jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
449 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 5717005809
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5717005809'
${ noResults }
ed448goldilocks/src/GENERATED/include/decaf/ed255.hxx

426 lines
13 KiB
Raw Blame History 

  1. /**

  2.  * @file decaf/ed255.hxx

  3.  * @author Mike Hamburg

  4.  *

  5.  * @copyright

  6.  *   Copyright (c) 2015-2016 Cryptography Research, Inc.  \n

  7.  *   Released under the MIT License.  See LICENSE.txt for license information.

  8.  *

  9.  *

  10.  *

  11.  * @warning This file was automatically generated in Python.

  12.  * Please do not edit it.

  13.  */

  14. 

  15. #ifndef __DECAF_ED255_HXX__

  16. #define __DECAF_ED255_HXX__ 1

  17. 

  18. /*

  19.  * Example Decaf cyrpto routines, C++ wrapper.

  20.  * @warning These are merely examples, though they ought to be secure.  But real

  21.  * protocols will decide differently on magic numbers, formats, which items to

  22.  * hash, etc.

  23.  * @warning Experimental!  The names, parameter orders etc are likely to change.

  24.  */

  25. 

  26. #include <decaf/eddsa.hxx>

  27. #include <decaf/point_255.hxx>

  28. #include <decaf/ed255.h>

  29. 

  30. #include <decaf/shake.hxx>

  31. #include <decaf/sha512.hxx>

  32. 

  33. /** @cond internal */

  34. #if __cplusplus >= 201103L

  35. #define DECAF_NOEXCEPT noexcept

  36. #else

  37. #define DECAF_NOEXCEPT throw()

  38. #endif

  39. /** @endcond */

  40. 

  41. namespace decaf {

  42. 

  43. /** A public key for crypto over some Group */

  44. template <typename Group> struct EdDSA;

  45. 

  46. /** A public key for crypto over Iso-Ed25519 */

  47. template<> struct EdDSA<IsoEd25519> {

  48. 

  49. /** @cond internal */

  50. template<class CRTP, Prehashed> class Signing;

  51. template<class CRTP, Prehashed> class Verification;

  52. class PublicKeyBase;

  53. class PrivateKeyBase;

  54. typedef class PrivateKeyBase PrivateKey, PrivateKeyPure, PrivateKeyPh;

  55. typedef class PublicKeyBase PublicKey, PublicKeyPure, PublicKeyPh;

  56. /** @endcond */

  57. 

  58. 

  59. #if DECAF_EDDSA_25519_SUPPORTS_CONTEXTLESS_SIGS

  60. static inline const Block NO_CONTEXT() { return Block(DECAF_ED25519_NO_CONTEXT,0); }

  61. #else

  62. static inline const Block NO_CONTEXT() { return Block(NULL,0); }

  63. #endif

  64. 

  65. /** Prehash context for EdDSA. */

  66. class Prehash : public SHA512 {

  67. private:

  68.     typedef SHA512 Super;

  69.     SecureBuffer context_;

  70.     template<class T, Prehashed Ph> friend class Signing;

  71.     template<class T, Prehashed Ph> friend class Verification;

  72.     

  73.     void init() throw(LengthException) {

  74.         Super::reset();

  75.         

  76.         if (context_.size() > 255) {

  77.             throw LengthException();

  78.         }

  79. 

  80.         decaf_ed25519_prehash_init((decaf_sha512_ctx_s *)wrapped);

  81.     }

  82.     

  83. public:

  84.     /** Number of output bytes in prehash */

  85.     static const size_t OUTPUT_BYTES = Super::DEFAULT_OUTPUT_BYTES;

  86.     

  87.     /** Create the prehash */

  88.     Prehash(const Block &context = NO_CONTEXT()) throw(LengthException) {

  89.         context_ = context;

  90.         init();

  91.     }

  92. 

  93.     /** Reset this hash */

  94.     void reset() DECAF_NOEXCEPT { init(); }

  95.     

  96.     /** Output from this hash */

  97.     SecureBuffer final() throw(std::bad_alloc) {

  98.         SecureBuffer ret = Super::final(OUTPUT_BYTES);

  99.         reset();

  100.         return ret;

  101.     }

  102.     

  103.     /** Output from this hash */

  104.     void final(Buffer &b) throw(LengthException) {

  105.         if (b.size() != OUTPUT_BYTES) throw LengthException();

  106.         Super::final(b);

  107.         reset();

  108.     }

  109. };

  110. 

  111. template<class CRTP, Prehashed ph> class Signing;

  112. 

  113. template<class CRTP> class Signing<CRTP,PREHASHED> {

  114. public:

  115.     /* Sign a prehash context, and reset the context */

  116.     inline SecureBuffer sign_prehashed ( const Prehash &ph ) const /*throw(std::bad_alloc)*/ {

  117.         SecureBuffer out(CRTP::SIG_BYTES);

  118.         decaf_ed25519_sign_prehash (

  119.             out.data(),

  120.             ((const CRTP*)this)->priv_.data(),

  121.             ((const CRTP*)this)->pub_.data(),

  122.             (const decaf_ed25519_prehash_ctx_s*)ph.wrapped,

  123.             ph.context_.data(),

  124.             ph.context_.size()

  125.         );

  126.         return out;

  127.     }

  128.     

  129.     /* Sign a message using the prehasher */

  130.     inline SecureBuffer sign_with_prehash (

  131.         const Block &message,

  132.         const Block &context = NO_CONTEXT()

  133.     ) const /*throw(LengthException,CryptoException)*/ {

  134.         Prehash ph(context);

  135.         ph += message;

  136.         return sign_prehashed(ph);

  137.     }

  138. };

  139. 

  140. template<class CRTP> class Signing<CRTP,PURE>  {

  141. public:

  142.     /**

  143.      * Sign a message.

  144.      * @param [in] message The message to be signed.

  145.      * @param [in] context A context for the signature; must be at most 255 bytes.

  146.      *

  147.      * @warning It is generally unsafe to use Ed25519 with both prehashed and non-prehashed messages.

  148.      */

  149.     inline SecureBuffer sign (

  150.         const Block &message,

  151.         const Block &context = NO_CONTEXT()

  152.     ) const /* throw(LengthException, std::bad_alloc) */ {

  153.         if (context.size() > 255) {

  154.             throw LengthException();

  155.         }

  156.         

  157.         SecureBuffer out(CRTP::SIG_BYTES);

  158.         decaf_ed25519_sign (

  159.             out.data(),

  160.             ((const CRTP*)this)->priv_.data(),

  161.             ((const CRTP*)this)->pub_.data(),

  162.             message.data(),

  163.             message.size(),

  164.             0,

  165.             context.data(),

  166.             context.size()

  167.         );

  168.         return out;

  169.     }

  170. };

  171. 

  172. class PrivateKeyBase

  173.     : public Serializable<PrivateKeyBase>

  174.     , public Signing<PrivateKeyBase,PURE>

  175.     , public Signing<PrivateKeyBase,PREHASHED> {

  176. public:

  177.     typedef class PublicKeyBase MyPublicKey;

  178. private:

  179. /** @cond internal */

  180.     friend class PublicKeyBase;

  181.     friend class Signing<PrivateKey,PURE>;

  182.     friend class Signing<PrivateKey,PREHASHED>;

  183. /** @endcond */

  184.     

  185.     /** The pre-expansion form of the signing key. */

  186.     FixedArrayBuffer<DECAF_EDDSA_25519_PRIVATE_BYTES> priv_;

  187.     

  188.     /** The post-expansion public key. */

  189.     FixedArrayBuffer<DECAF_EDDSA_25519_PUBLIC_BYTES> pub_;

  190.     

  191. public:

  192.     /** Underlying group */

  193.     typedef IsoEd25519 Group;

  194.     

  195.     /** Signature size. */

  196.     static const size_t SIG_BYTES = DECAF_EDDSA_25519_SIGNATURE_BYTES;

  197.     

  198.     /** Serialization size. */

  199.     static const size_t SER_BYTES = DECAF_EDDSA_25519_PRIVATE_BYTES;

  200.     

  201.     

  202.     /** Create but don't initialize */

  203.     inline explicit PrivateKeyBase(const NOINIT&) DECAF_NOEXCEPT : priv_((NOINIT())), pub_((NOINIT())) { }

  204.     

  205.     /** Read a private key from a string */

  206.     inline explicit PrivateKeyBase(const FixedBlock<SER_BYTES> &b) DECAF_NOEXCEPT { *this = b; }

  207.     

  208.     /** Copy constructor */

  209.     inline PrivateKeyBase(const PrivateKey &k) DECAF_NOEXCEPT { *this = k; }

  210.     

  211.     /** Create at random */

  212.     inline explicit PrivateKeyBase(Rng &r) DECAF_NOEXCEPT : priv_(r) {

  213.         decaf_ed25519_derive_public_key(pub_.data(), priv_.data());

  214.     }

  215.     

  216.     /** Assignment from string */

  217.     inline PrivateKeyBase &operator=(const FixedBlock<SER_BYTES> &b) DECAF_NOEXCEPT {

  218.         memcpy(priv_.data(),b.data(),b.size());

  219.         decaf_ed25519_derive_public_key(pub_.data(), priv_.data());

  220.         return *this;

  221.     }

  222.     

  223.     /** Copy assignment */

  224.     inline PrivateKeyBase &operator=(const PrivateKey &k) DECAF_NOEXCEPT {

  225.         memcpy(priv_.data(),k.priv_.data(), priv_.size());

  226.         memcpy(pub_.data(),k.pub_.data(), pub_.size());

  227.         return *this;

  228.     }

  229.     

  230.     /** Serialization size. */

  231.     inline size_t ser_size() const DECAF_NOEXCEPT { return SER_BYTES; }

  232.     

  233.     /** Serialize into a buffer. */

  234.     inline void serialize_into(unsigned char *x) const DECAF_NOEXCEPT {

  235.         memcpy(x,priv_.data(), priv_.size());

  236.     }

  237.     

  238.     /** Convert to X format (to be used for key exchange) */

  239.     inline SecureBuffer convert_to_x() const {

  240.         SecureBuffer out(DECAF_X25519_PRIVATE_BYTES);

  241.         decaf_ed25519_convert_private_key_to_x25519(out.data(), priv_.data());

  242.         return out;

  243.     }

  244.     

  245.     /** Return the corresponding public key */

  246.     inline MyPublicKey pub() const DECAF_NOEXCEPT {

  247.         MyPublicKey pub(*this);

  248.         return pub;

  249.     }

  250. }; /* class PrivateKey */

  251. 

  252. 

  253. 

  254. template<class CRTP> class Verification<CRTP,PURE> {

  255. public:

  256.     /** Verify a signature, returning DECAF_FAILURE if verification fails */

  257.     inline decaf_error_t DECAF_WARN_UNUSED verify_noexcept (

  258.         const FixedBlock<DECAF_EDDSA_25519_SIGNATURE_BYTES> &sig,

  259.         const Block &message,

  260.         const Block &context = NO_CONTEXT()

  261.     ) const /*DECAF_NOEXCEPT*/ {

  262.         if (context.size() > 255) {

  263.             return DECAF_FAILURE;

  264.         }

  265.         

  266.         return decaf_ed25519_verify (

  267.             sig.data(),

  268.             ((const CRTP*)this)->pub_.data(),

  269.             message.data(),

  270.             message.size(),

  271.             0,

  272.             context.data(),

  273.             context.size()

  274.         );

  275.     }

  276.     

  277.     /** Verify a signature, throwing an exception if verification fails

  278.      * @param [in] sig The signature.

  279.      * @param [in] message The signed message.

  280.      * @param [in] context A context for the signature; must be at most 255 bytes.

  281.      *

  282.      * @warning It is generally unsafe to use Ed25519 with both prehashed and non-prehashed messages.

  283.      */

  284.     inline void verify (

  285.         const FixedBlock<DECAF_EDDSA_25519_SIGNATURE_BYTES> &sig,

  286.         const Block &message,

  287.         const Block &context = NO_CONTEXT()

  288.     ) const /*throw(LengthException,CryptoException)*/ {

  289.         if (context.size() > 255) {

  290.             throw LengthException();

  291.         }

  292.         

  293.         if (DECAF_SUCCESS != verify_noexcept( sig, message, context )) {

  294.             throw CryptoException();

  295.         }

  296.     }

  297. };

  298. 

  299. 

  300. template<class CRTP> class Verification<CRTP,PREHASHED> {

  301. public:

  302.     /* Verify a prehash context. */

  303.     inline decaf_error_t DECAF_WARN_UNUSED verify_prehashed_noexcept (

  304.         const FixedBlock<DECAF_EDDSA_25519_SIGNATURE_BYTES> &sig,

  305.         const Prehash &ph

  306.     ) const /*DECAF_NOEXCEPT*/ {

  307.         return decaf_ed25519_verify_prehash (

  308.             sig.data(),

  309.             ((const CRTP*)this)->pub_.data(),

  310.             (const decaf_ed25519_prehash_ctx_s*)ph.wrapped,

  311.             ph.context_.data(),

  312.             ph.context_.size()

  313.         );

  314.     }

  315.     

  316.     /* Verify a prehash context. */

  317.     inline void verify_prehashed (

  318.         const FixedBlock<DECAF_EDDSA_25519_SIGNATURE_BYTES> &sig,

  319.         const Prehash &ph

  320.     ) const /*throw(CryptoException)*/ {

  321.         if (DECAF_SUCCESS != decaf_ed25519_verify_prehash (

  322.             sig.data(),

  323.             ((const CRTP*)this)->pub_.data(),

  324.             (const decaf_ed25519_prehash_ctx_s*)ph.wrapped,

  325.             ph.context_.data(),

  326.             ph.context_.size()

  327.         )) {

  328.             throw CryptoException();

  329.         }

  330.     }

  331.     

  332.     /* Verify a message using the prehasher */

  333.     inline void verify_with_prehash (

  334.         const FixedBlock<DECAF_EDDSA_25519_SIGNATURE_BYTES> &sig,

  335.         const Block &message,

  336.         const Block &context = NO_CONTEXT()

  337.     ) const /*throw(LengthException,CryptoException)*/ {

  338.         Prehash ph(context);

  339.         ph += message;

  340.         verify_prehashed(sig,ph);

  341.     }

  342. };

  343. 

  344. 

  345. class PublicKeyBase

  346.     : public Serializable<PublicKeyBase>

  347.     , public Verification<PublicKeyBase,PURE>

  348.     , public Verification<PublicKeyBase,PREHASHED> {

  349. public:

  350.     typedef class PrivateKeyBase MyPrivateKey;

  351.     

  352. private:

  353. /** @cond internal */

  354.     friend class PrivateKeyBase;

  355.     friend class Verification<PublicKey,PURE>;

  356.     friend class Verification<PublicKey,PREHASHED>;

  357. /** @endcond */

  358. 

  359. private:

  360.     /** The pre-expansion form of the signature */

  361.     FixedArrayBuffer<DECAF_EDDSA_25519_PUBLIC_BYTES> pub_;

  362.     

  363. public:

  364.     /* PERF FUTURE: Pre-cached decoding? Precomputed table?? */

  365.   

  366.     /** Underlying group */

  367.     typedef IsoEd25519 Group;

  368.     

  369.     /** Signature size. */

  370.     static const size_t SIG_BYTES = DECAF_EDDSA_25519_SIGNATURE_BYTES;

  371.     

  372.     /** Serialization size. */

  373.     static const size_t SER_BYTES = DECAF_EDDSA_25519_PRIVATE_BYTES;

  374.     

  375.     

  376.     /** Create but don't initialize */

  377.     inline explicit PublicKeyBase(const NOINIT&) DECAF_NOEXCEPT : pub_((NOINIT())) { }

  378.     

  379.     /** Read a private key from a string */

  380.     inline explicit PublicKeyBase(const FixedBlock<SER_BYTES> &b) DECAF_NOEXCEPT { *this = b; }

  381.     

  382.     /** Copy constructor */

  383.     inline PublicKeyBase(const PublicKeyBase &k) DECAF_NOEXCEPT { *this = k; }

  384.     

  385.     /** Copy constructor */

  386.     inline explicit PublicKeyBase(const MyPrivateKey &k) DECAF_NOEXCEPT { *this = k; }

  387. 

  388.     /** Assignment from string */

  389.     inline PublicKey &operator=(const FixedBlock<SER_BYTES> &b) DECAF_NOEXCEPT {

  390.         memcpy(pub_.data(),b.data(),b.size());

  391.         return *this;

  392.     }

  393. 

  394.     /** Assignment from private key */

  395.     inline PublicKey &operator=(const PublicKey &p) DECAF_NOEXCEPT {

  396.         return *this = p.pub_;

  397.     }

  398. 

  399.     /** Assignment from private key */

  400.     inline PublicKey &operator=(const MyPrivateKey &p) DECAF_NOEXCEPT {

  401.         return *this = p.pub_;

  402.     }

  403. 

  404.     /** Serialization size. */

  405.     inline size_t ser_size() const DECAF_NOEXCEPT { return SER_BYTES; }

  406.     

  407.     /** Serialize into a buffer. */

  408.     inline void serialize_into(unsigned char *x) const DECAF_NOEXCEPT {

  409.         memcpy(x,pub_.data(), pub_.size());

  410.     }

  411.     

  412.     /** Convert to X format (to be used for key exchange) */

  413.     inline SecureBuffer convert_to_x() const {

  414.         SecureBuffer out(DECAF_X25519_PRIVATE_BYTES);

  415.         decaf_ed25519_convert_public_key_to_x25519(out.data(), pub_.data());

  416.         return out;

  417.     }

  418. }; /* class PublicKey */

  419. 

  420. }; /* template<> struct EdDSA<IsoEd25519> */

  421. 

  422. #undef DECAF_NOEXCEPT

  423. } /* namespace decaf */

  424. 

  425. #endif /* __DECAF_ED255_HXX__ */