xref: /freebsd/crypto/libecc/include/libecc/sig/eddsa.h (revision f0865ec9906d5a18fa2a3b61381f22ce16e606ad) 
1 /*
2  *  Copyright (C) 2021 - This file is part of libecc project
3  *
4  *  Authors:
5  *      Ryad BENADJILA <ryadbenadjila@gmail.com>
6  *      Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr>
7  *
8  *  This software is licensed under a dual BSD and GPL v2 license.
9  *  See LICENSE file at the root folder of the project.
10  */
11 #include <libecc/lib_ecc_config.h>
12 #include <libecc/lib_ecc_types.h>
13 #if defined(WITH_SIG_EDDSA25519) || defined(WITH_SIG_EDDSA448)
14 
15 #ifndef __EDDSA_H__
16 #define __EDDSA_H__
17 
18 #include <libecc/words/words.h>
19 #include <libecc/sig/ec_key.h>
20 #include <libecc/hash/hash_algs.h>
21 #include <libecc/curves/curves.h>
22 #include <libecc/utils/utils.h>
23 
24 /*
25  * EDDSA exported encoded public keys are of fixed known sizes depending
26  * on the EDDSA variant
27  */
28 #if defined(WITH_SIG_EDDSA25519)
29 #define EDDSA25519_PUB_KEY_ENCODED_LEN 32
30 #endif
31 #if defined(WITH_SIG_EDDSA448)
32 #define EDDSA448_PUB_KEY_ENCODED_LEN   57
33 #endif
34 
35 /* Maximum size depending on what is defined */
36 #if defined(WITH_SIG_EDDSA25519) && defined(WITH_SIG_EDDSA448)
37 #define EDDSA_MAX_PUB_KEY_ENCODED_LEN LOCAL_MAX(EDDSA25519_PUB_KEY_ENCODED_LEN, EDDSA448_PUB_KEY_ENCODED_LEN)
38 #endif
39 
40 #if defined(WITH_SIG_EDDSA25519) && !defined(WITH_SIG_EDDSA448)
41 #define EDDSA_MAX_PUB_KEY_ENCODED_LEN EDDSA25519_PUB_KEY_ENCODED_LEN
42 #endif
43 
44 #if !defined(WITH_SIG_EDDSA25519) && defined(WITH_SIG_EDDSA448)
45 #define EDDSA_MAX_PUB_KEY_ENCODED_LEN EDDSA448_PUB_KEY_ENCODED_LEN
46 #endif
47 
48 
49 /*
50  * NOTE: for EDDSA, the signature length is twice the encoding of integers,
51  * which corresponds to half the hash size.
52  */
53 #define EDDSA_R_LEN(hsize)  (hsize / 2)
54 #define EDDSA_S_LEN(hsize)  (hsize / 2)
55 #define EDDSA_SIGLEN(hsize) (EDDSA_R_LEN(hsize) + EDDSA_S_LEN(hsize))
56 #define EDDSA_MAX_SIGLEN EDDSA_SIGLEN(MAX_DIGEST_SIZE)
57 
58 /*
59  * Compute max signature length for all the mechanisms enabled
60  * in the library (see lib_ecc_config.h). Having that done during
61  * preprocessing sadly requires some verbosity.
62  */
63 #ifndef EC_MAX_SIGLEN
64 #define EC_MAX_SIGLEN 0
65 #endif
66 #if ((EC_MAX_SIGLEN) < (EDDSA_MAX_SIGLEN))
67 #undef EC_MAX_SIGLEN
68 #define EC_MAX_SIGLEN EDDSA_MAX_SIGLEN
69 #endif
70 
71 typedef struct {
72 	hash_context h_ctx;
73 	word_t magic;
74 } eddsa_sign_data;
75 
76 struct ec_sign_context;
77 
78 ATTRIBUTE_WARN_UNUSED_RET int eddsa_gen_priv_key(ec_priv_key *priv_key);
79 ATTRIBUTE_WARN_UNUSED_RET int eddsa_init_pub_key(ec_pub_key *out_pub, const ec_priv_key *in_priv);
80 
81 ATTRIBUTE_WARN_UNUSED_RET int eddsa_siglen(u16 p_bit_len, u16 q_bit_len, u8 hsize, u8 blocksize, u8 *siglen);
82 
83 ATTRIBUTE_WARN_UNUSED_RET int _eddsa_sign_init_pre_hash(struct ec_sign_context *ctx);
84 
85 ATTRIBUTE_WARN_UNUSED_RET int _eddsa_sign_update_pre_hash(struct ec_sign_context *ctx,
86 				const u8 *chunk, u32 chunklen);
87 
88 ATTRIBUTE_WARN_UNUSED_RET int _eddsa_sign_finalize_pre_hash(struct ec_sign_context *ctx,
89 				  u8 *sig, u8 siglen);
90 
91 ATTRIBUTE_WARN_UNUSED_RET int _eddsa_sign(u8 *sig, u8 siglen, const ec_key_pair *key_pair,
92 		const u8 *m, u32 mlen, int (*rand) (nn_t out, nn_src_t q),
93 		ec_alg_type sig_type, hash_alg_type hash_type,
94 		const u8 *adata, u16 adata_len);
95 
96 typedef struct {
97 	prj_pt _R;
98 	nn S;
99 	hash_context h_ctx;
100 	hash_context h_ctx_pre_hash;
101 	word_t magic;
102 } eddsa_verify_data;
103 
104 struct ec_verify_context;
105 
106 ATTRIBUTE_WARN_UNUSED_RET int _eddsa_verify_init(struct ec_verify_context *ctx,
107 		       const u8 *sig, u8 siglen);
108 
109 ATTRIBUTE_WARN_UNUSED_RET int _eddsa_verify_update(struct ec_verify_context *ctx,
110 			 const u8 *chunk, u32 chunklen);
111 
112 ATTRIBUTE_WARN_UNUSED_RET int _eddsa_verify_finalize(struct ec_verify_context *ctx);
113 
114 /* Functions specific to EdDSA */
115 ATTRIBUTE_WARN_UNUSED_RET int eddsa_derive_priv_key(ec_priv_key *priv_key);
116 ATTRIBUTE_WARN_UNUSED_RET int eddsa_import_priv_key(ec_priv_key *priv_key, const u8 *buf, u16 buflen,
117 			  const ec_params *shortw_curve_params,
118 			  ec_alg_type sig_type);
119 ATTRIBUTE_WARN_UNUSED_RET int eddsa_import_pub_key(ec_pub_key *out_pub, const u8 *buf, u16 buflen,
120 			 const ec_params *shortw_curve_params,
121 			 ec_alg_type sig_type);
122 ATTRIBUTE_WARN_UNUSED_RET int eddsa_export_pub_key(const ec_pub_key *in_pub, u8 *buf, u16 buflen);
123 ATTRIBUTE_WARN_UNUSED_RET int eddsa_import_key_pair_from_priv_key_buf(ec_key_pair *kp,
124 					    const u8 *buf, u16 buflen,
125 					    const ec_params *shortw_curve_params,
126 					    ec_alg_type sig_type);
127 /* Batch verification function */
128 ATTRIBUTE_WARN_UNUSED_RET int eddsa_verify_batch(const u8 **s, const u8 *s_len, const ec_pub_key **pub_keys,
129               const u8 **m, const u32 *m_len, u32 num, ec_alg_type sig_type,
130               hash_alg_type hash_type, const u8 **adata, const u16 *adata_len,
131 	      verify_batch_scratch_pad *scratch_pad_area, u32 *scratch_pad_area_len);
132 
133 #endif /* __EDDSA_H__ */
134 #endif /* defined(WITH_SIG_EDDSA25519) || defined(WITH_SIG_EDDSA448) */
135