Cradicle Explorer
HardenedBSD-pkg
/ external / libecc / include / libecc / sig / eddsa.h
eddsa.h
  1  /*
  2   *  Copyright (C) 2021 - This file is part of libecc project
  3   *
  4   *  Authors:
  5   *      Ryad BENADJILA <ryadbenadjila@gmail.com>
  6   *      Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr>
  7   *
  8   *  This software is licensed under a dual BSD and GPL v2 license.
  9   *  See LICENSE file at the root folder of the project.
 10   */
 11  #include <libecc/lib_ecc_config.h>
 12  #include <libecc/lib_ecc_types.h>
 13  #if defined(WITH_SIG_EDDSA25519) || defined(WITH_SIG_EDDSA448)
 14  
 15  #ifndef __EDDSA_H__
 16  #define __EDDSA_H__
 17  
 18  #include <libecc/words/words.h>
 19  #include <libecc/sig/ec_key.h>
 20  #include <libecc/hash/hash_algs.h>
 21  #include <libecc/curves/curves.h>
 22  #include <libecc/utils/utils.h>
 23  
 24  /*
 25   * EDDSA exported encoded public keys are of fixed known sizes depending
 26   * on the EDDSA variant
 27   */
 28  #if defined(WITH_SIG_EDDSA25519)
 29  #define EDDSA25519_PUB_KEY_ENCODED_LEN 32
 30  #endif
 31  #if defined(WITH_SIG_EDDSA448)
 32  #define EDDSA448_PUB_KEY_ENCODED_LEN   57
 33  #endif
 34  
 35  /* Maximum size depending on what is defined */
 36  #if defined(WITH_SIG_EDDSA25519) && defined(WITH_SIG_EDDSA448)
 37  #define EDDSA_MAX_PUB_KEY_ENCODED_LEN LOCAL_MAX(EDDSA25519_PUB_KEY_ENCODED_LEN, EDDSA448_PUB_KEY_ENCODED_LEN)
 38  #endif
 39  
 40  #if defined(WITH_SIG_EDDSA25519) && !defined(WITH_SIG_EDDSA448)
 41  #define EDDSA_MAX_PUB_KEY_ENCODED_LEN EDDSA25519_PUB_KEY_ENCODED_LEN
 42  #endif
 43  
 44  #if !defined(WITH_SIG_EDDSA25519) && defined(WITH_SIG_EDDSA448)
 45  #define EDDSA_MAX_PUB_KEY_ENCODED_LEN EDDSA448_PUB_KEY_ENCODED_LEN
 46  #endif
 47  
 48  
 49  /*
 50   * NOTE: for EDDSA, the signature length is twice the encoding of integers,
 51   * which corresponds to half the hash size.
 52   */
 53  #define EDDSA_R_LEN(hsize)  (hsize / 2)
 54  #define EDDSA_S_LEN(hsize)  (hsize / 2)
 55  #define EDDSA_SIGLEN(hsize) (EDDSA_R_LEN(hsize) + EDDSA_S_LEN(hsize))
 56  #define EDDSA_MAX_SIGLEN EDDSA_SIGLEN(MAX_DIGEST_SIZE)
 57  
 58  /*
 59   * Compute max signature length for all the mechanisms enabled
 60   * in the library (see lib_ecc_config.h). Having that done during
 61   * preprocessing sadly requires some verbosity.
 62   */
 63  #ifndef EC_MAX_SIGLEN
 64  #define EC_MAX_SIGLEN 0
 65  #endif
 66  #if ((EC_MAX_SIGLEN) < (EDDSA_MAX_SIGLEN))
 67  #undef EC_MAX_SIGLEN
 68  #define EC_MAX_SIGLEN EDDSA_MAX_SIGLEN
 69  #endif
 70  
 71  typedef struct {
 72  	hash_context h_ctx;
 73  	word_t magic;
 74  } eddsa_sign_data;
 75  
 76  struct ec_sign_context;
 77  
 78  ATTRIBUTE_WARN_UNUSED_RET int eddsa_gen_priv_key(ec_priv_key *priv_key);
 79  ATTRIBUTE_WARN_UNUSED_RET int eddsa_init_pub_key(ec_pub_key *out_pub, const ec_priv_key *in_priv);
 80  
 81  ATTRIBUTE_WARN_UNUSED_RET int eddsa_siglen(u16 p_bit_len, u16 q_bit_len, u8 hsize, u8 blocksize, u8 *siglen);
 82  
 83  ATTRIBUTE_WARN_UNUSED_RET int _eddsa_sign_init_pre_hash(struct ec_sign_context *ctx);
 84  
 85  ATTRIBUTE_WARN_UNUSED_RET int _eddsa_sign_update_pre_hash(struct ec_sign_context *ctx,
 86  				const u8 *chunk, u32 chunklen);
 87  
 88  ATTRIBUTE_WARN_UNUSED_RET int _eddsa_sign_finalize_pre_hash(struct ec_sign_context *ctx,
 89  				  u8 *sig, u8 siglen);
 90  
 91  ATTRIBUTE_WARN_UNUSED_RET int _eddsa_sign(u8 *sig, u8 siglen, const ec_key_pair *key_pair,
 92  		const u8 *m, u32 mlen, int (*rand) (nn_t out, nn_src_t q),
 93  		ec_alg_type sig_type, hash_alg_type hash_type,
 94  		const u8 *adata, u16 adata_len);
 95  
 96  typedef struct {
 97  	prj_pt _R;
 98  	nn S;
 99  	hash_context h_ctx;
100  	hash_context h_ctx_pre_hash;
101  	word_t magic;
102  } eddsa_verify_data;
103  
104  struct ec_verify_context;
105  
106  ATTRIBUTE_WARN_UNUSED_RET int _eddsa_verify_init(struct ec_verify_context *ctx,
107  		       const u8 *sig, u8 siglen);
108  
109  ATTRIBUTE_WARN_UNUSED_RET int _eddsa_verify_update(struct ec_verify_context *ctx,
110  			 const u8 *chunk, u32 chunklen);
111  
112  ATTRIBUTE_WARN_UNUSED_RET int _eddsa_verify_finalize(struct ec_verify_context *ctx);
113  
114  /* Functions specific to EdDSA */
115  ATTRIBUTE_WARN_UNUSED_RET int eddsa_derive_priv_key(ec_priv_key *priv_key);
116  ATTRIBUTE_WARN_UNUSED_RET int eddsa_import_priv_key(ec_priv_key *priv_key, const u8 *buf, u16 buflen,
117  			  const ec_params *shortw_curve_params,
118  			  ec_alg_type sig_type);
119  ATTRIBUTE_WARN_UNUSED_RET int eddsa_import_pub_key(ec_pub_key *out_pub, const u8 *buf, u16 buflen,
120  			 const ec_params *shortw_curve_params,
121  			 ec_alg_type sig_type);
122  ATTRIBUTE_WARN_UNUSED_RET int eddsa_export_pub_key(const ec_pub_key *in_pub, u8 *buf, u16 buflen);
123  ATTRIBUTE_WARN_UNUSED_RET int eddsa_import_key_pair_from_priv_key_buf(ec_key_pair *kp,
124  					    const u8 *buf, u16 buflen,
125  					    const ec_params *shortw_curve_params,
126  					    ec_alg_type sig_type);
127  /* Batch verification function */
128  ATTRIBUTE_WARN_UNUSED_RET int eddsa_verify_batch(const u8 **s, const u8 *s_len, const ec_pub_key **pub_keys,
129                const u8 **m, const u32 *m_len, u32 num, ec_alg_type sig_type,
130                hash_alg_type hash_type, const u8 **adata, const u16 *adata_len,
131  	      verify_batch_scratch_pad *scratch_pad_area, u32 *scratch_pad_area_len);
132  
133  #endif /* __EDDSA_H__ */
134  #endif /* defined(WITH_SIG_EDDSA25519) || defined(WITH_SIG_EDDSA448) */