commit 83fcdf5152cece9450cabd060bc5d7e2bc686ec2
parent a30a89882f7d3eae0e3c06cd67548c9340bef10f
Author: Armin Preiml <apreiml@strohwolke.at>
Date: Sat, 19 Aug 2023 11:10:52 +0200
crypto::ed25519: change api to take slices
Allowing to pass slices avoids nedless key copying if keys are
taken from buffers.
Does not break the api.
Diffstat:
2 files changed, 19 insertions(+), 10 deletions(-)
diff --git a/crypto/ed25519/ed25519.ha b/crypto/ed25519/ed25519.ha
@@ -22,13 +22,14 @@ export def PRIVKEYSZ: size = 64;
export def SIGNATURESZ: size = 64;
export type privkey = [PRIVKEYSZ]u8;
-export type pubkey =[PUBKEYSZ]u8;
+export type pubkey = [PUBKEYSZ]u8;
export type seed = [SEEDSZ]u8;
// Derives a new Ed25519 private key from a given seed. The seed must be
// initialized to cryptographically random data; [[crypto::random]] is
// recommended for this purpose.
-export fn privkey_init(out: *privkey, seed: *seed) void = {
+export fn privkey_init(priv: []u8, seed: *seed) void = {
+ assert(len(priv) == PRIVKEYSZ);
let h: [64]u8 = [0...];
let sha = sha512::sha512();
hash::write(&sha, seed[..]);
@@ -44,19 +45,22 @@ export fn privkey_init(out: *privkey, seed: *seed) void = {
let A_bytes: [POINTSZ]u8 = [0...];
point_encode(&A_bytes, &A);
- out[0..SEEDSZ] = seed[..];
- out[SEEDSZ..PRIVKEYSZ] = A_bytes[..];
+ priv[0..SEEDSZ] = seed[..];
+ priv[SEEDSZ..PRIVKEYSZ] = A_bytes[..];
};
-// Derive the public key for a given private key.
-export fn privkey_getpubkey(priv: *privkey) pubkey = {
+// Derive the public key for a given private key. '
+export fn privkey_getpubkey(priv: []u8) pubkey = {
+ assert(len(priv) == PRIVKEYSZ);
let pk: pubkey = [0...];
pk[0..] = priv[SEEDSZ..];
return pk;
};
// Signs a message with a private key, returning the signature.
-export fn sign(priv: *privkey, msg: []u8) [SIGNATURESZ]u8 = {
+export fn sign(priv: []u8, msg: []u8) [SIGNATURESZ]u8 = {
+ assert(len(priv) == PRIVKEYSZ);
+
let h: [64]u8 = [0...];
let sha = sha512::sha512();
hash::write(&sha, priv[0..SEEDSZ]);
@@ -100,7 +104,10 @@ export fn sign(priv: *privkey, msg: []u8) [SIGNATURESZ]u8 = {
// Given a public key, verifies a signature produced with the
// corresponding private key for a given message, returning true if the
// signature is valid and false otherwise.
-export fn verify(pub: *pubkey, msg: []u8, sig: *[SIGNATURESZ]u8) bool = {
+export fn verify(pub: []u8, msg: []u8, sig: []u8) bool = {
+ assert(len(pub) == PUBKEYSZ);
+ assert(len(sig) == SIGNATURESZ);
+
let A = point { ... };
if (!point_decode(&A, pub)) {
return false;
diff --git a/crypto/ed25519/edwards25519.ha b/crypto/ed25519/edwards25519.ha
@@ -148,7 +148,8 @@ fn fe_encode(out: *scalar, a: const *elem) void = {
};
};
-fn fe_decode(fe: *elem, in: *[SCALARSZ]u8) *elem = {
+// len(in) must be SCALARSZ
+fn fe_decode(fe: *elem, in: []u8) *elem = {
for (let i = 0z; i < FIELDSZ; i += 1) {
fe[i] = in[2 * i] : i64 + ((in[2 * i + 1] : i64) << 8);
};
@@ -313,7 +314,8 @@ fn point_encode(out: *scalar, p: *point) void = {
out[31] ^= fe_parity(&tx) << 7;
};
-fn point_decode(p: *point, in: *[POINTSZ]u8) bool = {
+// len(in) must be POINTSIZE
+fn point_decode(p: *point, in: []u8) bool = {
let t: elem = [0...];
let chk: elem = [0...];
let num: elem = [0...];
