DeterministicESPAsyncWebServer v6.27.1
Zero-allocation, bounded-execution async HTTP server for ESP32
Loading...
Searching...
No Matches
ssh_ed25519.h
Go to the documentation of this file.
1// Copyright (C) 2026 Douglas Quigg (dstroy0) <dquigg123@gmail.com>
2// SPDX-License-Identifier: AGPL-3.0-or-later
3
4/**
5 * @file ssh_ed25519.h
6 * @brief Ed25519 signatures (RFC 8032) for ssh-ed25519 host keys + client auth.
7 *
8 * PureEdDSA over edwards25519. Deterministic signing (RFC 8032 §5.1.6) - no RNG - and
9 * verification, built on the shared Curve25519 field arithmetic (ssh_curve25519) and
10 * SHA-512 (ssh_sha512). No heap; state is on the stack. Correctness is pinned to the
11 * RFC 8032 §7.1 vectors and to a reference implementation (test_ssh_ed25519).
12 *
13 * The server signs the KEX exchange hash with its ssh-ed25519 host key, and verifies a
14 * client's ed25519 public-key authentication signature.
15 *
16 * @author Douglas Quigg (dstroy0)
17 * @date 2026
18 */
19
20#ifndef DETERMINISTICESPASYNCWEBSERVER_SSH_ED25519_H
21#define DETERMINISTICESPASYNCWEBSERVER_SSH_ED25519_H
22
23#include <stddef.h>
24#include <stdint.h>
25
26/** @brief Ed25519 seed (private key) length. */
27#define SSH_ED25519_SEED_LEN 32
28/** @brief Ed25519 public key length. */
29#define SSH_ED25519_PUBKEY_LEN 32
30/** @brief Ed25519 signature length (R || S). */
31#define SSH_ED25519_SIG_LEN 64
32
33/** @brief Derive the 32-byte public key A from a 32-byte @p seed. */
34void ssh_ed25519_pubkey(uint8_t pub[SSH_ED25519_PUBKEY_LEN], const uint8_t seed[SSH_ED25519_SEED_LEN]);
35
36/**
37 * @brief Deterministically sign @p mlen bytes of @p msg with @p seed (RFC 8032 §5.1.6).
38 * @param sig Output R || S, SSH_ED25519_SIG_LEN bytes.
39 */
40void ssh_ed25519_sign(uint8_t sig[SSH_ED25519_SIG_LEN], const uint8_t *msg, size_t mlen,
41 const uint8_t seed[SSH_ED25519_SEED_LEN]);
42
43/**
44 * @brief Verify an Ed25519 signature (RFC 8032 §5.1.7).
45 * @return true if @p sig is a valid signature of @p msg under public key @p pub.
46 */
47bool ssh_ed25519_verify(const uint8_t pub[SSH_ED25519_PUBKEY_LEN], const uint8_t *msg, size_t mlen,
48 const uint8_t sig[SSH_ED25519_SIG_LEN]);
49
50#endif // DETERMINISTICESPASYNCWEBSERVER_SSH_ED25519_H
#define SSH_ED25519_SIG_LEN
Ed25519 signature length (R || S).
Definition ssh_ed25519.h:31
#define SSH_ED25519_PUBKEY_LEN
Ed25519 public key length.
Definition ssh_ed25519.h:29
void ssh_ed25519_sign(uint8_t sig[SSH_ED25519_SIG_LEN], const uint8_t *msg, size_t mlen, const uint8_t seed[SSH_ED25519_SEED_LEN])
Deterministically sign mlen bytes of msg with seed (RFC 8032 §5.1.6).
#define SSH_ED25519_SEED_LEN
Ed25519 seed (private key) length.
Definition ssh_ed25519.h:27
void ssh_ed25519_pubkey(uint8_t pub[SSH_ED25519_PUBKEY_LEN], const uint8_t seed[SSH_ED25519_SEED_LEN])
Derive the 32-byte public key A from a 32-byte seed.
bool ssh_ed25519_verify(const uint8_t pub[SSH_ED25519_PUBKEY_LEN], const uint8_t *msg, size_t mlen, const uint8_t sig[SSH_ED25519_SIG_LEN])
Verify an Ed25519 signature (RFC 8032 §5.1.7).