Struct diem_crypto::ed25519::Ed25519Signature
source · pub struct Ed25519Signature(_);
Expand description
An Ed25519 signature
Implementations§
source§impl Ed25519Signature
impl Ed25519Signature
sourcepub fn dummy_signature() -> Self
pub fn dummy_signature() -> Self
return an all-zero signature (for test only)
sourcepub fn check_malleability(bytes: &[u8]) -> Result<(), CryptoMaterialError>
pub fn check_malleability(bytes: &[u8]) -> Result<(), CryptoMaterialError>
Check for correct size and third-party based signature malleability issues. This method is required to ensure that given a valid signature for some message under some key, an attacker cannot produce another valid signature for the same message and key.
According to RFC8032, signatures comprise elements {R, S} and we should enforce that S is of canonical form (smaller than L, where L is the order of edwards25519 curve group) to prevent signature malleability. Without this check, one could add a multiple of L into S and still pass signature verification, resulting in a distinct yet valid signature.
This method does not check the R component of the signature, because R is hashed during signing and verification to compute h = H(ENC(R) || ENC(A) || M), which means that a third-party cannot modify R without being detected.
Note: It’s true that malicious signers can already produce varying signatures by choosing a different nonce, so this method protects against malleability attacks performed by a non-signer.
Trait Implementations§
source§impl Clone for Ed25519Signature
impl Clone for Ed25519Signature
source§fn clone(&self) -> Ed25519Signature
fn clone(&self) -> Ed25519Signature
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl Debug for Ed25519Signature
impl Debug for Ed25519Signature
source§impl<'de> Deserialize<'de> for Ed25519Signature
impl<'de> Deserialize<'de> for Ed25519Signature
source§fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>where
D: Deserializer<'de>,
fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>where D: Deserializer<'de>,
source§impl Display for Ed25519Signature
impl Display for Ed25519Signature
source§impl From<Ed25519Signature> for MultiEd25519Signature
impl From<Ed25519Signature> for MultiEd25519Signature
source§fn from(ed_signature: Ed25519Signature) -> Self
fn from(ed_signature: Ed25519Signature) -> Self
source§impl Hash for Ed25519Signature
impl Hash for Ed25519Signature
source§impl Length for Ed25519Signature
impl Length for Ed25519Signature
source§impl PartialEq<Ed25519Signature> for Ed25519Signature
impl PartialEq<Ed25519Signature> for Ed25519Signature
source§fn eq(&self, other: &Ed25519Signature) -> bool
fn eq(&self, other: &Ed25519Signature) -> bool
self
and other
values to be equal, and is used
by ==
.source§impl Serialize for Ed25519Signature
impl Serialize for Ed25519Signature
source§impl Signature for Ed25519Signature
impl Signature for Ed25519Signature
source§fn verify<T: CryptoHash + Serialize>(
&self,
message: &T,
public_key: &Ed25519PublicKey
) -> Result<()>
fn verify<T: CryptoHash + Serialize>( &self, message: &T, public_key: &Ed25519PublicKey ) -> Result<()>
Verifies that the provided signature is valid for the provided message, according to the RFC8032 algorithm. This strict verification performs the recommended check of 5.1.7 §3, on top of the required RFC8032 verifications.
source§fn verify_arbitrary_msg(
&self,
message: &[u8],
public_key: &Ed25519PublicKey
) -> Result<()>
fn verify_arbitrary_msg( &self, message: &[u8], public_key: &Ed25519PublicKey ) -> Result<()>
Checks that self
is valid for an arbitrary &u8 message
using public_key
.
Outside of this crate, this particular function should only be used for native signature
verification in move