You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

189 lines
5.1 KiB

  1. /**
  2. * @file decaf_crypto.h
  3. * @copyright
  4. * Copyright (c) 2015 Cryptography Research, Inc. \n
  5. * Released under the MIT License. See LICENSE.txt for license information.
  6. * @author Mike Hamburg
  7. * @brief Example Decaf cyrpto routines.
  8. * @warning These are merely examples, though they ought to be secure. But real
  9. * protocols will decide differently on magic numbers, formats, which items to
  10. * hash, etc.
  11. * @warning Experimental! The names, parameter orders etc are likely to change.
  12. */
  13. #ifndef __DECAF_CRYPTO_H__
  14. #define __DECAF_CRYPTO_H__ 1
  15. #include "decaf.h"
  16. #include "shake.h"
  17. /** Number of bytes for a symmetric key (expanded to full key) */
  18. #define DECAF_255_SYMMETRIC_KEY_BYTES 32
  19. /** @cond internal */
  20. #define API_VIS __attribute__((visibility("default"))) __attribute__((noinline)) // TODO: synergize with decaf.h
  21. #define WARN_UNUSED __attribute__((warn_unused_result))
  22. #define NONNULL1 __attribute__((nonnull(1)))
  23. #define NONNULL2 __attribute__((nonnull(1,2)))
  24. #define NONNULL3 __attribute__((nonnull(1,2,3)))
  25. #define NONNULL134 __attribute__((nonnull(1,3,4)))
  26. #define NONNULL5 __attribute__((nonnull(1,2,3,4,5)))
  27. /** @endcond */
  28. /** A symmetric key, the compressed point of a private key. */
  29. typedef unsigned char decaf_255_symmetric_key_t[DECAF_255_SYMMETRIC_KEY_BYTES];
  30. /** An encoded public key. */
  31. typedef unsigned char decaf_255_public_key_t[DECAF_255_SER_BYTES];
  32. /** A signature. */
  33. typedef unsigned char decaf_255_signature_t[DECAF_255_SER_BYTES + DECAF_255_SCALAR_BYTES];
  34. typedef struct {
  35. /** @cond intetrnal */
  36. /** The symmetric key from which everything is expanded */
  37. decaf_255_symmetric_key_t sym;
  38. /** The scalar x */
  39. decaf_255_scalar_t secret_scalar;
  40. /** x*Base */
  41. decaf_255_public_key_t pub;
  42. /** @endcond */
  43. } /** Private key structure for pointers. */
  44. decaf_255_private_key_s,
  45. /** A private key (gmp array[1] style). */
  46. decaf_255_private_key_t[1];
  47. #ifdef __cplusplus
  48. extern "C" {
  49. #endif
  50. /**
  51. * @brief Derive a key from its compressed form.
  52. * @param [out] priv The derived private key.
  53. * @param [in] proto The compressed or proto-key, which must be 32 random bytes.
  54. */
  55. void decaf_255_derive_private_key (
  56. decaf_255_private_key_t priv,
  57. const decaf_255_symmetric_key_t proto
  58. ) NONNULL2 API_VIS;
  59. /**
  60. * @brief Destroy a private key.
  61. */
  62. void decaf_255_destroy_private_key (
  63. decaf_255_private_key_t priv
  64. ) NONNULL1 API_VIS;
  65. /**
  66. * @brief Convert a private key to a public one.
  67. * @param [out] pub The extracted private key.
  68. * @param [in] priv The private key.
  69. */
  70. void decaf_255_private_to_public (
  71. decaf_255_public_key_t pub,
  72. const decaf_255_private_key_t priv
  73. ) NONNULL2 API_VIS;
  74. /**
  75. * @brief Compute a Diffie-Hellman shared secret.
  76. *
  77. * This is an example routine; real protocols would use something
  78. * protocol-specific.
  79. *
  80. * @param [out] shared A buffer to store the shared secret.
  81. * @param [in] shared_bytes The size of the buffer.
  82. * @param [in] my_privkey My private key.
  83. * @param [in] your_pubkey Your public key.
  84. *
  85. * @retval DECAF_SUCCESS Key exchange was successful.
  86. * @retval DECAF_FAILURE Key exchange failed.
  87. *
  88. * @warning This is a pretty silly shared secret computation
  89. * and will almost definitely change in the future.
  90. */
  91. decaf_bool_t
  92. decaf_255_shared_secret (
  93. uint8_t *shared,
  94. size_t shared_bytes,
  95. const decaf_255_private_key_t my_privkey,
  96. const decaf_255_public_key_t your_pubkey
  97. ) NONNULL134 WARN_UNUSED API_VIS;
  98. /**
  99. * @brief Sign a message from its SHAKE context.
  100. *
  101. * @param [out] sig The signature.
  102. * @param [in] priv Your private key.
  103. * @param [in] shake A SHAKE256 context with the message.
  104. */
  105. void
  106. decaf_255_sign_shake (
  107. decaf_255_signature_t sig,
  108. const decaf_255_private_key_t priv,
  109. const keccak_sponge_t shake
  110. ) NONNULL3 API_VIS;
  111. /**
  112. * @brief Sign a message from its SHAKE context.
  113. *
  114. * @param [out] sig The signature.
  115. * @param [in] priv Your private key.
  116. * @param [in] message The message.
  117. * @param [in] message_len The message's length.
  118. */
  119. void
  120. decaf_255_sign (
  121. decaf_255_signature_t sig,
  122. const decaf_255_private_key_t priv,
  123. const unsigned char *message,
  124. size_t message_len
  125. ) NONNULL3 API_VIS;
  126. /**
  127. * @brief Verify a signed message from its SHAKE context.
  128. *
  129. * @param [in] sig The signature.
  130. * @param [in] pub The public key.
  131. * @param [in] shake A SHAKE256 context with the message.
  132. */
  133. decaf_bool_t
  134. decaf_255_verify_shake (
  135. const decaf_255_signature_t sig,
  136. const decaf_255_public_key_t pub,
  137. const keccak_sponge_t shake
  138. ) NONNULL3 API_VIS WARN_UNUSED;
  139. /**
  140. * @brief Verify a signed message.
  141. *
  142. * @param [in] sig The signature.
  143. * @param [in] pub The public key.
  144. * @param [in] message The message.
  145. * @param [in] message_len The message's length.
  146. */
  147. decaf_bool_t
  148. decaf_255_verify (
  149. const decaf_255_signature_t sig,
  150. const decaf_255_public_key_t pub,
  151. const unsigned char *message,
  152. size_t message_len
  153. ) NONNULL3 API_VIS WARN_UNUSED;
  154. #undef API_VIS
  155. #undef WARN_UNUSED
  156. #undef NONNULL1
  157. #undef NONNULL2
  158. #undef NONNULL3
  159. #undef NONNULL134
  160. #undef NONNULL5
  161. #ifdef __cplusplus
  162. } /* extern "C" */
  163. #endif
  164. #endif /* __DECAF_CRYPTO_H__ */