Commit 5d4859c0 authored by Niels Möller's avatar Niels Möller
Browse files

Updated EdDSA documentation.

parent 49105649
2015-03-19 Niels Möller <nisse@diamant.hack.org> 2015-03-19 Niels Möller <nisse@diamant.hack.org>
* nettle.texinfo: Updated EdDSA documentation.
* Makefile.in (DISTFILES): Added version.h.in, libnettle.map.in, * Makefile.in (DISTFILES): Added version.h.in, libnettle.map.in,
and libhogweed.map.in (latter two patch by Nikos). and libhogweed.map.in (latter two patch by Nikos).
(version.h): New make target. (version.h): New make target.
......
...@@ -4260,6 +4260,7 @@ This function is intended to be compatible with the function ...@@ -4260,6 +4260,7 @@ This function is intended to be compatible with the function
@end deftypefun @end deftypefun
@subsubsection EdDSA @subsubsection EdDSA
@cindex eddsa
EdDSA is a signature scheme proposed by D.~J.~Bernstein et al. in 2011. EdDSA is a signature scheme proposed by D.~J.~Bernstein et al. in 2011.
It is defined using a ``Twisted Edwards curve'', of the form @math{-x^2 It is defined using a ``Twisted Edwards curve'', of the form @math{-x^2
...@@ -4278,9 +4279,9 @@ forge signatures. EdDSA also avoids the use of a randomness source by ...@@ -4278,9 +4279,9 @@ forge signatures. EdDSA also avoids the use of a randomness source by
generating the needed signature nonce from a hash of the private key and generating the needed signature nonce from a hash of the private key and
the message, which means that the message is actually hashed twice when the message, which means that the message is actually hashed twice when
creating a signature. If signing huge messages, it is possible to hash creating a signature. If signing huge messages, it is possible to hash
the message first and pass the short message digest as input to the the message first and pass the short message digest as input to the sign
signa and verify functions, however, the hash collision resilience is and verify functions, however, the resilience to hash collision is then
then lost. lost.
@defvr Constant ED25519_KEY_SIZE @defvr Constant ED25519_KEY_SIZE
The size of a private or public Ed25519 key, 32 octets. The size of a private or public Ed25519 key, 32 octets.
...@@ -4290,27 +4291,16 @@ The size of a private or public Ed25519 key, 32 octets. ...@@ -4290,27 +4291,16 @@ The size of a private or public Ed25519 key, 32 octets.
The size of an Ed25519 signature, 64 octets. The size of an Ed25519 signature, 64 octets.
@end defvr @end defvr
@deftp {Context struct} {struct ed25519_private_key} @deftypefun void ed25519_sha512_public_key (uint8_t *@var{pub}, const uint8_t *@var{priv})
@deftpx {Context struct} {struct ed25519_public_key} Computes the public key corresponding to the given private key. Both
These structs represent a private and public key, respectively, expanded input and output are of size @code{ED25519_KEY_SIZE}.
into an internal representation.
@end deftp
@deftypefun void ed25519_sha512_set_private_key (struct ed25519_private_key *@var{priv}, const uint8_t *@var{key})
Expands a private key (@code{ED25519_KEY_SIZE} octets) into the internal
representation.
@end deftypefun
@deftypefun void ed25519_sha512_sign (const struct ed25519_private_key *@var{priv}, size_t @var{length}, const uint8_t *@var{msg}, uint8_t *@var{signature})
Signs a message using the provided private key.
@end deftypefun @end deftypefun
@deftypefun int ed25519_sha512_set_public_key (struct ed25519_public_key *@var{pub}, const uint8_t *@var{key}) @deftypefun void ed25519_sha512_sign (const uint8_t *@var{pub}, const uint8_t *@var{priv}, size_t @var{length}, const uint8_t *@var{msg}, uint8_t *@var{signature})
Expands a public key (@code{ED25519_KEY_SIZE} octets) into the internal Signs a message using the provided key pair.
representation. Returns 1 on success, 0 on failure.
@end deftypefun @end deftypefun
@deftypefun int ed25519_sha512_verify (const struct ed25519_public_key *@var{pub}, size_t @var{length}, const uint8_t *@var{msg}, const uint8_t *@var{signature}) @deftypefun int ed25519_sha512_verify (const uint8_t *@var{pub}, size_t @var{length}, const uint8_t *@var{msg}, const uint8_t *@var{signature})
Verifies a message using the provided public key. Returns 1 if the Verifies a message using the provided public key. Returns 1 if the
signature is valid, otherwise 0. signature is valid, otherwise 0.
@end deftypefun @end deftypefun
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment