 |
Software APIs
|
|
Software APIs
|
Elliptic curve operations for OpenTitan cryptography library. More...
#include "datatypes.h"Go to the source code of this file.
Data Structures | |
| struct | otcrypto_ecc_domain |
| Struct for domain parameters of a custom Weierstrass curve. More... | |
| struct | otcrypto_ecc_curve |
| Struct for ECC curve used for ECDSA / ECDH operation. More... | |
Typedefs | |
| typedef enum otcrypto_eddsa_sign_mode | otcrypto_eddsa_sign_mode_t |
| Enum to define EdDSA mode for signature. More... | |
| typedef struct otcrypto_ecc_domain | otcrypto_ecc_domain_t |
| Struct for domain parameters of a custom Weierstrass curve. | |
| typedef enum otcrypto_ecc_curve_type | otcrypto_ecc_curve_type_t |
| Enum to define the type of elliptic curve used for the operation. More... | |
| typedef struct otcrypto_ecc_curve | otcrypto_ecc_curve_t |
| Struct for ECC curve used for ECDSA / ECDH operation. More... | |
Enumerations | |
| enum | otcrypto_eddsa_sign_mode { kOtcryptoEddsaSignModeEddsa = 0xae1, kOtcryptoEddsaSignModeHashEddsa = 0x9a6 } |
| Enum to define EdDSA mode for signature. More... | |
| enum | otcrypto_ecc_curve_type { kOtcryptoEccCurveTypeCustom = 0xbf7, kOtcryptoEccCurveTypeNistP256 = 0xec8, kOtcryptoEccCurveTypeNistP384 = 0x1bc, kEccCurveTypeBrainpoolP256R1 = 0xc1e } |
| Enum to define the type of elliptic curve used for the operation. More... | |
Elliptic curve operations for OpenTitan cryptography library.
Includes ECDSA, ECDH, Ed25519, and X25519.
Definition in file ecc.h.
| struct otcrypto_ecc_domain |
| Data Fields | ||
|---|---|---|
| otcrypto_const_byte_buf_t | a | |
| otcrypto_const_byte_buf_t | b | |
| uint32_t | checksum | |
| const uint32_t | cofactor | |
| const uint32_t * | gx | |
| const uint32_t * | gy | |
| otcrypto_const_byte_buf_t | p | |
| otcrypto_const_byte_buf_t | q | |
| struct otcrypto_ecc_curve |
Struct for ECC curve used for ECDSA / ECDH operation.
Values are hardened.
| Data Fields | ||
|---|---|---|
| otcrypto_ecc_curve_type_t | curve_type | |
| const otcrypto_ecc_domain_t *const | domain_parameter | |
| typedef struct otcrypto_ecc_curve otcrypto_ecc_curve_t |
Struct for ECC curve used for ECDSA / ECDH operation.
Values are hardened.
| typedef enum otcrypto_ecc_curve_type otcrypto_ecc_curve_type_t |
Enum to define the type of elliptic curve used for the operation.
Values are hardened.
| typedef enum otcrypto_eddsa_sign_mode otcrypto_eddsa_sign_mode_t |
Enum to define EdDSA mode for signature.
Values are hardened.
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_unblinded_key_t * | public_key, | ||
| const otcrypto_ecc_curve_t * | elliptic_curve, | ||
| otcrypto_blinded_key_t * | shared_secret | ||
| ) |
Performs Elliptic Curve Diffie Hellman shared secret generation.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
| private_key | Pointer to the blinded private key (d) struct. | |
| public_key | Pointer to the unblinded public key (Q) struct. | |
| elliptic_curve | Pointer to the elliptic curve to be used. | |
| [out] | shared_secret | Pointer to generated blinded shared key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_async_finalize | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| otcrypto_blinded_key_t * | shared_secret | ||
| ) |
Finalizes the asynchronous Elliptic Curve Diffie Hellman shared secret generation.
Returns kOtcryptoStatusValueOk and copies shared_secret if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
The caller must ensure that the elliptic_curve parameter matches the one that was previously passed to the corresponding _start function; a mismatch will cause inconsistencies.
| elliptic_curve | Pointer to the elliptic curve that is being used. | |
| [out] | shared_secret | Pointer to generated blinded shared key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_async_start | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_unblinded_key_t * | public_key, | ||
| const otcrypto_ecc_curve_t * | elliptic_curve | ||
| ) |
Starts the asynchronous Elliptic Curve Diffie Hellman shared secret generation.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
| private_key | Pointer to the blinded private key (d) struct. |
| public_key | Pointer to the unblinded public key (Q) struct. |
| elliptic_curve | Pointer to the elliptic curve to be used. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_keygen | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| otcrypto_blinded_key_t * | private_key, | ||
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Performs the key generation for ECDH key agreement.
Computes private key (d) and public key (Q) keys for ECDSA operation.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. The caller should indicate the length of the allocated keyblob; this function will return an error if the keyblob length does not match expectations. If the key is hardware-backed, the caller should pass a fully populated private key handle as returned by otcrypto_hw_backed_key. For non-hardware-backed keys, the keyblob should be twice the length of the key. The value in the checksum field of the blinded key struct will be populated by the key generation function.
| elliptic_curve | Pointer to the elliptic curve to be used. | |
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_keygen_async_finalize | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| otcrypto_blinded_key_t * | private_key, | ||
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes the asynchronous key generation for ECDSA operation.
Returns kOtcryptoStatusValueOk and copies the private key (d) and public key (Q), if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
The caller must ensure that the elliptic_curve parameter matches the one that was previously passed to the corresponding _start function; a mismatch will cause inconsistencies. Similarly, the private key configuration must match the one originally passed to _start.
| elliptic_curve | Pointer to the elliptic curve that is being used. | |
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_keygen_async_start | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| const otcrypto_blinded_key_t * | private_key | ||
| ) |
Starts the asynchronous key generation for ECDH operation.
Initializes OTBN and begins generating an ECDH key pair. The caller should set the config field of private_key with their desired key configuration options. If the key is hardware-backed, the caller should pass a fully populated private key handle such as the kind returned by otcrypto_hw_backed_key.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
Returns kOtcryptoStatusValueOk if the operation was successfully started, orkOtcryptoStatusValueInternalError if the operation cannot be started.
| elliptic_curve | Pointer to the elliptic curve to be used. |
| private_key | Destination structure for private key, or key handle. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_keygen | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| otcrypto_blinded_key_t * | private_key, | ||
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Performs the key generation for ECDSA operation.
Computes private key (d) and public key (Q) keys for ECDSA operation.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. The caller should indicate the length of the allocated keyblob; this function will return an error if the keyblob length does not match expectations. If the key is hardware-backed, the caller should pass a fully populated private key handle as returned by otcrypto_hw_backed_key. For non-hardware-backed keys, the keyblob should be twice the length of the key. The value in the checksum field of the blinded key struct will be populated by the key generation function.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
| elliptic_curve | Pointer to the elliptic curve to be used. | |
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_keygen_async_finalize | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| otcrypto_blinded_key_t * | private_key, | ||
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes the asynchronous key generation for ECDSA operation.
Returns kOtcryptoStatusValueOk and copies the private key (d) and public key (Q), if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
The caller must ensure that the elliptic_curve parameter matches the one that was previously passed to the corresponding _start function; a mismatch will cause inconsistencies. Similarly, the private key configuration must match the one originally passed to _start.
| elliptic_curve | Pointer to the elliptic curve that is being used. | |
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_keygen_async_start | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| const otcrypto_blinded_key_t * | private_key | ||
| ) |
Starts the asynchronous key generation for ECDSA operation.
Initializes OTBN and begins generating an ECDSA key pair. The caller should set the config field of private_key with their desired key configuration options. If the key is hardware-backed, the caller should pass a fully populated private key handle such as the kind returned by otcrypto_hw_backed_key.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
Returns kOtcryptoStatusValueOk if the operation was successfully started, orkOtcryptoStatusValueInternalError if the operation cannot be started.
| elliptic_curve | Pointer to the elliptic curve to be used. |
| private_key | Destination structure for private key, or key handle. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_sign | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| const otcrypto_ecc_curve_t * | elliptic_curve, | ||
| otcrypto_word32_buf_t | signature | ||
| ) |
Performs the ECDSA digital signature generation.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
The message digest must be exactly the right length for the curve in use (e.g. 256 bits for P-256), but may use any hash mode. The caller is responsible for ensuring that the security strength of the hash function is at least equal to the security strength of the curve. See FIPS 186-5 for details.
| private_key | Pointer to the blinded private key (d) struct. | |
| message_digest | Message digest to be signed (pre-hashed). | |
| elliptic_curve | Pointer to the elliptic curve to be used. | |
| [out] | signature | Pointer to the signature struct with (r,s) values. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_sign_async_finalize | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| otcrypto_word32_buf_t | signature | ||
| ) |
Finalizes the asynchronous ECDSA digital signature generation.
Returns kOtcryptoStatusValueOk and copies the signature if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
The caller must ensure that the elliptic_curve parameter matches the one that was previously passed to the corresponding _start function; a mismatch will cause inconsistencies.
| elliptic_curve | Pointer to the elliptic curve that is being used. | |
| [out] | signature | Pointer to the signature struct with (r,s) values. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_sign_async_start | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| const otcrypto_ecc_curve_t * | elliptic_curve | ||
| ) |
Starts the asynchronous ECDSA digital signature generation.
Initializes OTBN and starts the OTBN routine to compute the digital signature on the input message. The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
| private_key | Pointer to the blinded private key (d) struct. |
| message_digest | Message digest to be signed (pre-hashed). |
| elliptic_curve | Pointer to the elliptic curve to be used. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_verify | ( | const otcrypto_unblinded_key_t * | public_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| otcrypto_const_word32_buf_t | signature, | ||
| const otcrypto_ecc_curve_t * | elliptic_curve, | ||
| hardened_bool_t * | verification_result | ||
| ) |
Performs the ECDSA digital signature verification.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
The message digest must be exactly the right length for the curve in use (e.g. 256 bits for P-256), but may use any hash mode. The caller is responsible for ensuring that the security strength of the hash function is at least equal to the security strength of the curve. See FIPS 186-5 for details.
| public_key | Pointer to the unblinded public key (Q) struct. | |
| message_digest | Message digest to be verified (pre-hashed). | |
| signature | Pointer to the signature to be verified. | |
| elliptic_curve | Pointer to the elliptic curve to be used. | |
| [out] | verification_result | Result of signature verification (Pass/Fail). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_verify_async_finalize | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| otcrypto_const_word32_buf_t | signature, | ||
| hardened_bool_t * | verification_result | ||
| ) |
Finalizes the asynchronous ECDSA digital signature verification.
Returns kOtcryptoStatusValueOk and populates the verification result if the OTBN status is done. kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error. The computed signature is compared against the input signature and a PASS or FAIL is returned.
The caller must ensure that the elliptic_curve and signature parameters matches the ones that were previously passed to the corresponding _start function; a mismatch will cause inconsistencies.
| elliptic_curve | Pointer to the elliptic curve that is being used. | |
| [out] | verification_result | Result of signature verification (Pass/Fail). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_verify_async_start | ( | const otcrypto_unblinded_key_t * | public_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| otcrypto_const_word32_buf_t | signature, | ||
| const otcrypto_ecc_curve_t * | elliptic_curve | ||
| ) |
Starts the asynchronous ECDSA digital signature verification.
Initializes OTBN and starts the OTBN routine to recover ‘r’ value from the input signature ‘s’ value. The domain_parameter field of elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
| public_key | Pointer to the unblinded public key (Q) struct. |
| message_digest | Message digest to be verified (pre-hashed). |
| signature | Pointer to the signature to be verified. |
| elliptic_curve | Pointer to the elliptic curve to be used. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_keygen | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Generates a new Ed25519 key pair.
Computes the private exponent (d) and public key (Q) based on Curve25519.
No domain_parameter is needed and is automatically set for Ed25519.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. The caller should indicate the length of the allocated keyblob; this function will return an error if the keyblob length does not match expectations. If the key is hardware-backed, the caller should pass a fully populated private key handle as returned by otcrypto_hw_backed_key. For non-hardware-backed keys, the keyblob should be twice the length of the key. The value in the checksum field of the blinded key struct will be populated by the key generation function.
| [out] | private_key | Pointer to the blinded private key struct. |
| [out] | public_key | Pointer to the unblinded public key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_keygen_async_finalize | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes the asynchronous key generation for Ed25519.
Returns kOtcryptoStatusValueOk and copies private key (d) and public key (Q), if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
The caller must ensure that config matches the key configuration initially passed to the _start complement of this function.
| [out] | private_key | Pointer to the blinded private key struct. |
| [out] | public_key | Pointer to the unblinded public key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_keygen_async_start | ( | const otcrypto_blinded_key_t * | private_key | ) |
Starts the asynchronous key generation for Ed25519.
Initializes OTBN and begins generating an Ed25519 key pair. The caller should set the config field of private_key with their desired key configuration options. If the key is hardware-backed, the caller should pass a fully populated private key handle such as the kind returned by otcrypto_hw_backed_key.
No domain_parameter is needed and is automatically set for X25519.
| private_key | Destination structure for private key, or key handle. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_sign | ( | const otcrypto_blinded_key_t * | private_key, |
| otcrypto_const_byte_buf_t | input_message, | ||
| otcrypto_eddsa_sign_mode_t | sign_mode, | ||
| otcrypto_word32_buf_t | signature | ||
| ) |
Generates an Ed25519 digital signature.
| private_key | Pointer to the blinded private key struct. | |
| input_message | Input message to be signed. | |
| sign_mode | Parameter for EdDSA or Hash EdDSA sign mode. | |
| [out] | signature | Pointer to the EdDSA signature with (r,s) values. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_sign_async_finalize | ( | otcrypto_word32_buf_t | signature | ) |
Finalizes the asynchronous Ed25519 digital signature generation.
Returns kOtcryptoStatusValueOk and copies the signature if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
| [out] | signature | Pointer to the EdDSA signature to get (s) value. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_sign_async_start | ( | const otcrypto_blinded_key_t * | private_key, |
| otcrypto_const_byte_buf_t | input_message, | ||
| otcrypto_eddsa_sign_mode_t | sign_mode, | ||
| otcrypto_word32_buf_t | signature | ||
| ) |
Starts the asynchronous Ed25519 digital signature generation.
Initializes OTBN and starts the OTBN routine to compute the digital signature on the input message. The domain_parameter field for Ed25519 is automatically set.
| private_key | Pointer to the blinded private key struct. | |
| input_message | Input message to be signed. | |
| sign_mode | Parameter for EdDSA or Hash EdDSA sign mode. | |
| [out] | signature | Pointer to the EdDSA signature to get (r) value. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_verify | ( | const otcrypto_unblinded_key_t * | public_key, |
| otcrypto_const_byte_buf_t | input_message, | ||
| otcrypto_eddsa_sign_mode_t | sign_mode, | ||
| otcrypto_const_word32_buf_t | signature, | ||
| hardened_bool_t * | verification_result | ||
| ) |
Verifies an Ed25519 signature.
| public_key | Pointer to the unblinded public key struct. | |
| input_message | Input message to be signed for verification. | |
| sign_mode | Parameter for EdDSA or Hash EdDSA sign mode. | |
| signature | Pointer to the signature to be verified. | |
| [out] | verification_result | Result of signature verification (Pass/Fail). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_verify_async_finalize | ( | hardened_bool_t * | verification_result | ) |
Finalizes the asynchronous Ed25519 digital signature verification.
Returns kOtcryptoStatusValueOk and populates the verification result with a PASS or FAIL, if the OTBN status is done, kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
| [out] | verification_result | Result of signature verification (Pass/Fail). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_verify_async_start | ( | const otcrypto_unblinded_key_t * | public_key, |
| otcrypto_const_byte_buf_t | input_message, | ||
| otcrypto_eddsa_sign_mode_t | sign_mode, | ||
| otcrypto_const_word32_buf_t | signature | ||
| ) |
Starts the asynchronous Ed25519 digital signature verification.
Initializes OTBN and starts the OTBN routine to verify the signature. The domain_parameter for Ed25519 is set automatically.
| public_key | Pointer to the unblinded public key struct. |
| input_message | Input message to be signed for verification. |
| sign_mode | Parameter for EdDSA or Hash EdDSA sign mode. |
| signature | Pointer to the signature to be verified. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519 | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_unblinded_key_t * | public_key, | ||
| otcrypto_blinded_key_t * | shared_secret | ||
| ) |
Performs the X25519 Diffie Hellman shared secret generation.
| private_key | Pointer to blinded private key (u-coordinate). | |
| public_key | Pointer to the public scalar from the sender. | |
| [out] | shared_secret | Pointer to shared secret key (u-coordinate). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_async_finalize | ( | otcrypto_blinded_key_t * | shared_secret | ) |
Finalizes the asynchronous X25519 Diffie Hellman shared secret generation.
Returns kOtcryptoStatusValueOk and copies shared_secret if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
| [out] | shared_secret | Pointer to shared secret key (u-coordinate). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_async_start | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_unblinded_key_t * | public_key | ||
| ) |
Starts the asynchronous X25519 Diffie Hellman shared secret generation.
Initializes OTBN and starts the OTBN routine to perform Diffie Hellman shared secret generation based on Curve25519. The domain parameter is automatically set for X25519 API.
| private_key | Pointer to the blinded private key (u-coordinate). |
| public_key | Pointer to the public scalar from the sender. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_keygen | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Generates a new key pair for X25519 key exchange.
Computes the private scalar (d) and public key (Q) based on Curve25519.
No domain_parameter is needed and is automatically set for X25519.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. The caller should indicate the length of the allocated keyblob; this function will return an error if the keyblob length does not match expectations. If the key is hardware-backed, the caller should pass a fully populated private key handle as returned by otcrypto_hw_backed_key. For non-hardware-backed keys, the keyblob should be twice the length of the key. The value in the checksum field of the blinded key struct will be populated by the key generation function.
| [out] | private_key | Pointer to the blinded private key struct. |
| [out] | public_key | Pointer to the unblinded public key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_keygen_async_finalize | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes the asynchronous key generation for X25519.
Returns kOtcryptoStatusValueOk and copies private key (d) and public key (Q), if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
The caller must ensure that config matches the key configuration initially passed to the _start complement of this function.
| [out] | private_key | Pointer to the blinded private key struct. |
| [out] | public_key | Pointer to the unblinded public key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_keygen_async_start | ( | const otcrypto_blinded_key_t * | private_key | ) |
Starts the asynchronous key generation for X25519.
Initializes OTBN and begins generating an X25519 key pair. The caller should set the config field of private_key with their desired key configuration options. If the key is hardware-backed, the caller should pass a fully populated private key handle such as the kind returned by otcrypto_hw_backed_key.
No domain_parameter is needed and is automatically set for X25519.
| private_key | Destination structure for private key, or key handle. |