | 13:f67a6c6013ca | 450 | /* make the private key (priv + pub) */ |
wolfSSL | 13:f67a6c6013ca | 451 | XMEMCPY(key->k, priv, ED25519_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 452 | XMEMCPY(key->k + ED25519_KEY_SIZE, key->p, ED25519_PUB_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 453 | |
wolfSSL | 13:f67a6c6013ca | 454 | return ret; |
wolfSSL | 13:f67a6c6013ca | 455 | } |
wolfSSL | 13:f67a6c6013ca | 456 | |
wolfSSL | 13:f67a6c6013ca | 457 | #endif /* HAVE_ED25519_KEY_IMPORT */ |
wolfSSL | 13:f67a6c6013ca | 458 | |
wolfSSL | 13:f67a6c6013ca | 459 | |
wolfSSL | 13:f67a6c6013ca | 460 | #ifdef HAVE_ED25519_KEY_EXPORT |
wolfSSL | 13:f67a6c6013ca | 461 | |
wolfSSL | 13:f67a6c6013ca | 462 | /* |
wolfSSL | 13:f67a6c6013ca | 463 | export private key only (secret part so 32 bytes) |
wolfSSL | 13:f67a6c6013ca | 464 | outLen should contain the size of out buffer when input. outLen is than set |
wolfSSL | 13:f67a6c6013ca | 465 | to the final output length. |
wolfSSL | 13:f67a6c6013ca | 466 | returns 0 on success |
wolfSSL | 13:f67a6c6013ca | 467 | */ |
wolfSSL | 13:f67a6c6013ca | 468 | int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen) |
wolfSSL | 13:f67a6c6013ca | 469 | { |
wolfSSL | 13:f67a6c6013ca | 470 | /* sanity checks on arguments */ |
wolfSSL | 13:f67a6c6013ca | 471 | if (key == NULL || out == NULL || outLen == NULL) |
wolfSSL | 13:f67a6c6013ca | 472 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 473 | |
wolfSSL | 13:f67a6c6013ca | 474 | if (*outLen < ED25519_KEY_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 475 | *outLen = ED25519_KEY_SIZE; |
wolfSSL | 13:f67a6c6013ca | 476 | return BUFFER_E; |
wolfSSL | 13:f67a6c6013ca | 477 | } |
wolfSSL | 13:f67a6c6013ca | 478 | |
wolfSSL | 13:f67a6c6013ca | 479 | *outLen = ED25519_KEY_SIZE; |
wolfSSL | 13:f67a6c6013ca | 480 | XMEMCPY(out, key->k, ED25519_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 481 | |
wolfSSL | 13:f67a6c6013ca | 482 | return 0; |
wolfSSL | 13:f67a6c6013ca | 483 | } |
wolfSSL | 13:f67a6c6013ca | 484 | |
wolfSSL | 13:f67a6c6013ca | 485 | /* |
wolfSSL | 13:f67a6c6013ca | 486 | export private key, including public part |
wolfSSL | 13:f67a6c6013ca | 487 | outLen should contain the size of out buffer when input. outLen is than set |
wolfSSL | 13:f67a6c6013ca | 488 | to the final output length. |
wolfSSL | 13:f67a6c6013ca | 489 | returns 0 on success |
wolfSSL | 13:f67a6c6013ca | 490 | */ |
wolfSSL | 13:f67a6c6013ca | 491 | int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen) |
wolfSSL | 13:f67a6c6013ca | 492 | { |
wolfSSL | 13:f67a6c6013ca | 493 | /* sanity checks on arguments */ |
wolfSSL | 13:f67a6c6013ca | 494 | if (key == NULL || out == NULL || outLen == NULL) |
wolfSSL | 13:f67a6c6013ca | 495 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 496 | |
wolfSSL | 13:f67a6c6013ca | 497 | if (*outLen < ED25519_PRV_KEY_SIZE) { |
wolfSSL | 13:f67a6c6013ca | 498 | *outLen = ED25519_PRV_KEY_SIZE; |
wolfSSL | 13:f67a6c6013ca | 499 | return BUFFER_E; |
wolfSSL | 13:f67a6c6013ca | 500 | } |
wolfSSL | 13:f67a6c6013ca | 501 | |
wolfSSL | 13:f67a6c6013ca | 502 | *outLen = ED25519_PRV_KEY_SIZE; |
wolfSSL | 13:f67a6c6013ca | 503 | XMEMCPY(out, key->k, ED25519_PRV_KEY_SIZE); |
wolfSSL | 13:f67a6c6013ca | 504 | |
wolfSSL | 13:f67a6c6013ca | 505 | return 0; |
wolfSSL | 13:f67a6c6013ca | 506 | } |
wolfSSL | 13:f67a6c6013ca | 507 | |
wolfSSL | 13:f67a6c6013ca | 508 | /* export full private key and public key |
wolfSSL | 13:f67a6c6013ca | 509 | return 0 on success |
wolfSSL | 13:f67a6c6013ca | 510 | */ |
wolfSSL | 13:f67a6c6013ca | 511 | int wc_ed25519_export_key(ed25519_key* key, |
wolfSSL | 13:f67a6c6013ca | 512 | byte* priv, word32 *privSz, |
wolfSSL | 13:f67a6c6013ca | 513 | byte* pub, word32 *pubSz) |
wolfSSL | 13:f67a6c6013ca | 514 | { |
wolfSSL | 13:f67a6c6013ca | 515 | int ret; |
wolfSSL | 13:f67a6c6013ca | 516 | |
wolfSSL | 13:f67a6c6013ca | 517 | /* export 'full' private part */ |
wolfSSL | 13:f67a6c6013ca | 518 | ret = wc_ed25519_export_private(key, priv, privSz); |
wolfSSL | 13:f67a6c6013ca | 519 | if (ret != 0) |
wolfSSL | 13:f67a6c6013ca | 520 | return ret; |
wolfSSL | 13:f67a6c6013ca | 521 | |
wolfSSL | 13:f67a6c6013ca | 522 | /* export public part */ |
wolfSSL | 13:f67a6c6013ca | 523 | ret = wc_ed25519_export_public(key, pub, pubSz); |
wolfSSL | 13:f67a6c6013ca | 524 | |
wolfSSL | 13:f67a6c6013ca | 525 | return ret; |
wolfSSL | 13:f67a6c6013ca | 526 | } |
wolfSSL | 13:f67a6c6013ca | 527 | |
wolfSSL | 13:f67a6c6013ca | 528 | #endif /* HAVE_ED25519_KEY_EXPORT */ |
wolfSSL | 13:f67a6c6013ca | 529 | |
wolfSSL | 13:f67a6c6013ca | 530 | /* check the private and public keys match */ |
wolfSSL | 13:f67a6c6013ca | 531 | int wc_ed25519_check_key(ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 532 | { |
wolfSSL | 13:f67a6c6013ca | 533 | /* TODO: Perform check of private and public key */ |
wolfSSL | 13:f67a6c6013ca | 534 | (void)key; |
wolfSSL | 13:f67a6c6013ca | 535 | |
wolfSSL | 13:f67a6c6013ca | 536 | return 0; |
wolfSSL | 13:f67a6c6013ca | 537 | } |
wolfSSL | 13:f67a6c6013ca | 538 | |
wolfSSL | 13:f67a6c6013ca | 539 | /* returns the private key size (secret only) in bytes */ |
wolfSSL | 13:f67a6c6013ca | 540 | int wc_ed25519_size(ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 541 | { |
wolfSSL | 13:f67a6c6013ca | 542 | if (key == NULL) |
wolfSSL | 13:f67a6c6013ca | 543 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 544 | |
wolfSSL | 13:f67a6c6013ca | 545 | return ED25519_KEY_SIZE; |
wolfSSL | 13:f67a6c6013ca | 546 | } |
wolfSSL | 13:f67a6c6013ca | 547 | |
wolfSSL | 13:f67a6c6013ca | 548 | /* returns the private key size (secret + public) in bytes */ |
wolfSSL | 13:f67a6c6013ca | 549 | int wc_ed25519_priv_size(ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 550 | { |
wolfSSL | 13:f67a6c6013ca | 551 | if (key == NULL) |
wolfSSL | 13:f67a6c6013ca | 552 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 553 | |
wolfSSL | 13:f67a6c6013ca | 554 | return ED25519_PRV_KEY_SIZE; |
wolfSSL | 13:f67a6c6013ca | 555 | } |
wolfSSL | 13:f67a6c6013ca | 556 | |
wolfSSL | 13:f67a6c6013ca | 557 | /* returns the compressed key size in bytes (public key) */ |
wolfSSL | 13:f67a6c6013ca | 558 | int wc_ed25519_pub_size(ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 559 | { |
wolfSSL | 13:f67a6c6013ca | 560 | if (key == NULL) |
wolfSSL | 13:f67a6c6013ca | 561 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 562 | |
wolfSSL | 13:f67a6c6013ca | 563 | return ED25519_PUB_KEY_SIZE; |
wolfSSL | 13:f67a6c6013ca | 564 | } |
wolfSSL | 13:f67a6c6013ca | 565 | |
wolfSSL | 13:f67a6c6013ca | 566 | /* returns the size of signature in bytes */ |
wolfSSL | 13:f67a6c6013ca | 567 | int wc_ed25519_sig_size(ed25519_key* key) |
wolfSSL | 13:f67a6c6013ca | 568 | { |
wolfSSL | 13:f67a6c6013ca | 569 | if (key == NULL) |
wolfSSL | 13:f67a6c6013ca | 570 | return BAD_FUNC_ARG; |
wolfSSL | 13:f67a6c6013ca | 571 | |
wolfSSL | 13:f67a6c6013ca | 572 | return ED25519_SIG_SIZE; |
wolfSSL | 13:f67a6c6013ca | 573 | } |
wolfSSL | 13:f67a6c6013ca | 574 | |
wolfSSL | 13:f67a6c6013ca | 575 | #endif /* HAVE_ED25519 */ |
wolfSSL | 13:f67a6c6013ca | 576 | |
wolfSSL | 13:f67a6c6013ca | 577 |