ed448.h
Go to the documentation of this file.
1 /**
2  * @file ed448.h
3  * @brief Ed448 elliptic curve (constant-time implementation)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2019 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCrypto Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 1.9.6
29  **/
30 
31 #ifndef _ED448_H
32 #define _ED448_H
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "xof/shake256.h"
37 
38 //Length of EdDSA private keys
39 #define ED448_PRIVATE_KEY_LEN 57
40 //Length of EdDSA public keys
41 #define ED448_PUBLIC_KEY_LEN 57
42 //Length of EdDSA signatures
43 #define ED448_SIGNATURE_LEN 114
44 
45 //Ed448ph flag
46 #define ED448_PH_FLAG 1
47 //Prehash function output size
48 #define ED448_PH_SIZE 64
49 
50 //C++ guard
51 #ifdef __cplusplus
52 extern "C" {
53 #endif
54 
55 
56 /**
57  * @brief Projective point representation
58  **/
59 
60 typedef struct
61 {
62  uint32_t x[14];
63  uint32_t y[14];
64  uint32_t z[14];
65 } Ed448Point;
66 
67 
68 /**
69  * @brief Ed448 working state
70  **/
71 
72 typedef struct
73 {
75  uint8_t k[114];
76  uint8_t p[57];
77  uint8_t r[57];
78  uint8_t s[57];
79  uint8_t t[57];
85  uint32_t a[14];
86  uint32_t b[14];
87  uint32_t c[14];
88  uint32_t d[14];
89  uint32_t e[14];
90  uint32_t f[14];
91  uint32_t g[14];
92 } Ed448State;
93 
94 
95 //Ed448 related functions
96 error_t ed448GenerateKeyPair(const PrngAlgo *prngAlgo, void *prngContext,
97  uint8_t *privateKey, uint8_t *publicKey);
98 
99 error_t ed448GenerateSignature(const uint8_t *privateKey,
100  const uint8_t *publicKey, const void *message, size_t messageLen,
101  const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature);
102 
103 error_t ed448VerifySignature(const uint8_t *publicKey, const void *message,
104  size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag,
105  const uint8_t *signature);
106 
107 void ed448Mul(Ed448State *state, Ed448Point *r, const uint8_t *k,
108  const Ed448Point *p);
109 
110 void ed448Add(Ed448State *state, Ed448Point *r, const Ed448Point *p,
111  const Ed448Point *q);
112 
113 void ed448Double(Ed448State *state, Ed448Point *r, const Ed448Point *p);
114 
115 void ed448Encode(Ed448Point *p, uint8_t *data);
116 uint32_t ed448Decode(Ed448Point *p, const uint8_t *data);
117 
118 void ed448RedInt(uint8_t *r, const uint8_t *a);
119 
120 void ed448AddInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n);
121 uint8_t ed448SubInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n);
122 
123 void ed448MulInt(uint8_t *rl, uint8_t *rh, const uint8_t *a,
124  const uint8_t *b, uint_t n);
125 
126 void ed448CopyInt(uint8_t *a, const uint8_t *b, uint_t n);
127 
128 void ed448SelectInt(uint8_t *r, const uint8_t *a, const uint8_t *b,
129  uint8_t c, uint_t n);
130 
131 uint8_t ed448CompInt(const uint8_t *a, const uint8_t *b, uint_t n);
132 
133 //C++ guard
134 #ifdef __cplusplus
135 }
136 #endif
137 
138 #endif
void ed448SelectInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint8_t c, uint_t n)
Select an integer.
Definition: ed448.c:761
uint8_t a
Definition: ndp.h:410
Common interface for pseudo-random number generators.
Definition: crypto.h:1168
uint8_t b[6]
Definition: dtls_misc.h:139
void ed448AddInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
Addition of two integers.
Definition: ed448.c:623
uint8_t p
Definition: ndp.h:298
Keccak context.
Definition: keccak.h:107
uint8_t signature
Definition: tls.h:1370
Ed448Point ka
Definition: ed448.h:80
uint32_t r
Definition: ndp.h:345
uint8_t t
Definition: llmnr_common.h:81
Ed448Point sb
Definition: ed448.h:82
error_t
Error codes.
Definition: error.h:42
error_t ed448VerifySignature(const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
EdDSA signature verification.
Definition: ed448.c:286
void ed448MulInt(uint8_t *rl, uint8_t *rh, const uint8_t *a, const uint8_t *b, uint_t n)
Multiplication of two integers.
Definition: ed448.c:676
void ed448Encode(Ed448Point *p, uint8_t *data)
Point encoding.
Definition: ed448.c:488
Ed448Point rb
Definition: ed448.h:81
General definitions for cryptographic algorithms.
Shake256Context shake256Context
Definition: ed448.h:74
Ed448Point u
Definition: ed448.h:83
Ed448Point v
Definition: ed448.h:84
void ed448Mul(Ed448State *state, Ed448Point *r, const uint8_t *k, const Ed448Point *p)
Scalar multiplication on Ed448 curve.
Definition: ed448.c:369
uint8_t z
Definition: dns_common.h:175
uint32_t ed448Decode(Ed448Point *p, const uint8_t *data)
Point decoding.
Definition: ed448.c:513
uint8_t ed448SubInt(uint8_t *r, const uint8_t *a, const uint8_t *b, uint_t n)
Subtraction of two integers.
Definition: ed448.c:648
void ed448Double(Ed448State *state, Ed448Point *r, const Ed448Point *p)
Point doubling.
Definition: ed448.c:455
error_t ed448GenerateKeyPair(const PrngAlgo *prngAlgo, void *prngContext, uint8_t *privateKey, uint8_t *publicKey)
EdDSA key pair generation.
Definition: ed448.c:103
Projective point representation.
Definition: ed448.h:60
uint8_t n
void ed448RedInt(uint8_t *r, const uint8_t *a)
Reduce an integer modulo L.
Definition: ed448.c:588
error_t ed448GenerateSignature(const uint8_t *privateKey, const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
EdDSA signature generation.
Definition: ed448.c:172
uint8_t s
uint8_t message[]
Definition: chap.h:152
void ed448CopyInt(uint8_t *a, const uint8_t *b, uint_t n)
Copy an integer.
Definition: ed448.c:740
SHAKE256 extendable-output function (XOF)
void ed448Add(Ed448State *state, Ed448Point *r, const Ed448Point *p, const Ed448Point *q)
Point addition.
Definition: ed448.c:412
unsigned int uint_t
Definition: compiler_port.h:45
uint8_t data[]
Definition: dtls_misc.h:176
Ed448 working state.
Definition: ed448.h:72
uint8_t c
Definition: ndp.h:513
uint8_t ed448CompInt(const uint8_t *a, const uint8_t *b, uint_t n)
Compare integers.
Definition: ed448.c:787