class
Matter::Crypto::StandardCrypto
- Matter::Crypto::StandardCrypto
- Matter::Crypto::CryptoBase
- Reference
- Object
Overview
Standard OpenSSL-based implementation
Defined in:
matter/crypto/crypto.crInstance Method Summary
-
#build_ec_private_key_der(priv : Bytes, pub : Bytes) : Bytes
Build SEC1 DER format for EC private key
-
#build_ec_public_key_der(pub : Bytes) : Bytes
Build SPKI DER format for EC public key
- #compute_sha256(data : Bytes | Array(Bytes)) : Bytes
-
#create_hkdf_key(secret : Bytes, salt : Bytes, info : Bytes, length : Int32 = 32) : Bytes
Derive key using HKDF with SHA-256 @param secret Input key material @param salt Salt value @param info Context/application specific info @param length Desired output length (default 32 bytes) @return Derived key
-
#create_key_pair : Key
Generate an EC P-256 key pair @return New private key (includes public key)
-
#create_pbkdf2_key(secret : Bytes, salt : Bytes, iterations : Int32, key_length : Int32) : Bytes
Derive key using PBKDF2 with SHA-256 @param secret Secret/password @param salt Salt value @param iterations Iteration count @param key_length Desired key length @return Derived key
-
#decrypt(key : Bytes, data : Bytes, nonce : Bytes, aad : Bytes | Nil = nil) : Bytes
Decrypt using AES-128-CCM with Matter-specific parameters @param key 16-byte AES key @param data Ciphertext with authentication tag @param nonce 13-byte nonce @param aad Additional authenticated data (optional) @return Plaintext @raise Exception if authentication fails
-
#der_to_pem(der : Bytes, label : String) : String
Convert DER to PEM format
-
#encrypt(key : Bytes, data : Bytes, nonce : Bytes, aad : Bytes | Nil = nil) : Bytes
Encrypt using AES-128-CCM with Matter-specific parameters @param key 16-byte AES key @param data Plaintext to encrypt @param nonce 13-byte nonce @param aad Additional authenticated data (optional) @return Ciphertext with 16-byte authentication tag appended
-
#generate_dh_secret(private_key : Key, peer_public_key : Key) : Bytes
Compute shared secret using ECDH @param private_key Local private key @param peer_public_key Peer's public key @return Shared secret (32 bytes for P-256)
-
#implementation_name : String
The implementation name for logging
-
#random_bytes(length : Int32) : Bytes
Generate cryptographically secure random bytes @param length Number of bytes to generate @return Random bytes
- #sign_ecdsa(private_key : Key, data : Bytes | Array(Bytes), dsa_encoding : String = "ieee-p1363") : Bytes
-
#sign_hmac(key : Bytes, data : Bytes) : Bytes
Create HMAC-SHA256 signature @param key HMAC key @param data Data to sign @return HMAC signature
-
#verify_ecdsa(public_key : Key, data : Bytes, signature : Bytes, dsa_encoding : String = "ieee-p1363") : Nil
Verify ECDSA signature using P-256 @param public_key EC public key @param data Data that was signed @param signature Signature to verify @param dsa_encoding Signature encoding format @raise Exception if verification fails
Instance methods inherited from class Matter::Crypto::CryptoBase
compute_sha256(data : Bytes | Array(Bytes)) : Bytes
compute_sha256,
create_hkdf_key(secret : Bytes, salt : Bytes, info : Bytes, length : Int32 = 32) : Bytes
create_hkdf_key,
create_key_pair : Key
create_key_pair,
create_pbkdf2_key(secret : Bytes, salt : Bytes, iterations : Int32, key_length : Int32) : Bytes
create_pbkdf2_key,
decrypt(key : Bytes, data : Bytes, nonce : Bytes, aad : Bytes | Nil = nil) : Bytes
decrypt,
encrypt(key : Bytes, data : Bytes, nonce : Bytes, aad : Bytes | Nil = nil) : Bytes
encrypt,
generate_dh_secret(private_key : Key, peer_public_key : Key) : Bytes
generate_dh_secret,
implementation_name : String
implementation_name,
random_big_int(size : Int32, max_value : BigInt | Nil = nil) : BigInt
random_big_int,
random_bytes(length : Int32) : Bytes
random_bytes,
random_uint16 : UInt16
random_uint16,
random_uint32 : UInt32
random_uint32,
random_uint64 : UInt64
random_uint64,
random_uint8 : UInt8
random_uint8,
report_usage(component : String | Nil = nil)
report_usage,
sign_ecdsa(private_key : Key, data : Bytes | Array(Bytes), dsa_encoding : String = "ieee-p1363") : Bytes
sign_ecdsa,
sign_hmac(key : Bytes, data : Bytes) : Bytes
sign_hmac,
verify_ecdsa(public_key : Key, data : Bytes, signature : Bytes, dsa_encoding : String = "ieee-p1363") : Nil
verify_ecdsa
Instance Method Detail
Build SEC1 DER format for EC private key
Derive key using HKDF with SHA-256 @param secret Input key material @param salt Salt value @param info Context/application specific info @param length Desired output length (default 32 bytes) @return Derived key
Generate an EC P-256 key pair @return New private key (includes public key)
Derive key using PBKDF2 with SHA-256 @param secret Secret/password @param salt Salt value @param iterations Iteration count @param key_length Desired key length @return Derived key
Decrypt using AES-128-CCM with Matter-specific parameters @param key 16-byte AES key @param data Ciphertext with authentication tag @param nonce 13-byte nonce @param aad Additional authenticated data (optional) @return Plaintext @raise Exception if authentication fails
Encrypt using AES-128-CCM with Matter-specific parameters @param key 16-byte AES key @param data Plaintext to encrypt @param nonce 13-byte nonce @param aad Additional authenticated data (optional) @return Ciphertext with 16-byte authentication tag appended
Compute shared secret using ECDH @param private_key Local private key @param peer_public_key Peer's public key @return Shared secret (32 bytes for P-256)
The implementation name for logging
Generate cryptographically secure random bytes @param length Number of bytes to generate @return Random bytes
Create HMAC-SHA256 signature @param key HMAC key @param data Data to sign @return HMAC signature
Verify ECDSA signature using P-256 @param public_key EC public key @param data Data that was signed @param signature Signature to verify @param dsa_encoding Signature encoding format @raise Exception if verification fails