An Ed25519 signature.
r: [Curve.encoded_length]u8The R component of an EdDSA signature.
s: CompressedScalarThe S component of an EdDSA signature.
Length (in bytes) of a raw signature.
pub const encoded_length = Curve.encoded_length + @sizeOf(CompressedScalar)anyerror means the error set is known only at runtime.
pub const VerifyError = Verifier.InitError || Verifier.VerifyErrorpub fn toBytes(sig: Signature) [encoded_length]u8Return the raw signature (r, s) in little-endian format.
sig: Signaturepub fn toBytes(sig: Signature) [encoded_length]u8 {
var bytes: [encoded_length]u8 = undefined;
bytes[0..Curve.encoded_length].* = sig.r;
bytes[Curve.encoded_length..].* = sig.s;
return bytes;
}pub fn fromBytes(bytes: [encoded_length]u8) SignatureCreate a signature from a raw encoding of (r, s). EdDSA always assumes little-endian.
bytes: [encoded_length]u8pub fn fromBytes(bytes: [encoded_length]u8) Signature {
return Signature{
.r = bytes[0..Curve.encoded_length].*,
.s = bytes[Curve.encoded_length..].*,
};
}Create a Verifier for incremental verification of a signature.
pub fn verify(sig: Signature, msg: []const u8, public_key: PublicKey) VerifyError!voidVerify the signature against a message and public key. Return IdentityElement or NonCanonical if the public key or signature are not in the expected range, or SignatureVerificationError if the signature is invalid for the given message and key.
pub fn verify(sig: Signature, msg: []const u8, public_key: PublicKey) VerifyError!void {
var st = try sig.verifier(public_key);
st.update(msg);
try st.verify();
}pub const Signature = struct {
/// Length (in bytes) of a raw signature.
pub const encoded_length = Curve.encoded_length + @sizeOf(CompressedScalar);
/// The R component of an EdDSA signature.
r: [Curve.encoded_length]u8,
/// The S component of an EdDSA signature.
s: CompressedScalar,
/// Return the raw signature (r, s) in little-endian format.
pub fn toBytes(sig: Signature) [encoded_length]u8 {
var bytes: [encoded_length]u8 = undefined;
bytes[0..Curve.encoded_length].* = sig.r;
bytes[Curve.encoded_length..].* = sig.s;
return bytes;
}
/// Create a signature from a raw encoding of (r, s).
/// EdDSA always assumes little-endian.
pub fn fromBytes(bytes: [encoded_length]u8) Signature {
return Signature{
.r = bytes[0..Curve.encoded_length].*,
.s = bytes[Curve.encoded_length..].*,
};
}
/// Create a Verifier for incremental verification of a signature.
pub fn verifier(sig: Signature, public_key: PublicKey) Verifier.InitError!Verifier {
return Verifier.init(sig, public_key);
}
pub const VerifyError = Verifier.InitError || Verifier.VerifyError;
/// Verify the signature against a message and public key.
/// Return IdentityElement or NonCanonical if the public key or signature are not in the expected range,
/// or SignatureVerificationError if the signature is invalid for the given message and key.
pub fn verify(sig: Signature, msg: []const u8, public_key: PublicKey) VerifyError!void {
var st = try sig.verifier(public_key);
st.update(msg);
try st.verify();
}
}