jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: ed6fdbf3c3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ed6fdbf3c3'
${ noResults }
ed448goldilocks/goldilocks.h

172 lines
4.8 KiB
Raw Blame History 

  1. /* Copyright (c) 2014 Cryptography Research, Inc.

  2.  * Released under the MIT License.  See LICENSE.txt for license information.

  3.  */

  4. 

  5. /**

  6.  * @file goldilocks.h

  7.  * @author Mike Hamburg

  8.  * @brief Goldilocks high-level functions.

  9.  */

  10. #ifndef __GOLDILOCKS_H__

  11. #define __GOLDILOCKS_H__ 1

  12. 

  13. #include <stdint.h>

  14. 

  15. /**

  16.  * @brief Serialized form of a Goldilocks public key.

  17.  *

  18.  * @warning This isn't even my final form!

  19.  */

  20. struct goldilocks_public_key_t {

  21.     uint8_t opaque[56]; /**< Serialized data. */

  22. };

  23. 

  24. /**

  25.  * @brief Serialized form of a Goldilocks private key.

  26.  *

  27.  * Contains 56 bytes of actual private key, 56 bytes of

  28.  * public key, and 32 bytes of symmetric key for randomization.

  29.  *

  30.  * @warning This isn't even my final form!

  31.  */

  32. struct goldilocks_private_key_t {

  33.     uint8_t opaque[144]; /**< Serialized data. */

  34. };

  35. 

  36. #ifdef __cplusplus

  37. extern "C" {

  38. #endif

  39. 

  40. /** @brief No error. */

  41. static const int GOLDI_EOK      = 0;

  42. 

  43. /** @brief Error: your key is corrupt. */

  44. static const int GOLDI_ECORRUPT = 44801;

  45. 

  46. /** @brief Error: other party's key is corrupt. */

  47. static const int GOLDI_EINVAL   = 44802;

  48. 

  49. /** @brief Error: not enough entropy. */

  50. static const int GOLDI_ENODICE  = 44804;

  51. 

  52. /**

  53.  * @brief Initialize Goldilocks' precomputed tables and

  54.  * random number generator.

  55.  * @retval GOLDI_EOK Success.

  56.  * @retval Nonzero An error occurred.

  57.  */

  58. int

  59. goldilocks_init();

  60. 

  61. /**

  62.  * @brief Generate a new random keypair.

  63.  * @param [out] privkey The generated private key.

  64.  * @param [out] pubkey The generated public key.

  65.  *

  66.  * @warning This isn't even my final form!

  67.  *

  68.  * @retval GOLDI_EOK Success.

  69.  * @retval GOLDI_ENODICE Insufficient entropy.

  70.  */

  71. int

  72. goldilocks_keygen (

  73.     struct goldilocks_private_key_t *privkey,

  74.     struct goldilocks_public_key_t *pubkey

  75. ) __attribute__((warn_unused_result));

  76. 

  77. /**

  78.  * @brief Generate a Diffie-Hellman shared secret in constant time.

  79.  *

  80.  * This function uses some compile-time flags whose merit remains to

  81.  * be decided.

  82.  *

  83.  * If the flag EXPERIMENT_ECDH_OBLITERATE_CT is set, prepend 40 bytes

  84.  * of zeros to the secret before hashing.  In the case that the other

  85.  * party's key is detectably corrupt, instead the symmetric part

  86.  * of the secret key is used to produce a pseudorandom value.

  87.  *

  88.  * If EXPERIMENT_ECDH_STIR_IN_PUBKEYS is set, the sum and product of

  89.  * the two parties' public keys is prepended to the hash.

  90.  *

  91.  * @warning This isn't even my final form!

  92.  *

  93.  * @param [out] shared The shared secret established with the other party.

  94.  * @param [in] my_privkey My private key.

  95.  * @param [in] your_pubkey The other party's public key.

  96.  *

  97.  * @retval GOLDI_EOK Success.

  98.  * @retval GOLDI_ECORRUPT My key is corrupt.

  99.  * @retval GOLDI_EINVAL   The other party's key is corrupt.

  100.  */

  101. int

  102. goldilocks_shared_secret (

  103.     uint8_t shared[64],

  104.     const struct goldilocks_private_key_t *my_privkey,

  105.     const struct goldilocks_public_key_t *your_pubkey

  106. ) __attribute__((warn_unused_result));

  107.     

  108. /**

  109.  * @brief Sign a message.

  110.  *

  111.  * The signature is deterministic, using the symmetric secret found in the

  112.  * secret key to form a nonce.

  113.  *

  114.  * The technique used in signing is a modified Schnorr system, like EdDSA.

  115.  *

  116.  * @warning This isn't even my final form!

  117.  * @warning This function contains endian bugs. (TODO)

  118.  *

  119.  * @param [out] signature_out Space for the output signature.

  120.  * @param [in] message The message to be signed.

  121.  * @param [in] message_len The length of the message to be signed.

  122.  * @param [in] privkey My private key.

  123.  *

  124.  * @retval GOLDI_EOK Success.

  125.  * @retval GOLDI_ECORRUPT My key is corrupt.

  126.  */

  127. int

  128. goldilocks_sign (

  129.     uint8_t signature_out[56*2],

  130.     const uint8_t *message,

  131.     uint64_t message_len,

  132.     const struct goldilocks_private_key_t *privkey

  133. );

  134.     

  135. /**

  136.  * @brief Verify a signature.

  137.  *

  138.  * This function is fairly strict.  It will correctly detect when

  139.  * the signature has the wrong cofactor companent.  Once deserialization

  140.  * of numbers is strictified (TODO) it will limit the response to being

  141.  * less than q as well.

  142.  * 

  143.  * Currently this function does not detect when the public key is weird,

  144.  * eg 0, has cofactor, etc.  As a result, a party with a bogus public

  145.  * key could create signatures that succeed on some systems and fail on

  146.  * others.

  147.  *

  148.  * @warning This isn't even my final form!

  149.  * @warning This function contains endian bugs. (TODO)

  150.  *

  151.  * @param [out] signature_out The signature.

  152.  * @param [in] message The message to be verified.

  153.  * @param [in] message_len The length of the message to be verified.

  154.  * @param [in] pubkey The signer's public key.

  155.  *

  156.  * @retval GOLDI_EOK Success.

  157.  * @retval GOLDI_EINVAL The public key or signature is corrupt.

  158.  */

  159. int

  160. goldilocks_verify (

  161.     const uint8_t signature[56*2],

  162.     const uint8_t *message,

  163.     uint64_t message_len,

  164.     const struct goldilocks_public_key_t *pubkey

  165. ) __attribute__((warn_unused_result));

  166. 

  167. #ifdef __cplusplus

  168. }; /* extern "C" */

  169. #endif

  170. 

  171. #endif /* __GOLDILOCKS_H__ */