1 /* SPDX-License-Identifier: GPL-2.0-or-later */ 2 /* 3 * Support for verifying ML-DSA signatures 4 * 5 * Copyright 2025 Google LLC 6 */ 7 #ifndef _CRYPTO_MLDSA_H 8 #define _CRYPTO_MLDSA_H 9 10 #include <linux/types.h> 11 12 /* Identifier for an ML-DSA parameter set */ 13 enum mldsa_alg { 14 MLDSA44, /* ML-DSA-44 */ 15 MLDSA65, /* ML-DSA-65 */ 16 MLDSA87, /* ML-DSA-87 */ 17 }; 18 19 /* Lengths of ML-DSA public keys and signatures in bytes */ 20 #define MLDSA44_PUBLIC_KEY_SIZE 1312 21 #define MLDSA65_PUBLIC_KEY_SIZE 1952 22 #define MLDSA87_PUBLIC_KEY_SIZE 2592 23 #define MLDSA44_SIGNATURE_SIZE 2420 24 #define MLDSA65_SIGNATURE_SIZE 3309 25 #define MLDSA87_SIGNATURE_SIZE 4627 26 27 /** 28 * mldsa_verify() - Verify an ML-DSA signature 29 * @alg: The ML-DSA parameter set to use 30 * @sig: The signature 31 * @sig_len: Length of the signature in bytes. Should match the 32 * MLDSA*_SIGNATURE_SIZE constant associated with @alg, 33 * otherwise -EBADMSG will be returned. 34 * @msg: The message 35 * @msg_len: Length of the message in bytes 36 * @pk: The public key 37 * @pk_len: Length of the public key in bytes. Should match the 38 * MLDSA*_PUBLIC_KEY_SIZE constant associated with @alg, 39 * otherwise -EBADMSG will be returned. 40 * 41 * This verifies a signature using pure ML-DSA with the specified parameter set. 42 * The context string is assumed to be empty. 43 * 44 * Context: Might sleep 45 * 46 * Return: 47 * * 0 if the signature is valid 48 * * -EBADMSG if the signature and/or public key is malformed 49 * * -EKEYREJECTED if the signature is invalid but otherwise well-formed 50 * * -ENOMEM if out of memory so the validity of the signature is unknown 51 */ 52 int mldsa_verify(enum mldsa_alg alg, const u8 *sig, size_t sig_len, 53 const u8 *msg, size_t msg_len, const u8 *pk, size_t pk_len); 54 55 #if IS_ENABLED(CONFIG_CRYPTO_LIB_MLDSA_KUNIT_TEST) 56 /* Internal function, exposed only for unit testing */ 57 s32 mldsa_use_hint(u8 h, s32 r, s32 gamma2); 58 #endif 59 60 #endif /* _CRYPTO_MLDSA_H */ 61