RFC8032 compatible Ed25519 implementation with pluggable hash (sha2-512, sha3-512)
Switch branches/tags
Nothing to show
Clone or download

README.md

codecov

Ed25519 digital signature algorithm

Ed25519 digital signature algorithm is described in RFC8032. This repository aims to provide modularized implementation of this algorithm.

Originally Ed25519 consists of three modules:

  • digital signature algorithm itself
  • SHA512 hash function
  • random number generator, to generate keypairs

This repository offers at least two different C implementations for every module. Every implementation is tested and can be replaced with other at link-time. New implementations can be added as well.

During CMake time, users are able to choose any of these implementations using cmake definitions:

  • EDIMPL
    • ref10 - portable C implementation.
    • amd64-64-24k - optimized C and ASM implementation, works only on Linux amd64. This implementation can be selected only for BUILD=STATIC.
    • amd64-64-24k-pic - same as amd64-64-24k, but has fixes in ASM files, to allow position independent code (-fPIC) builds.
  • HASH
    • sha2_openssl
    • sha3_brainhub - default
  • RANDOM
    • rand_openssl
    • dev_urandom - default
    • dev_random
  • BUILD
    • STATIC
    • SHARED - build ed25519 library as shared library (default)

Example: We want to build shared library with fast amd64 implementation, SHA3 and PRNG, which reads entropy from /dev/urandom:

$ cmake .. -DAMD64_OPTIMIZED=ON -DEDIMPL=amd64-64-24k -DHASH=sha3_brainhub -DRANDOM=dev_urandom -DBUILD=SHARED
-- Target cppcheck enabled
-- Target gcovr enabled
-- EDIMPL=amd64-64-24k is selected (Ed25519 implementation)
-- HASH=sha3_brainhub is selected (SHA implementation)
-- RANDOM=dev_urandom is selected (RNG implementation)
-- BUILD=SHARED is selected (library build type)
-- Configuring done
-- Generating done
-- Build files have been written to: ...

Note: only those targets (including tests) will be built, which are specified in EDIMPL, HASH, RANDOM variables.

API

Modules

ed25519 digital signature algorithm

  • ref10 - portable but relatively slow C implementation, originally copied from supercop-20171020. Its API was redesigned to separate signature data from the signed message content.
  • amd64-64-24k - fast (4x ref10) but non-portable C and ASM implementation, only for AMD64. Copied from supercop-20171020. Adopted to be included as a module.
  • amd64-64-24k-pic - same implementation as amd64-64-24k, but has Position Independent Code (-fPIC) fixes by @l4l.

SHA512 has function as a dependency of ed25519

  • sha2_openssl - implementation of FIPS 180-4 SHA2 512 hash function, which uses openssl underneath
  • sha3_brainhub - implementation of FIPS 202 SHA3 512 hash function taken from brainhub repository. Repository consists of a single C file, which was adopted to be included in a project as a module.

PRNG implementation as a dependency of ed25519

To generate keypair ed25519 needs a source of randomness (entropy).

This repository offers 3 implementations:

  • rand_openssl uses RAND_bytes from openssl
  • dev_urandom reads entropy from /dev/urandom
  • dev_random reads entropy from /dev/random (blocking call, uses busy waiting when user asks for more entropy than device can offer)