Module hazmat

Available on crate feature hazmat only.

Low-level interfaces to ed25519 functions

⚠️ Warning: Hazmat

These primitives are easy-to-misuse low-level interfaces.

If you are an end user / non-expert in cryptography, do not use any of these functions. Failure to use them correctly can lead to catastrophic failures including full private key recovery.

Structs

ExpandedSecretKey

Contains the secret scalar and domain separator used for generating signatures.

Functions

raw_sign

Compute an ordinary Ed25519 signature over the given message. CtxDigest is the digest used to calculate the pseudorandomness needed for signing. According to the Ed25519 spec, CtxDigest = Sha512.

raw_sign_prehasheddigest

Compute a signature over the given prehashed message, the Ed25519ph algorithm defined in RFC8032 §5.1. MsgDigest is the digest function used to hash the signed message. CtxDigest is the digest function used to calculate the pseudorandomness needed for signing. According to the Ed25519 spec, MsgDigest = CtxDigest = Sha512.

raw_verify

The ordinary non-batched Ed25519 verification check, rejecting non-canonical R values.CtxDigest is the digest used to calculate the pseudorandomness needed for signing. According to the Ed25519 spec, CtxDigest = Sha512.

raw_verify_prehasheddigest

The batched Ed25519 verification check, rejecting non-canonical R values. MsgDigest is the digest used to hash the signed message. CtxDigest is the digest used to calculate the pseudorandomness needed for signing. According to the Ed25519 spec, MsgDigest = CtxDigest = Sha512.