-/**
- * @file decaf/ed448.h
- * @author Mike Hamburg
- *
- * @copyright
- * Copyright (c) 2015-2016 Cryptography Research, Inc. \n
- * Released under the MIT License. See LICENSE.txt for license information.
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
*
- * @brief A group of prime order p, based on Ed448-Goldilocks.
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*
- * @warning This file was automatically generated in Python.
- * Please do not edit it.
+ * Originally written by Mike Hamburg
*/
#ifndef __DECAF_ED448_H__
-#define __DECAF_ED448_H__ 1
+# define __DECAF_ED448_H__ 1
-#include "point_448.h"
-#include "shake.h"
+# include "point_448.h"
#ifdef __cplusplus
extern "C" {
#endif
/** Number of bytes in an EdDSA public key. */
-#define DECAF_EDDSA_448_PUBLIC_BYTES 57
+# define DECAF_EDDSA_448_PUBLIC_BYTES 57
/** Number of bytes in an EdDSA private key. */
-#define DECAF_EDDSA_448_PRIVATE_BYTES DECAF_EDDSA_448_PUBLIC_BYTES
+# define DECAF_EDDSA_448_PRIVATE_BYTES DECAF_EDDSA_448_PUBLIC_BYTES
/** Number of bytes in an EdDSA private key. */
-#define DECAF_EDDSA_448_SIGNATURE_BYTES (DECAF_EDDSA_448_PUBLIC_BYTES + DECAF_EDDSA_448_PRIVATE_BYTES)
+# define DECAF_EDDSA_448_SIGNATURE_BYTES (DECAF_EDDSA_448_PUBLIC_BYTES + DECAF_EDDSA_448_PRIVATE_BYTES)
/** Does EdDSA support non-contextual signatures? */
-#define DECAF_EDDSA_448_SUPPORTS_CONTEXTLESS_SIGS 0
-
-/** Prehash context renaming macros. */
-#define decaf_ed448_prehash_ctx_s decaf_shake256_ctx_s
-#define decaf_ed448_prehash_ctx_t decaf_shake256_ctx_t
-#define decaf_ed448_prehash_update decaf_shake256_update
-#define decaf_ed448_prehash_destroy decaf_shake256_destroy
+# define DECAF_EDDSA_448_SUPPORTS_CONTEXTLESS_SIGS 0
/** EdDSA encoding ratio. */
-#define DECAF_448_EDDSA_ENCODE_RATIO 4
+# define DECAF_448_EDDSA_ENCODE_RATIO 4
/** EdDSA decoding ratio. */
-#define DECAF_448_EDDSA_DECODE_RATIO (4 / 4)
+# define DECAF_448_EDDSA_DECODE_RATIO (4 / 4)
/**
* @brief EdDSA key generation. This function uses a different (non-Decaf)
*
* @param [out] pubkey The public key.
* @param [in] privkey The private key.
- */
-void decaf_ed448_derive_public_key (
- uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
- const uint8_t privkey[DECAF_EDDSA_448_PRIVATE_BYTES]
-) DECAF_NONNULL DECAF_NOINLINE;
+ */
+decaf_error_t decaf_ed448_derive_public_key(uint8_t
+ pubkey
+ [DECAF_EDDSA_448_PUBLIC_BYTES],
+ const uint8_t
+ privkey
+ [DECAF_EDDSA_448_PRIVATE_BYTES]
+ );
/**
* @brief EdDSA signing.
* messages, at least without some very careful protocol-level disambiguation. For Ed448 it is
* safe. The C++ wrapper is designed to make it harder to screw this up, but this C code gives
* you no seat belt.
- */
-void decaf_ed448_sign (
- uint8_t signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[DECAF_EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message,
- size_t message_len,
- uint8_t prehashed,
- const uint8_t *context,
- uint8_t context_len
-) __attribute__((nonnull(1,2,3))) DECAF_NOINLINE;
+ */
+decaf_error_t decaf_ed448_sign(uint8_t
+ signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t
+ privkey[DECAF_EDDSA_448_PRIVATE_BYTES],
+ const uint8_t
+ pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
+ const uint8_t *message, size_t message_len,
+ uint8_t prehashed, const uint8_t *context,
+ size_t context_len)
+ __attribute__ ((nonnull(1, 2, 3)));
/**
* @brief EdDSA signing with prehash.
* messages, at least without some very careful protocol-level disambiguation. For Ed448 it is
* safe. The C++ wrapper is designed to make it harder to screw this up, but this C code gives
* you no seat belt.
- */
-void decaf_ed448_sign_prehash (
- uint8_t signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[DECAF_EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
- const decaf_ed448_prehash_ctx_t hash,
- const uint8_t *context,
- uint8_t context_len
-) __attribute__((nonnull(1,2,3,4))) DECAF_NOINLINE;
-
-/**
- * @brief Prehash initialization, with contexts if supported.
- *
- * @param [out] hash The hash object to be initialized.
*/
-void decaf_ed448_prehash_init (
- decaf_ed448_prehash_ctx_t hash
-) __attribute__((nonnull(1))) DECAF_NOINLINE;
+decaf_error_t decaf_ed448_sign_prehash(uint8_t
+ signature
+ [DECAF_EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t
+ privkey[DECAF_EDDSA_448_PRIVATE_BYTES],
+ const uint8_t
+ pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
+ const uint8_t hash[64],
+ const uint8_t *context,
+ size_t context_len)
+ __attribute__ ((nonnull(1, 2, 3, 4)));
/**
* @brief EdDSA signature verification.
* safe. The C++ wrapper is designed to make it harder to screw this up, but this C code gives
* you no seat belt.
*/
-decaf_error_t decaf_ed448_verify (
- const uint8_t signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
- const uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message,
- size_t message_len,
- uint8_t prehashed,
- const uint8_t *context,
- uint8_t context_len
-) __attribute__((nonnull(1,2))) DECAF_NOINLINE;
+decaf_error_t decaf_ed448_verify(const uint8_t
+ signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t
+ pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
+ const uint8_t *message, size_t message_len,
+ uint8_t prehashed, const uint8_t *context,
+ uint8_t context_len)
+ __attribute__ ((nonnull(1, 2)));
/**
* @brief EdDSA signature verification.
* safe. The C++ wrapper is designed to make it harder to screw this up, but this C code gives
* you no seat belt.
*/
-decaf_error_t decaf_ed448_verify_prehash (
- const uint8_t signature[DECAF_EDDSA_448_SIGNATURE_BYTES],
- const uint8_t pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
- const decaf_ed448_prehash_ctx_t hash,
- const uint8_t *context,
- uint8_t context_len
-) __attribute__((nonnull(1,2))) DECAF_NOINLINE;
+decaf_error_t decaf_ed448_verify_prehash(const uint8_t
+ signature
+ [DECAF_EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t
+ pubkey[DECAF_EDDSA_448_PUBLIC_BYTES],
+ const uint8_t hash[64],
+ const uint8_t *context,
+ uint8_t context_len)
+ __attribute__ ((nonnull(1, 2)));
/**
* @brief EdDSA point encoding. Used internally, exposed externally.
*
* @param [out] enc The encoded point.
* @param [in] p The point.
- */
-void curve448_point_mul_by_ratio_and_encode_like_eddsa (
- uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES],
- const curve448_point_t p
-) DECAF_NONNULL DECAF_NOINLINE;
+ */
+void curve448_point_mul_by_ratio_and_encode_like_eddsa(uint8_t
+ enc
+ [DECAF_EDDSA_448_PUBLIC_BYTES],
+ const curve448_point_t
+ p);
/**
* @brief EdDSA point decoding. Multiplies by DECAF_448_EDDSA_DECODE_RATIO,
*
* @param [out] enc The encoded point.
* @param [in] p The point.
- */
-decaf_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio (
- curve448_point_t p,
- const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]
-) DECAF_NONNULL DECAF_NOINLINE;
+ */
+decaf_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(curve448_point_t
+ p,
+ const uint8_t
+ enc
+ [DECAF_EDDSA_448_PUBLIC_BYTES]
+ );
/**
* @brief EdDSA to ECDH public key conversion
* @param[out] x The ECDH public key as in RFC7748(point on Montgomery curve)
* @param[in] ed The EdDSA public key(point on Edwards curve)
*/
-void decaf_ed448_convert_public_key_to_x448 (
- uint8_t x[DECAF_X448_PUBLIC_BYTES],
- const uint8_t ed[DECAF_EDDSA_448_PUBLIC_BYTES]
-) DECAF_NONNULL DECAF_NOINLINE;
+void decaf_ed448_convert_public_key_to_x448(uint8_t x[DECAF_X448_PUBLIC_BYTES],
+ const uint8_t
+ ed[DECAF_EDDSA_448_PUBLIC_BYTES]
+ );
/**
* @brief EdDSA to ECDH private key conversion
* @param[out] x The ECDH private key as in RFC7748
* @param[in] ed The EdDSA private key
*/
-void decaf_ed448_convert_private_key_to_x448 (
- uint8_t x[DECAF_X448_PRIVATE_BYTES],
- const uint8_t ed[DECAF_EDDSA_448_PRIVATE_BYTES]
-) DECAF_NONNULL DECAF_NOINLINE;
+decaf_error_t decaf_ed448_convert_private_key_to_x448(uint8_t
+ x
+ [DECAF_X448_PRIVATE_BYTES],
+ const uint8_t
+ ed
+ [DECAF_EDDSA_448_PRIVATE_BYTES]
+ );
#ifdef __cplusplus
} /* extern "C" */
#endif
-#endif /* __DECAF_ED448_H__ */
+#endif /* __DECAF_ED448_H__ */