xref: /aosp_15_r20/external/open-dice/include/dice/boringssl_ecdsa_utils.h (revision 60b67249c2e226f42f35cc6cfe66c6048e0bae6b) 
1 // Copyright 2022 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14 
15 #ifndef DICE_BORINGSSL_ECDSA_UTILS_H_
16 #define DICE_BORINGSSL_ECDSA_UTILS_H_
17 
18 #include <stddef.h>
19 #include <stdint.h>
20 
21 #include "dice/dice.h"
22 
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26 
27 #define P256_PRIVATE_KEY_SIZE 32
28 #define P256_PUBLIC_KEY_SIZE 64
29 #define P256_SIGNATURE_SIZE 64
30 
31 // Deterministically generates a public and private key pair from |seed|.
32 // Since this is deterministic, |seed| is as sensitive as a private key and can
33 // be used directly as the private key. The |private_key| may use an
34 // implementation defined format so may only be passed to the |sign| operation.
35 int P256KeypairFromSeed(uint8_t public_key[P256_PUBLIC_KEY_SIZE],
36                         uint8_t private_key[P256_PRIVATE_KEY_SIZE],
37                         const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]);
38 
39 // Calculates a signature of |message_size| bytes from |message| using
40 // |private_key|. |private_key| was generated by |keypair_from_seed| to allow
41 // an implementation to use their own private key format. |signature| points to
42 // the buffer where the calculated signature is written.
43 int P256Sign(uint8_t signature[P256_SIGNATURE_SIZE], const uint8_t* message,
44              size_t message_size,
45              const uint8_t private_key[P256_PRIVATE_KEY_SIZE]);
46 
47 // Verifies, using |public_key|, that |signature| covers |message_size| bytes
48 // from |message|.
49 int P256Verify(const uint8_t* message, size_t message_size,
50                const uint8_t signature[P256_SIGNATURE_SIZE],
51                const uint8_t public_key[P256_PUBLIC_KEY_SIZE]);
52 
53 #define P384_PRIVATE_KEY_SIZE 48
54 #define P384_PUBLIC_KEY_SIZE 96
55 #define P384_SIGNATURE_SIZE 96
56 
57 // Deterministically generates a public and private key pair from |seed|.
58 // Since this is deterministic, |seed| is as sensitive as a private key and can
59 // be used directly as the private key. The |private_key| may use an
60 // implementation defined format so may only be passed to the |sign| operation.
61 int P384KeypairFromSeed(uint8_t public_key[P384_PUBLIC_KEY_SIZE],
62                         uint8_t private_key[P384_PRIVATE_KEY_SIZE],
63                         const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]);
64 
65 // Calculates a signature of |message_size| bytes from |message| using
66 // |private_key|. |private_key| was generated by |keypair_from_seed| to allow
67 // an implementation to use their own private key format. |signature| points to
68 // the buffer where the calculated signature is written.
69 int P384Sign(uint8_t signature[P384_SIGNATURE_SIZE], const uint8_t* message,
70              size_t message_size,
71              const uint8_t private_key[P384_PRIVATE_KEY_SIZE]);
72 
73 // Verifies, using |public_key|, that |signature| covers |message_size| bytes
74 // from |message|.
75 int P384Verify(const uint8_t* message, size_t message_size,
76                const uint8_t signature[P384_SIGNATURE_SIZE],
77                const uint8_t public_key[P384_PUBLIC_KEY_SIZE]);
78 
79 #ifdef __cplusplus
80 }  // extern "C"
81 #endif
82 
83 #endif  // DICE_BORINGSSL_ECDSA_UTILS_H_
84