ed448.h
Go to the documentation of this file.
1 /**
2  * @file ed448.h
3  * @brief Ed448 elliptic curve (constant-time implementation)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.0
29  **/
30 
31 #ifndef _ED448_H
32 #define _ED448_H
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "ecc/eddsa.h"
37 #include "xof/shake.h"
38 
39 //Length of EdDSA private keys
40 #define ED448_PRIVATE_KEY_LEN 57
41 //Length of EdDSA public keys
42 #define ED448_PUBLIC_KEY_LEN 57
43 //Length of EdDSA signatures
44 #define ED448_SIGNATURE_LEN 114
45 
46 //Ed448ph flag
47 #define ED448_PH_FLAG 1
48 //Prehash function output size
49 #define ED448_PH_SIZE 64
50 
51 //C++ guard
52 #ifdef __cplusplus
53 extern "C" {
54 #endif
55 
56 
57 /**
58  * @brief Projective point representation
59  **/
60 
61 typedef struct
62 {
63  uint32_t x[14];
64  uint32_t y[14];
65  uint32_t z[14];
66 } Ed448Point;
67 
68 
69 /**
70  * @brief Ed448 working state
71  **/
72 
73 typedef struct
74 {
75  ShakeContext shakeContext;
76  uint8_t k[114];
77  uint8_t p[57];
78  uint8_t r[57];
79  uint8_t s[57];
80  uint8_t t[57];
81  Ed448Point ka;
82  Ed448Point rb;
83  Ed448Point sb;
84  Ed448Point u;
85  Ed448Point v;
86  uint32_t a[14];
87  uint32_t b[14];
88  uint32_t c[14];
89  uint32_t d[14];
90  uint32_t e[14];
91  uint32_t f[14];
92  uint32_t g[14];
93 } Ed448State;
94 
95 
96 //Ed448 related functions
97 error_t ed448GenerateKeyPair(const PrngAlgo *prngAlgo, void *prngContext,
98  uint8_t *privateKey, uint8_t *publicKey);
99 
100 error_t ed448GeneratePrivateKey(const PrngAlgo *prngAlgo, void *prngContext,
101  uint8_t *privateKey);
102 
103 error_t ed448GeneratePublicKey(const uint8_t *privateKey, uint8_t *publicKey);
104 
105 error_t ed448GenerateSignature(const uint8_t *privateKey,
106  const uint8_t *publicKey, const void *message, size_t messageLen,
107  const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature);
108 
109 error_t ed448GenerateSignatureEx(const uint8_t *privateKey,
110  const uint8_t *publicKey, const EddsaMessageChunk *messageChunks,
111  const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature);
112 
113 error_t ed448VerifySignature(const uint8_t *publicKey, const void *message,
114  size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag,
115  const uint8_t *signature);
116 
117 error_t ed448VerifySignatureEx(const uint8_t *publicKey,
118  const EddsaMessageChunk *messageChunks, const void *context,
119  uint8_t contextLen, uint8_t flag, const uint8_t *signature);
120 
121 void ed448Mul(Ed448State *state, Ed448Point *r, const uint8_t *k,
122  const Ed448Point *p);
123 
124 void ed448Add(Ed448State *state, Ed448Point *r, const Ed448Point *p,
125  const Ed448Point *q);
126 
127 void ed448Double(Ed448State *state, Ed448Point *r, const Ed448Point *p);
128 
129 void ed448Encode(Ed448Point *p, uint8_t *data);
130 uint32_t ed448Decode(Ed448Point *p, const uint8_t *data);
131 
132 void ed448RedInt(uint8_t *r, const uint8_t *a);
133 
134 void ed448AddInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n);
135 uint8_t ed448SubInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n);
136 
137 void ed448MulInt(uint8_t *rl, uint8_t *rh, const uint8_t *a,
138  const uint8_t *b, uint_t n);
139 
140 void ed448CopyInt(uint8_t *a, const uint8_t *b, uint_t n);
141 
142 void ed448SelectInt(uint8_t *r, const uint8_t *a, const uint8_t *b,
143  uint8_t c, uint_t n);
144 
145 uint8_t ed448CompInt(const uint8_t *a, const uint8_t *b, uint_t n);
146 
147 //C++ guard
148 #ifdef __cplusplus
149 }
150 #endif
151 
152 #endif
message
uint8_t message[]
Definition: chap.h:154
uint_t
unsigned int uint_t
Definition: compiler_port.h:50
crypto.h
General definitions for cryptographic algorithms.
PrngAlgo
#define PrngAlgo
Definition: crypto.h:917
n
uint8_t n
Definition: dhcpv6_common.h:416
z
uint8_t z
Definition: dns_common.h:191
ed448Double
void ed448Double(Ed448State *state, Ed448Point *r, const Ed448Point *p)
Point doubling.
Definition: ed448.c:628
ed448GenerateKeyPair
error_t ed448GenerateKeyPair(const PrngAlgo *prngAlgo, void *prngContext, uint8_t *privateKey, uint8_t *publicKey)
EdDSA key pair generation.
Definition: ed448.c:103
ed448RedInt
void ed448RedInt(uint8_t *r, const uint8_t *a)
Reduce an integer modulo L.
Definition: ed448.c:761
ed448VerifySignatureEx
error_t ed448VerifySignatureEx(const uint8_t *publicKey, const EddsaMessageChunk *messageChunks, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
EdDSA signature verification.
Definition: ed448.c:438
ed448SelectInt
void ed448SelectInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint8_t c, uint_t n)
Select an integer.
Definition: ed448.c:934
ed448AddInt
void ed448AddInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
Addition of two integers.
Definition: ed448.c:796
ed448Add
void ed448Add(Ed448State *state, Ed448Point *r, const Ed448Point *p, const Ed448Point *q)
Point addition.
Definition: ed448.c:585
ed448Mul
void ed448Mul(Ed448State *state, Ed448Point *r, const uint8_t *k, const Ed448Point *p)
Scalar multiplication on Ed448 curve.
Definition: ed448.c:542
ed448CopyInt
void ed448CopyInt(uint8_t *a, const uint8_t *b, uint_t n)
Copy an integer.
Definition: ed448.c:913
ed448GeneratePublicKey
error_t ed448GeneratePublicKey(const uint8_t *privateKey, uint8_t *publicKey)
Derive the public key from an EdDSA private key.
Definition: ed448.c:155
ed448MulInt
void ed448MulInt(uint8_t *rl, uint8_t *rh, const uint8_t *a, const uint8_t *b, uint_t n)
Multiplication of two integers.
Definition: ed448.c:849
ed448GenerateSignature
error_t ed448GenerateSignature(const uint8_t *privateKey, const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
EdDSA signature generation.
Definition: ed448.c:223
ed448SubInt
uint8_t ed448SubInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
Subtraction of two integers.
Definition: ed448.c:821
ed448Encode
void ed448Encode(Ed448Point *p, uint8_t *data)
Point encoding.
Definition: ed448.c:661
ed448CompInt
uint8_t ed448CompInt(const uint8_t *a, const uint8_t *b, uint_t n)
Compare integers.
Definition: ed448.c:960
ed448VerifySignature
error_t ed448VerifySignature(const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
EdDSA signature verification.
Definition: ed448.c:404
ed448GeneratePrivateKey
error_t ed448GeneratePrivateKey(const PrngAlgo *prngAlgo, void *prngContext, uint8_t *privateKey)
EdDSA private key generation.
Definition: ed448.c:131
ed448Decode
uint32_t ed448Decode(Ed448Point *p, const uint8_t *data)
Point decoding.
Definition: ed448.c:686
ed448GenerateSignatureEx
error_t ed448GenerateSignatureEx(const uint8_t *privateKey, const uint8_t *publicKey, const EddsaMessageChunk *messageChunks, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
EdDSA signature generation.
Definition: ed448.c:258
eddsa.h
EdDSA (Edwards-Curve Digital Signature Algorithm)
error_t
error_t
Error codes.
Definition: error.h:43
data
uint8_t data[]
Definition: ethernet.h:222
x
uint8_t x
Definition: lldp_ext_med.h:211
t
uint8_t t
Definition: lldp_ext_med.h:212
b
uint8_t b
Definition: nbns_common.h:104
c
uint8_t c
Definition: ndp.h:514
r
uint8_t r
Definition: ndp.h:346
s
uint8_t s
Definition: ndp.h:345
p
uint8_t p
Definition: ndp.h:300
a
uint8_t a
Definition: ndp.h:411
shake.h
SHAKE128 and SHAKE256 extendable-output functions.
Ed448Point
Projective point representation.
Definition: ed448.h:62
Ed448State
Ed448 working state.
Definition: ed448.h:74
Ed448State::u
Ed448Point u
Definition: ed448.h:84
Ed448State::v
Ed448Point v
Definition: ed448.h:85
Ed448State::shakeContext
ShakeContext shakeContext
Definition: ed448.h:75
Ed448State::sb
Ed448Point sb
Definition: ed448.h:83
Ed448State::rb
Ed448Point rb
Definition: ed448.h:82
Ed448State::ka
Ed448Point ka
Definition: ed448.h:81
EddsaMessageChunk
Message chunk descriptor.
Definition: eddsa.h:71
ShakeContext
SHAKE algorithm context.
Definition: shake.h:49