jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
406 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 638f5560f8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '638f5560f8'
${ noResults }
ed448goldilocks/src/GENERATED/include/decaf/ed448.hxx

414 lines
12 KiB
Raw Blame History 

  1. /**

  2.  * @file decaf/ed448.hxx

  3.  * @author Mike Hamburg

  4.  *

  5.  * @copyright

  6.  *   Copyright (c) 2015-2016 Cryptography Research, Inc.  \n

  7.  *   Released under the MIT License.  See LICENSE.txt for license information.

  8.  *

  9.  *

  10.  *

  11.  * @warning This file was automatically generated in Python.

  12.  * Please do not edit it.

  13.  */

  14. 

  15. #ifndef __DECAF_ED448_HXX__

  16. #define __DECAF_ED448_HXX__ 1

  17. 

  18. /*

  19.  * Example Decaf cyrpto routines, C++ wrapper.

  20.  * @warning These are merely examples, though they ought to be secure.  But real

  21.  * protocols will decide differently on magic numbers, formats, which items to

  22.  * hash, etc.

  23.  * @warning Experimental!  The names, parameter orders etc are likely to change.

  24.  */

  25. 

  26. #include <decaf/eddsa.hxx>

  27. #include <decaf/point_448.hxx>

  28. #include <decaf/ed448.h>

  29. 

  30. #include <decaf/shake.hxx>

  31. #include <decaf/sha512.hxx>

  32. 

  33. /** @cond internal */

  34. #if __cplusplus >= 201103L

  35. #define NOEXCEPT noexcept

  36. #else

  37. #define NOEXCEPT throw()

  38. #endif

  39. /** @endcond */

  40. 

  41. namespace decaf {

  42. 

  43. /** A public key for crypto over some Group */

  44. template <typename Group> struct EdDSA;

  45. 

  46. /** A public key for crypto over Ed448-Goldilocks */

  47. template<> struct EdDSA<Ed448Goldilocks> {

  48. 

  49. /** @cond internal */

  50. template<class CRTP, Prehashed> class Signing;

  51. template<class CRTP, Prehashed> class Verification;

  52. class PublicKeyBase;

  53. class PrivateKeyBase;

  54. typedef class PrivateKeyBase PrivateKey, PrivateKeyPure, PrivateKeyPh;

  55. typedef class PublicKeyBase PublicKey, PublicKeyPure, PublicKeyPh;

  56. /** @endcond */

  57. 

  58. 

  59. #if DECAF_EDDSA_448_NO_CONTEXT

  60. static inline const Block NO_CONTEXT() { return Block(ED448_NO_CONTEXT,0); }

  61. #else

  62. static inline const Block NO_CONTEXT() { return Block(NULL,0); }

  63. #endif

  64. 

  65. /** Prehash context for EdDSA. */

  66. class Prehash : public SHAKE<256> {

  67. private:

  68.     typedef SHAKE<256> Super;

  69.     SecureBuffer context_;

  70.     template<class T, Prehashed Ph> friend class Signing;

  71.     template<class T, Prehashed Ph> friend class Verification;

  72.     

  73.     void init() throw(LengthException) {

  74.         Super::reset();

  75.         

  76.         if (context_.size() > 255) {

  77.             throw LengthException();

  78.         }

  79. 

  80.         decaf_ed448_prehash_init((decaf_shake256_ctx_s *)wrapped);

  81.     }

  82.     

  83. public:

  84.     /** Number of output bytes in prehash */

  85.     static const size_t OUTPUT_BYTES = Super::DEFAULT_OUTPUT_BYTES;

  86.     

  87.     /** Create the prehash */

  88.     Prehash(const Block &context = NO_CONTEXT()) throw(LengthException) {

  89.         context_ = context;

  90.         init();

  91.     }

  92. 

  93.     /** Reset this hash */

  94.     void reset() NOEXCEPT { init(); }

  95.     

  96.     /** Output from this hash */

  97.     SecureBuffer final() throw(std::bad_alloc) {

  98.         SecureBuffer ret = Super::final(OUTPUT_BYTES);

  99.         reset();

  100.         return ret;

  101.     }

  102.     

  103.     /** Output from this hash */

  104.     void final(Buffer &b) throw(LengthException) {

  105.         if (b.size() != OUTPUT_BYTES) throw LengthException();

  106.         Super::final(b);

  107.         reset();

  108.     }

  109. };

  110. 

  111. template<class CRTP, Prehashed ph> class Signing;

  112. 

  113. template<class CRTP> class Signing<CRTP,PREHASHED> {

  114. public:

  115.     /* Sign a prehash context, and reset the context */

  116.     inline SecureBuffer sign_prehashed ( const Prehash &ph ) const /*throw(std::bad_alloc)*/ {

  117.         SecureBuffer out(CRTP::SIG_BYTES);

  118.         decaf_ed448_sign_prehash (

  119.             out.data(),

  120.             ((const CRTP*)this)->priv_.data(),

  121.             ((const CRTP*)this)->pub_.data(),

  122.             (const decaf_ed448_prehash_ctx_s*)ph.wrapped,

  123.             ph.context_.data(),

  124.             ph.context_.size()

  125.         );

  126.         return out;

  127.     }

  128.     

  129.     /* Sign a message using the prehasher */

  130.     inline SecureBuffer sign_with_prehash (

  131.         const Block &message,

  132.         const Block &context = NO_CONTEXT()

  133.     ) const /*throw(LengthException,CryptoException)*/ {

  134.         Prehash ph(context);

  135.         ph += message;

  136.         return sign_prehashed(ph);

  137.     }

  138. };

  139. 

  140. template<class CRTP> class Signing<CRTP,PURE>  {

  141. public:

  142.     /**

  143.      * Sign a message.

  144.      * @param [in] message The message to be signed.

  145.      * @param [in] context A context for the signature; must be at most 255 bytes.

  146.      *

  147.      * @warning It is generally unsafe to use Ed25519 with both prehashed and non-prehashed messages.

  148.      */

  149.     inline SecureBuffer sign (

  150.         const Block &message,

  151.         const Block &context = NO_CONTEXT()

  152.     ) const /* TODO: this exn spec tickles a Clang bug?

  153.              * throw(LengthException, std::bad_alloc)

  154.              */ {

  155.         if (context.size() > 255) {

  156.             throw LengthException();

  157.         }

  158.         

  159.         SecureBuffer out(CRTP::SIG_BYTES);

  160.         decaf_ed448_sign (

  161.             out.data(),

  162.             ((const CRTP*)this)->priv_.data(),

  163.             ((const CRTP*)this)->pub_.data(),

  164.             message.data(),

  165.             message.size(),

  166.             0,

  167.             context.data(),

  168.             context.size()

  169.         );

  170.         return out;

  171.     }

  172. };

  173. 

  174. class PrivateKeyBase

  175.     : public Serializable<PrivateKeyBase>

  176.     , public Signing<PrivateKeyBase,PURE>

  177.     , public Signing<PrivateKeyBase,PREHASHED> {

  178. public:

  179.     typedef class PublicKeyBase MyPublicKey;

  180. private:

  181. /** @cond internal */

  182.     friend class PublicKeyBase;

  183.     friend class Signing<PrivateKey,PURE>;

  184.     friend class Signing<PrivateKey,PREHASHED>;

  185. /** @endcond */

  186.     

  187.     /** The pre-expansion form of the signing key. */

  188.     FixedArrayBuffer<DECAF_EDDSA_448_PRIVATE_BYTES> priv_;

  189.     

  190.     /** The post-expansion public key. */

  191.     FixedArrayBuffer<DECAF_EDDSA_448_PUBLIC_BYTES> pub_;

  192.     

  193. public:

  194.     /** Underlying group */

  195.     typedef Ed448Goldilocks Group;

  196.     

  197.     /** Signature size. */

  198.     static const size_t SIG_BYTES = DECAF_EDDSA_448_SIGNATURE_BYTES;

  199.     

  200.     /** Serialization size. */

  201.     static const size_t SER_BYTES = DECAF_EDDSA_448_PRIVATE_BYTES;

  202.     

  203.     

  204.     /** Create but don't initialize */

  205.     inline explicit PrivateKeyBase(const NOINIT&) NOEXCEPT : priv_((NOINIT())), pub_((NOINIT())) { }

  206.     

  207.     /** Read a private key from a string */

  208.     inline explicit PrivateKeyBase(const FixedBlock<SER_BYTES> &b) NOEXCEPT { *this = b; }

  209.     

  210.     /** Copy constructor */

  211.     inline PrivateKeyBase(const PrivateKey &k) NOEXCEPT { *this = k; }

  212.     

  213.     /** Create at random */

  214.     inline explicit PrivateKeyBase(Rng &r) NOEXCEPT : priv_(r) {

  215.         decaf_ed448_derive_public_key(pub_.data(), priv_.data());

  216.     }

  217.     

  218.     /** Assignment from string */

  219.     inline PrivateKeyBase &operator=(const FixedBlock<SER_BYTES> &b) NOEXCEPT {

  220.         memcpy(priv_.data(),b.data(),b.size());

  221.         decaf_ed448_derive_public_key(pub_.data(), priv_.data());

  222.         return *this;

  223.     }

  224.     

  225.     /** Copy assignment */

  226.     inline PrivateKeyBase &operator=(const PrivateKey &k) NOEXCEPT {

  227.         memcpy(priv_.data(),k.priv_.data(), priv_.size());

  228.         memcpy(pub_.data(),k.pub_.data(), pub_.size());

  229.         return *this;

  230.     }

  231.     

  232.     /** Serialization size. */

  233.     inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }

  234.     

  235.     /** Serialize into a buffer. */

  236.     inline void serialize_into(unsigned char *x) const NOEXCEPT {

  237.         memcpy(x,priv_.data(), priv_.size());

  238.     }

  239.     

  240.     /** Return the corresponding public key */

  241.     inline MyPublicKey pub() const NOEXCEPT {

  242.         MyPublicKey pub(*this);

  243.         return pub;

  244.     }

  245. }; /* class PrivateKey */

  246. 

  247. 

  248. 

  249. template<class CRTP> class Verification<CRTP,PURE> {

  250. public:

  251.     /** Verify a signature, returning DECAF_FAILURE if verification fails */

  252.     inline decaf_error_t WARN_UNUSED verify_noexcept (

  253.         const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,

  254.         const Block &message,

  255.         const Block &context = NO_CONTEXT()

  256.     ) const /*NOEXCEPT*/ {

  257.         if (context.size() > 255) {

  258.             return DECAF_FAILURE;

  259.         }

  260.         

  261.         return decaf_ed448_verify (

  262.             sig.data(),

  263.             ((const CRTP*)this)->pub_.data(),

  264.             message.data(),

  265.             message.size(),

  266.             0,

  267.             context.data(),

  268.             context.size()

  269.         );

  270.     }

  271.     

  272.     /** Verify a signature, throwing an exception if verification fails

  273.      * @param [in] sig The signature.

  274.      * @param [in] message The signed message.

  275.      * @param [in] context A context for the signature; must be at most 255 bytes.

  276.      *

  277.      * @warning It is generally unsafe to use Ed25519 with both prehashed and non-prehashed messages.

  278.      */

  279.     inline void verify (

  280.         const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,

  281.         const Block &message,

  282.         const Block &context = NO_CONTEXT()

  283.     ) const /*throw(LengthException,CryptoException)*/ {

  284.         if (context.size() > 255) {

  285.             throw LengthException();

  286.         }

  287.         

  288.         if (DECAF_SUCCESS != verify_noexcept( sig, message, context )) {

  289.             throw CryptoException();

  290.         }

  291.     }

  292. };

  293. 

  294. 

  295. template<class CRTP> class Verification<CRTP,PREHASHED> {

  296. public:

  297.     /* Verify a prehash context. */

  298.     inline decaf_error_t WARN_UNUSED verify_prehashed_noexcept (

  299.         const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,

  300.         const Prehash &ph

  301.     ) const /*NOEXCEPT*/ {

  302.         return decaf_ed448_verify_prehash (

  303.             sig.data(),

  304.             ((const CRTP*)this)->pub_.data(),

  305.             (const decaf_ed448_prehash_ctx_s*)ph.wrapped,

  306.             ph.context_.data(),

  307.             ph.context_.size()

  308.         );

  309.     }

  310.     

  311.     /* Verify a prehash context. */

  312.     inline void verify_prehashed (

  313.         const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,

  314.         const Prehash &ph

  315.     ) const /*throw(CryptoException)*/ {

  316.         if (DECAF_SUCCESS != decaf_ed448_verify_prehash (

  317.             sig.data(),

  318.             ((const CRTP*)this)->pub_.data(),

  319.             (const decaf_ed448_prehash_ctx_s*)ph.wrapped,

  320.             ph.context_.data(),

  321.             ph.context_.size()

  322.         )) {

  323.             throw CryptoException();

  324.         }

  325.     }

  326.     

  327.     /* Verify a message using the prehasher */

  328.     inline void verify_with_prehash (

  329.         const FixedBlock<DECAF_EDDSA_448_SIGNATURE_BYTES> &sig,

  330.         const Block &message,

  331.         const Block &context = NO_CONTEXT()

  332.     ) const /*throw(LengthException,CryptoException)*/ {

  333.         Prehash ph(context);

  334.         ph += message;

  335.         verify_prehashed(sig,ph);

  336.     }

  337. };

  338. 

  339. 

  340. class PublicKeyBase

  341.     : public Serializable<PublicKeyBase>

  342.     , public Verification<PublicKeyBase,PURE>

  343.     , public Verification<PublicKeyBase,PREHASHED> {

  344. public:

  345.     typedef class PrivateKeyBase MyPrivateKey;

  346.     

  347. private:

  348. /** @cond internal */

  349.     friend class PrivateKeyBase;

  350.     friend class Verification<PublicKey,PURE>;

  351.     friend class Verification<PublicKey,PREHASHED>;

  352. /** @endcond */

  353. 

  354. private:

  355.     /** The pre-expansion form of the signature */

  356.     FixedArrayBuffer<DECAF_EDDSA_448_PUBLIC_BYTES> pub_;

  357.     

  358. public:

  359.     /* PERF FUTURE: Pre-cached decoding? Precomputed table?? */

  360.   

  361.     /** Underlying group */

  362.     typedef Ed448Goldilocks Group;

  363.     

  364.     /** Signature size. */

  365.     static const size_t SIG_BYTES = DECAF_EDDSA_448_SIGNATURE_BYTES;

  366.     

  367.     /** Serialization size. */

  368.     static const size_t SER_BYTES = DECAF_EDDSA_448_PRIVATE_BYTES;

  369.     

  370.     

  371.     /** Create but don't initialize */

  372.     inline explicit PublicKeyBase(const NOINIT&) NOEXCEPT : pub_((NOINIT())) { }

  373.     

  374.     /** Read a private key from a string */

  375.     inline explicit PublicKeyBase(const FixedBlock<SER_BYTES> &b) NOEXCEPT { *this = b; }

  376.     

  377.     /** Copy constructor */

  378.     inline PublicKeyBase(const PublicKeyBase &k) NOEXCEPT { *this = k; }

  379.     

  380.     /** Copy constructor */

  381.     inline explicit PublicKeyBase(const MyPrivateKey &k) NOEXCEPT { *this = k; }

  382. 

  383.     /** Assignment from string */

  384.     inline PublicKey &operator=(const FixedBlock<SER_BYTES> &b) NOEXCEPT {

  385.         memcpy(pub_.data(),b.data(),b.size());

  386.         return *this;

  387.     }

  388. 

  389.     /** Assignment from private key */

  390.     inline PublicKey &operator=(const PublicKey &p) NOEXCEPT {

  391.         return *this = p.pub_;

  392.     }

  393. 

  394.     /** Assignment from private key */

  395.     inline PublicKey &operator=(const MyPrivateKey &p) NOEXCEPT {

  396.         return *this = p.pub_;

  397.     }

  398. 

  399.     /** Serialization size. */

  400.     inline size_t ser_size() const NOEXCEPT { return SER_BYTES; }

  401.     

  402.     /** Serialize into a buffer. */

  403.     inline void serialize_into(unsigned char *x) const NOEXCEPT {

  404.         memcpy(x,pub_.data(), pub_.size());

  405.     }

  406. }; /* class PublicKey */

  407. 

  408. }; /* template<> struct EdDSA<Ed448Goldilocks> */

  409. 

  410. #undef NOEXCEPT

  411. } /* namespace decaf */

  412. 

  413. #endif /* __DECAF_ED448_HXX__ */