Crypto++  8.2
Free C++ class library of cryptographic schemes
Public Member Functions | Static Public Attributes | List of all members
ed25519PrivateKey Struct Reference

Ed25519 private key. More...

+ Inheritance diagram for ed25519PrivateKey:

Public Member Functions

bool Validate (RandomNumberGenerator &rng, unsigned int level) const
 Check this object for errors. More...
 
bool GetVoidValue (const char *name, const std::type_info &valueType, void *pValue) const
 Get a named value. More...
 
void AssignFrom (const NameValuePairs &source)
 Assign values to this object. More...
 
OID GetAlgorithmID () const
 Retrieves the OID of the algorithm. More...
 
void Save (BufferedTransformation &bt) const
 DER encode ASN.1 object. More...
 
void Save (BufferedTransformation &bt, bool v1) const
 DER encode ASN.1 object. More...
 
void Load (BufferedTransformation &bt)
 BER decode ASN.1 object. More...
 
void MakePublicKey (PublicKey &pub) const
 Initializes a public key from this key. More...
 
void BERDecode (BufferedTransformation &bt)
 Decode this object from a BufferedTransformation. More...
 
void DEREncode (BufferedTransformation &bt) const
 Encode this object into a BufferedTransformation. More...
 
void BERDecodePrivateKey (BufferedTransformation &bt, bool parametersPresent, size_t size)
 Decode privateKey part of privateKeyInfo. More...
 
void DEREncodePrivateKey (BufferedTransformation &bt) const
 Encode privateKey part of privateKeyInfo. More...
 
void DEREncode (BufferedTransformation &bt, int version) const
 DER encode ASN.1 object. More...
 
void BERDecodeAndCheckAlgorithmID (BufferedTransformation &bt)
 Determine if OID is valid for this object. More...
 
void GenerateRandom (RandomNumberGenerator &rng, const NameValuePairs &params)
 Generate a random key or crypto parameters. More...
 
void SetPrivateExponent (const byte x[SECRET_KEYLENGTH])
 
void SetPrivateExponent (const Integer &x)
 
const IntegerGetPrivateExponent () const
 
bool IsSmallOrder (const byte y[PUBLIC_KEYLENGTH]) const
 Test if a key has small order. More...
 
const byte * GetPrivateKeyBytePtr () const
 Retrieve private key byte array. More...
 
const byte * GetPublicKeyBytePtr () const
 Retrieve public key byte array. More...
 
- Public Member Functions inherited from PKCS8PrivateKey
virtual bool BERDecodeAlgorithmParameters (BufferedTransformation &bt)
 Decode optional parameters. More...
 
virtual bool DEREncodeAlgorithmParameters (BufferedTransformation &bt) const
 Encode optional parameters. More...
 
virtual void BERDecodeOptionalAttributes (BufferedTransformation &bt)
 Decode optional attributes. More...
 
virtual void DEREncodeOptionalAttributes (BufferedTransformation &bt) const
 Encode optional attributes. More...
 
- Public Member Functions inherited from ASN1CryptoMaterial< PrivateKey >
void Save (BufferedTransformation &bt) const
 DER encode ASN.1 object. More...
 
void Load (BufferedTransformation &bt)
 BER decode ASN.1 object. More...
 
- Public Member Functions inherited from ASN1Object
virtual void BEREncode (BufferedTransformation &bt) const
 Encode this object into a BufferedTransformation. More...
 
- Public Member Functions inherited from GeneratableCryptoMaterial
void GenerateRandomWithKeySize (RandomNumberGenerator &rng, unsigned int keySize)
 Generate a random key or crypto parameters. More...
 
- Public Member Functions inherited from CryptoMaterial
virtual void ThrowIfInvalid (RandomNumberGenerator &rng, unsigned int level) const
 Check this object for errors. More...
 
virtual bool SupportsPrecomputation () const
 Determines whether the object supports precomputation. More...
 
virtual void Precompute (unsigned int precomputationStorage)
 Perform precomputation. More...
 
virtual void LoadPrecomputation (BufferedTransformation &storedPrecomputation)
 Retrieve previously saved precomputation. More...
 
virtual void SavePrecomputation (BufferedTransformation &storedPrecomputation) const
 Save precomputation for later use. More...
 
void DoQuickSanityCheck () const
 Perform a quick sanity check. More...
 
- Public Member Functions inherited from NameValuePairs
template<class T >
bool GetThisObject (T &object) const
 Get a copy of this object or subobject. More...
 
template<class T >
bool GetThisPointer (T *&ptr) const
 Get a pointer to this object. More...
 
template<class T >
bool GetValue (const char *name, T &value) const
 Get a named value. More...
 
template<class T >
GetValueWithDefault (const char *name, T defaultValue) const
 Get a named value. More...
 
CRYPTOPP_DLL std::string GetValueNames () const
 Get a list of value names that can be retrieved. More...
 
CRYPTOPP_DLL bool GetIntValue (const char *name, int &value) const
 Get a named value with type int. More...
 
CRYPTOPP_DLL int GetIntValueWithDefault (const char *name, int defaultValue) const
 Get a named value with type int, with default. More...
 
CRYPTOPP_DLL bool GetWord64Value (const char *name, word64 &value) const
 Get a named value with type word64. More...
 
CRYPTOPP_DLL word64 GetWord64ValueWithDefault (const char *name, word64 defaultValue) const
 Get a named value with type word64, with default. More...
 
template<class T >
void GetRequiredParameter (const char *className, const char *name, T &value) const
 Retrieves a required name/value pair. More...
 
CRYPTOPP_DLL void GetRequiredIntParameter (const char *className, const char *name, int &value) const
 Retrieves a required name/value pair. More...
 

Static Public Attributes

static const int SECRET_KEYLENGTH = 32
 Size of the private key. More...
 
static const int PUBLIC_KEYLENGTH = 32
 Size of the public key. More...
 
static const int SIGNATURE_LENGTH = 64
 Size of the siganture. More...
 

Additional Inherited Members

- Static Public Member Functions inherited from NameValuePairs
static CRYPTOPP_DLL void CRYPTOPP_API ThrowIfTypeMismatch (const char *name, const std::type_info &stored, const std::type_info &retrieving)
 Ensures an expected name and type is present. More...
 

Detailed Description

Ed25519 private key.

ed25519PrivateKey is somewhat of a hack. It needed to provide DL_PrivateKey interface to fit into the existing framework, but it lacks a lot of the internals of a true DL_PrivateKey. The missing pieces include GroupParameters and Point, which provide the low level field operations found in traditional implementations like NIST curves over prime and binary fields.

ed25519PrivateKey is also unusual because the class members of interest are byte arrays and not Integers. In addition, the byte arrays are little-endian meaning LSB is at element 0 and the MSB is at element 31. If you call GetPrivateExponent() then the little-endian byte array is converted to a big-endian Integer() so it can be returned the way a caller expects. And calling SetPrivateExponent perfoms a similar internal conversion.

Since
Crypto++ 8.0

Definition at line 355 of file xed25519.h.

Member Function Documentation

◆ Validate()

bool ed25519PrivateKey::Validate ( RandomNumberGenerator rng,
unsigned int  level 
) const
virtual

Check this object for errors.

Parameters
rnga RandomNumberGenerator for objects which use randomized testing
levelthe level of thoroughness
Returns
true if the tests succeed, false otherwise

There are four levels of thoroughness:

  • 0 - using this object won't cause a crash or exception
  • 1 - this object will probably function, and encrypt, sign, other operations correctly
  • 2 - ensure this object will function correctly, and perform reasonable security checks
  • 3 - perform reasonable security checks, and do checks that may take a long time

Level 0 does not require a RandomNumberGenerator. A NullRNG() can be used for level 0. Level 1 may not check for weak keys and such. Levels 2 and 3 are recommended.

See also
ThrowIfInvalid()

Implements CryptoMaterial.

Definition at line 387 of file xed25519.cpp.

◆ GetVoidValue()

bool ed25519PrivateKey::GetVoidValue ( const char *  name,
const std::type_info &  valueType,
void *  pValue 
) const
virtual

Get a named value.

Parameters
namethe name of the object or value to retrieve
valueTypereference to a variable that receives the value
pValuevoid pointer to a variable that receives the value
Returns
true if the value was retrieved, false otherwise

GetVoidValue() retrieves the value of name if it exists.

Note
GetVoidValue() is an internal function and should be implemented by derived classes. Users should use one of the other functions instead.
See also
GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), GetRequiredParameter() and GetRequiredIntParameter()

Implements NameValuePairs.

Definition at line 407 of file xed25519.cpp.

◆ AssignFrom()

void ed25519PrivateKey::AssignFrom ( const NameValuePairs source)
virtual

Assign values to this object.

This function can be used to create a public key from a private key.

Implements CryptoMaterial.

Definition at line 436 of file xed25519.cpp.

◆ GetAlgorithmID()

OID ed25519PrivateKey::GetAlgorithmID ( ) const
inlinevirtual

Retrieves the OID of the algorithm.

Returns
OID of the algorithm

Implements PKCS8PrivateKey.

Definition at line 375 of file xed25519.h.

◆ Save() [1/2]

void ed25519PrivateKey::Save ( BufferedTransformation bt) const
inlinevirtual

DER encode ASN.1 object.

Parameters
btBufferedTransformation object

Save() will write the OID associated with algorithm or scheme. In the case of public and private keys, this function writes the subjectPubicKeyInfo parts.

The default OID is from RFC 8410 using id-Ed25519. The default private key format is RFC 5208, which is the old format. The old format provides the best interop, and keys will work with OpenSSL.

See also
RFC 5958, Asymmetric Key Packages

Reimplemented from CryptoMaterial.

Definition at line 390 of file xed25519.h.

◆ Save() [2/2]

void ed25519PrivateKey::Save ( BufferedTransformation bt,
bool  v1 
) const
inline

DER encode ASN.1 object.

Parameters
btBufferedTransformation object
v1flag indicating v1

Save() will write the OID associated with algorithm or scheme. In the case of public and private keys, this function writes the subjectPubicKeyInfo parts.

The default OID is from RFC 8410 using id-Ed25519. The default private key format is RFC 5208.

v1 means INTEGER 0 is written. INTEGER 0 means RFC 5208 format, which is the old format. The old format provides the best interop, and keys will work with OpenSSL. The other option uses INTEGER 1. INTEGER 1 means RFC 5958 format, which is the new format.

See also
RFC 5958, Asymmetric Key Packages

Definition at line 409 of file xed25519.h.

◆ Load()

void ed25519PrivateKey::Load ( BufferedTransformation bt)
inlinevirtual

BER decode ASN.1 object.

Parameters
btBufferedTransformation object
See also
RFC 5958, Asymmetric Key Packages

Reimplemented from CryptoMaterial.

Definition at line 417 of file xed25519.h.

◆ MakePublicKey()

void ed25519PrivateKey::MakePublicKey ( PublicKey pub) const

Initializes a public key from this key.

Parameters
pubreference to a public key

Definition at line 474 of file xed25519.cpp.

◆ BERDecode()

void ed25519PrivateKey::BERDecode ( BufferedTransformation bt)
virtual

Decode this object from a BufferedTransformation.

Parameters
btBufferedTransformation object

Uses Basic Encoding Rules (BER)

Reimplemented from PKCS8PrivateKey.

Definition at line 496 of file xed25519.cpp.

◆ DEREncode() [1/2]

void ed25519PrivateKey::DEREncode ( BufferedTransformation bt) const
inlinevirtual

Encode this object into a BufferedTransformation.

Parameters
btBufferedTransformation object

Uses Distinguished Encoding Rules (DER)

Reimplemented from PKCS8PrivateKey.

Definition at line 427 of file xed25519.h.

◆ BERDecodePrivateKey()

void ed25519PrivateKey::BERDecodePrivateKey ( BufferedTransformation bt,
bool  parametersPresent,
size_t  size 
)
virtual

Decode privateKey part of privateKeyInfo.

Parameters
btBufferedTransformation object
parametersPresentflag indicating if algorithm parameters are present
sizenumber of octets to read for the parameters, in bytes

BERDecodePrivateKey() the decodes privateKey part of privateKeyInfo, without the OCTET STRING header.

When parametersPresent = true then BERDecodePrivateKey() calls BERDecodeAlgorithmParameters() to parse algorithm parameters.

See also
BERDecodeAlgorithmParameters

Implements PKCS8PrivateKey.

Definition at line 567 of file xed25519.cpp.

◆ DEREncodePrivateKey()

void ed25519PrivateKey::DEREncodePrivateKey ( BufferedTransformation bt) const
virtual

Encode privateKey part of privateKeyInfo.

Parameters
btBufferedTransformation object

DEREncodePrivateKey() encodes the privateKey part of privateKeyInfo, without the OCTET STRING header.

See also
DEREncodeAlgorithmParameters

Implements PKCS8PrivateKey.

Definition at line 588 of file xed25519.cpp.

◆ DEREncode() [2/2]

void ed25519PrivateKey::DEREncode ( BufferedTransformation bt,
int  version 
) const

DER encode ASN.1 object.

Parameters
btBufferedTransformation object
versionindicates version

DEREncode() will write the OID associated with algorithm or scheme. In the case of public and private keys, this function writes the subjectPubicKeyInfo parts.

The default OID is from RFC 8410 using id-X25519. The default private key format is RFC 5208.

The value of version is written as the INTEGER. INTEGER 0 means RFC 5208 format, which is the old format. The old format provides the best interop, and keys will work with OpenSSL. The INTEGER 1 means RFC 5958 format, which is the new format.

Definition at line 540 of file xed25519.cpp.

◆ BERDecodeAndCheckAlgorithmID()

void ed25519PrivateKey::BERDecodeAndCheckAlgorithmID ( BufferedTransformation bt)

Determine if OID is valid for this object.

BERDecodeAndCheckAlgorithmID() parses the OID from bt and determines if it valid for this object. The problem in practice is there are multiple OIDs available to denote curve25519 operations. The OIDs include an old GNU OID used by SSH, OIDs specified in draft-josefsson-pkix-newcurves, and OIDs specified in draft-ietf-curdle-pkix.

By default BERDecodeAndCheckAlgorithmID() accepts an OID set by the user, ASN1::curve25519() and ASN1::Ed25519(). ASN1::curve25519() is generic and says "this key is valid for curve25519 operations". ASN1::Ed25519() is specific and says "this key is valid for ed25519 signing."

Definition at line 481 of file xed25519.cpp.

◆ GenerateRandom()

void ed25519PrivateKey::GenerateRandom ( RandomNumberGenerator rng,
const NameValuePairs params = g_nullNameValuePairs 
)
virtual

Generate a random key or crypto parameters.

Parameters
rnga RandomNumberGenerator to produce keying material
paramsadditional initialization parameters
Exceptions
KeyingErrif a key can't be generated or algorithm parameters are invalid

If a derived class does not override GenerateRandom(), then the base class throws NotImplemented.

Reimplemented from GeneratableCryptoMaterial.

Definition at line 463 of file xed25519.cpp.

◆ IsSmallOrder()

bool ed25519PrivateKey::IsSmallOrder ( const byte  y[PUBLIC_KEYLENGTH]) const

Test if a key has small order.

Parameters
ypublic key

Definition at line 382 of file xed25519.cpp.

◆ GetPrivateKeyBytePtr()

const byte* ed25519PrivateKey::GetPrivateKeyBytePtr ( ) const
inline

Retrieve private key byte array.

Returns
the private key byte array

GetPrivateKeyBytePtr() is used by signing code to call ed25519_sign.

Definition at line 472 of file xed25519.h.

◆ GetPublicKeyBytePtr()

const byte* ed25519PrivateKey::GetPublicKeyBytePtr ( ) const
inline

Retrieve public key byte array.

Returns
the public key byte array

GetPublicKeyBytePtr() is used by signing code to call ed25519_sign.

Definition at line 479 of file xed25519.h.

Member Data Documentation

◆ SECRET_KEYLENGTH

const int ed25519PrivateKey::SECRET_KEYLENGTH = 32
static

Size of the private key.

SECRET_KEYLENGTH is the size of the private key, in bytes.

Definition at line 359 of file xed25519.h.

◆ PUBLIC_KEYLENGTH

const int ed25519PrivateKey::PUBLIC_KEYLENGTH = 32
static

Size of the public key.

PUBLIC_KEYLENGTH is the size of the public key, in bytes.

Definition at line 362 of file xed25519.h.

◆ SIGNATURE_LENGTH

const int ed25519PrivateKey::SIGNATURE_LENGTH = 64
static

Size of the siganture.

SIGNATURE_LENGTH is the size of the signature, in bytes. ed25519 is a DL-based signature scheme. The signature is the concatenation of r || s.

Definition at line 367 of file xed25519.h.


The documentation for this struct was generated from the following files: