1 /* Copyright (c) 2023, Google LLC 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 #ifndef OPENSSL_HEADER_DILITHIUM_H 16 #define OPENSSL_HEADER_DILITHIUM_H 17 18 #include <openssl/base.h> 19 20 #if defined(__cplusplus) 21 extern "C" { 22 #endif 23 24 25 #if defined(OPENSSL_UNSTABLE_EXPERIMENTAL_DILITHIUM) 26 // This header implements experimental, draft versions of not-yet-standardized 27 // primitives. When the standard is complete, these functions will be removed 28 // and replaced with the final, incompatible standard version. They are 29 // available now for short-lived experiments, but must not be deployed anywhere 30 // durable, such as a long-lived key store. To use these functions define 31 // OPENSSL_UNSTABLE_EXPERIMENTAL_DILITHIUM. 32 33 // Dilithium3. 34 35 36 // DILITHIUM_private_key contains a Dilithium3 private key. The contents of this 37 // object should never leave the address space since the format is unstable. 38 struct DILITHIUM_private_key { 39 union { 40 uint8_t bytes[32 + 32 + 64 + 256 * 4 * (5 + 6 + 6)]; 41 uint32_t alignment; 42 } opaque; 43 }; 44 45 // DILITHIUM_public_key contains a Dilithium3 public key. The contents of this 46 // object should never leave the address space since the format is unstable. 47 struct DILITHIUM_public_key { 48 union { 49 uint8_t bytes[32 + 64 + 256 * 4 * 6]; 50 uint32_t alignment; 51 } opaque; 52 }; 53 54 // DILITHIUM_PRIVATE_KEY_BYTES is the number of bytes in an encoded Dilithium3 55 // private key. 56 #define DILITHIUM_PRIVATE_KEY_BYTES 4032 57 58 // DILITHIUM_PUBLIC_KEY_BYTES is the number of bytes in an encoded Dilithium3 59 // public key. 60 #define DILITHIUM_PUBLIC_KEY_BYTES 1952 61 62 // DILITHIUM_SIGNATURE_BYTES is the number of bytes in an encoded Dilithium3 63 // signature. 64 #define DILITHIUM_SIGNATURE_BYTES 3309 65 66 // DILITHIUM_generate_key generates a random public/private key pair, writes the 67 // encoded public key to |out_encoded_public_key| and sets |out_private_key| to 68 // the private key. Returns 1 on success and 0 on failure. 69 OPENSSL_EXPORT int DILITHIUM_generate_key( 70 uint8_t out_encoded_public_key[DILITHIUM_PUBLIC_KEY_BYTES], 71 struct DILITHIUM_private_key *out_private_key); 72 73 // DILITHIUM_public_from_private sets |*out_public_key| to the public key that 74 // corresponds to |private_key|. Returns 1 on success and 0 on failure. 75 OPENSSL_EXPORT int DILITHIUM_public_from_private( 76 struct DILITHIUM_public_key *out_public_key, 77 const struct DILITHIUM_private_key *private_key); 78 79 // DILITHIUM_sign generates a signature for the message |msg| of length 80 // |msg_len| using |private_key| following the randomized algorithm, and writes 81 // the encoded signature to |out_encoded_signature|. Returns 1 on success and 0 82 // on failure. 83 OPENSSL_EXPORT int DILITHIUM_sign( 84 uint8_t out_encoded_signature[DILITHIUM_SIGNATURE_BYTES], 85 const struct DILITHIUM_private_key *private_key, const uint8_t *msg, 86 size_t msg_len); 87 88 // DILITHIUM_verify verifies that |encoded_signature| constitutes a valid 89 // signature for the message |msg| of length |msg_len| using |public_key|. 90 OPENSSL_EXPORT int DILITHIUM_verify( 91 const struct DILITHIUM_public_key *public_key, 92 const uint8_t encoded_signature[DILITHIUM_SIGNATURE_BYTES], 93 const uint8_t *msg, size_t msg_len); 94 95 96 // Serialisation of keys. 97 98 // DILITHIUM_marshal_public_key serializes |public_key| to |out| in the standard 99 // format for Dilithium public keys. It returns one on success or zero on 100 // allocation error. 101 OPENSSL_EXPORT int DILITHIUM_marshal_public_key( 102 CBB *out, const struct DILITHIUM_public_key *public_key); 103 104 // DILITHIUM_parse_public_key parses a public key, in the format generated by 105 // |DILITHIUM_marshal_public_key|, from |in| and writes the result to 106 // |out_public_key|. It returns one on success or zero on parse error or if 107 // there are trailing bytes in |in|. 108 OPENSSL_EXPORT int DILITHIUM_parse_public_key( 109 struct DILITHIUM_public_key *public_key, CBS *in); 110 111 // DILITHIUM_marshal_private_key serializes |private_key| to |out| in the 112 // standard format for Dilithium private keys. It returns one on success or zero 113 // on allocation error. 114 OPENSSL_EXPORT int DILITHIUM_marshal_private_key( 115 CBB *out, const struct DILITHIUM_private_key *private_key); 116 117 // DILITHIUM_parse_private_key parses a private key, in the format generated by 118 // |DILITHIUM_marshal_private_key|, from |in| and writes the result to 119 // |out_private_key|. It returns one on success or zero on parse error or if 120 // there are trailing bytes in |in|. 121 OPENSSL_EXPORT int DILITHIUM_parse_private_key( 122 struct DILITHIUM_private_key *private_key, CBS *in); 123 124 #endif // OPENSSL_UNSTABLE_EXPERIMENTAL_DILITHIUM 125 126 127 #if defined(__cplusplus) 128 } // extern C 129 #endif 130 131 #endif // OPENSSL_HEADER_DILITHIUM_H 132