EdDSA#
HACL Packages provides the Ed25519 instantiation of EdDSA, i.e., EdDSA signing and verification on the edwards25519 curve.
Two APIs are exposed: A (simple) “One-Shot” API to sign/verify a single message and a (more efficient) “Precomputed” API to sign multiple messages under the same (precomputed) key.
API Reference#
-
void Hacl_Ed25519_secret_to_public(uint8_t *public_key, uint8_t *private_key)#
Compute the public key from the private key.
The outparam
public_key
points to 32 bytes of valid memory, i.e., uint8_t[32]. The argumentprivate_key
points to 32 bytes of valid memory, i.e., uint8_t[32].
One-Shot#
-
void Hacl_Ed25519_sign(uint8_t *signature, uint8_t *private_key, uint32_t msg_len, uint8_t *msg)#
Create an Ed25519 signature.
The outparam
signature
points to 64 bytes of valid memory, i.e., uint8_t[64]. The argumentprivate_key
points to 32 bytes of valid memory, i.e., uint8_t[32]. The argumentmsg
points tomsg_len
bytes of valid memory, i.e., uint8_t[msg_len].The function first calls
expand_keys
and then invokessign_expanded
.If one needs to sign several messages under the same private key, it is more efficient to call
expand_keys
only once andsign_expanded
multiple times, for each message.
-
bool Hacl_Ed25519_verify(uint8_t *public_key, uint32_t msg_len, uint8_t *msg, uint8_t *signature)#
Verify an Ed25519 signature.
The function returns
true
if the signature is valid andfalse
otherwise.The argument
public_key
points to 32 bytes of valid memory, i.e., uint8_t[32]. The argumentmsg
points tomsg_len
bytes of valid memory, i.e., uint8_t[msg_len]. The argumentsignature
points to 64 bytes of valid memory, i.e., uint8_t[64].
Example
Precomputed#
-
void Hacl_Ed25519_expand_keys(uint8_t *expanded_keys, uint8_t *private_key)#
Compute the expanded keys for an Ed25519 signature.
The outparam
expanded_keys
points to 96 bytes of valid memory, i.e., uint8_t[96]. The argumentprivate_key
points to 32 bytes of valid memory, i.e., uint8_t[32].If one needs to sign several messages under the same private key, it is more efficient to call
expand_keys
only once andsign_expanded
multiple times, for each message.
-
void Hacl_Ed25519_sign_expanded(uint8_t *signature, uint8_t *expanded_keys, uint32_t msg_len, uint8_t *msg)#
Create an Ed25519 signature with the (precomputed) expanded keys.
The outparam
signature
points to 64 bytes of valid memory, i.e., uint8_t[64]. The argumentexpanded_keys
points to 96 bytes of valid memory, i.e., uint8_t[96]. The argumentmsg
points tomsg_len
bytes of valid memory, i.e., uint8_t[msg_len].The argument
expanded_keys
is obtained throughexpand_keys
.If one needs to sign several messages under the same private key, it is more efficient to call
expand_keys
only once andsign_expanded
multiple times, for each message.
Example