📰 Ledger is transitioning away from the Ledger Nano S. Read more →
DocumentationDevice AppReferencesCryptography API

Cryptography Library and Syscalls Reference

The cryptography library provides a comprehensive C/C++ API for cryptographic operations in Ledger device applications. This reference documentation is generated using Doxygen and covers all available cryptographic functions, data structures, error codes, and system calls.

Overview

This API reference documentation includes detailed coverage of:

  • Cryptographic Algorithms: Implementation of industry-standard cryptographic primitives
  • Data Structures: Complete documentation of all cryptographic data types and structures
  • Function APIs: Detailed function signatures, parameters, and return values
  • Error Handling: Comprehensive error codes and exception handling
  • System Integration: Low-level system calls and hardware integration

What’s Included

The complete API reference covers the following areas:

Hash Functions

  • BLAKE2b: High-performance cryptographic hash function with configurable output size
  • RIPEMD160: 160-bit cryptographic hash function
  • SHA Family: SHA224, SHA256, SHA384, SHA512 implementations
  • SHA-3: SHA3-256, SHA3-384, SHA3-512, Keccak, SHAKE128, SHAKE256
  • Groestl: Advanced hash function with various output sizes

Symmetric Encryption

  • AES (Advanced Encryption Standard): Complete AES implementation with hardware acceleration support
  • DES (Data Encryption Standard): Legacy DES encryption for compatibility

Asymmetric Cryptography

  • RSA: RSA encryption, decryption, and digital signatures with key sizes from 1024 to 4096 bits
  • Elliptic Curve Cryptography (ECC):
    • ECDH (Elliptic Curve Diffie-Hellman) key exchange
    • ECDSA (Elliptic Curve Digital Signature Algorithm)
    • EdDSA (Edwards-curve Digital Signature Algorithm)
    • ECSchnorr signatures
  • Curve Support: Weierstrass, Montgomery, and Twisted Edwards curves

Key Management

  • AES Keys: 128, 192, and 256-bit key handling
  • RSA Keys: Private and public key structures for various bit lengths
  • ECC Keys: Elliptic curve key pairs with different curve parameters
  • Key Generation: Secure key generation and validation functions

Mathematical Operations

  • Big Number Arithmetic: Complete big number library (cx_bn_* functions)
    • Addition, multiplication, modular operations
    • Prime number testing and generation
    • Bit manipulation and comparison operations
  • Modular Arithmetic: Specialized modular math functions (cx_math_*)

Random Number Generation

  • True Random Number Generator (TRNG): Hardware-based entropy source
  • Deterministic Random Bit Generator: RFC 6979 compliant random number generation
  • Cryptographically Secure RNG: Various random number generation functions

Error Handling

  • Comprehensive Error Codes: Detailed error definitions in cx_errors.h
  • Exception Handling: Proper error propagation and handling mechanisms

Utility Functions

  • CRC Operations: Hardware-accelerated CRC16 and CRC32 implementations
  • Memory Management: Secure memory handling and cleanup functions
  • Chaining Modes: Support for CBC, CFB, CTR, ECB, OFB block cipher modes

Data Structures

The API includes over 30 specialized data structures for cryptographic operations, including:

  • Hash state structures (cx_sha256_s, cx_sha3_s, blake2b_state__, etc.)
  • Key structures for all supported algorithms (cx_aes_key_s, cx_rsa_*_key_s, cx_ecfp_*_key_s)
  • Curve domain parameters (cx_curve_domain_s, cx_curve_weierstrass_s, etc.)
  • Big number contexts (cx_bn_mont_ctx_t)
  • HMAC contexts for various hash functions

Download Full Documentation

The complete cryptography library and syscalls reference is available as a comprehensive PDF document (805KB). This Doxygen-generated reference includes detailed API documentation for all functions, complete data structure definitions, and implementation details.

đź“„ Download Complete Cryptography API Reference (PDF, 805KB)

Generated: December 18, 2023 | Format: Doxygen PDF Documentation

Practical Implementation Examples

The Cryptography API Examples provides comprehensive, hands-on examples demonstrating how to implement cryptographic operations using the API. This companion guide includes detailed code samples for digital signature algorithms (ECDSA with Secp256k1, Ed25519, and Ed448 curves, plus Schnorr signatures), symmetric encryption/decryption using AES and DES with various chaining modes like CBC, and complete workflows covering key generation, message signing and verification, and encryption/decryption processes. Each example includes working C code with proper initialization, error handling, and step-by-step explanations of the cryptographic concepts involved.

App permissionsCryptography API examples
Ledger
Copyright © Ledger SAS. All rights reserved. Ledger, Ledger Stax, Ledger Nano S, Ledger Vault, Bolos are trademarks owned by Ledger SAS