abstract class Matter::Crypto::CryptoBase

Overview

Abstract interface for cryptographic operations required by Matter protocol Implementations can be platform-specific or use standard OpenSSL bindings

Direct Known Subclasses

Defined in:

matter/crypto/crypto.cr

Instance Method Summary

Instance Method Detail

abstract def compute_sha256(data : Bytes | Array(Bytes)) : Bytes #

Compute SHA-256 hash @param data Data to hash (can be single buffer or array of buffers) @return 32-byte hash


[View source]
abstract def create_hkdf_key(secret : Bytes, salt : Bytes, info : Bytes, length : Int32 = 32) : Bytes #

Derive key using HKDF with SHA-256 @param secret Input key material @param salt Salt value @param info Context/application specific info @param length Desired output length (default 32 bytes) @return Derived key


[View source]
abstract def create_key_pair : Key #

Generate an EC P-256 key pair @return New private key (includes public key)


[View source]
abstract def create_pbkdf2_key(secret : Bytes, salt : Bytes, iterations : Int32, key_length : Int32) : Bytes #

Derive key using PBKDF2 with SHA-256 @param secret Secret/password @param salt Salt value @param iterations Iteration count @param key_length Desired key length @return Derived key


[View source]
abstract def decrypt(key : Bytes, data : Bytes, nonce : Bytes, aad : Bytes | Nil = nil) : Bytes #

Decrypt using AES-128-CCM with Matter-specific parameters @param key 16-byte AES key @param data Ciphertext with authentication tag @param nonce 13-byte nonce @param aad Additional authenticated data (optional) @return Plaintext @raise Exception if authentication fails


[View source]
abstract def encrypt(key : Bytes, data : Bytes, nonce : Bytes, aad : Bytes | Nil = nil) : Bytes #

Encrypt using AES-128-CCM with Matter-specific parameters @param key 16-byte AES key @param data Plaintext to encrypt @param nonce 13-byte nonce @param aad Additional authenticated data (optional) @return Ciphertext with 16-byte authentication tag appended


[View source]
abstract def generate_dh_secret(private_key : Key, peer_public_key : Key) : Bytes #

Compute shared secret using ECDH @param private_key Local private key @param peer_public_key Peer's public key @return Shared secret (32 bytes for P-256)


[View source]
abstract def implementation_name : String #

The implementation name for logging


[View source]
def random_big_int(size : Int32, max_value : BigInt | Nil = nil) : BigInt #

[View source]
abstract def random_bytes(length : Int32) : Bytes #

Generate cryptographically secure random bytes @param length Number of bytes to generate @return Random bytes


[View source]
def random_uint16 : UInt16 #

[View source]
def random_uint32 : UInt32 #

[View source]
def random_uint64 : UInt64 #

[View source]
def random_uint8 : UInt8 #

Convenience methods for random number generation


[View source]
def report_usage(component : String | Nil = nil) #

[View source]
abstract def sign_ecdsa(private_key : Key, data : Bytes | Array(Bytes), dsa_encoding : String = "ieee-p1363") : Bytes #

Create ECDSA signature using P-256 @param private_key EC private key @param data Data to sign (can be array for multiple buffers) @param dsa_encoding Signature encoding format (ieee-p1363 or der) @return Signature bytes


[View source]
abstract def sign_hmac(key : Bytes, data : Bytes) : Bytes #

Create HMAC-SHA256 signature @param key HMAC key @param data Data to sign @return HMAC signature


[View source]
abstract def verify_ecdsa(public_key : Key, data : Bytes, signature : Bytes, dsa_encoding : String = "ieee-p1363") : Nil #

Verify ECDSA signature using P-256 @param public_key EC public key @param data Data that was signed @param signature Signature to verify @param dsa_encoding Signature encoding format @raise Exception if verification fails


[View source]