File: donna.h

package info (click to toggle)
libcrypto++ 8.2.0-2
  • links: PTS
  • area: main
  • in suites: experimental
  • size: 22,780 kB
  • sloc: cpp: 105,015; sh: 7,353; asm: 5,120; makefile: 316
file content (179 lines) | stat: -rw-r--r-- 8,130 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
// donna.h - written and placed in public domain by Jeffrey Walton
//           Crypto++ specific implementation wrapped around Andrew
//           Moon's public domain curve25519-donna and ed25519-donna,
//           https://github.com/floodyberry/curve25519-donna and
//           https://github.com/floodyberry/ed25519-donna.

// The curve25519 and ed25519 source files multiplex different repos and
// architectures using namespaces. The repos are Andrew Moon's
// curve25519-donna and ed25519-donna. The architectures are 32-bit, 64-bit
// and SSE. For example, 32-bit x25519 uses symbols from Donna::X25519 and
// Donna::Arch32.

// If needed, see Moon's commit "Go back to ignoring 256th bit [sic]",
// https://github.com/floodyberry/curve25519-donna/commit/57a683d18721a658

/// \file donna.h
/// \details Functions for curve25519 and ed25519 operations
/// \details This header provides the entry points into Andrew Moon's
///   curve25519 and ed25519 curve functions. The Crypto++ classes x25519
///   and ed25519 use the functions. The functions are in the <tt>Donna</tt>
///   namespace and are curve25519_mult(), ed25519_publickey(),
///   ed25519_sign() and ed25519_sign_open().
/// \details At the moment the hash function for signing is fixed at
///   SHA512.

#ifndef CRYPTOPP_DONNA_H
#define CRYPTOPP_DONNA_H

#include "cryptlib.h"
#include "stdcpp.h"

NAMESPACE_BEGIN(CryptoPP)
NAMESPACE_BEGIN(Donna)

//***************************** curve25519 *****************************//

/// \brief Generate a public key
/// \param publicKey byte array for the public key
/// \param secretKey byte array with the private key
/// \returns 0 on success, non-0 otherwise
/// \details curve25519_mult() generates a public key from an existing
///   secret key. Internally curve25519_mult() performs a scalar
///   multiplication using the base point and writes the result to
///   <tt>pubkey</tt>.
int curve25519_mult(byte publicKey[32], const byte secretKey[32]);

/// \brief Generate a shared key
/// \param sharedKey byte array for the shared secret
/// \param secretKey byte array with the private key
/// \param othersKey byte array with the peer's public key
/// \returns 0 on success, non-0 otherwise
/// \details curve25519_mult() generates a shared key from an existing
///   secret key and the other party's public key. Internally
///   curve25519_mult() performs a scalar multiplication using the two keys
///   and writes the result to <tt>sharedKey</tt>.
int curve25519_mult(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]);

//******************************* ed25519 *******************************//

/// \brief Creates a public key from a secret key
/// \param publicKey byte array for the public key
/// \param secretKey byte array with the private key
/// \returns 0 on success, non-0 otherwise
/// \details ed25519_publickey() generates a public key from a secret key.
///   Internally ed25519_publickey() performs a scalar multiplication
///   using the secret key and then writes the result to <tt>publicKey</tt>.
int ed25519_publickey(byte publicKey[32], const byte secretKey[32]);

/// \brief Creates a signature on a message
/// \param message byte array with the message
/// \param messageLength size of the message, in bytes
/// \param publicKey byte array with the public key
/// \param secretKey byte array with the private key
/// \param signature byte array for the signature
/// \returns 0 on success, non-0 otherwise
/// \details ed25519_sign() generates a signature on a message using
///   the public and private keys. The various buffers can be exact
///   sizes, and do not require extra space like when using the
///   NaCl library functions.
/// \details At the moment the hash function for signing is fixed at
///   SHA512.
int ed25519_sign(const byte* message, size_t messageLength, const byte secretKey[32], const byte publicKey[32], byte signature[64]);

/// \brief Creates a signature on a message
/// \param stream std::istream derived class
/// \param publicKey byte array with the public key
/// \param secretKey byte array with the private key
/// \param signature byte array for the signature
/// \returns 0 on success, non-0 otherwise
/// \details ed25519_sign() generates a signature on a message using
///   the public and private keys. The various buffers can be exact
///   sizes, and do not require extra space like when using the
///   NaCl library functions.
/// \details This ed25519_sign() overload handles large streams. It
///   was added for signing and verifying files that are too large
///   for a memory allocation.
/// \details At the moment the hash function for signing is fixed at
///   SHA512.
int ed25519_sign(std::istream& stream, const byte secretKey[32], const byte publicKey[32], byte signature[64]);

/// \brief Verifies a signature on a message
/// \param message byte array with the message
/// \param messageLength size of the message, in bytes
/// \param publicKey byte array with the public key
/// \param signature byte array with the signature
/// \returns 0 on success, non-0 otherwise
/// \details ed25519_sign_open() verifies a signature on a message using
///   the public key. The various buffers can be exact sizes, and do not
///   require extra space like when using the NaCl library functions.
/// \details At the moment the hash function for signing is fixed at
///   SHA512.
int
ed25519_sign_open(const byte *message, size_t messageLength, const byte publicKey[32], const byte signature[64]);

/// \brief Verifies a signature on a message
/// \param stream std::istream derived class
/// \param publicKey byte array with the public key
/// \param signature byte array with the signature
/// \returns 0 on success, non-0 otherwise
/// \details ed25519_sign_open() verifies a signature on a message using
///   the public key. The various buffers can be exact sizes, and do not
///   require extra space like when using the NaCl library functions.
/// \details This ed25519_sign_open() overload handles large streams. It
///   was added for signing and verifying files that are too large
///   for a memory allocation.
/// \details At the moment the hash function for signing is fixed at
///   SHA512.
int
ed25519_sign_open(std::istream& stream, const byte publicKey[32], const byte signature[64]);

//****************************** Internal ******************************//

#ifndef CRYPTOPP_DOXYGEN_PROCESSING

// CRYPTOPP_WORD128_AVAILABLE mostly depends upon GCC support for
// __SIZEOF_INT128__. If __SIZEOF_INT128__ is not available then Moon
// provides routines for MSC and GCC. It should cover most platforms,
// but there are gaps like MS ARM64 and XLC. We tried to enable the
// 64-bit path for SunCC from 12.5 but we got the dreaded compile
// error "The operand ___LCM cannot be assigned to".

#if defined(CRYPTOPP_WORD128_AVAILABLE) || \
   (defined(_MSC_VER) && defined(_M_X64)) || \
   (defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__)))
# define CRYPTOPP_CURVE25519_64BIT 1
#else
# define CRYPTOPP_CURVE25519_32BIT 1
#endif

// Benchmarking on a modern 64-bit Core i5-6400 @2.7 GHz shows SSE2 on Linux
// is not profitable. Here are the numbers in milliseconds/operation:
//
//   * Langley, C++, 0.050
//   * Moon, C++: 0.040
//   * Moon, SSE2: 0.061
//   * Moon, native: 0.045
//
// However, a modern 64-bit Core i5-3200 @2.5 GHz shows SSE2 is profitable
// for MS compilers. Here are the numbers in milliseconds/operation:
//
//   * x86, no SSE2, 0.294
//   * x86, SSE2, 0.097
//   * x64, no SSE2, 0.081
//   * x64, SSE2, 0.071

#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE) && defined(_MSC_VER)
# define CRYPTOPP_CURVE25519_SSE2 1
#endif

#if (CRYPTOPP_CURVE25519_SSE2)
  extern int curve25519_mult_SSE2(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]);
#endif

#endif  // CRYPTOPP_DOXYGEN_PROCESSING

NAMESPACE_END  // Donna
NAMESPACE_END  // CryptoPP

#endif  // CRYPTOPP_DONNA_H