Leancrypto 1.6.0
Post-Quantum Cryptographic Library
Loading...
Searching...
No Matches
lc_dilithium_44.h
Go to the documentation of this file.
1/*
2 * Copyright (C) 2022 - 2025, Stephan Mueller <smueller@chronox.de>
3 *
4 * License: see LICENSE file in root directory
5 *
6 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
7 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
8 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF
9 * WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE
10 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
11 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
12 * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
13 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
14 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
15 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
16 * USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH
17 * DAMAGE.
18 */
19/*
20 * This code is derived in parts from the code distribution provided with
21 * https://github.com/pq-crystals/dilithium
22 *
23 * That code is released under Public Domain
24 * (https://creativecommons.org/share-your-work/public-domain/cc0/);
25 * or Apache 2.0 License (https://www.apache.org/licenses/LICENSE-2.0.html).
26 */
27
28#ifndef LC_DILITHIUM_44_H
29#define LC_DILITHIUM_44_H
30
31#ifndef __ASSEMBLER__
32
33#include "ext_headers.h"
34#include "lc_hash.h"
35#include "lc_rng.h"
36#include "lc_sha3.h"
37#include "lc_sha512.h"
38
39#endif /* __ASSEMBLER__ */
40
41#ifdef __cplusplus
42extern "C" {
43#endif
44
46
47/*
48 * Dilithium Security Levels
49 * 2 -> 192 bits of security strength
50 * 3 -> 225 bits of security strength
51 * 5 -> 257 bits of security strength
52 */
53#define LC_DILITHIUM_MODE 2
54
55#define LC_DILITHIUM_SEEDBYTES 32
56#define LC_DILITHIUM_CRHBYTES 64
57#define LC_DILITHIUM_TRBYTES 64
58#define LC_DILITHIUM_RNDBYTES 32
59#define LC_DILITHIUM_N 256
60#define LC_DILITHIUM_Q 8380417
61#define LC_DILITHIUM_D 13
62#define LC_DILITHIUM_ROOT_OF_UNITY 1753
63
64#if LC_DILITHIUM_MODE == 2
65#define LC_DILITHIUM_NIST_CATEGORY 1
66#define LC_DILITHIUM_LAMBDA 128
67#define LC_DILITHIUM_K 4
68#define LC_DILITHIUM_L 4
69#define LC_DILITHIUM_ETA 2
70#define LC_DILITHIUM_TAU 39
71#define LC_DILITHIUM_BETA 78
72#define LC_DILITHIUM_GAMMA1 (1 << 17)
73#define LC_DILITHIUM_GAMMA2 ((LC_DILITHIUM_Q - 1) / 88)
74#define LC_DILITHIUM_OMEGA 80
75
76#elif LC_DILITHIUM_MODE == 3
77#define LC_DILITHIUM_NIST_CATEGORY 3
78#define LC_DILITHIUM_LAMBDA 192
79#define LC_DILITHIUM_K 6
80#define LC_DILITHIUM_L 5
81#define LC_DILITHIUM_ETA 4
82#define LC_DILITHIUM_TAU 49
83#define LC_DILITHIUM_BETA 196
84#define LC_DILITHIUM_GAMMA1 (1 << 19)
85#define LC_DILITHIUM_GAMMA2 ((LC_DILITHIUM_Q - 1) / 32)
86#define LC_DILITHIUM_OMEGA 55
87
88#elif LC_DILITHIUM_MODE == 5
89#define LC_DILITHIUM_NIST_CATEGORY 5
90#define LC_DILITHIUM_LAMBDA 256
91#define LC_DILITHIUM_K 8
92#define LC_DILITHIUM_L 7
93#define LC_DILITHIUM_ETA 2
94#define LC_DILITHIUM_TAU 60
95#define LC_DILITHIUM_BETA 120
96#define LC_DILITHIUM_GAMMA1 (1 << 19)
97#define LC_DILITHIUM_GAMMA2 ((LC_DILITHIUM_Q - 1) / 32)
98#define LC_DILITHIUM_OMEGA 75
99
100#endif
101
102#define LC_DILITHIUM_CTILDE_BYTES (LC_DILITHIUM_LAMBDA * 2 / 8)
103#define LC_DILITHIUM_POLYT1_PACKEDBYTES 320
104#define LC_DILITHIUM_POLYT0_PACKEDBYTES 416
105#define LC_DILITHIUM_POLYVECH_PACKEDBYTES (LC_DILITHIUM_OMEGA + LC_DILITHIUM_K)
106
107#if LC_DILITHIUM_GAMMA1 == (1 << 17)
108#define LC_DILITHIUM_POLYZ_PACKEDBYTES 576
109#elif LC_DILITHIUM_GAMMA1 == (1 << 19)
110#define LC_DILITHIUM_POLYZ_PACKEDBYTES 640
111#endif
112
113#if LC_DILITHIUM_GAMMA2 == (LC_DILITHIUM_Q - 1) / 88
114#define LC_DILITHIUM_POLYW1_PACKEDBYTES 192
115#elif LC_DILITHIUM_GAMMA2 == (LC_DILITHIUM_Q - 1) / 32
116#define LC_DILITHIUM_POLYW1_PACKEDBYTES 128
117#endif
118
119#if LC_DILITHIUM_ETA == 2
120#define LC_DILITHIUM_POLYETA_PACKEDBYTES 96
121#elif LC_DILITHIUM_ETA == 4
122#define LC_DILITHIUM_POLYETA_PACKEDBYTES 128
123#endif
124
125/*
126 * Sizes of the different Dilithium buffer types.
127 *
128 * WARNING: Do not use these defines in your code. If you need the sizes of
129 * the different variable sizes, use sizeof of the different variable structs or
130 * use the different *_size functions documented below to retrieve the data size
131 * of a particular Dilithium component.
132 */
133#define LC_DILITHIUM_PUBLICKEYBYTES \
134 (LC_DILITHIUM_SEEDBYTES + \
135 LC_DILITHIUM_K * LC_DILITHIUM_POLYT1_PACKEDBYTES)
136#define LC_DILITHIUM_SECRETKEYBYTES \
137 (2 * LC_DILITHIUM_SEEDBYTES + LC_DILITHIUM_TRBYTES + \
138 LC_DILITHIUM_L * LC_DILITHIUM_POLYETA_PACKEDBYTES + \
139 LC_DILITHIUM_K * LC_DILITHIUM_POLYETA_PACKEDBYTES + \
140 LC_DILITHIUM_K * LC_DILITHIUM_POLYT0_PACKEDBYTES)
141
142#define LC_DILITHIUM_CRYPTO_BYTES \
143 (LC_DILITHIUM_CTILDE_BYTES + \
144 LC_DILITHIUM_L * LC_DILITHIUM_POLYZ_PACKEDBYTES + \
145 LC_DILITHIUM_POLYVECH_PACKEDBYTES)
147
148#ifndef __ASSEMBLER__
152struct lc_dilithium_44_sk {
153 uint8_t sk[LC_DILITHIUM_SECRETKEYBYTES];
154};
155
159struct lc_dilithium_44_pk {
160 uint8_t pk[LC_DILITHIUM_PUBLICKEYBYTES];
161};
162
166struct lc_dilithium_44_sig {
167 uint8_t sig[LC_DILITHIUM_CRYPTO_BYTES];
168};
169
170#ifndef LC_DILITHIUM_CTX_ON_STACK
171struct lc_dilithium_ctx {
176 struct lc_hash_ctx dilithium_hash_ctx;
177
182 uint8_t shake_state[LC_SHA3_STATE_SIZE_ALIGN(LC_SHA3_256_CTX_SIZE)];
183
195 const struct lc_hash *dilithium_prehash_type;
196
204 size_t userctxlen;
205
212 const uint8_t *userctx;
213
221 const uint8_t *external_mu;
222 size_t external_mu_len;
223
230 const uint8_t *randomizer;
231 size_t randomizerlen;
232
241 void *ahat;
242 unsigned short ahat_size;
243
250 uint8_t nist_category;
251
264 unsigned int ml_dsa_internal:1;
265
269 unsigned int ahat_expanded:1;
270};
271#endif
272
274
275/*
276 * The alignment is based on largest alignment of a polyvecl typedef - this is
277 * the AVX2 definition.
278 */
279#define LC_DILITHIUM_AHAT_ALIGNMENT (32)
280
281/*
282 * Padding between struct lc_dilithium_ctx and AHat buffer to ensure AHat buffer
283 * is aligned to LC_DILITHIUM_AHAT_ALIGNMENT
284 */
285#define LC_DILITHIUM_44_AHAT_PAD \
286 (LC_DILITHIUM_AHAT_ALIGNMENT - \
287 (sizeof(struct lc_dilithium_ctx) % LC_DILITHIUM_AHAT_ALIGNMENT))
288
289/* Size of the AHat matrix for ML-DSA 87 */
290#define LC_DILITHIUM_44_AHAT_SIZE \
291 (256 * sizeof(int32_t) * LC_DILITHIUM_K * LC_DILITHIUM_L)
292
293#ifndef LC_DILITHIUM_CTX_ON_STACK
294#define LC_DILITHIUM_CTX_SIZE \
295 sizeof(struct lc_dilithium_ctx)
296
297#define LC_DILITHIUM_CTX_INIT_HASH(name) \
298 LC_SHAKE_256_CTX((&(name)->dilithium_hash_ctx))
299
300#define LC_DILITHIUM_SET_CTX(name) \
301 LC_DILITHIUM_CTX_INIT_HASH(name); \
302 (name)->dilithium_prehash_type = NULL; \
303 (name)->ml_dsa_internal = 0; \
304 (name)->userctxlen = 0; \
305 (name)->userctx = NULL; \
306 (name)->ahat = NULL; \
307 (name)->ahat_size = 0; \
308 (name)->external_mu = NULL; \
309 (name)->external_mu_len = 0; \
310 (name)->randomizer = NULL; \
311 (name)->randomizerlen = 0; \
312 (name)->nist_category = 0;
313#endif
315
322#ifndef LC_DILITHIUM_CTX_ON_STACK
323#define LC_DILITHIUM_CTX_ON_STACK(name) \
324 _Pragma("GCC diagnostic push") _Pragma( \
325 "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \
326 LC_ALIGNED_BUFFER( \
327 name##_ctx_buf, LC_DILITHIUM_CTX_SIZE, \
328 LC_HASH_COMMON_ALIGNMENT); \
329 struct lc_dilithium_ctx *name = \
330 (struct lc_dilithium_ctx *)name##_ctx_buf; \
331 LC_DILITHIUM_SET_CTX(name); \
332 _Pragma("GCC diagnostic pop")
333#endif
334
375#define LC_DILITHIUM_44_CTX_ON_STACK_AHAT(name) \
376 _Pragma("GCC diagnostic push") _Pragma( \
377 "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \
378 LC_ALIGNED_BUFFER( \
379 name##_ctx_buf, LC_DILITHIUM_CTX_SIZE + \
380 LC_DILITHIUM_44_AHAT_PAD + LC_DILITHIUM_44_AHAT_SIZE, \
381 LC_HASH_COMMON_ALIGNMENT); \
382 struct lc_dilithium_ctx *name = \
383 (struct lc_dilithium_ctx *)name##_ctx_buf; \
384 LC_DILITHIUM_SET_CTX(name); \
385 name->ahat = (uint8_t *)name + LC_DILITHIUM_CTX_SIZE + \
386 LC_DILITHIUM_44_AHAT_PAD; \
387 name->ahat_expanded = 0; \
388 name->ahat_size = LC_DILITHIUM_44_AHAT_SIZE; \
389 _Pragma("GCC diagnostic pop")
390
397static inline void lc_dilithium_44_ctx_zero(struct lc_dilithium_ctx *ctx)
398{
399 if (!ctx)
400 return;
401 lc_hash_zero(&ctx->dilithium_hash_ctx);
402 if (ctx->ahat) {
403 lc_memset_secure(ctx->ahat, 0, ctx->ahat_size);
404 ctx->ahat_expanded = 0;
405 }
406}
407
415int lc_dilithium_44_ctx_alloc(struct lc_dilithium_ctx **ctx);
416
427int lc_dilithium_44_ctx_alloc_ahat(struct lc_dilithium_ctx **ctx);
428
434void lc_dilithium_44_ctx_zero_free(struct lc_dilithium_ctx *ctx);
435
439LC_PURE
440static inline unsigned int lc_dilithium_44_sk_size(void)
441{
442 return lc_member_size(struct lc_dilithium_44_sk, sk);
443}
444
448LC_PURE
449static inline unsigned int lc_dilithium_44_pk_size(void)
450{
451 return lc_member_size(struct lc_dilithium_44_pk, pk);
452}
453
457LC_PURE
458static inline unsigned int lc_dilithium_44_sig_size(void)
459{
460 return lc_member_size(struct lc_dilithium_44_sig, sig);
461}
462
472int lc_dilithium_44_keypair(struct lc_dilithium_44_pk *pk, struct lc_dilithium_44_sk *sk,
473 struct lc_rng_ctx *rng_ctx);
474
494int lc_dilithium_44_keypair_from_seed(struct lc_dilithium_44_pk *pk,
495 struct lc_dilithium_44_sk *sk,
496 const uint8_t *seed, size_t seedlen);
497
511int lc_dilithium_44_sign(struct lc_dilithium_44_sig *sig, const uint8_t *m,
512 size_t mlen, const struct lc_dilithium_44_sk *sk,
513 struct lc_rng_ctx *rng_ctx);
514
532int lc_dilithium_44_sign_ctx(struct lc_dilithium_44_sig *sig,
533 struct lc_dilithium_ctx *ctx,
534 const uint8_t *m, size_t mlen,
535 const struct lc_dilithium_44_sk *sk,
536 struct lc_rng_ctx *rng_ctx);
537
551int lc_dilithium_44_sign_init(struct lc_dilithium_ctx *ctx,
552 const struct lc_dilithium_44_sk *sk);
553
568int lc_dilithium_44_sign_update(struct lc_dilithium_ctx *ctx, const uint8_t *m,
569 size_t mlen);
570
585int lc_dilithium_44_sign_final(struct lc_dilithium_44_sig *sig,
586 struct lc_dilithium_ctx *ctx,
587 const struct lc_dilithium_44_sk *sk,
588 struct lc_rng_ctx *rng_ctx);
589
601int lc_dilithium_44_verify(const struct lc_dilithium_44_sig *sig, const uint8_t *m,
602 size_t mlen, const struct lc_dilithium_44_pk *pk);
603
619int lc_dilithium_44_verify_ctx(const struct lc_dilithium_44_sig *sig,
620 struct lc_dilithium_ctx *ctx,
621 const uint8_t *m, size_t mlen,
622 const struct lc_dilithium_44_pk *pk);
623
638int lc_dilithium_44_verify_init(struct lc_dilithium_ctx *ctx,
639 const struct lc_dilithium_44_pk *pk);
640
656int lc_dilithium_44_verify_update(struct lc_dilithium_ctx *ctx, const uint8_t *m,
657 size_t mlen);
658
671int lc_dilithium_44_verify_final(const struct lc_dilithium_44_sig *sig,
672 struct lc_dilithium_ctx *ctx,
673 const struct lc_dilithium_44_pk *pk);
674
675/****************************** Dilithium ED25510 *****************************/
676/* Macro set during leancrypto compile time for target platform */
677#define LC_DILITHIUM_ED25519_SIG
678#ifdef LC_DILITHIUM_ED25519_SIG
679
680#include "lc_ed25519.h"
681
685struct lc_dilithium_44_ed25519_sk {
686 struct lc_dilithium_44_sk sk;
687 struct lc_ed25519_sk sk_ed25519;
688};
689
693struct lc_dilithium_44_ed25519_pk {
694 struct lc_dilithium_44_pk pk;
695 struct lc_ed25519_pk pk_ed25519;
696};
697
701struct lc_dilithium_44_ed25519_sig {
702 struct lc_dilithium_44_sig sig;
703 struct lc_ed25519_sig sig_ed25519;
704};
705
712#ifndef LC_DILITHIUM_ED25519_CTX_ON_STACK
716#endif
717
719#ifndef LC_DILITHIUM_ED25519_CTX_ON_STACK
720#define LC_DILITHIUM_ED25519_CTX_SIZE \
721 sizeof(struct lc_dilithium_ed25519_ctx)
722#endif
724
730#ifndef LC_DILITHIUM_ED25519_CTX_ON_STACK
731#define LC_DILITHIUM_ED25519_CTX_ON_STACK(name) \
732 _Pragma("GCC diagnostic push") _Pragma( \
733 "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \
734 LC_ALIGNED_BUFFER( \
735 name##_ctx_buf, LC_DILITHIUM_ED25519_CTX_SIZE, \
736 LC_HASH_COMMON_ALIGNMENT); \
737 struct lc_dilithium_ed25519_ctx *name = \
738 (struct lc_dilithium_ed25519_ctx *)name##_ctx_buf; \
739 LC_DILITHIUM_SET_CTX(&(name)->dilithium_ctx); \
740 _Pragma("GCC diagnostic pop")
741#endif
742
749static inline void lc_dilithium_44_ed25519_ctx_zero(
750 struct lc_dilithium_ed25519_ctx *ctx)
751{
752 if (!ctx)
753 return;
754 lc_dilithium_44_ctx_zero(&ctx->dilithium_ctx);
755}
756
764int lc_dilithium_44_ed25519_ctx_alloc(
765 struct lc_dilithium_ed25519_ctx **ctx);
766
772void lc_dilithium_44_ed25519_ctx_zero_free(
773 struct lc_dilithium_ed25519_ctx *ctx);
774
784int lc_dilithium_44_ed25519_keypair(struct lc_dilithium_44_ed25519_pk *pk,
785 struct lc_dilithium_44_ed25519_sk *sk,
786 struct lc_rng_ctx *rng_ctx);
787
801int lc_dilithium_44_ed25519_sign(struct lc_dilithium_44_ed25519_sig *sig,
802 const uint8_t *m, size_t mlen,
803 const struct lc_dilithium_44_ed25519_sk *sk,
804 struct lc_rng_ctx *rng_ctx);
805
823int lc_dilithium_44_ed25519_sign_ctx(struct lc_dilithium_44_ed25519_sig *sig,
824 struct lc_dilithium_ed25519_ctx *ctx,
825 const uint8_t *m, size_t mlen,
826 const struct lc_dilithium_44_ed25519_sk *sk,
827 struct lc_rng_ctx *rng_ctx);
828
829int lc_dilithium_44_ed25519_sign_init(
830 struct lc_dilithium_ed25519_ctx *ctx,
831 const struct lc_dilithium_44_ed25519_sk *sk);
832
833int lc_dilithium_44_ed25519_sign_update(
834 struct lc_dilithium_ed25519_ctx *ctx, const uint8_t *m,
835 size_t mlen);
836
837int lc_dilithium_44_ed25519_sign_final(
838 struct lc_dilithium_44_ed25519_sig *sig,
839 struct lc_dilithium_ed25519_ctx *ctx,
840 const struct lc_dilithium_44_ed25519_sk *sk,
841 struct lc_rng_ctx *rng_ctx);
842
854int lc_dilithium_44_ed25519_verify(const struct lc_dilithium_44_ed25519_sig *sig,
855 const uint8_t *m, size_t mlen,
856 const struct lc_dilithium_44_ed25519_pk *pk);
857
873int lc_dilithium_44_ed25519_verify_ctx(const struct lc_dilithium_44_ed25519_sig *sig,
874 struct lc_dilithium_ed25519_ctx *ctx,
875 const uint8_t *m, size_t mlen,
876 const struct lc_dilithium_44_ed25519_pk *pk);
877
878int lc_dilithium_44_ed25519_verify_init(
879 struct lc_dilithium_ed25519_ctx *ctx,
880 const struct lc_dilithium_44_ed25519_pk *pk);
881int lc_dilithium_44_ed25519_verify_update(
882 struct lc_dilithium_ed25519_ctx *ctx, const uint8_t *m,
883 size_t mlen);
884int lc_dilithium_44_ed25519_verify_final(
885 const struct lc_dilithium_44_ed25519_sig *sig,
886 struct lc_dilithium_ed25519_ctx *ctx,
887 const struct lc_dilithium_44_ed25519_pk *pk);
888
889#endif /* LC_DILITHIUM_ED25519_SIG */
890
891/****************************** Dilithium ED25510 *****************************/
892/* Macro set during leancrypto compile time for target platform */
893#define LC_DILITHIUM_ED448_SIG
894#ifdef LC_DILITHIUM_ED448_SIG
895
896#include "lc_ed448.h"
897
901struct lc_dilithium_44_ed448_sk {
902 struct lc_dilithium_44_sk sk;
903 struct lc_ed448_sk sk_ed448;
904};
905
909struct lc_dilithium_44_ed448_pk {
910 struct lc_dilithium_44_pk pk;
911 struct lc_ed448_pk pk_ed448;
912};
913
917struct lc_dilithium_44_ed448_sig {
918 struct lc_dilithium_44_sig sig;
919 struct lc_ed448_sig sig_ed448;
920};
921
928#ifndef LC_DILITHIUM_ED448_CTX_ON_STACK
932#endif
933
935#ifndef LC_DILITHIUM_ED448_CTX_ON_STACK
936#define LC_DILITHIUM_ED448_CTX_SIZE \
937 sizeof(struct lc_dilithium_ed448_ctx)
938#endif
940
946#ifndef LC_DILITHIUM_ED448_CTX_ON_STACK
947#define LC_DILITHIUM_ED448_CTX_ON_STACK(name) \
948 _Pragma("GCC diagnostic push") _Pragma( \
949 "GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \
950 LC_ALIGNED_BUFFER( \
951 name##_ctx_buf, LC_DILITHIUM_ED448_CTX_SIZE, \
952 LC_HASH_COMMON_ALIGNMENT); \
953 struct lc_dilithium_ed448_ctx *name = \
954 (struct lc_dilithium_ed448_ctx *)name##_ctx_buf; \
955 LC_DILITHIUM_SET_CTX(&(name)->dilithium_ctx); \
956 _Pragma("GCC diagnostic pop")
957#endif
958
965static inline void lc_dilithium_44_ed448_ctx_zero(
966 struct lc_dilithium_ed448_ctx *ctx)
967{
968 if (!ctx)
969 return;
970 lc_dilithium_44_ctx_zero(&ctx->dilithium_ctx);
971}
972
980int lc_dilithium_44_ed448_ctx_alloc(
981 struct lc_dilithium_ed448_ctx **ctx);
982
988void lc_dilithium_44_ed448_ctx_zero_free(
989 struct lc_dilithium_ed448_ctx *ctx);
990
1000int lc_dilithium_44_ed448_keypair(struct lc_dilithium_44_ed448_pk *pk,
1001 struct lc_dilithium_44_ed448_sk *sk,
1002 struct lc_rng_ctx *rng_ctx);
1003
1017int lc_dilithium_44_ed448_sign(struct lc_dilithium_44_ed448_sig *sig,
1018 const uint8_t *m, size_t mlen,
1019 const struct lc_dilithium_44_ed448_sk *sk,
1020 struct lc_rng_ctx *rng_ctx);
1021
1039int lc_dilithium_44_ed448_sign_ctx(struct lc_dilithium_44_ed448_sig *sig,
1040 struct lc_dilithium_ed448_ctx *ctx,
1041 const uint8_t *m, size_t mlen,
1042 const struct lc_dilithium_44_ed448_sk *sk,
1043 struct lc_rng_ctx *rng_ctx);
1044
1045int lc_dilithium_44_ed448_sign_init(
1046 struct lc_dilithium_ed448_ctx *ctx,
1047 const struct lc_dilithium_44_ed448_sk *sk);
1048
1049int lc_dilithium_44_ed448_sign_update(
1050 struct lc_dilithium_ed448_ctx *ctx, const uint8_t *m,
1051 size_t mlen);
1052
1053int lc_dilithium_44_ed448_sign_final(
1054 struct lc_dilithium_44_ed448_sig *sig,
1055 struct lc_dilithium_ed448_ctx *ctx,
1056 const struct lc_dilithium_44_ed448_sk *sk,
1057 struct lc_rng_ctx *rng_ctx);
1058
1070int lc_dilithium_44_ed448_verify(const struct lc_dilithium_44_ed448_sig *sig,
1071 const uint8_t *m, size_t mlen,
1072 const struct lc_dilithium_44_ed448_pk *pk);
1073
1089int lc_dilithium_44_ed448_verify_ctx(const struct lc_dilithium_44_ed448_sig *sig,
1090 struct lc_dilithium_ed448_ctx *ctx,
1091 const uint8_t *m, size_t mlen,
1092 const struct lc_dilithium_44_ed448_pk *pk);
1093
1094int lc_dilithium_44_ed448_verify_init(
1095 struct lc_dilithium_ed448_ctx *ctx,
1096 const struct lc_dilithium_44_ed448_pk *pk);
1097int lc_dilithium_44_ed448_verify_update(
1098 struct lc_dilithium_ed448_ctx *ctx, const uint8_t *m,
1099 size_t mlen);
1100int lc_dilithium_44_ed448_verify_final(
1101 const struct lc_dilithium_44_ed448_sig *sig,
1102 struct lc_dilithium_ed448_ctx *ctx,
1103 const struct lc_dilithium_44_ed448_pk *pk);
1104
1105#endif /* LC_DILITHIUM_ED448_SIG */
1106
1107#endif /* __ASSEMBLER__ */
1108
1109/*
1110 * To allow including the different lc_dilithium_*.h files, these macros need to
1111 * be undefined. Only during compilation of leancrypto, these macros remain
1112 * defined as this header file is not included multiple times.
1113 */
1114#ifndef LC_DILITHIUM_INTERNAL
1115#undef LC_DILITHIUM_MODE
1116#undef LC_DILITHIUM_NIST_CATEGORY
1117#undef LC_DILITHIUM_SEEDBYTES
1118#undef LC_DILITHIUM_CRHBYTES
1119#undef LC_DILITHIUM_TRBYTES
1120#undef LC_DILITHIUM_RNDBYTES
1121#undef LC_DILITHIUM_N
1122#undef LC_DILITHIUM_Q
1123#undef LC_DILITHIUM_D
1124#undef LC_DILITHIUM_ROOT_OF_UNITY
1125#undef LC_DILITHIUM_LAMBDA
1126#undef LC_DILITHIUM_K
1127#undef LC_DILITHIUM_L
1128#undef LC_DILITHIUM_ETA
1129#undef LC_DILITHIUM_TAU
1130#undef LC_DILITHIUM_BETA
1131#undef LC_DILITHIUM_GAMMA1
1132#undef LC_DILITHIUM_GAMMA2
1133#undef LC_DILITHIUM_OMEGA
1134#undef LC_DILITHIUM_CTILDE_BYTES
1135#undef LC_DILITHIUM_POLYT1_PACKEDBYTES
1136#undef LC_DILITHIUM_POLYT0_PACKEDBYTES
1137#undef LC_DILITHIUM_POLYVECH_PACKEDBYTES
1138#undef LC_DILITHIUM_POLYZ_PACKEDBYTES
1139#undef LC_DILITHIUM_POLYW1_PACKEDBYTES
1140#undef LC_DILITHIUM_POLYETA_PACKEDBYTES
1141#undef LC_DILITHIUM_PUBLICKEYBYTES
1142#undef LC_DILITHIUM_SECRETKEYBYTES
1143#undef LC_DILITHIUM_CRYPTO_BYTES
1144#endif /* LC_DILITHIUM_INTERNAL */
1145
1146#ifdef __cplusplus
1147}
1148#endif
1149
1150#endif /* LC_DILITHIUM_44_H */
lc_hash_zero
void lc_hash_zero(struct lc_hash_ctx *hash_ctx)
Zeroize Hash context allocated with either LC_HASH_CTX_ON_STACK or lc_hmac_alloc.
lc_hash
int lc_hash(const struct lc_hash *hash, const uint8_t *in, size_t inlen, uint8_t *digest)
Calculate message digest - one-shot.
lc_dilithium_44_ed448_sign_init
int lc_dilithium_44_ed448_sign_init(struct lc_dilithium_ed448_ctx *ctx, const struct lc_dilithium_44_ed448_sk *sk)
lc_dilithium_44_ed25519_pk::pk_ed25519
struct lc_ed25519_pk pk_ed25519
Definition lc_dilithium_44.h:695
lc_dilithium_44_ed448_pk::pk
struct lc_dilithium_44_pk pk
Definition lc_dilithium_44.h:910
lc_dilithium_44_ed448_sk::sk
struct lc_dilithium_44_sk sk
Definition lc_dilithium_44.h:902
lc_dilithium_44_ed25519_sign_update
int lc_dilithium_44_ed25519_sign_update(struct lc_dilithium_ed25519_ctx *ctx, const uint8_t *m, size_t mlen)
lc_dilithium_44_verify
int lc_dilithium_44_verify(const struct lc_dilithium_44_sig *sig, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_pk *pk)
Verifies ML-DSA signature in one shot.
lc_dilithium_44_ed25519_sig::sig
struct lc_dilithium_44_sig sig
Definition lc_dilithium_44.h:702
lc_dilithium_44_ctx_alloc_ahat
int lc_dilithium_44_ctx_alloc_ahat(struct lc_dilithium_ctx **ctx)
Allocate Dilithium stream context on heap including additional parameter relevant for the signature o...
lc_dilithium_44_ed25519_ctx_zero_free
void lc_dilithium_44_ed25519_ctx_zero_free(struct lc_dilithium_ed25519_ctx *ctx)
Zeroize and free Dilithium-ED25519 stream context.
lc_dilithium_44_keypair_from_seed
int lc_dilithium_44_keypair_from_seed(struct lc_dilithium_44_pk *pk, struct lc_dilithium_44_sk *sk, const uint8_t *seed, size_t seedlen)
Generates Dilithium public and private key from a given seed.
lc_dilithium_44_verify_ctx
int lc_dilithium_44_verify_ctx(const struct lc_dilithium_44_sig *sig, struct lc_dilithium_ctx *ctx, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_pk *pk)
Verifies signature with Dilithium context in one shot.
lc_dilithium_44_keypair
int lc_dilithium_44_keypair(struct lc_dilithium_44_pk *pk, struct lc_dilithium_44_sk *sk, struct lc_rng_ctx *rng_ctx)
Generates Dilithium public and private key.
lc_dilithium_44_ed448_sk::sk_ed448
struct lc_ed448_sk sk_ed448
Definition lc_dilithium_44.h:903
lc_dilithium_44_ed25519_sign_final
int lc_dilithium_44_ed25519_sign_final(struct lc_dilithium_44_ed25519_sig *sig, struct lc_dilithium_ed25519_ctx *ctx, const struct lc_dilithium_44_ed25519_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_dilithium_44_ctx_alloc
int lc_dilithium_44_ctx_alloc(struct lc_dilithium_ctx **ctx)
Allocate Dilithium stream context on heap.
lc_dilithium_44_ed448_verify_init
int lc_dilithium_44_ed448_verify_init(struct lc_dilithium_ed448_ctx *ctx, const struct lc_dilithium_44_ed448_pk *pk)
lc_dilithium_44_ed448_sig::sig_ed448
struct lc_ed448_sig sig_ed448
Definition lc_dilithium_44.h:919
lc_dilithium_44_sign_final
int lc_dilithium_44_sign_final(struct lc_dilithium_44_sig *sig, struct lc_dilithium_ctx *ctx, const struct lc_dilithium_44_sk *sk, struct lc_rng_ctx *rng_ctx)
Computes signature.
lc_dilithium_44_ed25519_sign_ctx
int lc_dilithium_44_ed25519_sign_ctx(struct lc_dilithium_44_ed25519_sig *sig, struct lc_dilithium_ed25519_ctx *ctx, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_ed25519_sk *sk, struct lc_rng_ctx *rng_ctx)
Computes signature with Dilithium context in one shot.
lc_dilithium_44_ed448_pk::pk_ed448
struct lc_ed448_pk pk_ed448
Definition lc_dilithium_44.h:911
lc_dilithium_44_sign
int lc_dilithium_44_sign(struct lc_dilithium_44_sig *sig, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_sk *sk, struct lc_rng_ctx *rng_ctx)
Computes ML-DSA signature in one shot.
lc_dilithium_44_ed448_verify_update
int lc_dilithium_44_ed448_verify_update(struct lc_dilithium_ed448_ctx *ctx, const uint8_t *m, size_t mlen)
lc_dilithium_44_sk_size
static LC_PURE unsigned int lc_dilithium_44_sk_size(void)
Return the size of the Dilithium secret key.
Definition lc_dilithium_44.h:440
lc_dilithium_44_ed448_sig::sig
struct lc_dilithium_44_sig sig
Definition lc_dilithium_44.h:918
lc_dilithium_44_ed25519_sk::sk_ed25519
struct lc_ed25519_sk sk_ed25519
Definition lc_dilithium_44.h:687
lc_dilithium_44_ed25519_verify_init
int lc_dilithium_44_ed25519_verify_init(struct lc_dilithium_ed25519_ctx *ctx, const struct lc_dilithium_44_ed25519_pk *pk)
lc_dilithium_44_ed448_ctx_alloc
int lc_dilithium_44_ed448_ctx_alloc(struct lc_dilithium_ed448_ctx **ctx)
Allocate Dilithium-ED448 stream context on heap.
lc_dilithium_44_ed25519_verify_update
int lc_dilithium_44_ed25519_verify_update(struct lc_dilithium_ed25519_ctx *ctx, const uint8_t *m, size_t mlen)
lc_dilithium_44_verify_update
int lc_dilithium_44_verify_update(struct lc_dilithium_ctx *ctx, const uint8_t *m, size_t mlen)
Add more data to an already initialized signature state.
lc_dilithium_44_ed448_verify_final
int lc_dilithium_44_ed448_verify_final(const struct lc_dilithium_44_ed448_sig *sig, struct lc_dilithium_ed448_ctx *ctx, const struct lc_dilithium_44_ed448_pk *pk)
lc_dilithium_44_ed25519_ctx_zero
static void lc_dilithium_44_ed25519_ctx_zero(struct lc_dilithium_ed25519_ctx *ctx)
Zeroize Dilithium-ED25519 context allocated with LC_DILITHIUM_ED25519_CTX_ON_STACK lc_dilithium_ed255...
Definition lc_dilithium_44.h:749
lc_dilithium_44_ed25519_sign_init
int lc_dilithium_44_ed25519_sign_init(struct lc_dilithium_ed25519_ctx *ctx, const struct lc_dilithium_44_ed25519_sk *sk)
lc_dilithium_44_ed448_sign_final
int lc_dilithium_44_ed448_sign_final(struct lc_dilithium_44_ed448_sig *sig, struct lc_dilithium_ed448_ctx *ctx, const struct lc_dilithium_44_ed448_sk *sk, struct lc_rng_ctx *rng_ctx)
lc_dilithium_44_ed448_verify
int lc_dilithium_44_ed448_verify(const struct lc_dilithium_44_ed448_sig *sig, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_ed448_pk *pk)
Verifies signature in one shot.
lc_dilithium_44_ed448_ctx_zero_free
void lc_dilithium_44_ed448_ctx_zero_free(struct lc_dilithium_ed448_ctx *ctx)
Zeroize and free Dilithium-ED448 stream context.
lc_dilithium_44_sign_update
int lc_dilithium_44_sign_update(struct lc_dilithium_ctx *ctx, const uint8_t *m, size_t mlen)
Add more data to an already initialized signature state.
lc_dilithium_44_ed448_keypair
int lc_dilithium_44_ed448_keypair(struct lc_dilithium_44_ed448_pk *pk, struct lc_dilithium_44_ed448_sk *sk, struct lc_rng_ctx *rng_ctx)
Generates Dilithium public and private key.
lc_dilithium_44_ed448_verify_ctx
int lc_dilithium_44_ed448_verify_ctx(const struct lc_dilithium_44_ed448_sig *sig, struct lc_dilithium_ed448_ctx *ctx, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_ed448_pk *pk)
Verifies signature in one shot with Dilithium context.
lc_dilithium_44_sk::sk
uint8_t sk[LC_DILITHIUM_SECRETKEYBYTES]
Definition lc_dilithium_44.h:153
lc_dilithium_44_ed25519_ctx_alloc
int lc_dilithium_44_ed25519_ctx_alloc(struct lc_dilithium_ed25519_ctx **ctx)
Allocate Dilithium-ED25519 stream context on heap.
lc_dilithium_44_ed448_ctx_zero
static void lc_dilithium_44_ed448_ctx_zero(struct lc_dilithium_ed448_ctx *ctx)
Zeroize Dilithium-ED448 context allocated with LC_DILITHIUM_ED448_CTX_ON_STACK lc_dilithium_ed448_all...
Definition lc_dilithium_44.h:965
lc_dilithium_44_ed25519_pk::pk
struct lc_dilithium_44_pk pk
Definition lc_dilithium_44.h:694
lc_dilithium_44_pk_size
static LC_PURE unsigned int lc_dilithium_44_pk_size(void)
Return the size of the Dilithium public key.
Definition lc_dilithium_44.h:449
lc_dilithium_44_ed448_sign_update
int lc_dilithium_44_ed448_sign_update(struct lc_dilithium_ed448_ctx *ctx, const uint8_t *m, size_t mlen)
lc_dilithium_44_sig::sig
uint8_t sig[LC_DILITHIUM_CRYPTO_BYTES]
Definition lc_dilithium_44.h:167
lc_dilithium_44_ed25519_verify
int lc_dilithium_44_ed25519_verify(const struct lc_dilithium_44_ed25519_sig *sig, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_ed25519_pk *pk)
Verifies signature in one shot.
lc_dilithium_44_ed25519_sk::sk
struct lc_dilithium_44_sk sk
Definition lc_dilithium_44.h:686
lc_dilithium_44_sign_ctx
int lc_dilithium_44_sign_ctx(struct lc_dilithium_44_sig *sig, struct lc_dilithium_ctx *ctx, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_sk *sk, struct lc_rng_ctx *rng_ctx)
Computes signature with Dilithium context in one shot.
lc_dilithium_44_sig_size
static LC_PURE unsigned int lc_dilithium_44_sig_size(void)
Return the size of the Dilithium signature.
Definition lc_dilithium_44.h:458
lc_dilithium_44_ed25519_sign
int lc_dilithium_44_ed25519_sign(struct lc_dilithium_44_ed25519_sig *sig, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_ed25519_sk *sk, struct lc_rng_ctx *rng_ctx)
Computes signature in one shot.
lc_dilithium_44_verify_final
int lc_dilithium_44_verify_final(const struct lc_dilithium_44_sig *sig, struct lc_dilithium_ctx *ctx, const struct lc_dilithium_44_pk *pk)
Verifies signature.
lc_dilithium_44_ed25519_verify_ctx
int lc_dilithium_44_ed25519_verify_ctx(const struct lc_dilithium_44_ed25519_sig *sig, struct lc_dilithium_ed25519_ctx *ctx, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_ed25519_pk *pk)
Verifies signature in one shot with Dilithium context.
lc_dilithium_44_verify_init
int lc_dilithium_44_verify_init(struct lc_dilithium_ctx *ctx, const struct lc_dilithium_44_pk *pk)
Initializes a signature verification operation.
lc_dilithium_44_ed25519_keypair
int lc_dilithium_44_ed25519_keypair(struct lc_dilithium_44_ed25519_pk *pk, struct lc_dilithium_44_ed25519_sk *sk, struct lc_rng_ctx *rng_ctx)
Generates Dilithium public and private key.
lc_dilithium_44_ctx_zero
static void lc_dilithium_44_ctx_zero(struct lc_dilithium_ctx *ctx)
Zeroize Dilithium context allocated with LC_DILITHIUM_CTX_ON_STACK lc_dilithium_ed25519_alloc.
Definition lc_dilithium_44.h:397
lc_dilithium_44_ed448_sign
int lc_dilithium_44_ed448_sign(struct lc_dilithium_44_ed448_sig *sig, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_ed448_sk *sk, struct lc_rng_ctx *rng_ctx)
Computes signature in one shot.
lc_dilithium_44_sign_init
int lc_dilithium_44_sign_init(struct lc_dilithium_ctx *ctx, const struct lc_dilithium_44_sk *sk)
Initializes a signature operation.
lc_dilithium_44_ctx_zero_free
void lc_dilithium_44_ctx_zero_free(struct lc_dilithium_ctx *ctx)
Zeroize and free Dilithium stream context.
lc_dilithium_44_ed25519_sig::sig_ed25519
struct lc_ed25519_sig sig_ed25519
Definition lc_dilithium_44.h:703
lc_dilithium_44_ed448_sign_ctx
int lc_dilithium_44_ed448_sign_ctx(struct lc_dilithium_44_ed448_sig *sig, struct lc_dilithium_ed448_ctx *ctx, const uint8_t *m, size_t mlen, const struct lc_dilithium_44_ed448_sk *sk, struct lc_rng_ctx *rng_ctx)
Computes signature with Dilithium context in one shot.
lc_dilithium_44_ed25519_verify_final
int lc_dilithium_44_ed25519_verify_final(const struct lc_dilithium_44_ed25519_sig *sig, struct lc_dilithium_ed25519_ctx *ctx, const struct lc_dilithium_44_ed25519_pk *pk)
lc_dilithium_44_pk::pk
uint8_t pk[LC_DILITHIUM_PUBLICKEYBYTES]
Definition lc_dilithium_44.h:160
lc_dilithium_44_ed25519_pk
Dilithium public key.
Definition lc_dilithium_44.h:693
lc_dilithium_44_ed25519_sig
Dilithium signature.
Definition lc_dilithium_44.h:701
lc_dilithium_44_ed25519_sk
Dilithium secret key.
Definition lc_dilithium_44.h:685
lc_dilithium_44_ed448_pk
Dilithium public key.
Definition lc_dilithium_44.h:909
lc_dilithium_44_ed448_sig
Dilithium signature.
Definition lc_dilithium_44.h:917
lc_dilithium_44_ed448_sk
Dilithium secret key.
Definition lc_dilithium_44.h:901
lc_dilithium_44_pk
Dilithium public key.
Definition lc_dilithium_44.h:159
lc_dilithium_44_sig
Dilithium signature.
Definition lc_dilithium_44.h:166
lc_dilithium_44_sk
Dilithium secret key.
Definition lc_dilithium_44.h:152
lc_dilithium_ctx::ahat_expanded
unsigned int ahat_expanded
Was aHat already filled? This is used and set internally.
Definition lc_dilithium_44.h:269
lc_dilithium_ctx::external_mu
const uint8_t * external_mu
Pointer to the external mu.
Definition lc_dilithium_44.h:221
lc_dilithium_ctx::shake_state
uint8_t shake_state[LC_SHA3_STATE_SIZE_ALIGN(LC_SHA3_256_CTX_SIZE)]
State memory of the hash context used internally to the library - it should not be touched by the use...
Definition lc_dilithium_44.h:182
lc_dilithium_ctx::dilithium_hash_ctx
struct lc_hash_ctx dilithium_hash_ctx
Hash context used internally to the library - it should not be touched by the user.
Definition lc_dilithium_44.h:176
lc_dilithium_ctx::ml_dsa_internal
unsigned int ml_dsa_internal
When set to true, only the ML-DSA.Sign_internal or ML-DSA.Verify_internal are performed (see FIPS 204...
Definition lc_dilithium_44.h:264
lc_dilithium_ed448_ctx::dilithium_ctx
struct lc_dilithium_ctx dilithium_ctx
Definition lc_dilithium_44.h:930
lc_dilithium_ctx::randomizer
const uint8_t * randomizer
Pointer to the randomizer.
Definition lc_dilithium_44.h:230
lc_dilithium_ctx::ahat_size
unsigned short ahat_size
Definition lc_dilithium_44.h:242
lc_dilithium_ctx::userctxlen
size_t userctxlen
length of the user context (allowed range between 0 and 255 bytes)
Definition lc_dilithium_44.h:204
lc_dilithium_ctx::randomizerlen
size_t randomizerlen
Definition lc_dilithium_44.h:231
lc_dilithium_ctx::ahat
void * ahat
Pointer to the AHat buffer. This can be provided by the caller or it must be NULL otherwise.
Definition lc_dilithium_44.h:241
lc_dilithium_ed25519_ctx::dilithium_ctx
struct lc_dilithium_ctx dilithium_ctx
Definition lc_dilithium_44.h:714
lc_dilithium_ctx::external_mu_len
size_t external_mu_len
Definition lc_dilithium_44.h:222
lc_dilithium_ctx::userctx
const uint8_t * userctx
buffer with a caller-specified context string
Definition lc_dilithium_44.h:212
lc_dilithium_ctx::nist_category
uint8_t nist_category
NIST category required for composite signatures.
Definition lc_dilithium_44.h:250
lc_dilithium_ctx::dilithium_prehash_type
const struct lc_hash * dilithium_prehash_type
When using HashML-DSA, set the hash reference used for the hash operation. Allowed values are lc_sha2...
Definition lc_dilithium_44.h:195
lc_dilithium_ctx
Definition lc_dilithium_44.h:171
lc_dilithium_ed25519_ctx
Dilithium stream context.
Definition lc_dilithium_44.h:713
lc_dilithium_ed448_ctx
Dilithium stream context.
Definition lc_dilithium_44.h:929
lc_hash.h
lc_memset_secure
static void lc_memset_secure(void *s, int c, size_t n)
Definition lc_memset_secure.h:79
lc_rng.h
lc_sha3.h
lc_sha512.h
Generated by doxygen 1.15.0