ed448.h File Reference

Ed448 elliptic curve (constant-time implementation) More...

#include "core/crypto.h"
#include "ecc/eddsa.h"
#include "xof/shake.h"

Go to the source code of this file.

Data Structures
struct	Ed448Point
	Projective point representation. More...
struct	Ed448SubState
	Working state (scalar multiplication) More...
struct	Ed448GeneratePublicKeyState
	Working state (public key generation) More...
struct	Ed448GenerateSignatureState
	Working state (signature generation) More...
struct	Ed448VerifySignatureState
	Working state (signature verification) More...

Macros
#define	ED448_PRIVATE_KEY_LEN   57
#define	ED448_PUBLIC_KEY_LEN   57
#define	ED448_SIGNATURE_LEN   114
#define	ED448_PH_FLAG   1
#define	ED448_PH_SIZE   64

Functions
error_t	ed448GenerateKeyPair (const PrngAlgo *prngAlgo, void *prngContext, uint8_t *privateKey, uint8_t *publicKey)
	EdDSA key pair generation. More...
error_t	ed448GeneratePrivateKey (const PrngAlgo *prngAlgo, void *prngContext, uint8_t *privateKey)
	EdDSA private key generation. More...
error_t	ed448GeneratePublicKey (const uint8_t *privateKey, uint8_t *publicKey)
	Derive the public key from an EdDSA private key. More...
error_t	ed448GenerateSignature (const uint8_t *privateKey, const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
	EdDSA signature generation. More...
error_t	ed448GenerateSignatureEx (const uint8_t *privateKey, const uint8_t *publicKey, const DataChunk *message, uint_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
	EdDSA signature generation. More...
error_t	ed448VerifySignature (const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
	EdDSA signature verification. More...
error_t	ed448VerifySignatureEx (const uint8_t *publicKey, const DataChunk *message, uint_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
	EdDSA signature verification. More...
void	ed448Mul (Ed448SubState *state, Ed448Point *r, const uint8_t *k, const Ed448Point *p)
	Scalar multiplication (regular calculation) More...
void	ed448TwinMul (Ed448SubState *state, Ed448Point *r, const uint8_t *k1, const Ed448Point *p, const uint8_t *k2, const Ed448Point *q)
	Twin multiplication. More...
void	ed448Add (Ed448SubState *state, Ed448Point *r, const Ed448Point *p, const Ed448Point *q)
	Point addition. More...
void	ed448Double (Ed448SubState *state, Ed448Point *r, const Ed448Point *p)
	Point doubling. More...
void	ed448Encode (Ed448Point *p, uint8_t *data)
	Point encoding. More...
uint32_t	ed448Decode (Ed448Point *p, const uint8_t *data)
	Point decoding. More...
void	ed448RedInt (uint8_t *r, const uint8_t *a)
	Reduce an integer modulo L. More...
void	ed448AddInt (uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
	Addition of two integers. More...
uint8_t	ed448SubInt (uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
	Subtraction of two integers. More...
void	ed448MulInt (uint8_t *rl, uint8_t *rh, const uint8_t *a, const uint8_t *b, uint_t n)
	Multiplication of two integers. More...
void	ed448CopyInt (uint8_t *a, const uint8_t *b, uint_t n)
	Copy an integer. More...
void	ed448SelectInt (uint8_t *r, const uint8_t *a, const uint8_t *b, uint8_t c, uint_t n)
	Select an integer. More...
uint8_t	ed448CompInt (const uint8_t *a, const uint8_t *b, uint_t n)
	Compare integers. More...

Detailed Description

Ed448 elliptic curve (constant-time implementation)

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneCRYPTO Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author

Oryx Embedded SARL (www.oryx-embedded.com)

Version

2.5.0

Definition in file ed448.h.

Macro Definition Documentation

ED448_PH_FLAG

#define ED448_PH_FLAG   1

Definition at line 47 of file ed448.h.

ED448_PH_SIZE

#define ED448_PH_SIZE   64

Definition at line 49 of file ed448.h.

ED448_PRIVATE_KEY_LEN

#define ED448_PRIVATE_KEY_LEN   57

Definition at line 40 of file ed448.h.

ED448_PUBLIC_KEY_LEN

#define ED448_PUBLIC_KEY_LEN   57

Definition at line 42 of file ed448.h.

ED448_SIGNATURE_LEN

#define ED448_SIGNATURE_LEN   114

Definition at line 44 of file ed448.h.

Function Documentation

ed448Add()

void ed448Add	(	Ed448SubState *	state,
		Ed448Point *	r,
		const Ed448Point *	p,
		const Ed448Point *	q
	)

Point addition.

Parameters

[in]	state	Pointer to the working state
[out]	r	Resulting point R = P + Q
[in]	p	First operand
[in]	q	Second operand

Definition at line 649 of file ed448.c.

ed448AddInt()

void ed448AddInt	(	uint8_t *	r,
		const uint8_t *	a,
		const uint8_t *	b,
		uint_t	n
	)

Addition of two integers.

Parameters

[out]	r	Resulting integer R = A + B
[in]	a	An integer such as 0 <= A < (2^8)^n
[in]	b	An integer such as 0 <= B < (2^8)^n
[in]	n	Size of the operands, in bytes

Definition at line 874 of file ed448.c.

ed448CompInt()

uint8_t ed448CompInt	(	const uint8_t *	a,
		const uint8_t *	b,
		uint_t	n
	)

Compare integers.

Parameters

[in]	a	Pointer to the first integer
[in]	b	Pointer to the second integer
[in]	n	Size of the integers, in bytes

Returns

The function returns 0 if the A = B, else 1

Definition at line 1038 of file ed448.c.

ed448CopyInt()

void ed448CopyInt	(	uint8_t *	a,
		const uint8_t *	b,
		uint_t	n
	)

Copy an integer.

Parameters

[out]	a	Pointer to the destination integer
[in]	b	Pointer to the source integer
[in]	n	Size of the integers, in bytes

Definition at line 991 of file ed448.c.

ed448Decode()

uint32_t ed448Decode	(	Ed448Point *	p,
		const uint8_t *	data
	)

Point decoding.

Parameters

[out]	p	Point representation
[in]	data	Octet string to be converted

Definition at line 765 of file ed448.c.

ed448Double()

void ed448Double	(	Ed448SubState *	state,
		Ed448Point *	r,
		const Ed448Point *	p
	)

Point doubling.

Parameters

[in]	state	Pointer to the working state
[out]	r	Resulting point R = 2 * P
[in]	p	Input point P

Definition at line 698 of file ed448.c.

ed448Encode()

void ed448Encode	(	Ed448Point *	p,
		uint8_t *	data
	)

Point encoding.

Parameters

[in]	p	Point representation
[out]	data	Octet string resulting from the conversion

Definition at line 736 of file ed448.c.

ed448GenerateKeyPair()

error_t ed448GenerateKeyPair	(	const PrngAlgo *	prngAlgo,
		void *	prngContext,
		uint8_t *	privateKey,
		uint8_t *	publicKey
	)

EdDSA key pair generation.

Parameters

[in]	prngAlgo	PRNG algorithm
[in]	prngContext	Pointer to the PRNG context
[out]	privateKey	EdDSA private key (57 bytes)
[out]	publicKey	EdDSA public key (57 bytes)

Returns

Error code

Definition at line 103 of file ed448.c.

ed448GeneratePrivateKey()

error_t ed448GeneratePrivateKey	(	const PrngAlgo *	prngAlgo,
		void *	prngContext,
		uint8_t *	privateKey
	)

EdDSA private key generation.

Parameters

[in]	prngAlgo	PRNG algorithm
[in]	prngContext	Pointer to the PRNG context
[out]	privateKey	EdDSA private key (57 bytes)

Returns

Error code

Definition at line 131 of file ed448.c.

ed448GeneratePublicKey()

error_t ed448GeneratePublicKey	(	const uint8_t *	privateKey,
		uint8_t *	publicKey
	)

Derive the public key from an EdDSA private key.

Parameters

[in]	privateKey	EdDSA private key (57 bytes)
[out]	publicKey	EdDSA public key (57 bytes)

Returns

Error code

Definition at line 155 of file ed448.c.

ed448GenerateSignature()

error_t ed448GenerateSignature	(	const uint8_t *	privateKey,
		const uint8_t *	publicKey,
		const void *	message,
		size_t	messageLen,
		const void *	context,
		uint8_t	contextLen,
		uint8_t	flag,
		uint8_t *	signature
	)

EdDSA signature generation.

Parameters

[in]	privateKey	Signer's EdDSA private key (57 bytes)
[in]	publicKey	Signer's EdDSA public key (57 bytes)
[in]	message	Pointer to the message to be signed
[in]	messageLen	Length of the message, in bytes
[in]	context	Constant string specified by the protocol using it
[in]	contextLen	Length of the context, in bytes
[in]	flag	Prehash flag for Ed448ph scheme
[out]	signature	EdDSA signature (114 bytes)

Returns

Error code

Definition at line 223 of file ed448.c.

ed448GenerateSignatureEx()

error_t ed448GenerateSignatureEx	(	const uint8_t *	privateKey,
		const uint8_t *	publicKey,
		const DataChunk *	message,
		uint_t	messageLen,
		const void *	context,
		uint8_t	contextLen,
		uint8_t	flag,
		uint8_t *	signature
	)

EdDSA signature generation.

Parameters

[in]	privateKey	Signer's EdDSA private key (57 bytes)
[in]	publicKey	Signer's EdDSA public key (57 bytes)
[in]	message	Array of data chunks representing the message to be signed
[in]	messageLen	Number of data chunks representing the message
[in]	context	Constant string specified by the protocol using it
[in]	contextLen	Length of the context, in bytes
[in]	flag	Prehash flag for Ed448ph scheme
[out]	signature	EdDSA signature (114 bytes)

Returns

Error code

Definition at line 257 of file ed448.c.

ed448Mul()

void ed448Mul	(	Ed448SubState *	state,
		Ed448Point *	r,
		const uint8_t *	k,
		const Ed448Point *	p
	)

Scalar multiplication (regular calculation)

Parameters

[in]	state	Pointer to the working state
[out]	r	Resulting point R = k * P
[in]	k	Input scalar
[in]	p	Input point

Definition at line 543 of file ed448.c.

ed448MulInt()

void ed448MulInt	(	uint8_t *	rl,
		uint8_t *	rh,
		const uint8_t *	a,
		const uint8_t *	b,
		uint_t	n
	)

Multiplication of two integers.

Parameters

[out]	rl	Low part of the result R = (A * B) mod (2^8)^n
[out]	rh	High part of the result R = (A * B) / (2^8)^n
[in]	a	An integer such as 0 <= A < (2^8)^n
[in]	b	An integer such as 0 <= B < (2^8)^n
[in]	n	Size of the operands, in bytes

Definition at line 927 of file ed448.c.

ed448RedInt()

void ed448RedInt	(	uint8_t *	r,
		const uint8_t *	a
	)

Reduce an integer modulo L.

This function implements Barrett reduction with b = 2^24 and k = 19. The algorithm requires the precomputation of the quantity mu = b^(2 * k) / L

Parameters

[out]	r	Resulting integer R = A mod L
[in]	a	An integer such as 0 <= A < b^(2 * k)

Definition at line 839 of file ed448.c.

ed448SelectInt()

void ed448SelectInt	(	uint8_t *	r,
		const uint8_t *	a,
		const uint8_t *	b,
		uint8_t	c,
		uint_t	n
	)

Select an integer.

Parameters

[out]	r	Pointer to the destination integer
[in]	a	Pointer to the first source integer
[in]	b	Pointer to the second source integer
[in]	c	Condition variable
[in]	n	Size of the integers, in bytes

Definition at line 1012 of file ed448.c.

ed448SubInt()

uint8_t ed448SubInt	(	uint8_t *	r,
		const uint8_t *	a,
		const uint8_t *	b,
		uint_t	n
	)

Subtraction of two integers.

Parameters

[out]	r	Resulting integer R = A - B
[in]	a	An integer such as 0 <= A < (2^8)^n
[in]	b	An integer such as 0 <= B < (2^8)^n
[in]	n	Size of the operands, in bytes

Returns

1 if the result is negative, else 0

Definition at line 899 of file ed448.c.

ed448TwinMul()

void ed448TwinMul	(	Ed448SubState *	state,
		Ed448Point *	r,
		const uint8_t *	k1,
		const Ed448Point *	p,
		const uint8_t *	k2,
		const Ed448Point *	q
	)

Twin multiplication.

Parameters

[in]	state	Pointer to the working state
[out]	r	Resulting point R = k1 * P + k2 * Q
[in]	k1	First input scalar
[in]	p	First input point
[in]	k2	Second input scalar
[in]	q	Second input point

Definition at line 588 of file ed448.c.

ed448VerifySignature()

error_t ed448VerifySignature	(	const uint8_t *	publicKey,
		const void *	message,
		size_t	messageLen,
		const void *	context,
		uint8_t	contextLen,
		uint8_t	flag,
		const uint8_t *	signature
	)

EdDSA signature verification.

Parameters

[in]	publicKey	Signer's EdDSA public key (57 bytes)
[in]	message	Message whose signature is to be verified
[in]	messageLen	Length of the message, in bytes
[in]	context	Constant string specified by the protocol using it
[in]	contextLen	Length of the context, in bytes
[in]	flag	Prehash flag for Ed448ph scheme
[in]	signature	EdDSA signature (114 bytes)

Returns

Error code

Definition at line 404 of file ed448.c.

ed448VerifySignatureEx()

error_t ed448VerifySignatureEx	(	const uint8_t *	publicKey,
		const DataChunk *	message,
		uint_t	messageLen,
		const void *	context,
		uint8_t	contextLen,
		uint8_t	flag,
		const uint8_t *	signature
	)

EdDSA signature verification.

Parameters

[in]	publicKey	Signer's EdDSA public key (57 bytes)
[in]	message	Array of data chunks representing the message whose signature is to be verified
[in]	messageLen	Number of data chunks representing the message
[in]	context	Constant string specified by the protocol using it
[in]	contextLen	Length of the context, in bytes
[in]	flag	Prehash flag for Ed448ph scheme
[in]	signature	EdDSA signature (114 bytes)

Returns

Error code

Definition at line 437 of file ed448.c.