1*f0865ec9SKyle Evans /* 2*f0865ec9SKyle Evans * Copyright (C) 2021 - This file is part of libecc project 3*f0865ec9SKyle Evans * 4*f0865ec9SKyle Evans * Authors: 5*f0865ec9SKyle Evans * Ryad BENADJILA <ryadbenadjila@gmail.com> 6*f0865ec9SKyle Evans * Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr> 7*f0865ec9SKyle Evans * 8*f0865ec9SKyle Evans * This software is licensed under a dual BSD and GPL v2 license. 9*f0865ec9SKyle Evans * See LICENSE file at the root folder of the project. 10*f0865ec9SKyle Evans */ 11*f0865ec9SKyle Evans #ifndef __SSS_H__ 12*f0865ec9SKyle Evans #define __SSS_H__ 13*f0865ec9SKyle Evans 14*f0865ec9SKyle Evans /* NOTE: we redefine some attributes if they are not already defined */ 15*f0865ec9SKyle Evans #ifndef ATTRIBUTE_PACKED 16*f0865ec9SKyle Evans #ifdef __GNUC__ 17*f0865ec9SKyle Evans #define ATTRIBUTE_PACKED __attribute__((packed)) 18*f0865ec9SKyle Evans #else 19*f0865ec9SKyle Evans #define ATTRIBUTE_PACKED 20*f0865ec9SKyle Evans #endif 21*f0865ec9SKyle Evans #endif 22*f0865ec9SKyle Evans #ifndef ATTRIBUTE_WARN_UNUSED_RET 23*f0865ec9SKyle Evans #ifdef __GNUC__ 24*f0865ec9SKyle Evans #ifdef USE_WARN_UNUSED_RET 25*f0865ec9SKyle Evans #define ATTRIBUTE_WARN_UNUSED_RET __attribute__((warn_unused_result)) 26*f0865ec9SKyle Evans #else 27*f0865ec9SKyle Evans #define ATTRIBUTE_WARN_UNUSED_RET 28*f0865ec9SKyle Evans #endif 29*f0865ec9SKyle Evans #else 30*f0865ec9SKyle Evans #define ATTRIBUTE_WARN_UNUSED_RET 31*f0865ec9SKyle Evans #endif 32*f0865ec9SKyle Evans #endif 33*f0865ec9SKyle Evans 34*f0865ec9SKyle Evans 35*f0865ec9SKyle Evans typedef enum { SSS_FALSE = 0, SSS_TRUE = 1 } boolean; 36*f0865ec9SKyle Evans 37*f0865ec9SKyle Evans /* The final secret size in bytes, corresponding to the 38*f0865ec9SKyle Evans * size of an element in Fp with ~256 bit prime. 39*f0865ec9SKyle Evans */ 40*f0865ec9SKyle Evans #define SSS_SECRET_SIZE 32 41*f0865ec9SKyle Evans 42*f0865ec9SKyle Evans /* Secrets and shares typedefs for "raw" SSS */ 43*f0865ec9SKyle Evans typedef struct ATTRIBUTE_PACKED { 44*f0865ec9SKyle Evans unsigned char secret[SSS_SECRET_SIZE]; 45*f0865ec9SKyle Evans } sss_secret; 46*f0865ec9SKyle Evans typedef struct ATTRIBUTE_PACKED { 47*f0865ec9SKyle Evans /* Index x of the share on two byts (a short) */ 48*f0865ec9SKyle Evans unsigned char index[2]; 49*f0865ec9SKyle Evans /* Value of the share */ 50*f0865ec9SKyle Evans unsigned char share[SSS_SECRET_SIZE]; 51*f0865ec9SKyle Evans } _sss_raw_share; 52*f0865ec9SKyle Evans 53*f0865ec9SKyle Evans #define SSS_SESSION_ID_SIZE 16 54*f0865ec9SKyle Evans /* We use SHA-256 for HMAC, so the size is 32 bytes */ 55*f0865ec9SKyle Evans #define SSS_HMAC_SIZE 32 56*f0865ec9SKyle Evans 57*f0865ec9SKyle Evans /* Security wrapper for the secret for "secured" SSS */ 58*f0865ec9SKyle Evans typedef struct ATTRIBUTE_PACKED { 59*f0865ec9SKyle Evans _sss_raw_share raw_share; 60*f0865ec9SKyle Evans /* 128 bits session id */ 61*f0865ec9SKyle Evans unsigned char session_id[SSS_SESSION_ID_SIZE]; 62*f0865ec9SKyle Evans unsigned char raw_share_hmac[SSS_HMAC_SIZE]; 63*f0865ec9SKyle Evans } sss_share; 64*f0865ec9SKyle Evans 65*f0865ec9SKyle Evans /* SSS shares and secret generation: 66*f0865ec9SKyle Evans * Inputs: 67*f0865ec9SKyle Evans * - n: is the number of shares to generate 68*f0865ec9SKyle Evans * - k: the quorum of shares to regenerate the secret (of course k <= n) 69*f0865ec9SKyle Evans * - secret: the secret value when input_secret is set to 'true' 70*f0865ec9SKyle Evans * Output: 71*f0865ec9SKyle Evans * - shares: a pointer to the generated n shares 72*f0865ec9SKyle Evans * - secret: the secret value when input_secret is set to 'false', this 73*f0865ec9SKyle Evans * value being randomly generated 74*f0865ec9SKyle Evans */ 75*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int sss_generate(sss_share *shares, unsigned short k, unsigned short n, sss_secret *secret, boolean input_secret); 76*f0865ec9SKyle Evans 77*f0865ec9SKyle Evans /* SSS shares and secret combination 78*f0865ec9SKyle Evans * Inputs: 79*f0865ec9SKyle Evans * - k: the quorum of shares to regenerate the secret 80*f0865ec9SKyle Evans * - shares: a pointer to the k shares 81*f0865ec9SKyle Evans * Output: 82*f0865ec9SKyle Evans * - secret: the secret value computed from the k shares 83*f0865ec9SKyle Evans */ 84*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int sss_combine(const sss_share *shares, unsigned short k, sss_secret *secret); 85*f0865ec9SKyle Evans 86*f0865ec9SKyle Evans /* SSS shares regeneration from existing shares 87*f0865ec9SKyle Evans * Inputs: 88*f0865ec9SKyle Evans * - shares: a pointer to the input k shares allowing the regeneration 89*f0865ec9SKyle Evans * - n: is the number of shares to regenerate 90*f0865ec9SKyle Evans * - k: the input shares (of course k <= n) 91*f0865ec9SKyle Evans * Output: 92*f0865ec9SKyle Evans * - shares: a pointer to the generated n shares (among which the k first are 93*f0865ec9SKyle Evans * the ones provided as inputs) 94*f0865ec9SKyle Evans * - secret: the recomputed secret value 95*f0865ec9SKyle Evans */ 96*f0865ec9SKyle Evans ATTRIBUTE_WARN_UNUSED_RET int sss_regenerate(sss_share *shares, unsigned short k, unsigned short n, sss_secret *secret); 97*f0865ec9SKyle Evans 98*f0865ec9SKyle Evans #endif /* __SSS_H__ */ 99