Skip to content

Rust wrapper: add wolfssl::wolfcrypt::ed448 module #9379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 5, 2025
Merged

Rust wrapper: add wolfssl::wolfcrypt::ed448 module #9379

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b82cccc
Rust wrapper: add wolfssl::wolfcrypt::ed448 module
holtrop Nov 3, 2025
7f0e575
Rust wrapper: fix ed448 documentation issues from code review
holtrop Nov 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions wolfcrypt/src/ed448.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -969,7 +969,7 @@ void wc_ed448_free(ed448_key* key)
* ECC_BAD_ARG_E when outLen is less than ED448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen)
int wc_ed448_export_public(const ed448_key* key, byte* out, word32* outLen)
{
int ret = 0;

Expand Down Expand Up @@ -1212,7 +1212,7 @@ int wc_ed448_import_private_key(const byte* priv, word32 privSz,
* ECC_BAD_ARG_E when outLen is less than ED448_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen)
int wc_ed448_export_private_only(const ed448_key* key, byte* out, word32* outLen)
{
int ret = 0;

Expand Down Expand Up @@ -1244,7 +1244,7 @@ int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen)
* BUFFER_E when outLen is less than ED448_PRV_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen)
int wc_ed448_export_private(const ed448_key* key, byte* out, word32* outLen)
{
int ret = 0;

Expand Down Expand Up @@ -1279,7 +1279,7 @@ int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen)
* than ED448_PUB_KEY_SIZE,
* 0 otherwise.
*/
int wc_ed448_export_key(ed448_key* key, byte* priv, word32 *privSz,
int wc_ed448_export_key(const ed448_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz)
{
int ret = 0;
Expand Down Expand Up @@ -1392,7 +1392,7 @@ int wc_ed448_check_key(ed448_key* key)
* returns BAD_FUNC_ARG when key is NULL,
* ED448_KEY_SIZE otherwise.
*/
int wc_ed448_size(ed448_key* key)
int wc_ed448_size(const ed448_key* key)
{
int ret = ED448_KEY_SIZE;

Expand All @@ -1409,7 +1409,7 @@ int wc_ed448_size(ed448_key* key)
* returns BAD_FUNC_ARG when key is NULL,
* ED448_PRV_KEY_SIZE otherwise.
*/
int wc_ed448_priv_size(ed448_key* key)
int wc_ed448_priv_size(const ed448_key* key)
{
int ret = ED448_PRV_KEY_SIZE;

Expand All @@ -1426,7 +1426,7 @@ int wc_ed448_priv_size(ed448_key* key)
* returns BAD_FUNC_ARG when key is NULL,
* ED448_PUB_KEY_SIZE otherwise.
*/
int wc_ed448_pub_size(ed448_key* key)
int wc_ed448_pub_size(const ed448_key* key)
{
int ret = ED448_PUB_KEY_SIZE;

Expand All @@ -1443,7 +1443,7 @@ int wc_ed448_pub_size(ed448_key* key)
* returns BAD_FUNC_ARG when key is NULL,
* ED448_SIG_SIZE otherwise.
*/
int wc_ed448_sig_size(ed448_key* key)
int wc_ed448_sig_size(const ed448_key* key)
{
int ret = ED448_SIG_SIZE;

Expand Down
16 changes: 8 additions & 8 deletions wolfssl/wolfcrypt/ed448.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,13 +183,13 @@ int wc_ed448_import_private_key_ex(const byte* priv, word32 privSz,

#ifdef HAVE_ED448_KEY_EXPORT
WOLFSSL_API
int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen);
int wc_ed448_export_public(const ed448_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen);
int wc_ed448_export_private_only(const ed448_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen);
int wc_ed448_export_private(const ed448_key* key, byte* out, word32* outLen);
WOLFSSL_API
int wc_ed448_export_key(ed448_key* key, byte* priv, word32 *privSz,
int wc_ed448_export_key(const ed448_key* key, byte* priv, word32 *privSz,
byte* pub, word32 *pubSz);
#endif /* HAVE_ED448_KEY_EXPORT */

Expand All @@ -198,13 +198,13 @@ int wc_ed448_check_key(ed448_key* key);

/* size helper */
WOLFSSL_API
int wc_ed448_size(ed448_key* key);
int wc_ed448_size(const ed448_key* key);
WOLFSSL_API
int wc_ed448_priv_size(ed448_key* key);
int wc_ed448_priv_size(const ed448_key* key);
WOLFSSL_API
int wc_ed448_pub_size(ed448_key* key);
int wc_ed448_pub_size(const ed448_key* key);
WOLFSSL_API
int wc_ed448_sig_size(ed448_key* key);
int wc_ed448_sig_size(const ed448_key* key);

#ifdef __cplusplus
} /* extern "C" */
Expand Down
2 changes: 2 additions & 0 deletions wrapper/rust/include.am
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/cmac.rs
EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/dh.rs
EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs
EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/ed25519.rs
EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/ed448.rs
EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/hkdf.rs
EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/hmac.rs
EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/kdf.rs
Expand All @@ -33,6 +34,7 @@ EXTRA_DIST += wrapper/rust/wolfssl/tests/test_cmac.rs
EXTRA_DIST += wrapper/rust/wolfssl/tests/test_dh.rs
EXTRA_DIST += wrapper/rust/wolfssl/tests/test_ecc.rs
EXTRA_DIST += wrapper/rust/wolfssl/tests/test_ed25519.rs
EXTRA_DIST += wrapper/rust/wolfssl/tests/test_ed448.rs
EXTRA_DIST += wrapper/rust/wolfssl/tests/test_hkdf.rs
EXTRA_DIST += wrapper/rust/wolfssl/tests/test_hmac.rs
EXTRA_DIST += wrapper/rust/wolfssl/tests/test_kdf.rs
Expand Down
1 change: 1 addition & 0 deletions wrapper/rust/wolfssl/src/wolfcrypt.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ pub mod cmac;
pub mod dh;
pub mod ecc;
pub mod ed25519;
pub mod ed448;
pub mod hkdf;
pub mod hmac;
pub mod kdf;
Expand Down
64 changes: 42 additions & 22 deletions wrapper/rust/wolfssl/src/wolfcrypt/ed25519.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -627,7 +627,7 @@ impl Ed25519 {
/// # Parameters
///
/// * `hash`: Message digest to sign.
/// * `context`: Buffer containing context for which hash is being signed.
/// * `context`: Optional buffer containing context for which hash is being signed.
/// * `signature`: Output buffer to hold signature.
///
/// # Returns
Expand Down Expand Up @@ -655,16 +655,21 @@ impl Ed25519 {
/// ];
/// let context = b"context";
/// let mut signature = [0u8; Ed25519::SIG_SIZE];
/// ed.sign_hash_ph(&hash, context, &mut signature).expect("Error with sign_hash_ph()");
/// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()");
/// ```
pub fn sign_hash_ph(&mut self, hash: &[u8], context: &[u8], signature: &mut [u8]) -> Result<usize, i32> {
pub fn sign_hash_ph(&mut self, hash: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result<usize, i32> {
let hash_size = hash.len() as u32;
let context_size = context.len() as u8;
let mut context_ptr: *const u8 = core::ptr::null();
let mut context_size = 0u8;
if let Some(context) = context {
context_ptr = context.as_ptr();
context_size = context.len() as u8;
}
let mut signature_size = signature.len() as u32;
let rc = unsafe {
ws::wc_ed25519ph_sign_hash(hash.as_ptr(), hash_size,
signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key,
context.as_ptr(), context_size)
context_ptr, context_size)
};
if rc != 0 {
return Err(rc);
Expand All @@ -680,7 +685,7 @@ impl Ed25519 {
/// # Parameters
///
/// * `message`: Message digest to sign.
/// * `context`: Buffer containing context for which message is being signed.
/// * `context`: Optional buffer containing context for which message is being signed.
/// * `signature`: Output buffer to hold signature.
///
/// # Returns
Expand All @@ -699,16 +704,21 @@ impl Ed25519 {
/// let message = [0x42u8, 33, 55, 66];
/// let context = b"context";
/// let mut signature = [0u8; Ed25519::SIG_SIZE];
/// ed.sign_msg_ph(&message, context, &mut signature).expect("Error with sign_msg_ph()");
/// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()");
/// ```
pub fn sign_msg_ph(&mut self, message: &[u8], context: &[u8], signature: &mut [u8]) -> Result<usize, i32> {
pub fn sign_msg_ph(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result<usize, i32> {
let message_size = message.len() as u32;
let context_size = context.len() as u8;
let mut context_ptr: *const u8 = core::ptr::null();
let mut context_size = 0u8;
if let Some(context) = context {
context_ptr = context.as_ptr();
context_size = context.len() as u8;
}
let mut signature_size = signature.len() as u32;
let rc = unsafe {
ws::wc_ed25519ph_sign_msg(message.as_ptr(), message_size,
signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key,
context.as_ptr(), context_size)
context_ptr, context_size)
};
if rc != 0 {
return Err(rc);
Expand Down Expand Up @@ -859,7 +869,7 @@ impl Ed25519 {
///
/// * `signature`: Signature to verify.
/// * `hash`: Message to verify the signature of.
/// * `context`: Buffer containing context for which the hash was signed.
/// * `context`: Optional buffer containing context for which the hash was signed.
///
/// # Returns
///
Expand All @@ -885,19 +895,24 @@ impl Ed25519 {
/// ];
/// let context = b"context";
/// let mut signature = [0u8; Ed25519::SIG_SIZE];
/// ed.sign_hash_ph(&hash, context, &mut signature).expect("Error with sign_hash_ph()");
/// let signature_valid = ed.verify_hash_ph(&signature, &hash, context).expect("Error with verify_hash_ph()");
/// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()");
/// let signature_valid = ed.verify_hash_ph(&signature, &hash, Some(context)).expect("Error with verify_hash_ph()");
/// assert!(signature_valid);
/// ```
pub fn verify_hash_ph(&mut self, signature: &[u8], hash: &[u8], context: &[u8]) -> Result<bool, i32> {
pub fn verify_hash_ph(&mut self, signature: &[u8], hash: &[u8], context: Option<&[u8]>) -> Result<bool, i32> {
let signature_size = signature.len() as u32;
let hash_size = hash.len() as u32;
let context_size = context.len() as u8;
let mut context_ptr: *const u8 = core::ptr::null();
let mut context_size = 0u8;
if let Some(context) = context {
context_ptr = context.as_ptr();
context_size = context.len() as u8;
}
let mut res = 0i32;
let rc = unsafe {
ws::wc_ed25519ph_verify_hash(signature.as_ptr(), signature_size,
hash.as_ptr(), hash_size, &mut res, &mut self.ws_key,
context.as_ptr(), context_size)
context_ptr, context_size)
};
if rc != 0 {
return Err(rc);
Expand All @@ -914,7 +929,7 @@ impl Ed25519 {
///
/// * `signature`: Signature to verify.
/// * `message`: Message to verify the signature of.
/// * `context`: Buffer containing context for which the message was signed.
/// * `context`: Option buffer containing context for which the message was signed.
///
/// # Returns
///
Expand All @@ -931,19 +946,24 @@ impl Ed25519 {
/// let message = [0x42u8, 33, 55, 66];
/// let context = b"context";
/// let mut signature = [0u8; Ed25519::SIG_SIZE];
/// ed.sign_msg_ph(&message, context, &mut signature).expect("Error with sign_msg_ph()");
/// let signature_valid = ed.verify_msg_ph(&signature, &message, context).expect("Error with verify_msg_ph()");
/// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()");
/// let signature_valid = ed.verify_msg_ph(&signature, &message, Some(context)).expect("Error with verify_msg_ph()");
/// assert!(signature_valid);
/// ```
pub fn verify_msg_ph(&mut self, signature: &[u8], message: &[u8], context: &[u8]) -> Result<bool, i32> {
pub fn verify_msg_ph(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result<bool, i32> {
let signature_size = signature.len() as u32;
let message_size = message.len() as u32;
let context_size = context.len() as u8;
let mut context_ptr: *const u8 = core::ptr::null();
let mut context_size = 0u8;
if let Some(context) = context {
context_ptr = context.as_ptr();
context_size = context.len() as u8;
}
let mut res = 0i32;
let rc = unsafe {
ws::wc_ed25519ph_verify_msg(signature.as_ptr(), signature_size,
message.as_ptr(), message_size, &mut res, &mut self.ws_key,
context.as_ptr(), context_size)
context_ptr, context_size)
};
if rc != 0 {
return Err(rc);
Expand Down
Loading