sig_algs_internal.h
1 /* 2 * Copyright (C) 2017 - This file is part of libecc project 3 * 4 * Authors: 5 * Ryad BENADJILA <ryadbenadjila@gmail.com> 6 * Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr> 7 * Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr> 8 * 9 * Contributors: 10 * Nicolas VIVET <nicolas.vivet@ssi.gouv.fr> 11 * Karim KHALFALLAH <karim.khalfallah@ssi.gouv.fr> 12 * 13 * This software is licensed under a dual BSD and GPL v2 license. 14 * See LICENSE file at the root folder of the project. 15 */ 16 #ifndef __SIG_ALGS_INTERNAL_H__ 17 #define __SIG_ALGS_INTERNAL_H__ 18 19 #include <libecc/hash/hash_algs.h> 20 #include <libecc/curves/curves.h> 21 #include <libecc/sig/ec_key.h> 22 #include <libecc/sig/ecdsa.h> 23 #include <libecc/sig/eckcdsa.h> 24 #include <libecc/sig/ecsdsa.h> 25 #include <libecc/sig/ecosdsa.h> 26 #include <libecc/sig/ecfsdsa.h> 27 #include <libecc/sig/ecgdsa.h> 28 #include <libecc/sig/ecrdsa.h> 29 #include <libecc/sig/sm2.h> 30 #include <libecc/sig/eddsa.h> 31 #include <libecc/sig/decdsa.h> 32 #include <libecc/sig/bign.h> 33 #include <libecc/sig/dbign.h> 34 #include <libecc/sig/bip0340.h> 35 /* Includes for fuzzing */ 36 #ifdef USE_CRYPTOFUZZ 37 #include <libecc/sig/fuzzing_ecdsa.h> 38 #include <libecc/sig/fuzzing_ecgdsa.h> 39 #include <libecc/sig/fuzzing_ecrdsa.h> 40 #endif 41 42 #if (EC_MAX_SIGLEN == 0) 43 #error "It seems you disabled all signature schemes in lib_ecc_config.h" 44 #endif 45 46 /* 47 * All the signature algorithms we support are abstracted using the following 48 * structure (and following map) which provides for each hash alg its 49 * digest size, its block size and the associated scattered function. 50 */ 51 typedef struct { 52 ec_alg_type type; 53 const char *name; 54 55 ATTRIBUTE_WARN_UNUSED_RET int (*siglen) (u16 p_bit_len, u16 q_bit_len, u8 hsize, u8 blocksize, u8 *siglen); 56 57 ATTRIBUTE_WARN_UNUSED_RET int (*gen_priv_key) (ec_priv_key *priv_key); 58 ATTRIBUTE_WARN_UNUSED_RET int (*init_pub_key) (ec_pub_key *pub_key, const ec_priv_key *priv_key); 59 60 ATTRIBUTE_WARN_UNUSED_RET int (*sign_init) (struct ec_sign_context * ctx); 61 ATTRIBUTE_WARN_UNUSED_RET int (*sign_update) (struct ec_sign_context * ctx, 62 const u8 *chunk, u32 chunklen); 63 ATTRIBUTE_WARN_UNUSED_RET int (*sign_finalize) (struct ec_sign_context * ctx, 64 u8 *sig, u8 siglen); 65 ATTRIBUTE_WARN_UNUSED_RET int (*sign) (u8 *sig, u8 siglen, const ec_key_pair *key_pair, 66 const u8 *m, u32 mlen, int (*rand) (nn_t out, nn_src_t q), 67 ec_alg_type sig_type, hash_alg_type hash_type, 68 const u8 *adata, u16 adata_len); 69 70 ATTRIBUTE_WARN_UNUSED_RET int (*verify_init) (struct ec_verify_context * ctx, 71 const u8 *sig, u8 siglen); 72 ATTRIBUTE_WARN_UNUSED_RET int (*verify_update) (struct ec_verify_context * ctx, 73 const u8 *chunk, u32 chunklen); 74 ATTRIBUTE_WARN_UNUSED_RET int (*verify_finalize) (struct ec_verify_context * ctx); 75 ATTRIBUTE_WARN_UNUSED_RET int (*verify) (const u8 *sig, u8 siglen, const ec_pub_key *pub_key, 76 const u8 *m, u32 mlen, ec_alg_type sig_type, 77 hash_alg_type hash_type, const u8 *adata, u16 adata_len); 78 ATTRIBUTE_WARN_UNUSED_RET int (*verify_batch) (const u8 **s, const u8 *s_len, const ec_pub_key **pub_keys, 79 const u8 **m, const u32 *m_len, u32 num, ec_alg_type sig_type, 80 hash_alg_type hash_type, const u8 **adata, const u16 *adata_len, 81 verify_batch_scratch_pad *scratch_pad_area, u32 *scratch_pad_area_len); 82 83 } ec_sig_mapping; 84 85 /* Sanity check to ensure our sig mapping does not contain 86 * NULL pointers 87 */ 88 ATTRIBUTE_WARN_UNUSED_RET static inline int sig_mapping_sanity_check(const ec_sig_mapping *sm) 89 { 90 int ret; 91 92 MUST_HAVE(((sm != NULL) && (sm->name != NULL) && (sm->siglen != NULL) && 93 (sm->gen_priv_key != NULL) && (sm->init_pub_key != NULL) && 94 (sm->sign_init != NULL) && (sm->sign_update != NULL) && 95 (sm->sign_finalize != NULL) && (sm->sign != NULL) && 96 (sm->verify_init != NULL) && (sm->verify_update != NULL) && 97 (sm->verify_finalize != NULL) && (sm->verify != NULL) && 98 (sm->verify_batch != NULL)), 99 ret, err); 100 101 ret = 0; 102 103 err: 104 return ret; 105 } 106 107 /* 108 * Each specific signature scheme need to maintain some specific 109 * data between calls to init()/update()/finalize() functions. 110 * 111 * Each scheme provides a specific structure for that purpose 112 * (in its .h file) which we include in the union below. A field 113 * of that type (.sign_data) is then included in the generic 114 * struct ec_sign_context below. 115 * 116 * The purpose of that work is to allow static declaration and 117 * allocation of common struct ec_sign_context with enough room 118 * available for all supported signature types. 119 */ 120 121 typedef union { 122 #if defined(WITH_SIG_ECDSA) || defined(WITH_SIG_DECDSA) /* ECDSA and DECDSA */ 123 ecdsa_sign_data ecdsa; 124 #endif 125 #ifdef WITH_SIG_ECKCDSA /* ECKCDSA */ 126 eckcdsa_sign_data eckcdsa; 127 #endif 128 #if (defined(WITH_SIG_ECSDSA) || defined(WITH_SIG_ECOSDSA)) /* EC[O]SDSA */ 129 ecsdsa_sign_data ecsdsa; 130 #endif 131 #ifdef WITH_SIG_ECFSDSA /* ECFSDSA */ 132 ecfsdsa_sign_data ecfsdsa; 133 #endif 134 #ifdef WITH_SIG_ECGDSA /* ECGDSA */ 135 ecgdsa_sign_data ecgdsa; 136 #endif 137 #ifdef WITH_SIG_ECRDSA /* ECRDSA */ 138 ecrdsa_sign_data ecrdsa; 139 #endif 140 #ifdef WITH_SIG_SM2 /* SM2 */ 141 sm2_sign_data sm2; 142 #endif 143 #if defined(WITH_SIG_EDDSA25519) || defined(WITH_SIG_EDDSA448) /* EDDSA25519, EDDSA448 */ 144 eddsa_sign_data eddsa; 145 #endif 146 #if defined(WITH_SIG_BIGN) || defined(WITH_SIG_DBIGN) /* BIGN and DBIGN */ 147 bign_sign_data bign; 148 #endif 149 } sig_sign_data; 150 151 /* 152 * The 'struct ec_sign_context' below provides a persistent state 153 * between successive calls to ec_sign_{init,update,finalize}(). 154 */ 155 struct ec_sign_context { 156 word_t ctx_magic; 157 const ec_key_pair *key_pair; 158 ATTRIBUTE_WARN_UNUSED_RET int (*rand) (nn_t out, nn_src_t q); 159 const hash_mapping *h; 160 const ec_sig_mapping *sig; 161 162 sig_sign_data sign_data; 163 164 /* Optional ancillary data. This data is 165 * optionnally used by the signature algorithm. 166 */ 167 const u8 *adata; 168 u16 adata_len; 169 }; 170 171 #define SIG_SIGN_MAGIC ((word_t)(0x4ed73cfe4594dfd3ULL)) 172 ATTRIBUTE_WARN_UNUSED_RET static inline int sig_sign_check_initialized(struct ec_sign_context *ctx) 173 { 174 return (((ctx == NULL) || (ctx->ctx_magic != SIG_SIGN_MAGIC)) ? -1 : 0); 175 } 176 177 typedef union { 178 #if defined(WITH_SIG_ECDSA) || defined(WITH_SIG_DECDSA) /* ECDSA and DECDSA */ 179 ecdsa_verify_data ecdsa; 180 #endif 181 #ifdef WITH_SIG_ECKCDSA /* ECKCDSA */ 182 eckcdsa_verify_data eckcdsa; 183 #endif 184 #if (defined(WITH_SIG_ECSDSA) || defined(WITH_SIG_ECOSDSA)) /* EC[O]SDSA */ 185 ecsdsa_verify_data ecsdsa; 186 #endif 187 #ifdef WITH_SIG_ECFSDSA /* ECFSDSA */ 188 ecfsdsa_verify_data ecfsdsa; 189 #endif 190 #ifdef WITH_SIG_ECGDSA /* ECGDSA */ 191 ecgdsa_verify_data ecgdsa; 192 #endif 193 #ifdef WITH_SIG_ECRDSA /* ECRDSA */ 194 ecrdsa_verify_data ecrdsa; 195 #endif 196 #ifdef WITH_SIG_SM2 /* SM2 */ 197 sm2_verify_data sm2; 198 #endif 199 #if defined(WITH_SIG_EDDSA25519) || defined(WITH_SIG_EDDSA448) /* EDDSA25519, EDDSA448 */ 200 eddsa_verify_data eddsa; 201 #endif 202 #if defined(WITH_SIG_BIGN) || defined(WITH_SIG_DBIGN) /* BIGN and DBIGN */ 203 bign_verify_data bign; 204 #endif 205 #if defined(WITH_SIG_BIP0340) 206 bip0340_verify_data bip0340; 207 #endif 208 } sig_verify_data; 209 210 /* 211 * The 'struct ec_verify_context' below provides a persistent state 212 * between successive calls to ec_verify_{init,update,finalize}(). 213 */ 214 struct ec_verify_context { 215 word_t ctx_magic; 216 const ec_pub_key *pub_key; 217 const hash_mapping *h; 218 const ec_sig_mapping *sig; 219 220 sig_verify_data verify_data; 221 222 /* Optional ancillary data. This data is 223 * optionnally used by the signature algorithm. 224 */ 225 const u8 *adata; 226 u16 adata_len; 227 }; 228 229 #define SIG_VERIFY_MAGIC ((word_t)(0x7e0d42d13e3159baULL)) 230 ATTRIBUTE_WARN_UNUSED_RET static inline int sig_verify_check_initialized(struct ec_verify_context *ctx) 231 { 232 return (((ctx == NULL) || (ctx->ctx_magic != SIG_VERIFY_MAGIC)) ? -1 : 0); 233 } 234 235 /* Generic signature and verification APIs that will in fact call init / update / finalize in 236 * backend. Used for signature and verification functions that support these streaming APIs. 237 * 238 */ 239 ATTRIBUTE_WARN_UNUSED_RET int generic_ec_sign(u8 *sig, u8 siglen, const ec_key_pair *key_pair, 240 const u8 *m, u32 mlen, int (*rand) (nn_t out, nn_src_t q), 241 ec_alg_type sig_type, hash_alg_type hash_type, const u8 *adata, u16 adata_len); 242 ATTRIBUTE_WARN_UNUSED_RET int generic_ec_verify(const u8 *sig, u8 siglen, const ec_pub_key *pub_key, 243 const u8 *m, u32 mlen, ec_alg_type sig_type, 244 hash_alg_type hash_type, const u8 *adata, u16 adata_len); 245 246 /* Generic init / update / finalize functions returning an error and telling that they are 247 * unsupported. 248 */ 249 ATTRIBUTE_WARN_UNUSED_RET int unsupported_sign_init(struct ec_sign_context * ctx); 250 ATTRIBUTE_WARN_UNUSED_RET int unsupported_sign_update(struct ec_sign_context * ctx, 251 const u8 *chunk, u32 chunklen); 252 ATTRIBUTE_WARN_UNUSED_RET int unsupported_sign_finalize(struct ec_sign_context * ctx, 253 u8 *sig, u8 siglen); 254 255 ATTRIBUTE_WARN_UNUSED_RET int is_sign_streaming_mode_supported(ec_alg_type sig_type, int *check); 256 257 ATTRIBUTE_WARN_UNUSED_RET int unsupported_verify_init(struct ec_verify_context * ctx, 258 const u8 *sig, u8 siglen); 259 ATTRIBUTE_WARN_UNUSED_RET int unsupported_verify_update(struct ec_verify_context * ctx, 260 const u8 *chunk, u32 chunklen); 261 ATTRIBUTE_WARN_UNUSED_RET int unsupported_verify_finalize(struct ec_verify_context * ctx); 262 263 ATTRIBUTE_WARN_UNUSED_RET int is_verify_streaming_mode_supported(ec_alg_type sig_type, int *check); 264 265 ATTRIBUTE_WARN_UNUSED_RET int is_sign_deterministic(ec_alg_type sig_type, int *check); 266 267 ATTRIBUTE_WARN_UNUSED_RET int is_verify_batch_mode_supported(ec_alg_type sig_type, int *check); 268 269 ATTRIBUTE_WARN_UNUSED_RET int unsupported_verify_batch(const u8 **s, const u8 *s_len, const ec_pub_key **pub_keys, 270 const u8 **m, const u32 *m_len, u32 num, ec_alg_type sig_type, 271 hash_alg_type hash_type, const u8 **adata, const u16 *adata_len, 272 verify_batch_scratch_pad *scratch_pad_area, u32 *scratch_pad_area_len); 273 274 /* 275 * Each signature algorithm supported by the library and implemented 276 * in ec{,ck,s,fs,g,r}dsa.{c,h} is referenced below. 277 */ 278 #define MAX_SIG_ALG_NAME_LEN 0 279 static const ec_sig_mapping ec_sig_maps[] = { 280 #ifdef WITH_SIG_ECDSA 281 {.type = ECDSA, 282 .name = "ECDSA", 283 .siglen = ecdsa_siglen, 284 .gen_priv_key = generic_gen_priv_key, 285 .init_pub_key = ecdsa_init_pub_key, 286 .sign_init = _ecdsa_sign_init, 287 .sign_update = _ecdsa_sign_update, 288 .sign_finalize = _ecdsa_sign_finalize, 289 .sign = generic_ec_sign, 290 .verify_init = _ecdsa_verify_init, 291 .verify_update = _ecdsa_verify_update, 292 .verify_finalize = _ecdsa_verify_finalize, 293 .verify = generic_ec_verify, 294 .verify_batch = unsupported_verify_batch, 295 }, 296 #if (MAX_SIG_ALG_NAME_LEN < 6) 297 #undef MAX_SIG_ALG_NAME_LEN 298 #define MAX_SIG_ALG_NAME_LEN 6 299 #endif /* MAX_SIG_ALG_NAME_LEN */ 300 #endif /* WITH_SIG_ECDSA */ 301 #ifdef WITH_SIG_ECKCDSA 302 {.type = ECKCDSA, 303 .name = "ECKCDSA", 304 .siglen = eckcdsa_siglen, 305 .gen_priv_key = generic_gen_priv_key, 306 .init_pub_key = eckcdsa_init_pub_key, 307 .sign_init = _eckcdsa_sign_init, 308 .sign_update = _eckcdsa_sign_update, 309 .sign_finalize = _eckcdsa_sign_finalize, 310 .sign = generic_ec_sign, 311 .verify_init = _eckcdsa_verify_init, 312 .verify_update = _eckcdsa_verify_update, 313 .verify_finalize = _eckcdsa_verify_finalize, 314 .verify = generic_ec_verify, 315 .verify_batch = unsupported_verify_batch, 316 }, 317 #if (MAX_SIG_ALG_NAME_LEN < 8) 318 #undef MAX_SIG_ALG_NAME_LEN 319 #define MAX_SIG_ALG_NAME_LEN 8 320 #endif /* MAX_SIG_ALG_NAME_LEN */ 321 #endif /* WITH_SIG_ECKCDSA */ 322 #ifdef WITH_SIG_ECSDSA 323 {.type = ECSDSA, 324 .name = "ECSDSA", 325 .siglen = ecsdsa_siglen, 326 .gen_priv_key = generic_gen_priv_key, 327 .init_pub_key = ecsdsa_init_pub_key, 328 .sign_init = _ecsdsa_sign_init, 329 .sign_update = _ecsdsa_sign_update, 330 .sign_finalize = _ecsdsa_sign_finalize, 331 .sign = generic_ec_sign, 332 .verify_init = _ecsdsa_verify_init, 333 .verify_update = _ecsdsa_verify_update, 334 .verify_finalize = _ecsdsa_verify_finalize, 335 .verify = generic_ec_verify, 336 .verify_batch = unsupported_verify_batch, 337 }, 338 #if (MAX_SIG_ALG_NAME_LEN < 7) 339 #undef MAX_SIG_ALG_NAME_LEN 340 #define MAX_SIG_ALG_NAME_LEN 7 341 #endif /* MAX_SIG_ALG_NAME_LEN */ 342 #endif /* WITH_SIG_ECSDSA */ 343 #ifdef WITH_SIG_ECOSDSA 344 {.type = ECOSDSA, 345 .name = "ECOSDSA", 346 .siglen = ecosdsa_siglen, 347 .gen_priv_key = generic_gen_priv_key, 348 .init_pub_key = ecosdsa_init_pub_key, 349 .sign_init = _ecosdsa_sign_init, 350 .sign_update = _ecosdsa_sign_update, 351 .sign_finalize = _ecosdsa_sign_finalize, 352 .sign = generic_ec_sign, 353 .verify_init = _ecosdsa_verify_init, 354 .verify_update = _ecosdsa_verify_update, 355 .verify_finalize = _ecosdsa_verify_finalize, 356 .verify = generic_ec_verify, 357 .verify_batch = unsupported_verify_batch, 358 }, 359 #if (MAX_SIG_ALG_NAME_LEN < 8) 360 #undef MAX_SIG_ALG_NAME_LEN 361 #define MAX_SIG_ALG_NAME_LEN 8 362 #endif /* MAX_SIG_ALG_NAME_LEN */ 363 #endif /* WITH_SIG_ECOSDSA */ 364 #ifdef WITH_SIG_ECFSDSA 365 {.type = ECFSDSA, 366 .name = "ECFSDSA", 367 .siglen = ecfsdsa_siglen, 368 .gen_priv_key = generic_gen_priv_key, 369 .init_pub_key = ecfsdsa_init_pub_key, 370 .sign_init = _ecfsdsa_sign_init, 371 .sign_update = _ecfsdsa_sign_update, 372 .sign_finalize = _ecfsdsa_sign_finalize, 373 .sign = generic_ec_sign, 374 .verify_init = _ecfsdsa_verify_init, 375 .verify_update = _ecfsdsa_verify_update, 376 .verify_finalize = _ecfsdsa_verify_finalize, 377 .verify = generic_ec_verify, 378 .verify_batch = ecfsdsa_verify_batch, 379 }, 380 #if (MAX_SIG_ALG_NAME_LEN < 8) 381 #undef MAX_SIG_ALG_NAME_LEN 382 #define MAX_SIG_ALG_NAME_LEN 8 383 #endif /* MAX_SIG_ALG_NAME_LEN */ 384 #endif /* WITH_SIG_ECFSDSA */ 385 #ifdef WITH_SIG_ECGDSA 386 {.type = ECGDSA, 387 .name = "ECGDSA", 388 .siglen = ecgdsa_siglen, 389 .gen_priv_key = generic_gen_priv_key, 390 .init_pub_key = ecgdsa_init_pub_key, 391 .sign_init = _ecgdsa_sign_init, 392 .sign_update = _ecgdsa_sign_update, 393 .sign_finalize = _ecgdsa_sign_finalize, 394 .sign = generic_ec_sign, 395 .verify_init = _ecgdsa_verify_init, 396 .verify_update = _ecgdsa_verify_update, 397 .verify_finalize = _ecgdsa_verify_finalize, 398 .verify = generic_ec_verify, 399 .verify_batch = unsupported_verify_batch, 400 }, 401 #if (MAX_SIG_ALG_NAME_LEN < 7) 402 #undef MAX_SIG_ALG_NAME_LEN 403 #define MAX_SIG_ALG_NAME_LEN 7 404 #endif /* MAX_SIG_ALG_NAME_LEN */ 405 #endif /* WITH_SIG_ECGDSA */ 406 #ifdef WITH_SIG_ECRDSA 407 {.type = ECRDSA, 408 .name = "ECRDSA", 409 .siglen = ecrdsa_siglen, 410 .gen_priv_key = generic_gen_priv_key, 411 .init_pub_key = ecrdsa_init_pub_key, 412 .sign_init = _ecrdsa_sign_init, 413 .sign_update = _ecrdsa_sign_update, 414 .sign_finalize = _ecrdsa_sign_finalize, 415 .sign = generic_ec_sign, 416 .verify_init = _ecrdsa_verify_init, 417 .verify_update = _ecrdsa_verify_update, 418 .verify_finalize = _ecrdsa_verify_finalize, 419 .verify = generic_ec_verify, 420 .verify_batch = unsupported_verify_batch, 421 }, 422 #if (MAX_SIG_ALG_NAME_LEN < 7) 423 #undef MAX_SIG_ALG_NAME_LEN 424 #define MAX_SIG_ALG_NAME_LEN 7 425 #endif /* MAX_SIG_ALG_NAME_LEN */ 426 #endif /* WITH_SIG_ECRDSA */ 427 #ifdef WITH_SIG_SM2 428 {.type = SM2, 429 .name = "SM2", 430 .siglen = sm2_siglen, 431 .gen_priv_key = sm2_gen_priv_key, 432 .init_pub_key = sm2_init_pub_key, 433 .sign_init = _sm2_sign_init, 434 .sign_update = _sm2_sign_update, 435 .sign_finalize = _sm2_sign_finalize, 436 .sign = generic_ec_sign, 437 .verify_init = _sm2_verify_init, 438 .verify_update = _sm2_verify_update, 439 .verify_finalize = _sm2_verify_finalize, 440 .verify = generic_ec_verify, 441 .verify_batch = unsupported_verify_batch, 442 }, 443 #if (MAX_SIG_ALG_NAME_LEN < 4) 444 #undef MAX_SIG_ALG_NAME_LEN 445 #define MAX_SIG_ALG_NAME_LEN 4 446 #endif /* MAX_SIG_ALG_NAME_LEN */ 447 #endif /* WITH_SIG_SM2 */ 448 #ifdef WITH_SIG_EDDSA25519 449 {.type = EDDSA25519, 450 .name = "EDDSA25519", 451 .siglen = eddsa_siglen, 452 .gen_priv_key = eddsa_gen_priv_key, 453 .init_pub_key = eddsa_init_pub_key, 454 /* NOTE: for "pure" EdDSA, streaming mode is not supported */ 455 .sign_init = unsupported_sign_init, 456 .sign_update = unsupported_sign_update, 457 .sign_finalize = unsupported_sign_finalize, 458 .sign = _eddsa_sign, 459 .verify_init = _eddsa_verify_init, 460 .verify_update = _eddsa_verify_update, 461 .verify_finalize = _eddsa_verify_finalize, 462 .verify = generic_ec_verify, 463 .verify_batch = eddsa_verify_batch, 464 }, 465 {.type = EDDSA25519CTX, 466 .name = "EDDSA25519CTX", 467 .siglen = eddsa_siglen, 468 .gen_priv_key = eddsa_gen_priv_key, 469 .init_pub_key = eddsa_init_pub_key, 470 /* NOTE: for "ctx" EdDSA, streaming mode is not supported */ 471 .sign_init = unsupported_sign_init, 472 .sign_update = unsupported_sign_update, 473 .sign_finalize = unsupported_sign_finalize, 474 .sign = _eddsa_sign, 475 .verify_init = _eddsa_verify_init, 476 .verify_update = _eddsa_verify_update, 477 .verify_finalize = _eddsa_verify_finalize, 478 .verify = generic_ec_verify, 479 .verify_batch = eddsa_verify_batch, 480 }, 481 {.type = EDDSA25519PH, 482 .name = "EDDSA25519PH", 483 .siglen = eddsa_siglen, 484 .gen_priv_key = eddsa_gen_priv_key, 485 .init_pub_key = eddsa_init_pub_key, 486 .sign_init = _eddsa_sign_init_pre_hash, 487 .sign_update = _eddsa_sign_update_pre_hash, 488 .sign_finalize = _eddsa_sign_finalize_pre_hash, 489 .sign = _eddsa_sign, 490 .verify_init = _eddsa_verify_init, 491 .verify_update = _eddsa_verify_update, 492 .verify_finalize = _eddsa_verify_finalize, 493 .verify = generic_ec_verify, 494 .verify_batch = eddsa_verify_batch, 495 }, 496 #if (MAX_SIG_ALG_NAME_LEN < 14) 497 #undef MAX_SIG_ALG_NAME_LEN 498 #define MAX_SIG_ALG_NAME_LEN 14 499 #endif /* MAX_SIG_ALG_NAME_LEN */ 500 #endif /* WITH_SIG_EDDSA25519 */ 501 #ifdef WITH_SIG_EDDSA448 502 {.type = EDDSA448, 503 .name = "EDDSA448", 504 .siglen = eddsa_siglen, 505 .gen_priv_key = eddsa_gen_priv_key, 506 .init_pub_key = eddsa_init_pub_key, 507 /* NOTE: for "pure" EdDSA, streaming mode is not supported */ 508 .sign_init = unsupported_sign_init, 509 .sign_update = unsupported_sign_update, 510 .sign_finalize = unsupported_sign_finalize, 511 .sign = _eddsa_sign, 512 .verify_init = _eddsa_verify_init, 513 .verify_update = _eddsa_verify_update, 514 .verify_finalize = _eddsa_verify_finalize, 515 .verify = generic_ec_verify, 516 .verify_batch = eddsa_verify_batch, 517 }, 518 {.type = EDDSA448PH, 519 .name = "EDDSA448PH", 520 .siglen = eddsa_siglen, 521 .gen_priv_key = eddsa_gen_priv_key, 522 .init_pub_key = eddsa_init_pub_key, 523 .sign_init = _eddsa_sign_init_pre_hash, 524 .sign_update = _eddsa_sign_update_pre_hash, 525 .sign_finalize = _eddsa_sign_finalize_pre_hash, 526 .sign = _eddsa_sign, 527 .verify_init = _eddsa_verify_init, 528 .verify_update = _eddsa_verify_update, 529 .verify_finalize = _eddsa_verify_finalize, 530 .verify = generic_ec_verify, 531 .verify_batch = eddsa_verify_batch, 532 }, 533 #if (MAX_SIG_ALG_NAME_LEN < 11) 534 #undef MAX_SIG_ALG_NAME_LEN 535 #define MAX_SIG_ALG_NAME_LEN 11 536 #endif /* MAX_SIG_ALG_NAME_LEN */ 537 #endif /* WITH_SIG_EDDSA448 */ 538 #ifdef WITH_SIG_DECDSA 539 {.type = DECDSA, 540 .name = "DECDSA", 541 .siglen = decdsa_siglen, 542 .gen_priv_key = generic_gen_priv_key, 543 .init_pub_key = decdsa_init_pub_key, 544 .sign_init = _decdsa_sign_init, 545 .sign_update = _decdsa_sign_update, 546 .sign_finalize = _decdsa_sign_finalize, 547 .sign = generic_ec_sign, 548 .verify_init = _decdsa_verify_init, 549 .verify_update = _decdsa_verify_update, 550 .verify_finalize = _decdsa_verify_finalize, 551 .verify = generic_ec_verify, 552 .verify_batch = unsupported_verify_batch, 553 }, 554 #if (MAX_SIG_ALG_NAME_LEN < 7) 555 #undef MAX_SIG_ALG_NAME_LEN 556 #define MAX_SIG_ALG_NAME_LEN 7 557 #endif /* MAX_SIG_ALG_NAME_LEN */ 558 #endif /* WITH_SIG_DECDSA */ 559 #ifdef WITH_SIG_BIGN 560 {.type = BIGN, 561 .name = "BIGN", 562 .siglen = bign_siglen, 563 .gen_priv_key = generic_gen_priv_key, 564 .init_pub_key = bign_init_pub_key, 565 .sign_init = _bign_sign_init, 566 .sign_update = _bign_sign_update, 567 .sign_finalize = _bign_sign_finalize, 568 .sign = generic_ec_sign, 569 .verify_init = _bign_verify_init, 570 .verify_update = _bign_verify_update, 571 .verify_finalize = _bign_verify_finalize, 572 .verify = generic_ec_verify, 573 .verify_batch = unsupported_verify_batch, 574 }, 575 #if (MAX_SIG_ALG_NAME_LEN < 5) 576 #undef MAX_SIG_ALG_NAME_LEN 577 #define MAX_SIG_ALG_NAME_LEN 5 578 #endif /* MAX_SIG_ALG_NAME_LEN */ 579 #endif /* WITH_SIG_BIGN */ 580 #ifdef WITH_SIG_DBIGN 581 {.type = DBIGN, 582 .name = "DBIGN", 583 .siglen = dbign_siglen, 584 .gen_priv_key = generic_gen_priv_key, 585 .init_pub_key = dbign_init_pub_key, 586 .sign_init = _dbign_sign_init, 587 .sign_update = _dbign_sign_update, 588 .sign_finalize = _dbign_sign_finalize, 589 .sign = generic_ec_sign, 590 .verify_init = _dbign_verify_init, 591 .verify_update = _dbign_verify_update, 592 .verify_finalize = _dbign_verify_finalize, 593 .verify = generic_ec_verify, 594 .verify_batch = unsupported_verify_batch, 595 }, 596 #if (MAX_SIG_ALG_NAME_LEN < 6) 597 #undef MAX_SIG_ALG_NAME_LEN 598 #define MAX_SIG_ALG_NAME_LEN 6 599 #endif /* MAX_SIG_ALG_NAME_LEN */ 600 #endif /* WITH_SIG_DBIGN */ 601 #ifdef WITH_SIG_BIP0340 602 {.type = BIP0340, 603 .name = "BIP0340", 604 .siglen = bip0340_siglen, 605 .gen_priv_key = generic_gen_priv_key, 606 .init_pub_key = bip0340_init_pub_key, 607 .sign_init = unsupported_sign_init, 608 .sign_update = unsupported_sign_update, 609 .sign_finalize = unsupported_sign_finalize, 610 .sign = _bip0340_sign, 611 .verify_init = _bip0340_verify_init, 612 .verify_update = _bip0340_verify_update, 613 .verify_finalize = _bip0340_verify_finalize, 614 .verify = generic_ec_verify, 615 .verify_batch = bip0340_verify_batch, 616 }, 617 #if (MAX_SIG_ALG_NAME_LEN < 8) 618 #undef MAX_SIG_ALG_NAME_LEN 619 #define MAX_SIG_ALG_NAME_LEN 8 620 #endif /* MAX_SIG_ALG_NAME_LEN */ 621 #endif /* WITH_SIG_BIP0340 */ 622 {.type = UNKNOWN_ALG, /* Needs to be kept last */ 623 .name = "UNKNOWN", 624 .siglen = 0, 625 .gen_priv_key = NULL, 626 .init_pub_key = NULL, 627 .sign_init = NULL, 628 .sign_update = NULL, 629 .sign_finalize = NULL, 630 .sign = NULL, 631 .verify_init = NULL, 632 .verify_update = NULL, 633 .verify_finalize = NULL, 634 .verify = NULL, 635 .verify_batch = NULL, 636 }, 637 }; 638 639 /* 640 * For a given raw signature, the structured version is produced by prepending 641 * three bytes providing specific sig alg, hash alg and curve. 642 */ 643 #define EC_STRUCTURED_SIG_EXPORT_SIZE(siglen) (u8)((siglen) + (u8)(3 * sizeof(u8))) 644 #define EC_STRUCTURED_SIG_MAX_EXPORT_SIZE (EC_MAX_SIGLEN + 3) 645 646 /* Sanity check */ 647 #if EC_STRUCTURED_SIG_MAX_EXPORT_SIZE > 255 648 #error "All structured signatures sizes are expected to fit on an u8." 649 #endif 650 #endif /* __SIG_ALGS_INTERNAL_H__ */