aboutsummaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorAris Adamantiadis <aris@0xbadc0de.be>2014-08-07 09:01:27 +0200
committerAndreas Schneider <asn@cryptomilk.org>2014-09-07 21:35:20 +0200
commit93e82fa0c0f930609cb6f352b3e5d7c45945bac7 (patch)
tree68c2662a04335db58095cb819800e48bc15968a7 /include
parente9b2d164e0f9c597f55f546b8d62e0c04423fec5 (diff)
downloadlibssh-93e82fa0c0f930609cb6f352b3e5d7c45945bac7.tar.gz
libssh-93e82fa0c0f930609cb6f352b3e5d7c45945bac7.tar.xz
libssh-93e82fa0c0f930609cb6f352b3e5d7c45945bac7.zip
crypto: Add ed25519 implementation from OpenSSH.
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'include')
-rw-r--r--include/libssh/ed25519.h79
-rw-r--r--include/libssh/fe25519.h68
-rw-r--r--include/libssh/ge25519.h43
-rw-r--r--include/libssh/libssh.h3
-rw-r--r--include/libssh/sc25519.h74
-rw-r--r--include/libssh/wrapper.h1
6 files changed, 267 insertions, 1 deletions
diff --git a/include/libssh/ed25519.h b/include/libssh/ed25519.h
new file mode 100644
index 00000000..7b48856c
--- /dev/null
+++ b/include/libssh/ed25519.h
@@ -0,0 +1,79 @@
+/*
+ * This file is part of the SSH Library
+ *
+ * Copyright (c) 2014 by Aris Adamantiadis
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef ED25519_H_
+#define ED25519_H_
+#include "libssh/priv.h"
+
+/**
+ * @defgroup ed25519 ed25519 API
+ * @internal
+ * @brief API for DJB's ed25519
+ *
+ * @{ */
+
+#define ED25519_PK_LEN 32
+#define ED25519_SK_LEN 64
+#define ED25519_SIG_LEN 64
+
+typedef uint8_t ed25519_pubkey[ED25519_PK_LEN];
+typedef uint8_t ed25519_privkey[ED25519_SK_LEN];
+typedef uint8_t ed25519_signature[ED25519_SIG_LEN];
+
+/** @internal
+ * @brief generate an ed25519 key pair
+ * @param[out] pk generated public key
+ * @param[out] sk generated secret key
+ * @return 0 on success, -1 on error.
+ * */
+int crypto_sign_ed25519_keypair(ed25519_pubkey pk, ed25519_privkey sk);
+
+/** @internal
+ * @brief sign a message with ed25519
+ * @param[out] sm location to store the signed message.
+ * Its length should be mlen + 64.
+ * @param[out] smlen pointer to the size of the signed message
+ * @param[in] m message to be signed
+ * @param[in] mlen length of the message to be signed
+ * @param[in] sk secret key to sign the message with
+ * @return 0 on success.
+ */
+int crypto_sign_ed25519(
+ unsigned char *sm,unsigned long long *smlen,
+ const unsigned char *m,unsigned long long mlen,
+ const ed25519_privkey sk);
+
+/** @internal
+ * @brief "open" and verify the signature of a signed message
+ * @param[out] m location to store the verified message.
+ * Its length should be equal to smlen.
+ * @param[out] mlen pointer to the size of the verified message
+ * @param[in] sm signed message to verify
+ * @param[in] smlen length of the signed message to verify
+ * @param[in] pk public key used to sign the message
+ * @returns 0 on success (supposedly).
+ */
+int crypto_sign_ed25519_open(
+ unsigned char *m,unsigned long long *mlen,
+ const unsigned char *sm,unsigned long long smlen,
+ const ed25519_pubkey pk);
+
+/** @} */
+#endif /* ED25519_H_ */
diff --git a/include/libssh/fe25519.h b/include/libssh/fe25519.h
new file mode 100644
index 00000000..e959912e
--- /dev/null
+++ b/include/libssh/fe25519.h
@@ -0,0 +1,68 @@
+/* $OpenBSD: fe25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.h
+ */
+
+#ifndef FE25519_H
+#define FE25519_H
+
+#include "libssh/priv.h"
+
+#define fe25519 crypto_sign_ed25519_ref_fe25519
+#define fe25519_freeze crypto_sign_ed25519_ref_fe25519_freeze
+#define fe25519_unpack crypto_sign_ed25519_ref_fe25519_unpack
+#define fe25519_pack crypto_sign_ed25519_ref_fe25519_pack
+#define fe25519_iszero crypto_sign_ed25519_ref_fe25519_iszero
+#define fe25519_iseq_vartime crypto_sign_ed25519_ref_fe25519_iseq_vartime
+#define fe25519_cmov crypto_sign_ed25519_ref_fe25519_cmov
+#define fe25519_setone crypto_sign_ed25519_ref_fe25519_setone
+#define fe25519_setzero crypto_sign_ed25519_ref_fe25519_setzero
+#define fe25519_neg crypto_sign_ed25519_ref_fe25519_neg
+#define fe25519_getparity crypto_sign_ed25519_ref_fe25519_getparity
+#define fe25519_add crypto_sign_ed25519_ref_fe25519_add
+#define fe25519_sub crypto_sign_ed25519_ref_fe25519_sub
+#define fe25519_mul crypto_sign_ed25519_ref_fe25519_mul
+#define fe25519_square crypto_sign_ed25519_ref_fe25519_square
+#define fe25519_invert crypto_sign_ed25519_ref_fe25519_invert
+#define fe25519_pow2523 crypto_sign_ed25519_ref_fe25519_pow2523
+
+typedef struct {
+ uint32_t v[32];
+} fe25519;
+
+void fe25519_freeze(fe25519 *r);
+
+void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
+
+void fe25519_pack(unsigned char r[32], const fe25519 *x);
+
+int fe25519_iszero(const fe25519 *x);
+
+int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y);
+
+void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b);
+
+void fe25519_setone(fe25519 *r);
+
+void fe25519_setzero(fe25519 *r);
+
+void fe25519_neg(fe25519 *r, const fe25519 *x);
+
+unsigned char fe25519_getparity(const fe25519 *x);
+
+void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
+
+void fe25519_square(fe25519 *r, const fe25519 *x);
+
+void fe25519_invert(fe25519 *r, const fe25519 *x);
+
+void fe25519_pow2523(fe25519 *r, const fe25519 *x);
+
+#endif
diff --git a/include/libssh/ge25519.h b/include/libssh/ge25519.h
new file mode 100644
index 00000000..64f63c6f
--- /dev/null
+++ b/include/libssh/ge25519.h
@@ -0,0 +1,43 @@
+/* $OpenBSD: ge25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.h
+ */
+
+#ifndef GE25519_H
+#define GE25519_H
+
+#include "fe25519.h"
+#include "sc25519.h"
+
+#define ge25519 crypto_sign_ed25519_ref_ge25519
+#define ge25519_base crypto_sign_ed25519_ref_ge25519_base
+#define ge25519_unpackneg_vartime crypto_sign_ed25519_ref_unpackneg_vartime
+#define ge25519_pack crypto_sign_ed25519_ref_pack
+#define ge25519_isneutral_vartime crypto_sign_ed25519_ref_isneutral_vartime
+#define ge25519_double_scalarmult_vartime crypto_sign_ed25519_ref_double_scalarmult_vartime
+#define ge25519_scalarmult_base crypto_sign_ed25519_ref_scalarmult_base
+
+typedef struct
+{
+ fe25519 x;
+ fe25519 y;
+ fe25519 z;
+ fe25519 t;
+} ge25519;
+
+const ge25519 ge25519_base;
+
+int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
+
+void ge25519_pack(unsigned char r[32], const ge25519 *p);
+
+int ge25519_isneutral_vartime(const ge25519 *p);
+
+void ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const sc25519 *s1, const ge25519 *p2, const sc25519 *s2);
+
+void ge25519_scalarmult_base(ge25519 *r, const sc25519 *s);
+
+#endif
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index c82a0860..ba4f5f44 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -252,7 +252,8 @@ enum ssh_keytypes_e{
SSH_KEYTYPE_DSS=1,
SSH_KEYTYPE_RSA,
SSH_KEYTYPE_RSA1,
- SSH_KEYTYPE_ECDSA
+ SSH_KEYTYPE_ECDSA,
+ SSH_KEYTYPE_ED25519
};
enum ssh_keycmp_e {
diff --git a/include/libssh/sc25519.h b/include/libssh/sc25519.h
new file mode 100644
index 00000000..5a2c1b85
--- /dev/null
+++ b/include/libssh/sc25519.h
@@ -0,0 +1,74 @@
+/* $OpenBSD: sc25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */
+
+/*
+ * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
+ * Peter Schwabe, Bo-Yin Yang.
+ * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.h
+ */
+
+#ifndef SC25519_H
+#define SC25519_H
+
+#define sc25519 crypto_sign_ed25519_ref_sc25519
+#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519
+#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes
+#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes
+#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes
+#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc
+#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes
+#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime
+#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime
+#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime
+#define sc25519_add crypto_sign_ed25519_ref_sc25519_add
+#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored
+#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul
+#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc
+#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3
+#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5
+#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2
+
+typedef struct {
+ uint32_t v[32];
+} sc25519;
+
+typedef struct {
+ uint32_t v[16];
+} shortsc25519;
+
+void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
+
+void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]);
+
+void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]);
+
+void sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x);
+
+void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
+
+int sc25519_iszero_vartime(const sc25519 *x);
+
+int sc25519_isshort_vartime(const sc25519 *x);
+
+int sc25519_lt_vartime(const sc25519 *x, const sc25519 *y);
+
+void sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y);
+
+void sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y);
+
+/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3
+ * with r[i] in {-4,...,3}
+ */
+void sc25519_window3(signed char r[85], const sc25519 *s);
+
+/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5
+ * with r[i] in {-16,...,15}
+ */
+void sc25519_window5(signed char r[51], const sc25519 *s);
+
+void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
+
+#endif
diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
index d19d097c..a327e188 100644
--- a/include/libssh/wrapper.h
+++ b/include/libssh/wrapper.h
@@ -22,6 +22,7 @@
#define WRAPPER_H_
#include "config.h"
+#include "libssh/libssh.h"
#include "libssh/libcrypto.h"
#include "libssh/libgcrypt.h"