1 files changed, 43 insertions, 1 deletions
diff --git a/src/lib/libcrypto/curve25519/curve25519.h b/src/lib/libcrypto/curve25519/curve25519.h
index c16a4e2632..164f2e9e7f 100644
--- a/src/lib/libcrypto/curve25519/curve25519.h
+++ b/src/lib/libcrypto/curve25519/curve25519.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: curve25519.h,v 1.3 2019/05/11 15:55:52 tb Exp $ */
+/*      $OpenBSD: curve25519.h,v 1.4 2022/11/06 16:31:19 jsing Exp $ */
 /*
 * Copyright (c) 2015, Google Inc.
 *
@@ -61,6 +61,48 @@ int X25519(uint8_t out_shared_key[X25519_KEY_LENGTH],
    const uint8_t private_key[X25519_KEY_LENGTH],
    const uint8_t peers_public_value[X25519_KEY_LENGTH]);
+#if defined(LIBRESSL_NEXT_API) || defined(LIBRESSL_INTERNAL)
+/*
+ * ED25519
+ *
+ * Ed25519 is a signature scheme using a twisted Edwards curve that is
+ * birationally equivalent to curve25519.
+ *
+ * Note that, unlike RFC 8032's formulation, our private key representation
+ * includes a public key suffix to make multiple key signing operations with the
+ * same key more efficient. The RFC 8032 private key is referred to in this
+ * implementation as the "seed" and is the first 32 bytes of our private key.
+ */
+#define ED25519_PRIVATE_KEY_LEN 64
+#define ED25519_PUBLIC_KEY_LEN  32
+#define ED25519_SIGNATURE_LEN   64
+/*
+ * ED25519_keypair sets |out_public_key| and |out_private_key| to a freshly
+ * generated, public/private key pair.
+ */
+void ED25519_keypair(uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN],
+    uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN]); 
+/*
+ * ED25519_sign sets |out_sig| to be a signature of |message_len| bytes from
+ * |message| using |private_key|. It returns one on success or zero on
+ * allocation failure.
+ */
+int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+    const uint8_t private_key[ED25519_PRIVATE_KEY_LEN]);
+/*
+ * ED25519_verify returns one iff |signature| is a valid signature by
+ * |public_key| of |message_len| bytes from |message|. It returns zero
+ * otherwise.
+ */
+int ED25519_verify(const uint8_t *message, size_t message_len,
+    const uint8_t signature[ED25519_SIGNATURE_LEN],
+    const uint8_t public_key[ED25519_PUBLIC_KEY_LEN]);
+#endif
 #if defined(__cplusplus)
 }  /* extern C */
 #endif

diff --git a/src/lib/libcrypto/curve25519/curve25519.h b/src/lib/libcrypto/curve25519/curve25519.h index c16a4e2632..164f2e9e7f 100644 --- a/src/lib/libcrypto/curve25519/curve25519.h +++ b/src/lib/libcrypto/curve25519/curve25519.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: curve25519.h,v 1.3 2019/05/11 15:55:52 tb Exp $ */	1	/* $OpenBSD: curve25519.h,v 1.4 2022/11/06 16:31:19 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015, Google Inc.	3	* Copyright (c) 2015, Google Inc.
4	*	4	*
@@ -61,6 +61,48 @@ int X25519(uint8_t out_shared_key[X25519_KEY_LENGTH],
61	const uint8_t private_key[X25519_KEY_LENGTH],	61	const uint8_t private_key[X25519_KEY_LENGTH],
62	const uint8_t peers_public_value[X25519_KEY_LENGTH]);	62	const uint8_t peers_public_value[X25519_KEY_LENGTH]);
63		63
		64	#if defined(LIBRESSL_NEXT_API) \|\| defined(LIBRESSL_INTERNAL)
		65	/*
		66	* ED25519
		67	*
		68	* Ed25519 is a signature scheme using a twisted Edwards curve that is
		69	* birationally equivalent to curve25519.
		70	*
		71	* Note that, unlike RFC 8032's formulation, our private key representation
		72	* includes a public key suffix to make multiple key signing operations with the
		73	* same key more efficient. The RFC 8032 private key is referred to in this
		74	* implementation as the "seed" and is the first 32 bytes of our private key.
		75	*/
		76
		77	#define ED25519_PRIVATE_KEY_LEN 64
		78	#define ED25519_PUBLIC_KEY_LEN 32
		79	#define ED25519_SIGNATURE_LEN 64
		80
		81	/*
		82	* ED25519_keypair sets \|out_public_key\| and \|out_private_key\| to a freshly
		83	* generated, public/private key pair.
		84	*/
		85	void ED25519_keypair(uint8_t out_public_key[ED25519_PUBLIC_KEY_LEN],
		86	uint8_t out_private_key[ED25519_PRIVATE_KEY_LEN]);
		87
		88	/*
		89	* ED25519_sign sets \|out_sig\| to be a signature of \|message_len\| bytes from
		90	* \|message\| using \|private_key\|. It returns one on success or zero on
		91	* allocation failure.
		92	*/
		93	int ED25519_sign(uint8_t out_sig, const uint8_t message, size_t message_len,
		94	const uint8_t private_key[ED25519_PRIVATE_KEY_LEN]);
		95
		96	/*
		97	* ED25519_verify returns one iff \|signature\| is a valid signature by
		98	* \|public_key\| of \|message_len\| bytes from \|message\|. It returns zero
		99	* otherwise.
		100	*/
		101	int ED25519_verify(const uint8_t *message, size_t message_len,
		102	const uint8_t signature[ED25519_SIGNATURE_LEN],
		103	const uint8_t public_key[ED25519_PUBLIC_KEY_LEN]);
		104	#endif
		105
64	#if defined(__cplusplus)	106	#if defined(__cplusplus)
65	} /* extern C */	107	} /* extern C */
66	#endif	108	#endif