|
Arduino Cryptography Library
|
Elliptic curve operations with the NIST P-521 curve. More...
#include <P521.h>
Static Public Member Functions | |
| static bool | eval (uint8_t result[132], const uint8_t f[66], const uint8_t point[132]) |
| Evaluates the curve function. More... | |
| static void | dh1 (uint8_t k[132], uint8_t f[66]) |
| Performs phase 1 of an ECDH key exchange using P-521. More... | |
| static bool | dh2 (const uint8_t k[132], uint8_t f[66]) |
| Performs phase 2 of an ECDH key exchange using P-521. More... | |
| static void | sign (uint8_t signature[132], const uint8_t privateKey[66], const void *message, size_t len, Hash *hash=0) |
| Signs a message using a specific P-521 private key. More... | |
| static bool | verify (const uint8_t signature[132], const uint8_t publicKey[132], const void *message, size_t len, Hash *hash=0) |
| Verifies a signature using a specific P-521 public key. More... | |
| static void | generatePrivateKey (uint8_t privateKey[66]) |
| Generates a private key for P-521 signing operations. More... | |
| static void | derivePublicKey (uint8_t publicKey[132], const uint8_t privateKey[66]) |
| Derives the public key from a private key for P-521 signing operations. More... | |
| static bool | isValidPrivateKey (const uint8_t privateKey[66]) |
| Validates a private key value to ensure that it is between 1 and q - 1. More... | |
| static bool | isValidPublicKey (const uint8_t publicKey[132]) |
| Validates a public key to ensure that it is a valid curve point. More... | |
| static bool | isValidCurvePoint (const uint8_t point[132]) |
| Validates a point to ensure that it is on the curve. More... | |
Elliptic curve operations with the NIST P-521 curve.
This class supports both ECDH key exchange and ECDSA signatures.
References: NIST FIPS 186-4, RFC 6090, RFC 6979, RFC 5903
|
static |
Derives the public key from a private key for P-521 signing operations.
| publicKey | The public key. |
| privateKey | The private key, which is assumed to have been created by generatePrivateKey(). |
|
static |
Performs phase 1 of an ECDH key exchange using P-521.
| k | The key value to send to the other party as part of the exchange. |
| f | The generated secret value for this party. This must not be transmitted to any party or stored in permanent storage. It only needs to be kept in memory until dh2() is called. |
The f value is generated with RNG.rand(). It is the caller's responsibility to ensure that the global random number pool has sufficient entropy to generate the 66 bytes of f safely before calling this function.
The following example demonstrates how to perform a full ECDH key exchange using dh1() and dh2():
Reference: RFC 6090
|
static |
Performs phase 2 of an ECDH key exchange using P-521.
| k | The public key value that was received from the other party as part of the exchange. |
| f | On entry, this is the secret value for this party that was generated by dh1(). On exit, this will be the shared secret. |
Reference: RFC 6090
|
static |
Evaluates the curve function.
| result | The result of applying the curve function, which consists of the x and y values of the result point encoded in big-endian order. |
| f | The scalar value to multiply by point to create the result. This is assumed to be be a 521-bit number in big-endian order. |
| point | The curve point to multiply consisting of the x and y values encoded in big-endian order. If point is NULL, then the generator Gx and Gy values for the curve will be used instead. |
This function provides access to the raw curve operation for testing purposes. Normally an application would use a higher-level function like dh1(), dh2(), sign(), or verify().
|
static |
Generates a private key for P-521 signing operations.
| privateKey | The resulting private key. |
The private key is generated with RNG.rand(). It is the caller's responsibility to ensure that the global random number pool has sufficient entropy to generate the 521 bits of the key safely before calling this function.
|
inlinestatic |
Validates a point to ensure that it is on the curve.
| point | The point to validate. |
This is a convenience function that calls isValidPublicKey() as the two operations are equivalent.
|
static |
Validates a private key value to ensure that it is between 1 and q - 1.
| privateKey | The private key value to validate. |
|
static |
Validates a public key to ensure that it is a valid curve point.
| publicKey | The public key value to validate. |
|
static |
Signs a message using a specific P-521 private key.
| signature | The signature value. |
| privateKey | The private key to use to sign the message. |
| message | Points to the message to be signed. |
| len | The length of the message to be signed. |
| hash | The hash algorithm to use to hash the message before signing. If hash is NULL, then the message is assumed to already be a hash value from some previous process. |
This function generates deterministic ECDSA signatures according to RFC 6979. The hash function is used to generate the k value for the signature. If hash is NULL, then SHA512 is used. The hash object must be capable of HMAC mode.
The length of the hashed message must be less than or equal to 64 bytes in size. Longer messages will be truncated to 64 bytes.
References: RFC 6090, RFC 6979
|
static |
Verifies a signature using a specific P-521 public key.
| signature | The signature value to be verified. |
| publicKey | The public key to use to verify the signature. |
| message | The message whose signature is to be verified. |
| len | The length of the message to be verified. |
| hash | The hash algorithm to use to hash the message before verification. If hash is NULL, then the message is assumed to already be a hash value from some previous process. |
The length of the hashed message must be less than or equal to 64 bytes in size. Longer messages will be truncated to 64 bytes.
1.9.1