37#ifndef CRYPTOPP_XED25519_H
38#define CRYPTOPP_XED25519_H
44NAMESPACE_BEGIN(CryptoPP)
81 x25519(
const byte y[PUBLIC_KEYLENGTH],
const byte x[SECRET_KEYLENGTH]);
87 x25519(
const byte x[SECRET_KEYLENGTH]);
124 void ClampKey(
byte x[SECRET_KEYLENGTH])
const;
128 bool IsClamped(
const byte x[SECRET_KEYLENGTH])
const;
132 bool IsSmallOrder(
const byte y[PUBLIC_KEYLENGTH])
const;
139 return m_oid.
Empty() ? ASN1::X25519() : m_oid;
150 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
243 bool Agree(
byte *agreedValue,
const byte *privateKey,
const byte *otherPublicKey,
bool validateOtherPublicKey=
true)
const;
247 void SecretToPublicKey(
byte y[PUBLIC_KEYLENGTH],
const byte x[SECRET_KEYLENGTH])
const;
280 CRYPTOPP_CONSTANT(RESERVE_SIZE=2048+64);
281 CRYPTOPP_CONSTANT(SIGNATURE_LENGTH=64);
292 CRYPTOPP_UNUSED(rng);
Restart();
298 void Update(
const byte* msg,
size_t len) {
300 m_msg.insert(m_msg.end(), msg, msg+len);
305 m_msg.reserve(RESERVE_SIZE);
306 m_msg.resize(SIGNATURE_LENGTH);
324 return &m_msg[0]+SIGNATURE_LENGTH;
330 return m_msg.size()-SIGNATURE_LENGTH;
335 std::vector<byte, AllocatorWithCleanup<byte> > m_msg;
373 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
378 return m_oid.
Empty() ? ASN1::Ed25519() : m_oid;
463 void SetPrivateExponent(
const byte x[SECRET_KEYLENGTH]);
464 void SetPrivateExponent(
const Integer &x);
465 const Integer& GetPrivateExponent()
const;
469 bool IsSmallOrder(
const byte y[PUBLIC_KEYLENGTH])
const;
487 void SecretToPublicKey(
byte y[PUBLIC_KEYLENGTH],
const byte x[SECRET_KEYLENGTH])
const;
523 ed25519Signer(
const byte y[PUBLIC_KEYLENGTH],
const byte x[SECRET_KEYLENGTH]);
578 CRYPTOPP_UNUSED(signatureLength);
return 0;
590 CRYPTOPP_UNUSED(messageAccumulator); CRYPTOPP_UNUSED(recoverableMessage);
591 CRYPTOPP_UNUSED(recoverableMessageLength);
592 throw NotImplemented(
"ed25519Signer: this object does not support recoverable messages");
644 return m_oid.
Empty() ? ASN1::Ed25519() : m_oid;
689 bool GetVoidValue(
const char *name,
const std::type_info &valueType,
void *pValue)
const;
693 void SetPublicElement(
const byte y[PUBLIC_KEYLENGTH]);
694 void SetPublicElement(
const Element &y);
695 const Element& GetPublicElement()
const;
714 CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32);
715 CRYPTOPP_CONSTANT(SIGNATURE_LENGTH = 64);
771 CRYPTOPP_UNUSED(signatureLength);
return 0;
783 CRYPTOPP_ASSERT(signature != NULLPTR);
784 CRYPTOPP_ASSERT(signatureLength == SIGNATURE_LENGTH);
786 if (signature && signatureLength)
787 std::memcpy(accum.
signature(), signature,
STDMIN((
size_t)SIGNATURE_LENGTH, signatureLength));
801 bool VerifyStream(std::istream& stream,
const byte *signature,
size_t signatureLen)
const;
804 CRYPTOPP_UNUSED(recoveredMessage); CRYPTOPP_UNUSED(messageAccumulator);
805 throw NotImplemented(
"ed25519Verifier: this object does not support recoverable messages");
Interface for crypto parameters.
Fixed size stack-based SecBlock.
Multiple precision integer with arithmetic operations.
Interface for retrieving values given their names.
A method was called which was not implemented.
bool Empty() const
Determine if OID is empty.
Interface for accumulating messages to be signed or verified.
Interface for public-key signers.
Interface for public-key signature verifiers.
Encodes and Decodes privateKeyInfo.
Interface for private keys.
Interface for public keys.
Interface for random number generators.
iterator begin()
Provides an iterator pointing to the first element in the memory block.
Interface for domains of simple key agreement protocols.
Encodes and decodes subjectPublicKeyInfo.
x25519 with key validation
bool IsClamped(const byte x[SECRET_KEYLENGTH]) const
Determine if private key is clamped.
unsigned int PublicKeyLength() const
Provides the size of the public key.
void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size)
Decode privateKey part of privateKeyInfo.
unsigned int AgreedValueLength() const
Provides the size of the agreed value.
bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const
Derive agreed value.
unsigned int PrivateKeyLength() const
Provides the size of the private key.
x25519(const OID &oid)
Create a x25519 object.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const
Generate private key in this domain.
bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const
Test if a key has small order.
void ClampKey(byte x[SECRET_KEYLENGTH]) const
Clamp a private key.
void BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt)
Determine if OID is valid for this object.
CRYPTOPP_CONSTANT(SHARED_KEYLENGTH=32)
Size of the shared key.
void DEREncodePrivateKey(BufferedTransformation &bt) const
Encode privateKey part of privateKeyInfo.
void Save(BufferedTransformation &bt, bool v1) const
DER encode ASN.1 object.
void Save(BufferedTransformation &bt) const
DER encode ASN.1 object.
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
void Load(BufferedTransformation &bt)
BER decode ASN.1 object.
CRYPTOPP_CONSTANT(SECRET_KEYLENGTH=32)
Size of the private key.
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
CryptoParameters & AccessCryptoParameters()
Retrieves a reference to Crypto Parameters.
x25519()
Create a x25519 object.
CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH=32)
Size of the public key.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const
Generate a public key from a private key in this domain.
OID GetAlgorithmID() const
Get the Object Identifier.
void SetAlgorithmID(const OID &oid)
Set the Object Identifier.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
Abstract base classes that provide a uniform interface to this library.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
ASN.1 object identifiers for algorithms and schemes.
This file contains helper classes/functions for implementing public key algorithms.
Returns a decoding results.
ed25519 message accumulator
ed25519_MessageAccumulator()
Create a message accumulator.
void Restart()
Reset the accumulator.
size_t size() const
Retrieve size of data buffer.
const byte * data() const
Retrieve pointer to data buffer.
ed25519_MessageAccumulator(RandomNumberGenerator &rng)
Create a message accumulator.
void Update(const byte *msg, size_t len)
Add data to the accumulator.
byte * signature()
Retrieve pointer to signature buffer.
const byte * signature() const
Retrieve pointer to signature buffer.
Ed25519 signature scheme.
ed25519Verifier Verifier
ed25519 Verifier
ed25519Signer Signer
ed25519 Signer
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
const byte * GetPrivateKeyBytePtr() const
Retrieve private key byte array.
void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms)
Generate a random key or crypto parameters.
CRYPTOPP_CONSTANT(SIGNATURE_LENGTH=64)
Size of the signature.
void MakePublicKey(PublicKey &pub) const
Initializes a public key from this key.
OID GetAlgorithmID() const
Retrieves the OID of the algorithm.
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
void Save(BufferedTransformation &bt, bool v1) const
DER encode ASN.1 object.
void DEREncodePrivateKey(BufferedTransformation &bt) const
Encode privateKey part of privateKeyInfo.
CRYPTOPP_CONSTANT(SECRET_KEYLENGTH=32)
Size of the private key.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
void BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt)
Determine if OID is valid for this object.
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const
Test if a key has small order.
const byte * GetPublicKeyBytePtr() const
Retrieve public key byte array.
void Load(BufferedTransformation &bt)
BER decode ASN.1 object.
void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size)
Decode privateKey part of privateKeyInfo.
CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH=32)
Size of the public key.
void Save(BufferedTransformation &bt) const
DER encode ASN.1 object.
CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH=32)
Size of the public key.
void BERDecode(BufferedTransformation &bt)
Decode this object from a BufferedTransformation.
void Load(BufferedTransformation &bt)
BER decode ASN.1 object.
void BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt)
Determine if OID is valid for this object.
bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
Get a named value.
void DEREncodePublicKey(BufferedTransformation &bt) const
Encode subjectPublicKey part of subjectPublicKeyInfo.
void Save(BufferedTransformation &bt) const
DER encode ASN.1 object.
void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size)
Decode subjectPublicKey part of subjectPublicKeyInfo.
const byte * GetPublicKeyBytePtr() const
Retrieve public key byte array.
OID GetAlgorithmID() const
Retrieves the OID of the algorithm.
void DEREncode(BufferedTransformation &bt) const
Encode this object into a BufferedTransformation.
bool Validate(RandomNumberGenerator &rng, unsigned int level) const
Check this object for errors.
void AssignFrom(const NameValuePairs &source)
Assign values to this object.
Ed25519 signature algorithm.
bool RecoverablePartFirst() const
Determines whether the recoverable part must be input before the non-recoverable part.
CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH=32)
Size of the public key.
bool IsProbabilistic() const
Determines whether a signature scheme requires a random number generator.
ed25519Signer()
Create an ed25519Signer object.
PrivateKey & AccessPrivateKey()
Retrieves a reference to a Private Key.
const PrivateKey & GetKey() const
Retrieves a reference to a Private Key.
bool AllowNonrecoverablePart() const
Determines whether the non-recoverable message part can be signed.
size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const
Sign and restart messageAccumulator.
size_t MaxRecoverableLength() const
Provides the length of longest message that can be recovered.
const PrivateKey & GetPrivateKey() const
Retrieves a reference to a Private Key.
size_t SignStream(RandomNumberGenerator &rng, std::istream &stream, byte *signature) const
Sign a stream.
void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const
Input a recoverable message to an accumulator.
CRYPTOPP_CONSTANT(SIGNATURE_LENGTH=64)
Size of the signature.
PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const
Create a new HashTransformation to accumulate the message to be signed.
PrivateKey & AccessKey()
Retrieves a reference to a Private Key.
CRYPTOPP_CONSTANT(SECRET_KEYLENGTH=32)
Size of the private key.
size_t SignatureLength() const
Provides the signature length if it only depends on the key.
size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const
Provides the length of longest message that can be recovered from a signature of given length.
Ed25519 signature verification algorithm.
bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const
Check whether messageAccumulator contains a valid signature and message, and restart messageAccumulat...
PublicKey & AccessPublicKey()
Retrieves a reference to a Public Key.
void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const
Input signature into a message accumulator.
ed25519Verifier()
Create an ed25519Verifier object.
size_t SignatureLength() const
Provides the signature length if it only depends on the key.
DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const
Recover a message from its signature.
ed25519_MessageAccumulator * NewVerificationAccumulator() const
Create a new HashTransformation to accumulate the message to be verified.
size_t MaxRecoverableLength() const
Provides the length of longest message that can be recovered.
bool RecoverablePartFirst() const
Determines whether the recoverable part must be input before the non-recoverable part.
size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const
Provides the length of longest message that can be recovered from a signature of given length.
const PublicKey & GetKey() const
Retrieves a reference to a Public Key.
bool AllowNonrecoverablePart() const
Determines whether the non-recoverable message part can be signed.
bool VerifyStream(std::istream &stream, const byte *signature, size_t signatureLen) const
Check whether input signature is a valid signature for input message.
PublicKey & AccessKey()
Retrieves a reference to a Public Key.
const PublicKey & GetPublicKey() const
Retrieves a reference to a Public Key.
bool IsProbabilistic() const
Determines whether a signature scheme requires a random number generator.