1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127

//! A compact Ed25519 and X25519 implementation for Rust.
//!
//! * Formally-verified Curve25519 field arithmetic
//! * `no_std`-friendly
//! * WebAssembly-friendly
//! * Fastly Compute-friendly
//! * Lightweight
//! * Zero dependencies if randomness is provided by the application
//! * Only one portable dependency (`getrandom`) if not
//! * Supports incremental signatures (streaming API)
//! * Safe and simple Rust interface.
//!
//! Example usage:
//!
//! ```rust
//! use ed25519_compact::*;
//!
//! // A message to sign and verify.
//! let message = b"test";
//!
//! // Generates a new key pair using a random seed.
//! // A given seed will always produce the same key pair.
//! let key_pair = KeyPair::from_seed(Seed::generate());
//!
//! // Computes a signature for this message using the secret part of the key pair.
//! let signature = key_pair.sk.sign(message, Some(Noise::generate()));
//!
//! // Verifies the signature using the public part of the key pair.
//! key_pair
//!     .pk
//!     .verify(message, &signature)
//!     .expect("Signature didn't verify");
//!
//! // Verification of a different message using the same signature and public key fails.
//! key_pair
//!     .pk
//!     .verify(b"A different message", &signature)
//!     .expect_err("Signature shouldn't verify");
//!
//! // All these structures can be viewed as raw bytes simply by dereferencing them:
//! let signature_as_bytes: &[u8] = signature.as_ref();
//! println!("Signature as bytes: {:?}", signature_as_bytes);
//! ```
//!
//! ## Incremental API example usage
//!
//! Messages can also be supplied as multiple parts (streaming API) in order to
//! handle large messages without using much memory:
//!
//! ```rust
//! use ed25519_compact::*;
//!
//! /// Creates a new key pair.
//! let kp = KeyPair::generate();
//!
//! /// Create a state for an incremental signer.
//! let mut st = kp.sk.sign_incremental(Noise::default());
//!
//! /// Feed the message as any number of chunks, and sign the concatenation.
//! st.absorb("mes");
//! st.absorb("sage");
//! let signature = st.sign();
//!
//! /// Create a state for an incremental verifier.
//! let mut st = kp.pk.verify_incremental(&signature).unwrap();
//!
//! /// Feed the message as any number of chunks, and verify the concatenation.
//! st.absorb("mess");
//! st.absorb("age");
//! assert!(st.verify().is_ok());
//! ```
//!
//! Cargo features:
//!
//! * `self-verify`: after having computed a new signature, verify that is it
//!   valid. This is slower, but improves resilience against fault attacks. It
//!   is enabled by default on WebAssembly targets.
//! * `std`: disables `no_std` compatibility in order to make errors implement
//!   the standard `Error` trait.
//! * `random` (enabled by default): adds `Default` and `generate`
//!   implementations to the `Seed` and `Noise` objects, in order to securely
//!   create random keys and noise.
//! * `traits`: add support for the traits from the ed25519 and signature
//!   crates.
//! * `pem`: add support for importing/exporting keys as OpenSSL-compatible PEM
//!   files.
//! * `blind-keys`: add support for key blinding.
//! * `opt_size`: Enable size optimizations (based on benchmarks, 8-15% size
//!   reduction at the cost of 6.5-7% performance).
//! * `x25519`: Enable support for the X25519 key exchange system.
//! * `disable-signatures`: Disable support for signatures, and only compile
//!   support for X25519.

#![cfg_attr(not(feature = "std"), no_std)]
#![allow(
    clippy::needless_range_loop,
    clippy::many_single_char_names,
    clippy::unreadable_literal,
    clippy::let_and_return,
    clippy::needless_lifetimes,
    clippy::cast_lossless,
    clippy::suspicious_arithmetic_impl,
    clippy::identity_op
)]

mod common;
mod error;
mod field25519;
mod sha512;

pub use crate::common::*;
pub use crate::error::*;

#[cfg(not(feature = "disable-signatures"))]
mod ed25519;
#[cfg(not(feature = "disable-signatures"))]
mod edwards25519;

#[cfg(not(feature = "disable-signatures"))]
pub use crate::ed25519::*;

#[cfg(feature = "x25519")]
pub mod x25519;

#[cfg(not(feature = "disable-signatures"))]
#[cfg(feature = "pem")]
mod pem;