Security Scol plugin
xed25519.h
Go to the documentation of this file.
1// xed25519.h - written and placed in public domain by Jeffrey Walton
2// Crypto++ specific implementation wrapped around Andrew
3// Moon's public domain curve25519-donna and ed25519-donna,
4// http://github.com/floodyberry/curve25519-donna and
5// http://github.com/floodyberry/ed25519-donna.
6
7// Typically the key agreement classes encapsulate their data more
8// than x25519 does below. They are a little more accessible
9// due to crypto_box operations.
10
36
37#ifndef CRYPTOPP_XED25519_H
38#define CRYPTOPP_XED25519_H
39
40#include "cryptlib.h"
41#include "pubkey.h"
42#include "oids.h"
43
44NAMESPACE_BEGIN(CryptoPP)
45
46class Integer;
47struct ed25519Signer;
48struct ed25519Verifier;
49
50// ******************** x25519 Agreement ************************* //
51
55{
56public:
59 CRYPTOPP_CONSTANT(SECRET_KEYLENGTH = 32);
62 CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32);
65 CRYPTOPP_CONSTANT(SHARED_KEYLENGTH = 32);
66
67 virtual ~x25519() {}
68
74 x25519() {}
75
81 x25519(const byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]);
82
87 x25519(const byte x[SECRET_KEYLENGTH]);
88
94 x25519(const Integer &y, const Integer &x);
95
100 x25519(const Integer &x);
101
106
113
118 x25519(const OID &oid);
119
124 void ClampKey(byte x[SECRET_KEYLENGTH]) const;
125
128 bool IsClamped(const byte x[SECRET_KEYLENGTH]) const;
129
132 bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const;
133
139 return m_oid.Empty() ? ASN1::X25519() : m_oid;
140 }
141
144 void SetAlgorithmID(const OID& oid) {
145 m_oid = oid;
146 }
147
148 // CryptoParameters
149 bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
150 bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
151 void AssignFrom(const NameValuePairs &source);
152
153 // CryptoParameters
155
167 void Save(BufferedTransformation &bt) const {
168 DEREncode(bt, 0);
169 }
170
186 void Save(BufferedTransformation &bt, bool v1) const {
187 DEREncode(bt, v1 ? 0 : 1);
188 }
189
195 BERDecode(bt);
196 }
197
198 // PKCS8PrivateKey
200 void DEREncode(BufferedTransformation &bt) const { DEREncode(bt, 0); }
201 void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
203
216 void DEREncode(BufferedTransformation &bt, int version) const;
217
231
232 // DL_PrivateKey
233 void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params);
234
235 // SimpleKeyAgreementDomain
236 unsigned int AgreedValueLength() const {return SHARED_KEYLENGTH;}
237 unsigned int PrivateKeyLength() const {return SECRET_KEYLENGTH;}
238 unsigned int PublicKeyLength() const {return PUBLIC_KEYLENGTH;}
239
240 // SimpleKeyAgreementDomain
241 void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const;
242 void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const;
243 bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const;
244
245protected:
246 // Create a public key from a private key
247 void SecretToPublicKey(byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]) const;
248
249protected:
252 OID m_oid; // preferred OID
253};
254
255// ****************** ed25519 Signer *********************** //
256
279{
280 CRYPTOPP_CONSTANT(RESERVE_SIZE=2048+64);
281 CRYPTOPP_CONSTANT(SIGNATURE_LENGTH=64);
282
287
292 CRYPTOPP_UNUSED(rng); Restart();
293 }
294
298 void Update(const byte* msg, size_t len) {
299 if (msg && len)
300 m_msg.insert(m_msg.end(), msg, msg+len);
301 }
302
304 void Restart() {
305 m_msg.reserve(RESERVE_SIZE);
306 m_msg.resize(SIGNATURE_LENGTH);
307 }
308
311 byte* signature() {
312 return &m_msg[0];
313 }
314
317 const byte* signature() const {
318 return &m_msg[0];
319 }
320
323 const byte* data() const {
324 return &m_msg[0]+SIGNATURE_LENGTH;
325 }
326
329 size_t size() const {
330 return m_msg.size()-SIGNATURE_LENGTH;
331 }
332
333protected:
334 // TODO: Find an equivalent Crypto++ structure.
335 std::vector<byte, AllocatorWithCleanup<byte> > m_msg;
336};
337
356{
359 CRYPTOPP_CONSTANT(SECRET_KEYLENGTH = 32);
362 CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32);
367 CRYPTOPP_CONSTANT(SIGNATURE_LENGTH = 64);
368
369 virtual ~ed25519PrivateKey() {}
370
371 // CryptoMaterial
372 bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
373 bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
374 void AssignFrom(const NameValuePairs &source);
375
376 // GroupParameters
378 return m_oid.Empty() ? ASN1::Ed25519() : m_oid;
379 }
380
392 void Save(BufferedTransformation &bt) const {
393 DEREncode(bt, 0);
394 }
395
411 void Save(BufferedTransformation &bt, bool v1) const {
412 DEREncode(bt, v1 ? 0 : 1);
413 }
414
420 BERDecode(bt);
421 }
422
425 void MakePublicKey(PublicKey &pub) const;
426
427 // PKCS8PrivateKey
429 void DEREncode(BufferedTransformation &bt) const { DEREncode(bt, 0); }
430 void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
432
445 void DEREncode(BufferedTransformation &bt, int version) const;
446
460
461 // PKCS8PrivateKey
462 void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params);
463 void SetPrivateExponent(const byte x[SECRET_KEYLENGTH]);
464 void SetPrivateExponent(const Integer &x);
465 const Integer& GetPrivateExponent() const;
466
469 bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const;
470
474 const byte* GetPrivateKeyBytePtr() const {
475 return m_sk.begin();
476 }
477
481 const byte* GetPublicKeyBytePtr() const {
482 return m_pk.begin();
483 }
484
485protected:
486 // Create a public key from a private key
487 void SecretToPublicKey(byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]) const;
488
489protected:
492 OID m_oid; // preferred OID
493 mutable Integer m_x; // for DL_PrivateKey
494};
495
499{
502 CRYPTOPP_CONSTANT(SECRET_KEYLENGTH = 32);
505 CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32);
510 CRYPTOPP_CONSTANT(SIGNATURE_LENGTH = 64);
511 typedef Integer Element;
512
513 virtual ~ed25519Signer() {}
514
517
523 ed25519Signer(const byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]);
524
529 ed25519Signer(const byte x[SECRET_KEYLENGTH]);
530
536 ed25519Signer(const Integer &y, const Integer &x);
537
542 ed25519Signer(const Integer &x);
543
549 ed25519Signer(const PKCS8PrivateKey &key);
550
555
562
563 // DL_ObjectImplBase
566 PrivateKey& AccessKey() { return m_key; }
567 PrivateKey& AccessPrivateKey() { return m_key; }
568
571 const PrivateKey& GetKey() const { return m_key; }
572 const PrivateKey& GetPrivateKey() const { return m_key; }
573
574 // DL_SignatureSchemeBase
575 size_t SignatureLength() const { return SIGNATURE_LENGTH; }
576 size_t MaxRecoverableLength() const { return 0; }
577 size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const {
578 CRYPTOPP_UNUSED(signatureLength); return 0;
579 }
580
581 bool IsProbabilistic() const { return false; }
582 bool AllowNonrecoverablePart() const { return false; }
583 bool RecoverablePartFirst() const { return false; }
584
588
589 void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const {
590 CRYPTOPP_UNUSED(messageAccumulator); CRYPTOPP_UNUSED(recoverableMessage);
591 CRYPTOPP_UNUSED(recoverableMessageLength);
592 throw NotImplemented("ed25519Signer: this object does not support recoverable messages");
593 }
594
595 size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const;
596
609 size_t SignStream (RandomNumberGenerator &rng, std::istream& stream, byte *signature) const;
610
611protected:
612 ed25519PrivateKey m_key;
613};
614
615// ****************** ed25519 Verifier *********************** //
616
635{
638 CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32);
639 typedef Integer Element;
640
641 virtual ~ed25519PublicKey() {}
642
644 return m_oid.Empty() ? ASN1::Ed25519() : m_oid;
645 }
646
656 void Save(BufferedTransformation &bt) const {
657 DEREncode(bt);
658 }
659
665 BERDecode(bt);
666 }
667
668 // X509PublicKey
670 void DEREncode(BufferedTransformation &bt) const;
671 void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size);
673
687
688 bool Validate(RandomNumberGenerator &rng, unsigned int level) const;
689 bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const;
690 void AssignFrom(const NameValuePairs &source);
691
692 // DL_PublicKey
693 void SetPublicElement(const byte y[PUBLIC_KEYLENGTH]);
694 void SetPublicElement(const Element &y);
695 const Element& GetPublicElement() const;
696
700 const byte* GetPublicKeyBytePtr() const {
701 return m_pk.begin();
702 }
703
704protected:
706 OID m_oid; // preferred OID
707 mutable Integer m_y; // for DL_PublicKey
708};
709
713{
714 CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32);
715 CRYPTOPP_CONSTANT(SIGNATURE_LENGTH = 64);
716 typedef Integer Element;
717
718 virtual ~ed25519Verifier() {}
719
722
727 ed25519Verifier(const byte y[PUBLIC_KEYLENGTH]);
728
733 ed25519Verifier(const Integer &y);
734
740 ed25519Verifier(const X509PublicKey &key);
741
748
754 ed25519Verifier(const ed25519Signer& signer);
755
756 // DL_ObjectImplBase
759 PublicKey& AccessKey() { return m_key; }
760 PublicKey& AccessPublicKey() { return m_key; }
761
764 const PublicKey& GetKey() const { return m_key; }
765 const PublicKey& GetPublicKey() const { return m_key; }
766
767 // DL_SignatureSchemeBase
768 size_t SignatureLength() const { return SIGNATURE_LENGTH; }
769 size_t MaxRecoverableLength() const { return 0; }
770 size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const {
771 CRYPTOPP_UNUSED(signatureLength); return 0;
772 }
773
774 bool IsProbabilistic() const { return false; }
775 bool AllowNonrecoverablePart() const { return false; }
776 bool RecoverablePartFirst() const { return false; }
777
781
782 void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const {
783 CRYPTOPP_ASSERT(signature != NULLPTR);
784 CRYPTOPP_ASSERT(signatureLength == SIGNATURE_LENGTH);
785 ed25519_MessageAccumulator& accum = static_cast<ed25519_MessageAccumulator&>(messageAccumulator);
786 if (signature && signatureLength)
787 std::memcpy(accum.signature(), signature, STDMIN((size_t)SIGNATURE_LENGTH, signatureLength));
788 }
789
790 bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const;
791
801 bool VerifyStream(std::istream& stream, const byte *signature, size_t signatureLen) const;
802
803 DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const {
804 CRYPTOPP_UNUSED(recoveredMessage); CRYPTOPP_UNUSED(messageAccumulator);
805 throw NotImplemented("ed25519Verifier: this object does not support recoverable messages");
806 }
807
808protected:
809 ed25519PublicKey m_key;
810};
811
816{
821};
822
823NAMESPACE_END // CryptoPP
824
825#endif // CRYPTOPP_XED25519_H
Interface for buffered transformations.
Definition cryptlib.h:1652
Interface for crypto parameters.
Definition cryptlib.h:2546
Fixed size stack-based SecBlock.
Definition secblock.h:1246
Multiple precision integer with arithmetic operations.
Definition integer.h:50
Interface for retrieving values given their names.
Definition cryptlib.h:322
A method was called which was not implemented.
Definition cryptlib.h:233
Object Identifier.
Definition asn.h:265
bool Empty() const
Determine if OID is empty.
Definition asn.h:311
Interface for accumulating messages to be signed or verified.
Definition cryptlib.h:2861
Interface for public-key signers.
Definition cryptlib.h:2877
Interface for public-key signature verifiers.
Definition cryptlib.h:2941
Encodes and Decodes privateKeyInfo.
Definition asn.h:748
Interface for private keys.
Definition cryptlib.h:2541
Interface for public keys.
Definition cryptlib.h:2536
Interface for random number generators.
Definition cryptlib.h:1435
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Definition secblock.h:836
Interface for domains of simple key agreement protocols.
Definition cryptlib.h:3013
Encodes and decodes subjectPublicKeyInfo.
Definition asn.h:702
x25519 with key validation
Definition xed25519.h:55
bool IsClamped(const byte x[SECRET_KEYLENGTH]) const
Determine if private key is clamped.
Definition xed25519.cpp:133
unsigned int PublicKeyLength() const
Provides the size of the public key.
Definition xed25519.h:238
void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size)
Decode privateKey part of privateKeyInfo.
Definition xed25519.cpp:238
unsigned int AgreedValueLength() const
Provides the size of the agreed value.
Definition xed25519.h:236
bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const
Derive agreed value.
Definition xed25519.cpp:366
unsigned int PrivateKeyLength() const
Provides the size of the private key.
Definition xed25519.h:237
x25519(const OID &oid)
Create a x25519 object.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition xed25519.cpp:290
void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate private key in this domain.
Definition xed25519.cpp:354
bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const
Test if a key has small order.
Definition xed25519.cpp:138
void ClampKey(byte x[SECRET_KEYLENGTH]) const
Clamp a private key.
Definition xed25519.cpp:128
void BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt)
Determine if OID is valid for this object.
Definition xed25519.cpp:148
CRYPTOPP_CONSTANT(SHARED_KEYLENGTH=32)
Size of the shared key.
void DEREncodePrivateKey(BufferedTransformation &bt) const
Encode privateKey part of privateKeyInfo.
Definition xed25519.cpp:259
void Save(BufferedTransformation &bt, bool v1) const
DER encode ASN.1 object.
Definition xed25519.h:186
void Save(BufferedTransformation &bt) const
DER encode ASN.1 object.
Definition xed25519.h:167
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
Definition xed25519.h:200
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition xed25519.cpp:267
void Load(BufferedTransformation &bt)
BER decode ASN.1 object.
Definition xed25519.h:194
CRYPTOPP_CONSTANT(SECRET_KEYLENGTH=32)
Size of the private key.
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
Definition xed25519.cpp:166
CryptoParameters & AccessCryptoParameters()
Retrieves a reference to Crypto Parameters.
Definition xed25519.h:154
x25519()
Create a x25519 object.
Definition xed25519.h:74
CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH=32)
Size of the public key.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition xed25519.cpp:319
void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate a public key from a private key in this domain.
Definition xed25519.cpp:360
OID GetAlgorithmID() const
Get the Object Identifier.
Definition xed25519.h:138
void SetAlgorithmID(const OID &oid)
Set the Object Identifier.
Definition xed25519.h:144
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params)
Generate a random key or crypto parameters.
Definition xed25519.cpp:343
Abstract base classes that provide a uniform interface to this library.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
Definition misc.h:655
ASN.1 object identifiers for algorithms and schemes.
This file contains helper classes/functions for implementing public key algorithms.
Returns a decoding results.
Definition cryptlib.h:278
ed25519 message accumulator
Definition xed25519.h:279
ed25519_MessageAccumulator()
Create a message accumulator.
Definition xed25519.h:284
void Restart()
Reset the accumulator.
Definition xed25519.h:304
size_t size() const
Retrieve size of data buffer.
Definition xed25519.h:329
const byte * data() const
Retrieve pointer to data buffer.
Definition xed25519.h:323
ed25519_MessageAccumulator(RandomNumberGenerator &rng)
Create a message accumulator.
Definition xed25519.h:291
void Update(const byte *msg, size_t len)
Add data to the accumulator.
Definition xed25519.h:298
byte * signature()
Retrieve pointer to signature buffer.
Definition xed25519.h:311
const byte * signature() const
Retrieve pointer to signature buffer.
Definition xed25519.h:317
Ed25519 signature scheme.
Definition xed25519.h:816
ed25519Verifier Verifier
ed25519 Verifier
Definition xed25519.h:820
ed25519Signer Signer
ed25519 Signer
Definition xed25519.h:818
Ed25519 private key.
Definition xed25519.h:356
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition xed25519.cpp:410
const byte * GetPrivateKeyBytePtr() const
Retrieve private key byte array.
Definition xed25519.h:474
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &params)
Generate a random key or crypto parameters.
Definition xed25519.cpp:466
CRYPTOPP_CONSTANT(SIGNATURE_LENGTH=64)
Size of the signature.
void MakePublicKey(PublicKey &pub) const
Initializes a public key from this key.
Definition xed25519.cpp:477
OID GetAlgorithmID() const
Retrieves the OID of the algorithm.
Definition xed25519.h:377
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition xed25519.cpp:390
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
Definition xed25519.h:429
void Save(BufferedTransformation &bt, bool v1) const
DER encode ASN.1 object.
Definition xed25519.h:411
void DEREncodePrivateKey(BufferedTransformation &bt) const
Encode privateKey part of privateKeyInfo.
Definition xed25519.cpp:591
CRYPTOPP_CONSTANT(SECRET_KEYLENGTH=32)
Size of the private key.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition xed25519.cpp:439
void BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt)
Determine if OID is valid for this object.
Definition xed25519.cpp:484
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
Definition xed25519.cpp:499
bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const
Test if a key has small order.
Definition xed25519.cpp:385
const byte * GetPublicKeyBytePtr() const
Retrieve public key byte array.
Definition xed25519.h:481
void Load(BufferedTransformation &bt)
BER decode ASN.1 object.
Definition xed25519.h:419
void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size)
Decode privateKey part of privateKeyInfo.
Definition xed25519.cpp:570
CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH=32)
Size of the public key.
void Save(BufferedTransformation &bt) const
DER encode ASN.1 object.
Definition xed25519.h:392
Ed25519 public key.
Definition xed25519.h:635
CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH=32)
Size of the public key.
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
Definition xed25519.cpp:764
void Load(BufferedTransformation &bt)
BER decode ASN.1 object.
Definition xed25519.h:664
void BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt)
Determine if OID is valid for this object.
Definition xed25519.cpp:749
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
Definition xed25519.cpp:712
void DEREncodePublicKey(BufferedTransformation &bt) const
Encode subjectPublicKey part of subjectPublicKeyInfo.
Definition xed25519.cpp:809
void Save(BufferedTransformation &bt) const
DER encode ASN.1 object.
Definition xed25519.h:656
void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size)
Decode subjectPublicKey part of subjectPublicKeyInfo.
Definition xed25519.cpp:791
const byte * GetPublicKeyBytePtr() const
Retrieve public key byte array.
Definition xed25519.h:700
OID GetAlgorithmID() const
Retrieves the OID of the algorithm.
Definition xed25519.h:643
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
Definition xed25519.cpp:778
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
Definition xed25519.cpp:835
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Definition xed25519.cpp:734
Ed25519 signature algorithm.
Definition xed25519.h:499
bool RecoverablePartFirst() const
Determines whether the recoverable part must be input before the non-recoverable part.
Definition xed25519.h:583
CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH=32)
Size of the public key.
bool IsProbabilistic() const
Determines whether a signature scheme requires a random number generator.
Definition xed25519.h:581
ed25519Signer()
Create an ed25519Signer object.
Definition xed25519.h:516
PrivateKey & AccessPrivateKey()
Retrieves a reference to a Private Key.
Definition xed25519.h:567
const PrivateKey & GetKey() const
Retrieves a reference to a Private Key.
Definition xed25519.h:571
bool AllowNonrecoverablePart() const
Determines whether the non-recoverable message part can be signed.
Definition xed25519.h:582
size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
Sign and restart messageAccumulator.
Definition xed25519.cpp:684
size_t MaxRecoverableLength() const
Provides the length of longest message that can be recovered.
Definition xed25519.h:576
const PrivateKey & GetPrivateKey() const
Retrieves a reference to a Private Key.
Definition xed25519.h:572
size_t SignStream(RandomNumberGenerator &rng, std::istream &stream, byte *signature) const
Sign a stream.
Definition xed25519.cpp:699
void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const
Input a recoverable message to an accumulator.
Definition xed25519.h:589
CRYPTOPP_CONSTANT(SIGNATURE_LENGTH=64)
Size of the signature.
PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const
Create a new HashTransformation to accumulate the message to be signed.
Definition xed25519.h:585
PrivateKey & AccessKey()
Retrieves a reference to a Private Key.
Definition xed25519.h:566
CRYPTOPP_CONSTANT(SECRET_KEYLENGTH=32)
Size of the private key.
size_t SignatureLength() const
Provides the signature length if it only depends on the key.
Definition xed25519.h:575
size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const
Provides the length of longest message that can be recovered from a signature of given length.
Definition xed25519.h:577
Ed25519 signature verification algorithm.
Definition xed25519.h:713
bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
Check whether messageAccumulator contains a valid signature and message, and restart messageAccumulat...
Definition xed25519.cpp:879
PublicKey & AccessPublicKey()
Retrieves a reference to a Public Key.
Definition xed25519.h:760
void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
Input signature into a message accumulator.
Definition xed25519.h:782
ed25519Verifier()
Create an ed25519Verifier object.
Definition xed25519.h:721
size_t SignatureLength() const
Provides the signature length if it only depends on the key.
Definition xed25519.h:768
DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const
Recover a message from its signature.
Definition xed25519.h:803
ed25519_MessageAccumulator * NewVerificationAccumulator() const
Create a new HashTransformation to accumulate the message to be verified.
Definition xed25519.h:778
size_t MaxRecoverableLength() const
Provides the length of longest message that can be recovered.
Definition xed25519.h:769
bool RecoverablePartFirst() const
Determines whether the recoverable part must be input before the non-recoverable part.
Definition xed25519.h:776
size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const
Provides the length of longest message that can be recovered from a signature of given length.
Definition xed25519.h:770
const PublicKey & GetKey() const
Retrieves a reference to a Public Key.
Definition xed25519.h:764
bool AllowNonrecoverablePart() const
Determines whether the non-recoverable message part can be signed.
Definition xed25519.h:775
bool VerifyStream(std::istream &stream, const byte *signature, size_t signatureLen) const
Check whether input signature is a valid signature for input message.
Definition xed25519.cpp:889
PublicKey & AccessKey()
Retrieves a reference to a Public Key.
Definition xed25519.h:759
const PublicKey & GetPublicKey() const
Retrieves a reference to a Public Key.
Definition xed25519.h:765
bool IsProbabilistic() const
Determines whether a signature scheme requires a random number generator.
Definition xed25519.h:774