.Sh EXAMPLES
Hashes a message all at once.
.Bd -literal -offset indent
-uint8_t hash[64];
-crypto_blake2b_ctx ctx;
-uint8_t hash [ 64]; /* output hash (must be 64 bytes) */
-uint8_t message[500]; /* message to hash */
-crypto_blake2b_ctx ctx;
+uint8_t hash [ 64]; /* Output hash (64 bytes) */
+uint8_t message[500]; /* Message to hash */
crypto_blake2b(hash, message, 500);
.Ed
.Pp
Computes a message authentication code all at once.
.Bd -literal -offset indent
-uint8_t hash [ 64]; /* output hash (between 1 and 64 bytes) */
-uint8_t key [ 32]; /* optional key (between 0 and 64 bytes) */
-uint8_t message[500]; /* message to hash */
-crypto_blake2b_ctx ctx;
+uint8_t hash [ 64]; /* Output hash (between 1 and 64 bytes) */
+uint8_t key [ 32]; /* Optional key (between 0 and 64 bytes) */
+uint8_t message[500]; /* Message to hash */
crypto_blake2b_general(hash, 64, key, 32, message, 500);
-crypto_wipe(key, 32); /* You may want to wipe the key */
+/* Wipe the key. */
+crypto_wipe(key, 32);
.Ed
.Pp
Hashes a message incrementally.
.Bd -literal -offset indent
-uint8_t hash [ 64]; /* output hash (must be 64 bytes) */
-uint8_t message [500]; /* message to hash */
+uint8_t hash [ 64]; /* Output hash (64 bytes) */
+uint8_t message[500]; /* Message to hash */
+crypto_blake2b_ctx ctx;
crypto_blake2b_init (&ctx);
for (size_t i = 0; i < 500; i += 100) {
crypto_blake2b_update(&ctx, message + i, 100);
.Pp
Computes a message authentication code incrementally.
.Bd -literal -offset indent
-uint8_t hash [ 64]; /* output hash (between 1 and 64 bytes) */
-uint8_t key [ 32]; /* optional key (between 0 and 64 bytes) */
-uint8_t message[500]; /* message to hash */
+uint8_t hash [ 64]; /* Output hash (between 1 and 64 bytes) */
+uint8_t key [ 32]; /* Optional key (between 0 and 64 bytes) */
+uint8_t message[500]; /* Message to hash */
+crypto_blake2b_ctx ctx;
crypto_blake2b_general_init(&ctx, 64, key, 32);
-crypto_wipe(key, 32); /* You may want to wipe the key */
+/* Wipe the key. */
+crypto_wipe(key, 32);
for (size_t i = 0; i < 500; i += 100) {
crypto_blake2b_update(&ctx, message + i, 100);
}
} else {
/* Genuine message */
}
+/* The real mac is secret. Wipe it */
+crypto_wipe(real_mac, 16);
.Ed
.Pp
Incremental authentication:
.Sh EXAMPLES
Generate a public key from a random secret key:
.Bd -literal -offset indent
-const uint8_t sk[32]; /* random secret key */
-uint8_t pk[32]; /* matching public key */
+const uint8_t sk[32]; /* Random secret key */
+uint8_t pk[32]; /* Matching public key */
crypto_sign_public_key(pk, sk);
-/* wipe the secret key if it is no longer needed */
+/* Wipe the secret key if it is no longer needed */
crypto_wipe(sk, 32);
.Ed
.Pp
Sign a message:
.Bd -literal -offset indent
-const uint8_t sk [ 32]; /* your secret key */
-const uint8_t pk [ 32]; /* matching public key */
-const uint8_t message [500]; /* message to sign */
+const uint8_t sk [ 32]; /* Your secret key */
+const uint8_t pk [ 32]; /* Matching public key */
+const uint8_t message [500]; /* Message to sign */
uint8_t signature[ 64];
crypto_sign(signature, sk, pk, message, 500);
-/* wipe the secret key if it is no longer needed */
+/* Wipe the secret key if it is no longer needed */
crypto_wipe(sk, 32);
.Ed
.Pp
Check the above:
.Bd -literal -offset indent
-const uint8_t pk [ 32]; /* their public key */
-const uint8_t message [500]; /* signed message */
-const uint8_t signature[ 64]; /* signature to check */
+const uint8_t pk [ 32]; /* Their public key */
+const uint8_t message [500]; /* Signed message */
+const uint8_t signature[ 64]; /* Signature to check */
if (crypto_check(signature, pk, message, 500)) {
- /* message is corrupted, abort processing */
+ /* Message is corrupted, abort processing */
} else {
- /* message is genuine */
+ /* Message is genuine */
}
.Ed
.Sh SEE ALSO
.Sh EXAMPLES
Sign a message:
.Bd -literal -offset indent
-const uint8_t sk [ 32]; /* secret key */
-const uint8_t pk [ 32]; /* public key (optional) */
-const uint8_t message [500]; /* message to sign */
+const uint8_t sk [ 32]; /* Secret key */
+const uint8_t pk [ 32]; /* Public key (optional) */
+const uint8_t message [500]; /* Message to sign */
uint8_t signature[ 64];
crypto_sign_ctx ctx;
crypto_sign_init_first_pass(&ctx, sk, pk);
-/* wipe the secret key if no longer needed */
+/* Wipe the secret key if no longer needed */
crypto_wipe(sk, 32);
for (size_t i = 0; i < 500; i += 100) {
crypto_sign_update(&ctx, message + i, 100);
.Pp
Check the above:
.Bd -literal -offset indent
-const uint8_t pk [ 32]; /* public key */
-const uint8_t message [500]; /* message to sign */
+const uint8_t pk [ 32]; /* Public key */
+const uint8_t message [500]; /* Message to sign */
const uint8_t signature[ 64];
crypto_check_ctx ctx;
crypto_check_init(&ctx, signature, pk);
crypto_check_update(&ctx, message + i, 100);
}
if (crypto_check_final(&ctx)) {
- /* message is corrupted, abort processing */
+ /* Message is corrupted, abort processing */
} else {
- /* message is genuine */
+ /* Message is genuine */
}
.Ed
projects / Monocypher.git / commitdiff