ed448.c File Reference

Ed448 elliptic curve (constant-time implementation) More...

#include "core/crypto.h"
#include "ecc/ec_curves.h"
#include "ecc/curve448.h"
#include "ecc/ed448.h"
#include "debug.h"

Go to the source code of this file.

Macros

#define TRACE_LEVEL   CRYPTO_TRACE_LEVEL
 

Functions

error_t ed448GenerateKeyPair (const PrngAlgo *prngAlgo, void *prngContext, uint8_t *privateKey, uint8_t *publicKey)
 EdDSA key pair generation. More...
 
error_t ed448GeneratePrivateKey (const PrngAlgo *prngAlgo, void *prngContext, uint8_t *privateKey)
 EdDSA private key generation. More...
 
error_t ed448GeneratePublicKey (const uint8_t *privateKey, uint8_t *publicKey)
 Derive the public key from an EdDSA private key. More...
 
error_t ed448GenerateSignature (const uint8_t *privateKey, const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
 EdDSA signature generation. More...
 
error_t ed448GenerateSignatureEx (const uint8_t *privateKey, const uint8_t *publicKey, const DataChunk *messageChunks, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
 EdDSA signature generation. More...
 
error_t ed448VerifySignature (const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
 EdDSA signature verification. More...
 
error_t ed448VerifySignatureEx (const uint8_t *publicKey, const DataChunk *messageChunks, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
 EdDSA signature verification. More...
 
void ed448Mul (Ed448State *state, Ed448Point *r, const uint8_t *k, const Ed448Point *p)
 Scalar multiplication on Ed448 curve. More...
 
void ed448Add (Ed448State *state, Ed448Point *r, const Ed448Point *p, const Ed448Point *q)
 Point addition. More...
 
void ed448Double (Ed448State *state, Ed448Point *r, const Ed448Point *p)
 Point doubling. More...
 
void ed448Encode (Ed448Point *p, uint8_t *data)
 Point encoding. More...
 
uint32_t ed448Decode (Ed448Point *p, const uint8_t *data)
 Point decoding. More...
 
void ed448RedInt (uint8_t *r, const uint8_t *a)
 Reduce an integer modulo L. More...
 
void ed448AddInt (uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
 Addition of two integers. More...
 
uint8_t ed448SubInt (uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
 Subtraction of two integers. More...
 
void ed448MulInt (uint8_t *rl, uint8_t *rh, const uint8_t *a, const uint8_t *b, uint_t n)
 Multiplication of two integers. More...
 
void ed448CopyInt (uint8_t *a, const uint8_t *b, uint_t n)
 Copy an integer. More...
 
void ed448SelectInt (uint8_t *r, const uint8_t *a, const uint8_t *b, uint8_t c, uint_t n)
 Select an integer. More...
 
uint8_t ed448CompInt (const uint8_t *a, const uint8_t *b, uint_t n)
 Compare integers. More...
 

Detailed Description

Ed448 elliptic curve (constant-time implementation)

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneCRYPTO Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.4.4

Definition in file ed448.c.

Macro Definition Documentation

◆ TRACE_LEVEL

#define TRACE_LEVEL   CRYPTO_TRACE_LEVEL

Definition at line 32 of file ed448.c.

Function Documentation

◆ ed448Add()

void ed448Add ( Ed448State state,
Ed448Point r,
const Ed448Point p,
const Ed448Point q 
)

Point addition.

Parameters
[in]statePointer to the working state
[out]rResulting point R = P + Q
[in]pFirst operand
[in]qSecond operand

Definition at line 585 of file ed448.c.

◆ ed448AddInt()

void ed448AddInt ( uint8_t *  r,
const uint8_t *  a,
const uint8_t *  b,
uint_t  n 
)

Addition of two integers.

Parameters
[out]rResulting integer R = A + B
[in]aAn integer such as 0 <= A < (2^8)^n
[in]bAn integer such as 0 <= B < (2^8)^n
[in]nSize of the operands, in bytes

Definition at line 796 of file ed448.c.

◆ ed448CompInt()

uint8_t ed448CompInt ( const uint8_t *  a,
const uint8_t *  b,
uint_t  n 
)

Compare integers.

Parameters
[in]aPointer to the first integer
[in]bPointer to the second integer
[in]nSize of the integers, in bytes
Returns
The function returns 0 if the A = B, else 1

Definition at line 960 of file ed448.c.

◆ ed448CopyInt()

void ed448CopyInt ( uint8_t *  a,
const uint8_t *  b,
uint_t  n 
)

Copy an integer.

Parameters
[out]aPointer to the destination integer
[in]bPointer to the source integer
[in]nSize of the integers, in bytes

Definition at line 913 of file ed448.c.

◆ ed448Decode()

uint32_t ed448Decode ( Ed448Point p,
const uint8_t *  data 
)

Point decoding.

Parameters
[in]pPoint representation
[out]dataOctet string to be converted

Definition at line 686 of file ed448.c.

◆ ed448Double()

void ed448Double ( Ed448State state,
Ed448Point r,
const Ed448Point p 
)

Point doubling.

Parameters
[in]statePointer to the working state
[out]rResulting point R = 2 * P
[in]pInput point P

Definition at line 628 of file ed448.c.

◆ ed448Encode()

void ed448Encode ( Ed448Point p,
uint8_t *  data 
)

Point encoding.

Parameters
[in]pPoint representation
[out]dataOctet string resulting from the conversion

Definition at line 661 of file ed448.c.

◆ ed448GenerateKeyPair()

error_t ed448GenerateKeyPair ( const PrngAlgo prngAlgo,
void *  prngContext,
uint8_t *  privateKey,
uint8_t *  publicKey 
)

EdDSA key pair generation.

Parameters
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
[out]privateKeyEdDSA private key (57 bytes)
[out]publicKeyEdDSA public key (57 bytes)
Returns
Error code

Definition at line 103 of file ed448.c.

◆ ed448GeneratePrivateKey()

error_t ed448GeneratePrivateKey ( const PrngAlgo prngAlgo,
void *  prngContext,
uint8_t *  privateKey 
)

EdDSA private key generation.

Parameters
[in]prngAlgoPRNG algorithm
[in]prngContextPointer to the PRNG context
[out]privateKeyEdDSA private key (57 bytes)
Returns
Error code

Definition at line 131 of file ed448.c.

◆ ed448GeneratePublicKey()

error_t ed448GeneratePublicKey ( const uint8_t *  privateKey,
uint8_t *  publicKey 
)

Derive the public key from an EdDSA private key.

Parameters
[in]privateKeyEdDSA private key (57 bytes)
[out]publicKeyEdDSA public key (57 bytes)
Returns
Error code

Definition at line 155 of file ed448.c.

◆ ed448GenerateSignature()

error_t ed448GenerateSignature ( const uint8_t *  privateKey,
const uint8_t *  publicKey,
const void *  message,
size_t  messageLen,
const void *  context,
uint8_t  contextLen,
uint8_t  flag,
uint8_t *  signature 
)

EdDSA signature generation.

Parameters
[in]privateKeySigner's EdDSA private key (57 bytes)
[in]publicKeySigner's EdDSA public key (57 bytes)
[in]messagePointer to the message to be signed
[in]messageLenLength of the message, in bytes
[in]contextConstant string specified by the protocol using it
[in]contextLenLength of the context, in bytes
[in]flagPrehash flag for Ed448ph scheme
[out]signatureEdDSA signature (114 bytes)
Returns
Error code

Definition at line 223 of file ed448.c.

◆ ed448GenerateSignatureEx()

error_t ed448GenerateSignatureEx ( const uint8_t *  privateKey,
const uint8_t *  publicKey,
const DataChunk messageChunks,
const void *  context,
uint8_t  contextLen,
uint8_t  flag,
uint8_t *  signature 
)

EdDSA signature generation.

Parameters
[in]privateKeySigner's EdDSA private key (57 bytes)
[in]publicKeySigner's EdDSA public key (57 bytes)
[in]messageChunksArray of data chunks representing the message to be signed
[in]contextConstant string specified by the protocol using it
[in]contextLenLength of the context, in bytes
[in]flagPrehash flag for Ed448ph scheme
[out]signatureEdDSA signature (114 bytes)
Returns
Error code

Definition at line 258 of file ed448.c.

◆ ed448Mul()

void ed448Mul ( Ed448State state,
Ed448Point r,
const uint8_t *  k,
const Ed448Point p 
)

Scalar multiplication on Ed448 curve.

Parameters
[in]statePointer to the working state
[out]rResulting point R = k * P
[in]kInput scalar
[in]pInput point

Definition at line 542 of file ed448.c.

◆ ed448MulInt()

void ed448MulInt ( uint8_t *  rl,
uint8_t *  rh,
const uint8_t *  a,
const uint8_t *  b,
uint_t  n 
)

Multiplication of two integers.

Parameters
[out]rlLow part of the result R = (A + B) mod (2^8)^n
[out]rhHigh part of the result R = (A + B) / (2^8)^n
[in]aAn integer such as 0 <= A < (2^8)^n
[in]bAn integer such as 0 <= B < (2^8)^n
[in]nSize of the operands, in bytes

Definition at line 849 of file ed448.c.

◆ ed448RedInt()

void ed448RedInt ( uint8_t *  r,
const uint8_t *  a 
)

Reduce an integer modulo L.

This function implements Barrett reduction with b = 2^24 and k = 19. The algorithm requires the precomputation of the quantity mu = b^(2 * k) / L

Parameters
[out]rResulting integer R = A mod L
[in]aAn integer such as 0 <= A < b^(2 * k)

Definition at line 761 of file ed448.c.

◆ ed448SelectInt()

void ed448SelectInt ( uint8_t *  r,
const uint8_t *  a,
const uint8_t *  b,
uint8_t  c,
uint_t  n 
)

Select an integer.

Parameters
[out]rPointer to the destination integer
[in]aPointer to the first source integer
[in]bPointer to the second source integer
[in]cCondition variable
[in]nSize of the integers, in bytes

Definition at line 934 of file ed448.c.

◆ ed448SubInt()

uint8_t ed448SubInt ( uint8_t *  r,
const uint8_t *  a,
const uint8_t *  b,
uint_t  n 
)

Subtraction of two integers.

Parameters
[out]rResulting integer R = A - B
[in]aAn integer such as 0 <= A < (2^8)^n
[in]bAn integer such as 0 <= B < (2^8)^n
[in]nSize of the operands, in bytes
Returns
1 if the result is negative, else 0

Definition at line 821 of file ed448.c.

◆ ed448VerifySignature()

error_t ed448VerifySignature ( const uint8_t *  publicKey,
const void *  message,
size_t  messageLen,
const void *  context,
uint8_t  contextLen,
uint8_t  flag,
const uint8_t *  signature 
)

EdDSA signature verification.

Parameters
[in]publicKeySigner's EdDSA public key (57 bytes)
[in]messageMessage whose signature is to be verified
[in]messageLenLength of the message, in bytes
[in]contextConstant string specified by the protocol using it
[in]contextLenLength of the context, in bytes
[in]flagPrehash flag for Ed448ph scheme
[in]signatureEdDSA signature (114 bytes)
Returns
Error code

Definition at line 404 of file ed448.c.

◆ ed448VerifySignatureEx()

error_t ed448VerifySignatureEx ( const uint8_t *  publicKey,
const DataChunk messageChunks,
const void *  context,
uint8_t  contextLen,
uint8_t  flag,
const uint8_t *  signature 
)

EdDSA signature verification.

Parameters
[in]publicKeySigner's EdDSA public key (57 bytes)
[in]messageChunksArray of data chunks representing the message whose signature is to be verified
[in]contextConstant string specified by the protocol using it
[in]contextLenLength of the context, in bytes
[in]flagPrehash flag for Ed448ph scheme
[in]signatureEdDSA signature (114 bytes)
Returns
Error code

Definition at line 438 of file ed448.c.