Crypto++ 8.9
Free C++ class library of cryptographic schemes
donna.h
Go to the documentation of this file.
1// donna.h - written and placed in public domain by Jeffrey Walton
2// Crypto++ specific implementation wrapped around Andrew
3// Moon's public domain curve25519-donna and ed25519-donna,
4// https://github.com/floodyberry/curve25519-donna and
5// https://github.com/floodyberry/ed25519-donna.
6
7// The curve25519 and ed25519 source files multiplex different repos and
8// architectures using namespaces. The repos are Andrew Moon's
9// curve25519-donna and ed25519-donna. The architectures are 32-bit, 64-bit
10// and SSE. For example, 32-bit x25519 uses symbols from Donna::X25519 and
11// Donna::Arch32.
12
13// If needed, see Moon's commit "Go back to ignoring 256th bit [sic]",
14// https://github.com/floodyberry/curve25519-donna/commit/57a683d18721a658
15
16/// \file donna.h
17/// \details Functions for curve25519 and ed25519 operations
18/// \details This header provides the entry points into Andrew Moon's
19/// curve25519 and ed25519 curve functions. The Crypto++ classes x25519
20/// and ed25519 use the functions. The functions are in the <tt>Donna</tt>
21/// namespace and are curve25519_mult(), ed25519_publickey(),
22/// ed25519_sign() and ed25519_sign_open().
23/// \details At the moment the hash function for signing is fixed at
24/// SHA512.
25
26#ifndef CRYPTOPP_DONNA_H
27#define CRYPTOPP_DONNA_H
28
29#include "config.h"
30#include "cryptlib.h"
31#include "stdcpp.h"
32
33NAMESPACE_BEGIN(CryptoPP)
34NAMESPACE_BEGIN(Donna)
35
36//***************************** curve25519 *****************************//
37
38/// \brief Generate a public key
39/// \param publicKey byte array for the public key
40/// \param secretKey byte array with the private key
41/// \return 0 on success, non-0 otherwise
42/// \details curve25519_mult() generates a public key from an existing
43/// secret key. Internally curve25519_mult() performs a scalar
44/// multiplication using the base point and writes the result to
45/// <tt>pubkey</tt>.
46int curve25519_mult(byte publicKey[32], const byte secretKey[32]);
47
48/// \brief Generate a shared key
49/// \param sharedKey byte array for the shared secret
50/// \param secretKey byte array with the private key
51/// \param othersKey byte array with the peer's public key
52/// \return 0 on success, non-0 otherwise
53/// \details curve25519_mult() generates a shared key from an existing
54/// secret key and the other party's public key. Internally
55/// curve25519_mult() performs a scalar multiplication using the two keys
56/// and writes the result to <tt>sharedKey</tt>.
57int curve25519_mult(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]);
58
59//******************************* ed25519 *******************************//
60
61/// \brief Creates a public key from a secret key
62/// \param publicKey byte array for the public key
63/// \param secretKey byte array with the private key
64/// \return 0 on success, non-0 otherwise
65/// \details ed25519_publickey() generates a public key from a secret key.
66/// Internally ed25519_publickey() performs a scalar multiplication
67/// using the secret key and then writes the result to <tt>publicKey</tt>.
68int ed25519_publickey(byte publicKey[32], const byte secretKey[32]);
69
70/// \brief Creates a signature on a message
71/// \param message byte array with the message
72/// \param messageLength size of the message, in bytes
73/// \param publicKey byte array with the public key
74/// \param secretKey byte array with the private key
75/// \param signature byte array for the signature
76/// \return 0 on success, non-0 otherwise
77/// \details ed25519_sign() generates a signature on a message using
78/// the public and private keys. The various buffers can be exact
79/// sizes, and do not require extra space like when using the
80/// NaCl library functions.
81/// \details At the moment the hash function for signing is fixed at
82/// SHA512.
83int ed25519_sign(const byte* message, size_t messageLength, const byte secretKey[32], const byte publicKey[32], byte signature[64]);
84
85/// \brief Creates a signature on a message
86/// \param stream std::istream derived class
87/// \param publicKey byte array with the public key
88/// \param secretKey byte array with the private key
89/// \param signature byte array for the signature
90/// \return 0 on success, non-0 otherwise
91/// \details ed25519_sign() generates a signature on a message using
92/// the public and private keys. The various buffers can be exact
93/// sizes, and do not require extra space like when using the
94/// NaCl library functions.
95/// \details This ed25519_sign() overload handles large streams. It
96/// was added for signing and verifying files that are too large
97/// for a memory allocation.
98/// \details At the moment the hash function for signing is fixed at
99/// SHA512.
100int ed25519_sign(std::istream& stream, const byte secretKey[32], const byte publicKey[32], byte signature[64]);
101
102/// \brief Verifies a signature on a message
103/// \param message byte array with the message
104/// \param messageLength size of the message, in bytes
105/// \param publicKey byte array with the public key
106/// \param signature byte array with the signature
107/// \return 0 on success, non-0 otherwise
108/// \details ed25519_sign_open() verifies a signature on a message using
109/// the public key. The various buffers can be exact sizes, and do not
110/// require extra space like when using the NaCl library functions.
111/// \details At the moment the hash function for signing is fixed at
112/// SHA512.
113int
114ed25519_sign_open(const byte *message, size_t messageLength, const byte publicKey[32], const byte signature[64]);
115
116/// \brief Verifies a signature on a message
117/// \param stream std::istream derived class
118/// \param publicKey byte array with the public key
119/// \param signature byte array with the signature
120/// \return 0 on success, non-0 otherwise
121/// \details ed25519_sign_open() verifies a signature on a message using
122/// the public key. The various buffers can be exact sizes, and do not
123/// require extra space like when using the NaCl library functions.
124/// \details This ed25519_sign_open() overload handles large streams. It
125/// was added for signing and verifying files that are too large
126/// for a memory allocation.
127/// \details At the moment the hash function for signing is fixed at
128/// SHA512.
129int
130ed25519_sign_open(std::istream& stream, const byte publicKey[32], const byte signature[64]);
131
132//****************************** Internal ******************************//
133
134#ifndef CRYPTOPP_DOXYGEN_PROCESSING
135
136// CRYPTOPP_WORD128_AVAILABLE mostly depends upon GCC support for
137// __SIZEOF_INT128__. If __SIZEOF_INT128__ is not available then Moon
138// provides routines for MSC and GCC. It should cover most platforms,
139// but there are gaps like MS ARM64 and XLC. We tried to enable the
140// 64-bit path for SunCC from 12.5 but we got the dreaded compile
141// error "The operand ___LCM cannot be assigned to".
142
143#if defined(CRYPTOPP_WORD128_AVAILABLE) || \
144 (defined(CRYPTOPP_MSC_VERSION) && defined(_M_X64))
145# define CRYPTOPP_CURVE25519_64BIT 1
146#else
147# define CRYPTOPP_CURVE25519_32BIT 1
148#endif
149
150// Benchmarking on a modern 64-bit Core i5-6400 @2.7 GHz shows SSE2 on Linux
151// is not profitable. Here are the numbers in milliseconds/operation:
152//
153// * Langley, C++, 0.050
154// * Moon, C++: 0.040
155// * Moon, SSE2: 0.061
156// * Moon, native: 0.045
157//
158// However, a modern 64-bit Core i5-3200 @2.5 GHz shows SSE2 is profitable
159// for MS compilers. Here are the numbers in milliseconds/operation:
160//
161// * x86, no SSE2, 0.294
162// * x86, SSE2, 0.097
163// * x64, no SSE2, 0.081
164// * x64, SSE2, 0.071
165
166#if defined(CRYPTOPP_MSC_VERSION) && (CRYPTOPP_SSE2_INTRIN_AVAILABLE)
167# define CRYPTOPP_CURVE25519_SSE2 1
168#endif
169
170#if (CRYPTOPP_CURVE25519_SSE2)
171 extern int curve25519_mult_SSE2(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]);
172#endif
173
174#endif // CRYPTOPP_DOXYGEN_PROCESSING
175
176NAMESPACE_END // Donna
177NAMESPACE_END // CryptoPP
178
179#endif // CRYPTOPP_DONNA_H
Library configuration file.
Abstract base classes that provide a uniform interface to this library.
int ed25519_sign_open(const byte *message, size_t messageLength, const byte publicKey[32], const byte signature[64])
Verifies a signature on a message.
int ed25519_sign(const byte *message, size_t messageLength, const byte secretKey[32], const byte publicKey[32], byte signature[64])
Creates a signature on a message.
int ed25519_publickey(byte publicKey[32], const byte secretKey[32])
Creates a public key from a secret key.
int curve25519_mult(byte publicKey[32], const byte secretKey[32])
Generate a public key.
Crypto++ library namespace.
Common C++ header files.