nrfxlib API 3.3.99
Loading...
Searching...
No Matches
ocrypto_ml_dsa44.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2016 - 2025 Nordic Semiconductor ASA
3 * Copyright (c) since 2013 Oberon microsystems AG
4 *
5 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
6 */
7
8
27#ifndef OCRYPTO_ML_DSA44_H
28#define OCRYPTO_ML_DSA44_H
29
30#include <stddef.h>
31#include <stdint.h>
32
33#include "ocrypto_sha3.h"
34
35
36#ifdef __cplusplus
37extern "C" {
38#endif
39
40
41#if defined(OCRYPTO_ML_DSA_SMALL) && defined(OCRYPTO_ML_DSA_FAST)
42#error "OCRYPTO_ML_DSA_SMALL & OCRYPTO_ML_DSA_FAST must not be defined simultaneously"
43#endif
44
45
49#define ocrypto_ml_dsa44_PK_SIZE (1312)
50
54#define ocrypto_ml_dsa44_SK_SIZE (2560)
55
59#define ocrypto_ml_dsa44_SIG_SIZE (2420)
60
61
63typedef struct {
64 ocrypto_sha3_ctx sha3;
65 int32_t t[256];
66 int32_t c[256];
67 int32_t s[256];
68} ocrypto_ml_dsa44_ctx_s;
69
70typedef struct {
71 ocrypto_sha3_ctx sha3;
72 int32_t t[256];
73 int32_t u[5][256];
74} ocrypto_ml_dsa44_ctx_m;
75
76typedef struct {
77 ocrypto_sha3_ctx sha3;
78 int32_t t[256];
79 int32_t u[5][256];
80 int32_t a[4][4][256];
81 int32_t s1[4][256];
82 int32_t s2[4][256];
83 int32_t y[4][256];
84 int32_t t0[4][256];
85} ocrypto_ml_dsa44_ctx_f;
86
87#if defined(OCRYPTO_ML_DSA_SMALL)
88typedef ocrypto_ml_dsa44_ctx_s ocrypto_ml_dsa44_ctx;
89#elif defined(OCRYPTO_ML_DSA_FAST)
90typedef ocrypto_ml_dsa44_ctx_f ocrypto_ml_dsa44_ctx;
91#else
92typedef ocrypto_ml_dsa44_ctx_m ocrypto_ml_dsa44_ctx;
93#endif
94
95
96int ocrypto_ml_dsa44_key_pair_s(
97 ocrypto_ml_dsa44_ctx_s *ctx,
98 uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
99 uint8_t pk[ocrypto_ml_dsa44_PK_SIZE],
100 const uint8_t zeta[32]);
101int ocrypto_ml_dsa44_key_pair_m(
102 ocrypto_ml_dsa44_ctx_m *ctx,
103 uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
104 uint8_t pk[ocrypto_ml_dsa44_PK_SIZE],
105 const uint8_t zeta[32]);
106
107int ocrypto_ml_dsa44_sign_s(
108 ocrypto_ml_dsa44_ctx_s *ctx,
109 uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
110 const uint8_t *m, size_t mlen,
111 const uint8_t *ctx_str, size_t ctx_len,
112 const uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
113 const uint8_t rnd[32]);
114int ocrypto_ml_dsa44_sign_m(
115 ocrypto_ml_dsa44_ctx_m *ctx,
116 uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
117 const uint8_t *m, size_t mlen,
118 const uint8_t *ctx_str, size_t ctx_len,
119 const uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
120 const uint8_t rnd[32]);
121int ocrypto_ml_dsa44_sign_f(
122 ocrypto_ml_dsa44_ctx_f *ctx,
123 uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
124 const uint8_t *m, size_t mlen,
125 const uint8_t *ctx_str, size_t ctx_len,
126 const uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
127 const uint8_t rnd[32]);
128
129int ocrypto_ml_dsa44_sign_hash_s(
130 ocrypto_ml_dsa44_ctx_s *ctx,
131 uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
132 const uint8_t *hash, size_t hash_len,
133 const uint8_t oid[11],
134 const uint8_t *ctx_str, size_t ctx_len,
135 const uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
136 const uint8_t rnd[32]);
137int ocrypto_ml_dsa44_sign_hash_m(
138 ocrypto_ml_dsa44_ctx_m *ctx,
139 uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
140 const uint8_t *hash, size_t hash_len,
141 const uint8_t oid[11],
142 const uint8_t *ctx_str, size_t ctx_len,
143 const uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
144 const uint8_t rnd[32]);
145int ocrypto_ml_dsa44_sign_hash_f(
146 ocrypto_ml_dsa44_ctx_f *ctx,
147 uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
148 const uint8_t *hash, size_t hash_len,
149 const uint8_t oid[11],
150 const uint8_t *ctx_str, size_t ctx_len,
151 const uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
152 const uint8_t rnd[32]);
153
154int ocrypto_ml_dsa44_verify_s(
155 ocrypto_ml_dsa44_ctx_s *ctx,
156 const uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
157 const uint8_t *m, size_t mlen,
158 const uint8_t *ctx_str, size_t ctx_len,
159 const uint8_t pk[ocrypto_ml_dsa44_PK_SIZE]);
160int ocrypto_ml_dsa44_verify_m(
161 ocrypto_ml_dsa44_ctx_m *ctx,
162 const uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
163 const uint8_t *m, size_t mlen,
164 const uint8_t *ctx_str, size_t ctx_len,
165 const uint8_t pk[ocrypto_ml_dsa44_PK_SIZE]);
166
167int ocrypto_ml_dsa44_verify_hash_s(
168 ocrypto_ml_dsa44_ctx_s *ctx,
169 const uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
170 const uint8_t *hash, size_t hash_len,
171 const uint8_t oid[11],
172 const uint8_t *ctx_str, size_t ctx_len,
173 const uint8_t pk[ocrypto_ml_dsa44_PK_SIZE]);
174int ocrypto_ml_dsa44_verify_hash_m(
175 ocrypto_ml_dsa44_ctx_m *ctx,
176 const uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
177 const uint8_t *hash, size_t hash_len,
178 const uint8_t oid[11],
179 const uint8_t *ctx_str, size_t ctx_len,
180 const uint8_t pk[ocrypto_ml_dsa44_PK_SIZE]);
193static inline int ocrypto_ml_dsa44_key_pair(
194 ocrypto_ml_dsa44_ctx *ctx,
195 uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
196 uint8_t pk[ocrypto_ml_dsa44_PK_SIZE],
197 const uint8_t zeta[32])
198{
199#if defined(OCRYPTO_ML_DSA_SMALL)
200 return ocrypto_ml_dsa44_key_pair_s(ctx, sk, pk, zeta);
201#else
202 return ocrypto_ml_dsa44_key_pair_m((ocrypto_ml_dsa44_ctx_m*)ctx, sk, pk, zeta);
203#endif
204}
205
219static inline int ocrypto_ml_dsa44_sign(
220 ocrypto_ml_dsa44_ctx *ctx,
221 uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
222 const uint8_t *m, size_t mlen,
223 const uint8_t *ctx_str, size_t ctx_len,
224 const uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
225 const uint8_t rnd[32])
226{
227#if defined(OCRYPTO_ML_DSA_SMALL)
228 return ocrypto_ml_dsa44_sign_s(ctx, sig, m, mlen, ctx_str, ctx_len, sk, rnd);
229#elif defined(OCRYPTO_ML_DSA_FAST)
230 return ocrypto_ml_dsa44_sign_f(ctx, sig, m, mlen, ctx_str, ctx_len, sk, rnd);
231#else
232 return ocrypto_ml_dsa44_sign_m(ctx, sig, m, mlen, ctx_str, ctx_len, sk, rnd);
233#endif
234}
235
250static inline int ocrypto_ml_dsa44_sign_hash(
251 ocrypto_ml_dsa44_ctx *ctx,
252 uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
253 const uint8_t *hash, size_t hash_len,
254 const uint8_t oid[11],
255 const uint8_t *ctx_str, size_t ctx_len,
256 const uint8_t sk[ocrypto_ml_dsa44_SK_SIZE],
257 const uint8_t rnd[32])
258{
259#if defined(OCRYPTO_ML_DSA_SMALL)
260 return ocrypto_ml_dsa44_sign_hash_s(ctx, sig, hash, hash_len, oid, ctx_str, ctx_len, sk, rnd);
261#elif defined(OCRYPTO_ML_DSA_FAST)
262 return ocrypto_ml_dsa44_sign_hash_f(ctx, sig, hash, hash_len, oid, ctx_str, ctx_len, sk, rnd);
263#else
264 return ocrypto_ml_dsa44_sign_hash_m(ctx, sig, hash, hash_len, oid, ctx_str, ctx_len, sk, rnd);
265#endif
266}
267
280static inline int ocrypto_ml_dsa44_verify(
281 ocrypto_ml_dsa44_ctx *ctx,
282 const uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
283 const uint8_t *m, size_t mlen,
284 const uint8_t *ctx_str, size_t ctx_len,
285 const uint8_t pk[ocrypto_ml_dsa44_PK_SIZE])
286{
287#if defined(OCRYPTO_ML_DSA_SMALL)
288 return ocrypto_ml_dsa44_verify_s(ctx, sig, m, mlen, ctx_str, ctx_len, pk);
289#else
290 return ocrypto_ml_dsa44_verify_m((ocrypto_ml_dsa44_ctx_m*)ctx, sig, m, mlen, ctx_str, ctx_len, pk);
291#endif
292}
293
307static inline int ocrypto_ml_dsa44_verify_hash(
308 ocrypto_ml_dsa44_ctx *ctx,
309 const uint8_t sig[ocrypto_ml_dsa44_SIG_SIZE],
310 const uint8_t *hash, size_t hash_len,
311 const uint8_t oid[11],
312 const uint8_t *ctx_str, size_t ctx_len,
313 const uint8_t pk[ocrypto_ml_dsa44_PK_SIZE])
314{
315#if defined(OCRYPTO_ML_DSA_SMALL)
316 return ocrypto_ml_dsa44_verify_hash_s(ctx, sig, hash, hash_len, oid, ctx_str, ctx_len, pk);
317#else
318 return ocrypto_ml_dsa44_verify_hash_m((ocrypto_ml_dsa44_ctx_m*)ctx, sig, hash, hash_len, oid, ctx_str, ctx_len, pk);
319#endif
320}
321
322
323#ifdef __cplusplus
324}
325#endif
326
327#endif
328
ocrypto_ml_dsa44_verify
static int ocrypto_ml_dsa44_verify(ocrypto_ml_dsa44_ctx *ctx, const uint8_t sig[(2420)], const uint8_t *m, size_t mlen, const uint8_t *ctx_str, size_t ctx_len, const uint8_t pk[(1312)])
Definition ocrypto_ml_dsa44.h:280
ocrypto_ml_dsa44_verify_hash
static int ocrypto_ml_dsa44_verify_hash(ocrypto_ml_dsa44_ctx *ctx, const uint8_t sig[(2420)], const uint8_t *hash, size_t hash_len, const uint8_t oid[11], const uint8_t *ctx_str, size_t ctx_len, const uint8_t pk[(1312)])
Definition ocrypto_ml_dsa44.h:307
ocrypto_ml_dsa44_PK_SIZE
#define ocrypto_ml_dsa44_PK_SIZE
Definition ocrypto_ml_dsa44.h:49
ocrypto_ml_dsa44_sign_hash
static int ocrypto_ml_dsa44_sign_hash(ocrypto_ml_dsa44_ctx *ctx, uint8_t sig[(2420)], const uint8_t *hash, size_t hash_len, const uint8_t oid[11], const uint8_t *ctx_str, size_t ctx_len, const uint8_t sk[(2560)], const uint8_t rnd[32])
Definition ocrypto_ml_dsa44.h:250
ocrypto_ml_dsa44_SIG_SIZE
#define ocrypto_ml_dsa44_SIG_SIZE
Definition ocrypto_ml_dsa44.h:59
ocrypto_ml_dsa44_key_pair
static int ocrypto_ml_dsa44_key_pair(ocrypto_ml_dsa44_ctx *ctx, uint8_t sk[(2560)], uint8_t pk[(1312)], const uint8_t zeta[32])
Definition ocrypto_ml_dsa44.h:193
ocrypto_ml_dsa44_sign
static int ocrypto_ml_dsa44_sign(ocrypto_ml_dsa44_ctx *ctx, uint8_t sig[(2420)], const uint8_t *m, size_t mlen, const uint8_t *ctx_str, size_t ctx_len, const uint8_t sk[(2560)], const uint8_t rnd[32])
Definition ocrypto_ml_dsa44.h:219
ocrypto_ml_dsa44_SK_SIZE
#define ocrypto_ml_dsa44_SK_SIZE
Definition ocrypto_ml_dsa44.h:54
ocrypto_sha3.h
SHA3 algorithms, with 224, 256, 384 and 512 bit outputs.