diff --git a/crypto/src/crypto/agreement/X25519Agreement.cs b/crypto/src/crypto/agreement/X25519Agreement.cs
index b4d2e0e87..9c13d0445 100644
--- a/crypto/src/crypto/agreement/X25519Agreement.cs
+++ b/crypto/src/crypto/agreement/X25519Agreement.cs
@@ -4,21 +4,39 @@
namespace Org.BouncyCastle.Crypto.Agreement
{
+ ///
+ /// X25519 (RFC 7748) Diffie-Hellman raw agreement. Init takes the local
+ /// ;
+ /// writes the 32-byte shared secret derived against the peer's
+ /// .
+ ///
public sealed class X25519Agreement
: IRawAgreement
{
private X25519PrivateKeyParameters m_privateKey;
+ /// Capture the local private key used for subsequent agreements.
+ /// If is not an
+ /// .
public void Init(ICipherParameters parameters)
{
m_privateKey = (X25519PrivateKeyParameters)parameters;
}
+ /// Length in bytes of the shared secret produced by the agreement (32).
public int AgreementSize
{
get { return X25519PrivateKeyParameters.SecretSize; }
}
+ ///
+ /// Perform the agreement against and write the shared secret into
+ /// starting at .
+ ///
+ /// If is not an
+ /// .
+ /// If the agreement produces an all-zero secret
+ /// (degenerate peer key).
public void CalculateAgreement(ICipherParameters publicKey, byte[] buf, int off)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -29,6 +47,7 @@ public void CalculateAgreement(ICipherParameters publicKey, byte[] buf, int off)
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ /// Span-based overload of .
public void CalculateAgreement(ICipherParameters publicKey, Span buf)
{
m_privateKey.GenerateSecret((X25519PublicKeyParameters)publicKey, buf);
diff --git a/crypto/src/crypto/agreement/X448Agreement.cs b/crypto/src/crypto/agreement/X448Agreement.cs
index 6b91603b5..dfec71e33 100644
--- a/crypto/src/crypto/agreement/X448Agreement.cs
+++ b/crypto/src/crypto/agreement/X448Agreement.cs
@@ -4,21 +4,39 @@
namespace Org.BouncyCastle.Crypto.Agreement
{
+ ///
+ /// X448 (RFC 7748) Diffie-Hellman raw agreement. Init takes the local
+ /// ;
+ /// writes the 56-byte shared secret derived against the peer's
+ /// .
+ ///
public sealed class X448Agreement
: IRawAgreement
{
private X448PrivateKeyParameters m_privateKey;
+ /// Capture the local private key used for subsequent agreements.
+ /// If is not an
+ /// .
public void Init(ICipherParameters parameters)
{
m_privateKey = (X448PrivateKeyParameters)parameters;
}
+ /// Length in bytes of the shared secret produced by the agreement (56).
public int AgreementSize
{
get { return X448PrivateKeyParameters.SecretSize; }
}
+ ///
+ /// Perform the agreement against and write the shared secret into
+ /// starting at .
+ ///
+ /// If is not an
+ /// .
+ /// If the agreement produces an all-zero secret
+ /// (degenerate peer key).
public void CalculateAgreement(ICipherParameters publicKey, byte[] buf, int off)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
@@ -29,6 +47,7 @@ public void CalculateAgreement(ICipherParameters publicKey, byte[] buf, int off)
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ /// Span-based overload of .
public void CalculateAgreement(ICipherParameters publicKey, Span buf)
{
m_privateKey.GenerateSecret((X448PublicKeyParameters)publicKey, buf);
diff --git a/crypto/src/crypto/signers/Ed25519Signer.cs b/crypto/src/crypto/signers/Ed25519Signer.cs
index 450eb2913..f48bd537f 100644
--- a/crypto/src/crypto/signers/Ed25519Signer.cs
+++ b/crypto/src/crypto/signers/Ed25519Signer.cs
@@ -6,6 +6,11 @@
namespace Org.BouncyCastle.Crypto.Signers
{
+ ///
+ /// Pure Ed25519 (RFC 8032) signature primitive. Buffers the message via the streaming
+ /// surface and dispatches it to the curve routines on finalisation; no
+ /// context is permitted.
+ ///
public class Ed25519Signer
: ISigner
{
@@ -15,15 +20,23 @@ public class Ed25519Signer
private Ed25519PrivateKeyParameters privateKey;
private Ed25519PublicKeyParameters publicKey;
+ /// Construct an uninitialised pure-Ed25519 signer; call before use.
public Ed25519Signer()
{
}
+ ///
public virtual string AlgorithmName
{
get { return "Ed25519"; }
}
+ ///
+ /// Initialise for signing (private key) or verification (public key).
+ ///
+ /// If is not an
+ /// (signing) or
+ /// (verification).
public virtual void Init(bool forSigning, ICipherParameters parameters)
{
this.forSigning = forSigning;
@@ -42,25 +55,32 @@ public virtual void Init(bool forSigning, ICipherParameters parameters)
Reset();
}
+ ///
public virtual void Update(byte b)
{
buffer.WriteByte(b);
}
+ ///
public virtual void BlockUpdate(byte[] buf, int off, int len)
{
buffer.Write(buf, off, len);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ ///
public virtual void BlockUpdate(ReadOnlySpan input)
{
buffer.Write(input);
}
#endif
+ /// Length in bytes of an Ed25519 signature (64).
public virtual int GetMaxSignatureSize() => Ed25519.SignatureSize;
+ /// Finalise the buffered message and produce the signature. Buffer is reset on return.
+ /// If the signer was initialised for verification,
+ /// not signing.
public virtual byte[] GenerateSignature()
{
if (!forSigning || null == privateKey)
@@ -69,6 +89,14 @@ public virtual byte[] GenerateSignature()
return buffer.GenerateSignature(privateKey);
}
+ ///
+ /// Finalise the buffered message and verify . Buffer is reset on
+ /// return.
+ ///
+ /// true if the signature is valid for the accumulated message and bound public
+ /// key; otherwise false.
+ /// If the signer was initialised for signing, not
+ /// verification.
public virtual bool VerifySignature(byte[] signature)
{
if (forSigning || null == publicKey)
@@ -77,6 +105,7 @@ public virtual bool VerifySignature(byte[] signature)
return buffer.VerifySignature(publicKey, signature);
}
+ /// Clear and rewind the buffered message.
public virtual void Reset()
{
buffer.Reset();
diff --git a/crypto/src/crypto/signers/Ed25519ctxSigner.cs b/crypto/src/crypto/signers/Ed25519ctxSigner.cs
index af813be32..18424f1f0 100644
--- a/crypto/src/crypto/signers/Ed25519ctxSigner.cs
+++ b/crypto/src/crypto/signers/Ed25519ctxSigner.cs
@@ -6,6 +6,10 @@
namespace Org.BouncyCastle.Crypto.Signers
{
+ ///
+ /// Ed25519ctx (RFC 8032 §5.1) signature primitive: pure Ed25519 with a domain-separation context
+ /// of up to 255 bytes captured at construction.
+ ///
public class Ed25519ctxSigner
: ISigner
{
@@ -16,6 +20,11 @@ public class Ed25519ctxSigner
private Ed25519PrivateKeyParameters privateKey;
private Ed25519PublicKeyParameters publicKey;
+ ///
+ /// Construct an Ed25519ctx signer bound to the supplied . The context
+ /// bytes are cloned so the caller may mutate the array afterwards.
+ ///
+ /// If is null.
public Ed25519ctxSigner(byte[] context)
{
if (null == context)
@@ -24,11 +33,16 @@ public Ed25519ctxSigner(byte[] context)
this.context = (byte[])context.Clone();
}
+ ///
public virtual string AlgorithmName
{
get { return "Ed25519ctx"; }
}
+ /// Initialise for signing (private key) or verification (public key).
+ /// If is not an
+ /// (signing) or
+ /// (verification).
public virtual void Init(bool forSigning, ICipherParameters parameters)
{
this.forSigning = forSigning;
@@ -47,25 +61,32 @@ public virtual void Init(bool forSigning, ICipherParameters parameters)
Reset();
}
+ ///
public virtual void Update(byte b)
{
buffer.WriteByte(b);
}
+ ///
public virtual void BlockUpdate(byte[] buf, int off, int len)
{
buffer.Write(buf, off, len);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ ///
public virtual void BlockUpdate(ReadOnlySpan input)
{
buffer.Write(input);
}
#endif
+ /// Length in bytes of an Ed25519ctx signature (64).
public virtual int GetMaxSignatureSize() => Ed25519.SignatureSize;
+ /// Finalise the buffered message and produce the signature. Buffer is reset on return.
+ /// If the signer was initialised for verification,
+ /// not signing.
public virtual byte[] GenerateSignature()
{
if (!forSigning || null == privateKey)
@@ -74,6 +95,14 @@ public virtual byte[] GenerateSignature()
return buffer.GenerateSignature(privateKey, context);
}
+ ///
+ /// Finalise the buffered message and verify . Buffer is reset on
+ /// return.
+ ///
+ /// true if the signature is valid for the accumulated message, bound public
+ /// key and captured context; otherwise false.
+ /// If the signer was initialised for signing, not
+ /// verification.
public virtual bool VerifySignature(byte[] signature)
{
if (forSigning || null == publicKey)
@@ -82,6 +111,7 @@ public virtual bool VerifySignature(byte[] signature)
return buffer.VerifySignature(publicKey, context, signature);
}
+ /// Clear and rewind the buffered message; the captured context survives.
public virtual void Reset()
{
buffer.Reset();
diff --git a/crypto/src/crypto/signers/Ed25519phSigner.cs b/crypto/src/crypto/signers/Ed25519phSigner.cs
index 60bf3376c..fb1babe3e 100644
--- a/crypto/src/crypto/signers/Ed25519phSigner.cs
+++ b/crypto/src/crypto/signers/Ed25519phSigner.cs
@@ -5,6 +5,10 @@
namespace Org.BouncyCastle.Crypto.Signers
{
+ ///
+ /// Ed25519ph (RFC 8032 §5.1) signature primitive: pre-hashes the message with SHA-512 before
+ /// running pure Ed25519, parameterised by a fixed context captured at construction.
+ ///
public class Ed25519phSigner
: ISigner
{
@@ -15,6 +19,11 @@ public class Ed25519phSigner
private Ed25519PrivateKeyParameters privateKey;
private Ed25519PublicKeyParameters publicKey;
+ ///
+ /// Construct an Ed25519ph signer bound to the supplied . The context
+ /// bytes are cloned so the caller may mutate the array afterwards.
+ ///
+ /// If is null.
public Ed25519phSigner(byte[] context)
{
if (null == context)
@@ -23,11 +32,16 @@ public Ed25519phSigner(byte[] context)
this.context = (byte[])context.Clone();
}
+ ///
public virtual string AlgorithmName
{
get { return "Ed25519ph"; }
}
+ /// Initialise for signing (private key) or verification (public key).
+ /// If is not an
+ /// (signing) or
+ /// (verification).
public virtual void Init(bool forSigning, ICipherParameters parameters)
{
this.forSigning = forSigning;
@@ -46,25 +60,32 @@ public virtual void Init(bool forSigning, ICipherParameters parameters)
Reset();
}
+ ///
public virtual void Update(byte b)
{
prehash.Update(b);
}
+ ///
public virtual void BlockUpdate(byte[] buf, int off, int len)
{
prehash.BlockUpdate(buf, off, len);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ ///
public virtual void BlockUpdate(ReadOnlySpan input)
{
prehash.BlockUpdate(input);
}
#endif
+ /// Length in bytes of an Ed25519ph signature (64).
public virtual int GetMaxSignatureSize() => Ed25519.SignatureSize;
+ /// Finalise the pre-hash and produce the signature.
+ /// If the signer was initialised for verification,
+ /// not signing, or the pre-hash finalisation produces an unexpected length.
public virtual byte[] GenerateSignature()
{
if (!forSigning || null == privateKey)
@@ -79,6 +100,11 @@ public virtual byte[] GenerateSignature()
return signature;
}
+ /// Finalise the pre-hash and verify .
+ /// true if the signature is valid for the accumulated message, bound public
+ /// key and captured context; otherwise false.
+ /// If the signer was initialised for signing, not
+ /// verification, or the pre-hash finalisation produces an unexpected length.
public virtual bool VerifySignature(byte[] signature)
{
if (forSigning || null == publicKey)
@@ -96,6 +122,7 @@ public virtual bool VerifySignature(byte[] signature)
return publicKey.Verify(Ed25519.Algorithm.Ed25519ph, context, msg, 0, Ed25519.PrehashSize, signature, 0);
}
+ /// Reset the pre-hash digest; the captured context survives.
public void Reset()
{
prehash.Reset();
diff --git a/crypto/src/crypto/signers/Ed448Signer.cs b/crypto/src/crypto/signers/Ed448Signer.cs
index 5bacb0a46..7f68ba72e 100644
--- a/crypto/src/crypto/signers/Ed448Signer.cs
+++ b/crypto/src/crypto/signers/Ed448Signer.cs
@@ -6,6 +6,10 @@
namespace Org.BouncyCastle.Crypto.Signers
{
+ ///
+ /// Ed448 (RFC 8032) signature primitive: pure Ed448 with a mandatory domain-separation context of
+ /// up to 255 bytes captured at construction.
+ ///
public class Ed448Signer
: ISigner
{
@@ -16,6 +20,11 @@ public class Ed448Signer
private Ed448PrivateKeyParameters privateKey;
private Ed448PublicKeyParameters publicKey;
+ ///
+ /// Construct an Ed448 signer bound to the supplied . The context bytes
+ /// are cloned so the caller may mutate the array afterwards.
+ ///
+ /// If is null.
public Ed448Signer(byte[] context)
{
if (null == context)
@@ -24,11 +33,16 @@ public Ed448Signer(byte[] context)
this.context = (byte[])context.Clone();
}
+ ///
public virtual string AlgorithmName
{
get { return "Ed448"; }
}
+ /// Initialise for signing (private key) or verification (public key).
+ /// If is not an
+ /// (signing) or
+ /// (verification).
public virtual void Init(bool forSigning, ICipherParameters parameters)
{
this.forSigning = forSigning;
@@ -47,25 +61,32 @@ public virtual void Init(bool forSigning, ICipherParameters parameters)
Reset();
}
+ ///
public virtual void Update(byte b)
{
buffer.WriteByte(b);
}
+ ///
public virtual void BlockUpdate(byte[] buf, int off, int len)
{
buffer.Write(buf, off, len);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ ///
public virtual void BlockUpdate(ReadOnlySpan input)
{
buffer.Write(input);
}
#endif
+ /// Length in bytes of an Ed448 signature (114).
public virtual int GetMaxSignatureSize() => Ed448.SignatureSize;
+ /// Finalise the buffered message and produce the signature. Buffer is reset on return.
+ /// If the signer was initialised for verification,
+ /// not signing.
public virtual byte[] GenerateSignature()
{
if (!forSigning || null == privateKey)
@@ -74,6 +95,14 @@ public virtual byte[] GenerateSignature()
return buffer.GenerateSignature(privateKey, context);
}
+ ///
+ /// Finalise the buffered message and verify . Buffer is reset on
+ /// return.
+ ///
+ /// true if the signature is valid for the accumulated message, bound public
+ /// key and captured context; otherwise false.
+ /// If the signer was initialised for signing, not
+ /// verification.
public virtual bool VerifySignature(byte[] signature)
{
if (forSigning || null == publicKey)
@@ -82,6 +111,7 @@ public virtual bool VerifySignature(byte[] signature)
return buffer.VerifySignature(publicKey, context, signature);
}
+ /// Clear and rewind the buffered message; the captured context survives.
public virtual void Reset()
{
buffer.Reset();
diff --git a/crypto/src/crypto/signers/Ed448phSigner.cs b/crypto/src/crypto/signers/Ed448phSigner.cs
index 02d65b6fb..f4ec18c4a 100644
--- a/crypto/src/crypto/signers/Ed448phSigner.cs
+++ b/crypto/src/crypto/signers/Ed448phSigner.cs
@@ -5,6 +5,10 @@
namespace Org.BouncyCastle.Crypto.Signers
{
+ ///
+ /// Ed448ph (RFC 8032) signature primitive: pre-hashes the message with SHAKE256 before running
+ /// pure Ed448, parameterised by a fixed context captured at construction.
+ ///
public class Ed448phSigner
: ISigner
{
@@ -15,6 +19,11 @@ public class Ed448phSigner
private Ed448PrivateKeyParameters privateKey;
private Ed448PublicKeyParameters publicKey;
+ ///
+ /// Construct an Ed448ph signer bound to the supplied . The context
+ /// bytes are cloned so the caller may mutate the array afterwards.
+ ///
+ /// If is null.
public Ed448phSigner(byte[] context)
{
if (null == context)
@@ -23,11 +32,16 @@ public Ed448phSigner(byte[] context)
this.context = (byte[])context.Clone();
}
+ ///
public virtual string AlgorithmName
{
get { return "Ed448ph"; }
}
+ /// Initialise for signing (private key) or verification (public key).
+ /// If is not an
+ /// (signing) or
+ /// (verification).
public virtual void Init(bool forSigning, ICipherParameters parameters)
{
this.forSigning = forSigning;
@@ -46,25 +60,32 @@ public virtual void Init(bool forSigning, ICipherParameters parameters)
Reset();
}
+ ///
public virtual void Update(byte b)
{
prehash.Update(b);
}
+ ///
public virtual void BlockUpdate(byte[] buf, int off, int len)
{
prehash.BlockUpdate(buf, off, len);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ ///
public virtual void BlockUpdate(ReadOnlySpan input)
{
prehash.BlockUpdate(input);
}
#endif
+ /// Length in bytes of an Ed448ph signature (114).
public virtual int GetMaxSignatureSize() => Ed448.SignatureSize;
+ /// Finalise the pre-hash and produce the signature.
+ /// If the signer was initialised for verification,
+ /// not signing, or the pre-hash finalisation produces an unexpected length.
public virtual byte[] GenerateSignature()
{
if (!forSigning || null == privateKey)
@@ -79,6 +100,11 @@ public virtual byte[] GenerateSignature()
return signature;
}
+ /// Finalise the pre-hash and verify .
+ /// true if the signature is valid for the accumulated message, bound public
+ /// key and captured context; otherwise false.
+ /// If the signer was initialised for signing, not
+ /// verification, or the pre-hash finalisation produces an unexpected length.
public virtual bool VerifySignature(byte[] signature)
{
if (forSigning || null == publicKey)
@@ -96,6 +122,7 @@ public virtual bool VerifySignature(byte[] signature)
return publicKey.Verify(Ed448.Algorithm.Ed448ph, context, msg, 0, Ed448.PrehashSize, signature, 0);
}
+ /// Reset the pre-hash digest; the captured context survives.
public void Reset()
{
prehash.Reset();
diff --git a/crypto/src/crypto/signers/MLDsaSigner.cs b/crypto/src/crypto/signers/MLDsaSigner.cs
index d26148b63..516dc6368 100644
--- a/crypto/src/crypto/signers/MLDsaSigner.cs
+++ b/crypto/src/crypto/signers/MLDsaSigner.cs
@@ -7,6 +7,13 @@
namespace Org.BouncyCastle.Crypto.Signers
{
+ ///
+ /// ML-DSA (FIPS 204) signature primitive. Accumulates the message via the streaming
+ /// surface and dispatches it through the FIPS 204 message-representative
+ /// construction. The signer must be bound to the same as
+ /// the key it is initialised with. Optional (up to 255 bytes)
+ /// and envelopes are unwrapped during .
+ ///
public sealed class MLDsaSigner
: ISigner
{
@@ -20,6 +27,18 @@ public sealed class MLDsaSigner
private MLDsaPublicKeyParameters m_publicKey;
private MLDsaEngine m_engine;
+ ///
+ /// Construct an ML-DSA signer for the supplied parameter set. Only the pure variants are
+ /// accepted; the HashML-DSA variants (those carrying a pre-hash OID) must go through their
+ /// dedicated wrapper instead.
+ ///
+ /// The ML-DSA parameter set; must be a pure (non-pre-hash) variant.
+ /// When true, signature generation uses the FIPS 204
+ /// deterministic mode (no draw); otherwise a fresh per-signature
+ /// nonce is sampled.
+ /// If is null.
+ /// If is a HashML-DSA
+ /// variant.
public MLDsaSigner(MLDsaParameters parameters, bool deterministic)
{
if (parameters == null)
@@ -31,8 +50,20 @@ public MLDsaSigner(MLDsaParameters parameters, bool deterministic)
m_deterministic = deterministic;
}
+ ///
public string AlgorithmName => m_parameters.Name;
+ ///
+ /// Initialise for signing (private key) or verification (public key). Accepts
+ /// for a context up to 255 bytes and
+ /// for a non-deterministic signer's nonce source.
+ ///
+ /// If the supplied context exceeds 255 bytes.
+ /// If the unwrapped inner parameters are not an
+ /// (signing) or
+ /// (verification).
+ /// If the key's parameter set differs from the one this
+ /// signer was constructed for.
public void Init(bool forSigning, ICipherParameters parameters)
{
parameters = ParameterUtilities.GetContext(parameters, minLen: 0, maxLen: 255, out var providedContext);
@@ -60,16 +91,27 @@ public void Init(bool forSigning, ICipherParameters parameters)
Reset();
}
+ ///
public void Update(byte input) => m_msgRepDigest.Update(input);
+ ///
public void BlockUpdate(byte[] input, int inOff, int inLen) => m_msgRepDigest.BlockUpdate(input, inOff, inLen);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ ///
public void BlockUpdate(ReadOnlySpan input) => m_msgRepDigest.BlockUpdate(input);
#endif
+ /// Length in bytes of the signatures this signer produces (FIPS 204
+ /// CryptoBytes).
public int GetMaxSignatureSize() => m_engine.CryptoBytes;
+ ///
+ /// Finalise the message representative and produce the signature. Internally calls
+ /// on success.
+ ///
+ /// If the signer was initialised for verification,
+ /// not signing.
public byte[] GenerateSignature()
{
if (m_privateKey == null)
@@ -83,6 +125,14 @@ public byte[] GenerateSignature()
return sig;
}
+ ///
+ /// Finalise the message representative and verify . Internally calls
+ /// on success.
+ ///
+ /// true if the signature is valid for the accumulated message and bound public
+ /// key; otherwise false.
+ /// If the signer was initialised for signing, not
+ /// verification.
public bool VerifySignature(byte[] signature)
{
if (m_publicKey == null)
@@ -95,6 +145,10 @@ public bool VerifySignature(byte[] signature)
return result;
}
+ ///
+ /// Reset the streaming digest and re-seed it with the bound public-key hash and the captured
+ /// context, ready for another sign/verify pass against the same key.
+ ///
public void Reset()
{
m_msgRepDigest.Reset();
diff --git a/crypto/src/crypto/signers/SlhDsaSigner.cs b/crypto/src/crypto/signers/SlhDsaSigner.cs
index 236b6aca4..059a7a15d 100644
--- a/crypto/src/crypto/signers/SlhDsaSigner.cs
+++ b/crypto/src/crypto/signers/SlhDsaSigner.cs
@@ -7,6 +7,14 @@
namespace Org.BouncyCastle.Crypto.Signers
{
+ ///
+ /// SLH-DSA (FIPS 205) signature primitive. Buffers the message via the streaming
+ /// surface prefixed with the FIPS 205 context envelope and dispatches the
+ /// whole buffer to the hypertree sign / verify routines on finalisation. The signer must be bound
+ /// to the same as the key it is initialised with.
+ /// Optional (up to 255 bytes) and
+ /// envelopes are unwrapped during .
+ ///
public sealed class SlhDsaSigner
: ISigner
{
@@ -19,6 +27,18 @@ public sealed class SlhDsaSigner
private SecureRandom m_random;
private SlhDsaEngine m_engine;
+ ///
+ /// Construct an SLH-DSA signer for the supplied parameter set. Only the pure variants are
+ /// accepted; the HashSLH-DSA variants (those carrying a pre-hash OID) must go through their
+ /// dedicated wrapper instead.
+ ///
+ /// The SLH-DSA parameter set; must be a pure (non-pre-hash) variant.
+ /// When true, signature generation omits the optional
+ /// per-signature randomiser (addrnd); otherwise an n-byte randomiser is drawn from
+ /// the bound .
+ /// If is null.
+ /// If is a HashSLH-DSA
+ /// variant.
public SlhDsaSigner(SlhDsaParameters parameters, bool deterministic)
{
if (parameters == null)
@@ -30,8 +50,20 @@ public SlhDsaSigner(SlhDsaParameters parameters, bool deterministic)
m_deterministic = deterministic;
}
+ ///
public string AlgorithmName => m_parameters.Name;
+ ///
+ /// Initialise for signing (private key) or verification (public key). Accepts
+ /// for a context up to 255 bytes and
+ /// for the non-deterministic signer's randomiser source.
+ ///
+ /// If the supplied context exceeds 255 bytes.
+ /// If the unwrapped inner parameters are not an
+ /// (signing) or
+ /// (verification).
+ /// If the key's parameter set differs from the one this
+ /// signer was constructed for.
public void Init(bool forSigning, ICipherParameters parameters)
{
parameters = ParameterUtilities.GetContext(parameters, minLen: 0, maxLen: 255, out var providedContext);
@@ -58,16 +90,24 @@ public void Init(bool forSigning, ICipherParameters parameters)
m_buffer.Init(context: providedContext ?? Array.Empty());
}
+ ///
public void Update(byte input) => m_buffer.WriteByte(input);
+ ///
public void BlockUpdate(byte[] input, int inOff, int inLen) => m_buffer.Write(input, inOff, inLen);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
+ ///
public void BlockUpdate(ReadOnlySpan input) => m_buffer.Write(input);
#endif
+ /// Length in bytes of the signatures this signer produces (FIPS 205
+ /// SignatureLength).
public int GetMaxSignatureSize() => m_engine.SignatureLength;
+ /// Finalise the buffered message and produce the signature. Buffer is reset on return.
+ /// If the signer was initialised for verification,
+ /// not signing.
public byte[] GenerateSignature()
{
if (m_privateKey == null)
@@ -76,6 +116,14 @@ public byte[] GenerateSignature()
return m_buffer.GenerateSignature(m_privateKey, m_engine, m_random);
}
+ ///
+ /// Finalise the buffered message and verify . Buffer is reset on
+ /// return.
+ ///
+ /// true if the signature is valid for the accumulated message and bound public
+ /// key; otherwise false.
+ /// If the signer was initialised for signing, not
+ /// verification.
public bool VerifySignature(byte[] signature)
{
if (m_publicKey == null)
@@ -84,6 +132,7 @@ public bool VerifySignature(byte[] signature)
return m_buffer.VerifySignature(m_publicKey, m_engine, signature);
}
+ /// Truncate the buffered message back to the captured context prefix.
public void Reset() => m_buffer.Reset();
private SlhDsaEngine GetEngine(SlhDsaParameters keyParameters)