Crate nisty[−][src]
Library for NIST P-256 (aka secp256r1) signatures, for when you really can't avoid them.
This library completely decouples entropy from key generation and signatures, and offers a similar API as salty.
In particular, all signatures are deterministic, similar to RFC 6979.
Conversions between Seed
s, SecretKey
s, PublicKey
s, Keypair
s, Signature
s and their
underlying byte arrays are implemented in terms of the standard core::convert
traits
TryFrom
, From
, Into
, and a custom trait AsArrayRef
. For convenience, these
conversions are also exposed as associated functions and methods.
In the backend, this library currently uses micro-ecc, exposed via micro-ecc-sys.
All "numbers" are big-endian.
Examples
let seed = [0u8; 32]; // use an actually entropic seed (hw RNG, ChaCha20Rng, PBKDF,... ) assert!(nisty::Keypair::try_from_bytes(&seed).is_err()); // zero is invalid as secret scalar assert!(nisty::Keypair::generate(&seed, 1).is_err()); // equivalent to previous line assert!(nisty::Keypair::generate(&seed, 2).is_ok()); // equivalent to following line let keypair = nisty::Keypair::generate_patiently(&seed); let message = b"slip and slide communication"; let signature = keypair.sign(message); assert!(keypair.verify(message, signature)); assert!(!keypair.verify(b"suspicious minds", signature)); // serialize keys and signatures let public_key_bytes: [u8; 64] = keypair.public.to_bytes(); let mut signature_bytes: [u8; 64] = signature.into(); // deserialize keys and signatures let public_key = nisty::PublicKey::try_from_bytes(&public_key_bytes).unwrap(); assert!(public_key.verify(message, signature_bytes)); signature_bytes[37] = b'X'; assert!(!public_key.verify(message, signature_bytes));
Features
The asn1-der
feature adds a method to serialize signatures to the ASN.1 DER format.
The cose
feature adds a method to convert public keys to COSE public keys.
Microcontrollers
Because bindgen
, no_std
and Rust's limited feature tree handling don't play nice
together (#4866),
on microcontrollers the bindings to micro-ecc
need to be pre-generated.
For Cortex-M4 and Cortex-M33 microcontrollers, they are packaged, and it is sufficient
to use nisty
as follows:
[dependencies.nisty]
default-features = false
When compiled as release build, these platforms automatically pick up UMAAL assembly optimizations.
On an NXP LPC55S69, signature generation then takes around 6.9M cycles, signature verification around 7.6M.
Structs
Bytes | |
Error | Either there is an error, or there is not - no reasons given. |
Keypair | Create keys, sign messages, verify signatures. |
PublicKey | Public part of a keypair, a point on the curve. Verifies signatures. |
SecretKey | Secret part of a keypair, a scalar. Signs messages. |
Seed | 32 entropic bytes, input for key generation. |
SharedSecret | Diffie-Helllman shared secret, output of key agreement. |
Signature | Pair of two curve scalars. |
Constants
DIGEST_LENGTH | 32, the length of a SHA256 digest |
PUBLIC_KEY_COMPRESSED_LENGTH | 33, the length of a compressed public key |
PUBLIC_KEY_LENGTH | 64, the length of a public key |
PUBLIC_KEY_X_COORDINATES_LENGTH | 32, the length of a public key's x-coordinate. |
PUBLIC_KEY_Y_COORDINATES_LENGTH | 32, the length of a public key's y-coordinate. |
SECRET_KEY_LENGTH | 32, the length of a secret key |
SEED_LENGTH | 32, the length of a secret key seed |
SHARED_SECRET_LENGTH | 32, the length of a shared secret |
SIGNATURE_LENGTH | 64, the length of a signature |
Traits
AsArrayRef | Similar to |
Functions
hash_calls⚠ | How many hash digests were calculated for signatures so far. |
prehash | Convenience function, calculates SHA256 hash digest of a slice of bytes. |
Type Definitions
Result | This library's result type. |
U72 |