jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
269 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 64adbd1082
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '64adbd1082'
${ noResults }
ed448goldilocks/src/public_include/decaf/crypto.hxx

217 lines
7.3 KiB
Raw Blame History 

  1. /**

  2.  * @file decaf/crypto.hxx

  3.  * @author Mike Hamburg

  4.  *

  5.  * @copyright

  6.  *   Copyright (c) 2015 Cryptography Research, Inc.  \n

  7.  *   Released under the MIT License.  See LICENSE.txt for license information.

  8.  *

  9.  * @brief Example cryptography using Decaf.

  10.  * @warning FIXME: this is out of sync with crypto_*.h

  11.  */

  12. #ifndef __DECAF_CRYPTO_HXX__

  13. #define __DECAF_CRYPTO_HXX__ 1

  14. 

  15. #include <decaf.hxx>

  16. #include <decaf/shake.hxx>

  17. 

  18. /** @cond internal */

  19. #if __cplusplus >= 201103L

  20. #define NOEXCEPT noexcept

  21. #else

  22. #define NOEXCEPT throw()

  23. #endif

  24. /** @endcond */

  25. 

  26. /* TODO: decide on copy vs reference */

  27. 

  28. namespace decaf {

  29.     

  30. template <typename Group> class PrivateKey;

  31. 

  32. /** @brief A public key using a particular EC group */ 

  33. template <typename Group> class PublicKey : public Serializable<PublicKey<Group> > {

  34. private:

  35.     /** @cond internal */

  36.     friend class PrivateKey<Group>;

  37.     static const size_t CHALLENGE_BYTES = Group::Scalar::SER_BYTES;

  38.     //const typename Group::Point p;

  39.     FixedArrayBuffer<Group::Point::SER_BYTES> ser;

  40.     /** @endcond */

  41. 

  42. public:

  43.     

  44.     /** Create without init */

  45.     PublicKey(NOINIT) : ser(NOINIT()) {}

  46.     

  47.     /** SHAKE instance size for sigs etc */

  48.     static const size_t SHAKE_BITS = 256;

  49.     

  50.     /** Size of a signature */

  51.     static const size_t SIG_BYTES = Group::Point::SER_BYTES + Group::Scalar::SER_BYTES;

  52.     

  53.     /** @brief Set the public key to a point */

  54.     inline explicit PublicKey(const typename Group::Point &p) NOEXCEPT : ser(p.serialize()) {}

  55.     

  56.     /** @brief Get the private key for a given public key */

  57.     inline explicit PublicKey(const PrivateKey<Group> &priv) NOEXCEPT;

  58.     

  59.     /** @brief Read a private key from a string*/

  60.     inline explicit PublicKey(const FixedBlock<Group::Point::SER_BYTES> &b) NOEXCEPT : ser(b) {}

  61.     

  62.     /** @brief Return the corresponding EC point */

  63.     inline typename Group::Point point() const throw(CryptoException) {

  64.         return typename Group::Point(ser);

  65.     }

  66.     

  67.     /** @brief Verify a sig.  TODO: nothrow version? */

  68.     inline void verify_shake(const SHAKE<SHAKE_BITS> &ctx_, const FixedBlock<SIG_BYTES> &sig) throw(CryptoException) {

  69.         SHAKE<SHAKE_BITS> ctx(ctx_);

  70.         ctx << ser << sig.slice(0,Group::Point::SER_BYTES);

  71.         FixedArrayBuffer<CHALLENGE_BYTES> challenge;

  72.         ctx.output(challenge);

  73.         

  74.         typename Group::Scalar response;

  75.         decaf_error_t scalar_OK = Group::Scalar::decode(

  76.             response,

  77.             sig.slice(Group::Point::SER_BYTES, Group::Scalar::SER_BYTES)

  78.         );

  79.             

  80.         const typename Group::Point combo = point().non_secret_combo_with_base(

  81.             typename Group::Scalar(challenge), response

  82.         );

  83.         if (!decaf_successful(scalar_OK)

  84.             || combo != typename Group::Point(sig.slice(0,Group::Point::SER_BYTES)))

  85.            throw CryptoException();

  86.         //return scalar_OK & (combo == typename Group::Point(sig.slice(0,Group::Point::SER_BYTES)));

  87.     }

  88.     

  89.     /** @brief Sign from a message. */

  90.     inline void verify(const Block &message, const FixedBlock<SIG_BYTES> &sig) throw(CryptoException) {

  91.         SHAKE<SHAKE_BITS> ctx;

  92.         ctx << message;

  93.         verify_shake(ctx,sig);

  94.     }

  95.     

  96.     /** @brief Serialize into a buffer. */

  97.     inline void serializeInto(unsigned char *x) const NOEXCEPT {

  98.         memcpy(x,ser.data(),Group::Point::SER_BYTES);

  99.     }

  100.     

  101.     /** @brief Serialize into a buffer. */

  102.     inline size_t serSize() const NOEXCEPT {

  103.         return Group::Point::SER_BYTES;

  104.     }

  105.     

  106.     /** @brief Copy operator */

  107.     inline PublicKey &operator=(const PublicKey &x) NOEXCEPT { ser = x.ser; return *this; }

  108. };

  109. 

  110. /** @brief A private key using a particular EC group */ 

  111. template <typename Group> class PrivateKey : public Serializable<PrivateKey<Group> > {

  112. public:

  113.     /** Size of associated symmetric key */

  114.     static const size_t SYM_BYTES = 32;

  115.     

  116.     /** SHAKE instance size for sigs etc */

  117.     static const size_t SHAKE_BITS = PublicKey<Group>::SHAKE_BITS;

  118.     

  119. private:

  120.     /** @cond internal */

  121.     static const size_t SCALAR_HASH_BYTES = Group::Scalar::SER_BYTES + 8;

  122.     friend class PublicKey<Group>;

  123.     FixedArrayBuffer<SYM_BYTES> sym;

  124.     typename Group::Scalar scalar;

  125.     PublicKey<Group> pub_;

  126.     /** @endcond */

  127.     

  128. public:

  129.     /** @brief Don't initialize */

  130.     inline PrivateKey(const NOINIT &ni) NOEXCEPT : sym(ni), scalar(ni), pub_(ni) {}

  131.         

  132.     /** @brief Construct at random */

  133.     inline PrivateKey(Rng &r) :

  134.         sym(r),

  135.         scalar(SHAKE<SHAKE_BITS>::hash(sym, SCALAR_HASH_BYTES)),

  136.         pub_((Group::Precomputed::base() * scalar).serialize()) {}

  137.         

  138.     /** @brief Construct from buffer */

  139.     inline PrivateKey(const FixedBlock<SYM_BYTES> &sym_) :

  140.         sym(sym_),

  141.         scalar(SHAKE<SHAKE_BITS>::hash(sym, SCALAR_HASH_BYTES)),

  142.         pub_(SecureBuffer(Group::Precomputed::Base * scalar)) {}

  143.         

  144.     /** @brief Compressed representation */

  145.     inline const FixedBlock<SYM_BYTES> &ser_compressed() const NOEXCEPT {

  146.         return sym;

  147.     }

  148.     

  149.     /** @brief Serialize */

  150.     inline size_t serSize() const NOEXCEPT {

  151.         return SYM_BYTES;

  152.     }

  153.     

  154.     /** @brief Serialize */

  155.     inline void serializeInto(unsigned char *target) const NOEXCEPT {

  156.         memcpy(target,sym.data(),serSize());

  157.     }

  158.         

  159.     /** @brief Uncompressed representation */

  160.     inline SecureBuffer ser_uncompressed() const throw(std::bad_alloc) {

  161.         SecureBuffer b(SYM_BYTES + Group::Scalar::SER_BYTES + Group::Point::SER_BYTES);

  162.         Buffer(b).slice(0,SYM_BYTES).assign(sym);

  163.         Buffer(b).slice(SYM_BYTES,Group::Scalar::SER_BYTES).assign(scalar);

  164.         Buffer(b).slice(SYM_BYTES+Group::Scalar::SER_BYTES,Group::Point::SER_BYTES).assign(pub_.ser);

  165.         return b;

  166.     }

  167.     

  168.     /** @brief Sign from a SHAKE context.  TODO: double check random oracle eval of this; destructive version? */

  169.     inline SecureBuffer sign_shake(const SHAKE<SHAKE_BITS> &ctx_) throw(std::bad_alloc) {

  170.         SHAKE<SHAKE_BITS> ctx(ctx_);

  171.         ctx << sym << "decaf_255_sign_shake";

  172.         typename Group::Scalar nonce(ctx.output(SCALAR_HASH_BYTES));

  173.         SecureBuffer g_nonce = (Group::Precomputed::base() * nonce).serialize();

  174.         

  175.         ctx = ctx_;

  176.         ctx << pub_.ser << g_nonce;

  177.         SecureBuffer challenge(ctx.output(PublicKey<Group>::CHALLENGE_BYTES));

  178.         SecureBuffer response((nonce - scalar * typename Group::Scalar(challenge)).serialize());

  179.         

  180.         SecureBuffer ret(PublicKey<Group>::SIG_BYTES);

  181.         Buffer(ret).slice(0,Group::Point::SER_BYTES).assign(g_nonce);

  182.         Buffer(ret).slice(Group::Point::SER_BYTES, Group::Scalar::SER_BYTES).assign(response);

  183.         return ret;

  184.     }

  185.     

  186.     /** @brief Sign from a message. */

  187.     inline SecureBuffer sign(const Block &message) {

  188.         SHAKE<SHAKE_BITS> ctx;

  189.         ctx << message;

  190.         return sign_shake(ctx);

  191.     }

  192.     

  193.     /** @brief Get the corresponding public key */

  194.     inline const PublicKey<Group> &pub() const { return pub_; }

  195.     

  196.     /** @brief Copy operator */

  197.     inline PrivateKey &operator=(const PrivateKey &x) NOEXCEPT {

  198.         sym = x.sym;

  199.         scalar = x.scalar;

  200.         pub_ = x.pub_;

  201.         return *this;

  202.     }

  203. };

  204. 

  205. /** @cond internal */

  206. template <typename Group>

  207. inline PublicKey<Group>::PublicKey(

  208.     const PrivateKey<Group> &priv

  209. ) NOEXCEPT : ser(priv.pub_.ser){}

  210. /** @endcond */

  211. 

  212. #undef NOEXCEPT

  213. } /* namespace decaf */

  214. 

  215. #endif /* __DECAF_CRYPTO_HXX__ */