 |
Software APIs
|
|
Software APIs
|
Elliptic curve operations for OpenTitan cryptography library. More...
#include "datatypes.h"Go to the source code of this file.
Data Structures | |
| struct | otcrypto_ecc_domain |
| Struct for domain parameters of a custom Weierstrass curve. More... | |
| struct | otcrypto_ecc_curve |
| Struct for ECC curve used for ECDSA / ECDH operation. More... | |
Typedefs | |
| typedef enum otcrypto_eddsa_sign_mode | otcrypto_eddsa_sign_mode_t |
| Enum to define EdDSA mode for signature. More... | |
| typedef struct otcrypto_ecc_domain | otcrypto_ecc_domain_t |
| Struct for domain parameters of a custom Weierstrass curve. | |
| typedef enum otcrypto_ecc_curve_type | otcrypto_ecc_curve_type_t |
| Enum to define the type of elliptic curve used for the operation. More... | |
| typedef struct otcrypto_ecc_curve | otcrypto_ecc_curve_t |
| Struct for ECC curve used for ECDSA / ECDH operation. More... | |
Enumerations | |
| enum | otcrypto_eddsa_sign_mode { kOtcryptoEddsaSignModeEddsa = 0xae1 , kOtcryptoEddsaSignModeHashEddsa = 0x9a6 } |
| Enum to define EdDSA mode for signature. More... | |
| enum | otcrypto_ecc_curve_type { kOtcryptoEccCurveTypeCustom = 0xbf7 , kOtcryptoEccCurveTypeNistP256 = 0xec8 , kOtcryptoEccCurveTypeNistP384 = 0x1bc , kEccCurveTypeBrainpoolP256R1 = 0xc1e } |
| Enum to define the type of elliptic curve used for the operation. More... | |
Elliptic curve operations for OpenTitan cryptography library.
Includes ECDSA, ECDH, Ed25519, and X25519.
Definition in file ecc.h.
| struct otcrypto_ecc_domain |
| Data Fields | ||
|---|---|---|
| otcrypto_const_byte_buf_t | a | |
| otcrypto_const_byte_buf_t | b | |
| uint32_t | checksum | |
| const uint32_t | cofactor | |
| const uint32_t * | gx | |
| const uint32_t * | gy | |
| otcrypto_const_byte_buf_t | p | |
| otcrypto_const_byte_buf_t | q | |
| struct otcrypto_ecc_curve |
Struct for ECC curve used for ECDSA / ECDH operation.
Values are hardened.
| Data Fields | ||
|---|---|---|
| otcrypto_ecc_curve_type_t | curve_type | |
| const otcrypto_ecc_domain_t *const | domain_parameter | |
| typedef struct otcrypto_ecc_curve otcrypto_ecc_curve_t |
Struct for ECC curve used for ECDSA / ECDH operation.
Values are hardened.
| typedef enum otcrypto_ecc_curve_type otcrypto_ecc_curve_type_t |
Enum to define the type of elliptic curve used for the operation.
Values are hardened.
| typedef enum otcrypto_eddsa_sign_mode otcrypto_eddsa_sign_mode_t |
Enum to define EdDSA mode for signature.
Values are hardened.
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_unblinded_key_t * | public_key, | ||
| const otcrypto_ecc_curve_t * | elliptic_curve, | ||
| otcrypto_blinded_key_t * | shared_secret | ||
| ) |
Performs Elliptic Curve Diffie Hellman shared secret generation.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
| private_key | Pointer to the blinded private key (d) struct. | |
| public_key | Pointer to the unblinded public key (Q) struct. | |
| elliptic_curve | Pointer to the elliptic curve to be used. | |
| [out] | shared_secret | Pointer to generated blinded shared key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_async_finalize | ( | const otcrypto_ecc_curve_t * | elliptic_curve, |
| otcrypto_blinded_key_t * | shared_secret | ||
| ) |
Finalizes the asynchronous Elliptic Curve Diffie Hellman shared secret generation.
Returns kOtcryptoStatusValueOk and copies shared_secret if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
The caller must ensure that the elliptic_curve parameter matches the one that was previously passed to the corresponding _start function; a mismatch will cause inconsistencies.
| elliptic_curve | Pointer to the elliptic curve that is being used. | |
| [out] | shared_secret | Pointer to generated blinded shared key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_async_start | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_unblinded_key_t * | public_key, | ||
| const otcrypto_ecc_curve_t * | elliptic_curve | ||
| ) |
Starts the asynchronous Elliptic Curve Diffie Hellman shared secret generation.
The domain_parameter field of the elliptic_curve is required only for a custom curve. For named curves this field is ignored and can be set to NULL.
| private_key | Pointer to the blinded private key (d) struct. |
| public_key | Pointer to the unblinded public key (Q) struct. |
| elliptic_curve | Pointer to the elliptic curve to be used. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_p256_keygen | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Generates a key pair for ECDH with curve P-256.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. For a hardware-backed key, use the private key handle returned by otcrypto_hw_backed_key. Otherwise, the mode should indicate ECDH with P-256 and the keyblob should be 80 bytes. The value in the checksum field of the blinded key struct will be populated by the key generation function.
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_p256_keygen_async_finalize | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes asynchronous key generation for ECDH/P-256.
See otcrypto_ecdh_p256_keygen for requirements on input values.
May block until the operation is complete.
The caller should ensure that the private key configuration matches that passed to the _start function.
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_p256_keygen_async_start | ( | const otcrypto_blinded_key_t * | private_key | ) |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_p384_keygen | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Generates a key pair for ECDH with curve P-384.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. For a hardware-backed key, use the private key handle returned by otcrypto_hw_backed_key. Otherwise, the mode should indicate ECDH with P-384 and the keyblob should be 112 bytes. The value in the checksum field of the blinded key struct will be populated by the key generation function.
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_p384_keygen_async_finalize | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes asynchronous key generation for ECDH/P-384.
See otcrypto_ecdh_p384_keygen for requirements on input values.
May block until the operation is complete.
The caller should ensure that the private key configuration matches that passed to the _start function.
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdh_p384_keygen_async_start | ( | const otcrypto_blinded_key_t * | private_key | ) |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p256_keygen | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Generates a key pair for ECDSA with curve P-256.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. For a hardware-backed key, use the private key handle returned by otcrypto_hw_backed_key. Otherwise, the mode should indicate ECDSA with P-256 and the keyblob should be 80 bytes. The value in the checksum field of the blinded key struct will be populated by the key generation function.
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p256_keygen_async_finalize | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes asynchronous key generation for ECDSA/P-256.
See otcrypto_ecdsa_p256_keygen for requirements on input values.
May block until the operation is complete.
The caller should ensure that the private key configuration matches that passed to the _start function.
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p256_keygen_async_start | ( | const otcrypto_blinded_key_t * | private_key | ) |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p256_sign | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| otcrypto_word32_buf_t | signature | ||
| ) |
Generates an ECDSA signature with curve P-256.
The message digest must be exactly 256 bits (32 bytes) long, but may use any hash mode. The caller is responsible for ensuring that the security strength of the hash function is at least equal to the security strength of the curve, but in some cases it may be truncated. See FIPS 186-5 for details.
| private_key | Pointer to the blinded private key (d) struct. | |
| message_digest | Message digest to be signed (pre-hashed). | |
| [out] | signature | Pointer to the signature struct with (r,s) values. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p256_sign_async_finalize | ( | otcrypto_word32_buf_t | signature | ) |
Finalizes asynchronous signature generation for ECDSA/P-256.
See otcrypto_ecdsa_p256_sign for requirements on input values.
May block until the operation is complete.
| [out] | signature | Pointer to the signature struct with (r,s) values. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p256_sign_async_start | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_hash_digest_t | message_digest | ||
| ) |
Starts asynchronous signature generation for ECDSA/P-256.
See otcrypto_ecdsa_p256_sign for requirements on input values.
| private_key | Pointer to the blinded private key (d) struct. |
| message_digest | Message digest to be signed (pre-hashed). |
| elliptic_curve | Pointer to the elliptic curve to be used. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p256_verify | ( | const otcrypto_unblinded_key_t * | public_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| otcrypto_const_word32_buf_t | signature, | ||
| hardened_bool_t * | verification_result | ||
| ) |
Verifies an ECDSA/P-256 signature.
The message digest must be exactly 256 bits (32 bytes) long, but may use any hash mode. The caller is responsible for ensuring that the security strength of the hash function is at least equal to the security strength of the curve, but in some cases it may be truncated. See FIPS 186-5 for details.
The caller must check the verification_result parameter, NOT only the returned status code, to know if the signature passed verification. The status code, as for other operations, only indicates whether errors were encountered, and may return OK even when the signature is invalid.
| public_key | Pointer to the unblinded public key (Q) struct. | |
| message_digest | Message digest to be verified (pre-hashed). | |
| signature | Pointer to the signature to be verified. | |
| [out] | verification_result | Whether the signature passed verification. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p256_verify_async_finalize | ( | otcrypto_const_word32_buf_t | signature, |
| hardened_bool_t * | verification_result | ||
| ) |
Finalizes asynchronous signature verification for ECDSA/P-256.
See otcrypto_ecdsa_p256_verify for requirements on input values.
May block until the operation is complete.
| [out] | verification_result | Whether the signature passed verification. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p256_verify_async_start | ( | const otcrypto_unblinded_key_t * | public_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| otcrypto_const_word32_buf_t | signature | ||
| ) |
Starts asynchronous signature verification for ECDSA/P-256.
See otcrypto_ecdsa_p256_verify for requirements on input values.
| public_key | Pointer to the unblinded public key (Q) struct. |
| message_digest | Message digest to be verified (pre-hashed). |
| signature | Pointer to the signature to be verified. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p384_keygen | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Generates a key pair for ECDSA with curve P-384.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. For a hardware-backed key, use the private key handle returned by otcrypto_hw_backed_key. Otherwise, the mode should indicate ECDSA with P-384 and the keyblob should be 112 bytes. The value in the checksum field of the blinded key struct will be populated by the key generation function.
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p384_keygen_async_finalize | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes asynchronous key generation for ECDSA/P-384.
See otcrypto_ecdsa_p384_keygen for requirements on input values.
May block until the operation is complete.
The caller should ensure that the private key configuration matches that passed to the _start function.
| [out] | private_key | Pointer to the blinded private key (d) struct. |
| [out] | public_key | Pointer to the unblinded public key (Q) struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p384_keygen_async_start | ( | const otcrypto_blinded_key_t * | private_key | ) |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p384_sign | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| otcrypto_word32_buf_t | signature | ||
| ) |
Generates an ECDSA signature with curve P-384.
The message digest must be exactly 384 bits (48 bytes) long, but may use any hash mode. The caller is responsible for ensuring that the security strength of the hash function is at least equal to the security strength of the curve, but in some cases it may be truncated. See FIPS 186-5 for details.
| private_key | Pointer to the blinded private key (d) struct. | |
| message_digest | Message digest to be signed (pre-hashed). | |
| [out] | signature | Pointer to the signature struct with (r,s) values. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p384_sign_async_finalize | ( | otcrypto_word32_buf_t | signature | ) |
Finalizes asynchronous signature generation for ECDSA/P-384.
See otcrypto_ecdsa_p384_sign for requirements on input values.
May block until the operation is complete.
| [out] | signature | Pointer to the signature struct with (r,s) values. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p384_sign_async_start | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_hash_digest_t | message_digest | ||
| ) |
Starts asynchronous signature generation for ECDSA/P-384.
See otcrypto_ecdsa_p384_sign for requirements on input values.
| private_key | Pointer to the blinded private key (d) struct. |
| message_digest | Message digest to be signed (pre-hashed). |
| elliptic_curve | Pointer to the elliptic curve to be used. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p384_verify | ( | const otcrypto_unblinded_key_t * | public_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| otcrypto_const_word32_buf_t | signature, | ||
| hardened_bool_t * | verification_result | ||
| ) |
Verifies an ECDSA/P-384 signature.
The message digest must be exactly 384 bits (48 bytes) long, but may use any hash mode. The caller is responsible for ensuring that the security strength of the hash function is at least equal to the security strength of the curve, but in some cases it may be truncated. See FIPS 186-5 for details.
The caller must check the verification_result parameter, NOT only the returned status code, to know if the signature passed verification. The status code, as for other operations, only indicates whether errors were encountered, and may return OK even when the signature is invalid.
| public_key | Pointer to the unblinded public key (Q) struct. | |
| message_digest | Message digest to be verified (pre-hashed). | |
| signature | Pointer to the signature to be verified. | |
| [out] | verification_result | Whether the signature passed verification. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p384_verify_async_finalize | ( | otcrypto_const_word32_buf_t | signature, |
| hardened_bool_t * | verification_result | ||
| ) |
Finalizes asynchronous signature verification for ECDSA/P-384.
See otcrypto_ecdsa_p384_verify for requirements on input values.
May block until the operation is complete.
| [out] | verification_result | Whether the signature passed verification. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ecdsa_p384_verify_async_start | ( | const otcrypto_unblinded_key_t * | public_key, |
| const otcrypto_hash_digest_t | message_digest, | ||
| otcrypto_const_word32_buf_t | signature | ||
| ) |
Starts asynchronous signature verification for ECDSA/P-384.
See otcrypto_ecdsa_p384_verify for requirements on input values.
| public_key | Pointer to the unblinded public key (Q) struct. |
| message_digest | Message digest to be verified (pre-hashed). |
| signature | Pointer to the signature to be verified. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_keygen | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Generates a new Ed25519 key pair.
Computes the private exponent (d) and public key (Q) based on Curve25519.
No domain_parameter is needed and is automatically set for Ed25519.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. The caller should indicate the length of the allocated keyblob; this function will return an error if the keyblob length does not match expectations. If the key is hardware-backed, the caller should pass a fully populated private key handle as returned by otcrypto_hw_backed_key. For non-hardware-backed keys, the keyblob should be twice the length of the key. The value in the checksum field of the blinded key struct will be populated by the key generation function.
| [out] | private_key | Pointer to the blinded private key struct. |
| [out] | public_key | Pointer to the unblinded public key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_keygen_async_finalize | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes the asynchronous key generation for Ed25519.
Returns kOtcryptoStatusValueOk and copies private key (d) and public key (Q), if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
The caller must ensure that config matches the key configuration initially passed to the _start complement of this function.
| [out] | private_key | Pointer to the blinded private key struct. |
| [out] | public_key | Pointer to the unblinded public key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_keygen_async_start | ( | const otcrypto_blinded_key_t * | private_key | ) |
Starts the asynchronous key generation for Ed25519.
Initializes OTBN and begins generating an Ed25519 key pair. The caller should set the config field of private_key with their desired key configuration options. If the key is hardware-backed, the caller should pass a fully populated private key handle such as the kind returned by otcrypto_hw_backed_key.
No domain_parameter is needed and is automatically set for X25519.
| private_key | Destination structure for private key, or key handle. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_sign | ( | const otcrypto_blinded_key_t * | private_key, |
| otcrypto_const_byte_buf_t | input_message, | ||
| otcrypto_eddsa_sign_mode_t | sign_mode, | ||
| otcrypto_word32_buf_t | signature | ||
| ) |
Generates an Ed25519 digital signature.
| private_key | Pointer to the blinded private key struct. | |
| input_message | Input message to be signed. | |
| sign_mode | Parameter for EdDSA or Hash EdDSA sign mode. | |
| [out] | signature | Pointer to the EdDSA signature with (r,s) values. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_sign_async_finalize | ( | otcrypto_word32_buf_t | signature | ) |
Finalizes the asynchronous Ed25519 digital signature generation.
Returns kOtcryptoStatusValueOk and copies the signature if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
| [out] | signature | Pointer to the EdDSA signature to get (s) value. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_sign_async_start | ( | const otcrypto_blinded_key_t * | private_key, |
| otcrypto_const_byte_buf_t | input_message, | ||
| otcrypto_eddsa_sign_mode_t | sign_mode, | ||
| otcrypto_word32_buf_t | signature | ||
| ) |
Starts the asynchronous Ed25519 digital signature generation.
Initializes OTBN and starts the OTBN routine to compute the digital signature on the input message. The domain_parameter field for Ed25519 is automatically set.
| private_key | Pointer to the blinded private key struct. | |
| input_message | Input message to be signed. | |
| sign_mode | Parameter for EdDSA or Hash EdDSA sign mode. | |
| [out] | signature | Pointer to the EdDSA signature to get (r) value. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_verify | ( | const otcrypto_unblinded_key_t * | public_key, |
| otcrypto_const_byte_buf_t | input_message, | ||
| otcrypto_eddsa_sign_mode_t | sign_mode, | ||
| otcrypto_const_word32_buf_t | signature, | ||
| hardened_bool_t * | verification_result | ||
| ) |
Verifies an Ed25519 signature.
| public_key | Pointer to the unblinded public key struct. | |
| input_message | Input message to be signed for verification. | |
| sign_mode | Parameter for EdDSA or Hash EdDSA sign mode. | |
| signature | Pointer to the signature to be verified. | |
| [out] | verification_result | Result of signature verification (Pass/Fail). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_verify_async_finalize | ( | hardened_bool_t * | verification_result | ) |
Finalizes the asynchronous Ed25519 digital signature verification.
Returns kOtcryptoStatusValueOk and populates the verification result with a PASS or FAIL, if the OTBN status is done, kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
| [out] | verification_result | Result of signature verification (Pass/Fail). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_ed25519_verify_async_start | ( | const otcrypto_unblinded_key_t * | public_key, |
| otcrypto_const_byte_buf_t | input_message, | ||
| otcrypto_eddsa_sign_mode_t | sign_mode, | ||
| otcrypto_const_word32_buf_t | signature | ||
| ) |
Starts the asynchronous Ed25519 digital signature verification.
Initializes OTBN and starts the OTBN routine to verify the signature. The domain_parameter for Ed25519 is set automatically.
| public_key | Pointer to the unblinded public key struct. |
| input_message | Input message to be signed for verification. |
| sign_mode | Parameter for EdDSA or Hash EdDSA sign mode. |
| signature | Pointer to the signature to be verified. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519 | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_unblinded_key_t * | public_key, | ||
| otcrypto_blinded_key_t * | shared_secret | ||
| ) |
Performs the X25519 Diffie Hellman shared secret generation.
| private_key | Pointer to blinded private key (u-coordinate). | |
| public_key | Pointer to the public scalar from the sender. | |
| [out] | shared_secret | Pointer to shared secret key (u-coordinate). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_async_finalize | ( | otcrypto_blinded_key_t * | shared_secret | ) |
Finalizes the asynchronous X25519 Diffie Hellman shared secret generation.
Returns kOtcryptoStatusValueOk and copies shared_secret if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
| [out] | shared_secret | Pointer to shared secret key (u-coordinate). |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_async_start | ( | const otcrypto_blinded_key_t * | private_key, |
| const otcrypto_unblinded_key_t * | public_key | ||
| ) |
Starts the asynchronous X25519 Diffie Hellman shared secret generation.
Initializes OTBN and starts the OTBN routine to perform Diffie Hellman shared secret generation based on Curve25519. The domain parameter is automatically set for X25519 API.
| private_key | Pointer to the blinded private key (u-coordinate). |
| public_key | Pointer to the public scalar from the sender. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_keygen | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Generates a new key pair for X25519 key exchange.
Computes the private scalar (d) and public key (Q) based on Curve25519.
No domain_parameter is needed and is automatically set for X25519.
The caller should allocate and partially populate the blinded key struct, including populating the key configuration and allocating space for the keyblob. The caller should indicate the length of the allocated keyblob; this function will return an error if the keyblob length does not match expectations. If the key is hardware-backed, the caller should pass a fully populated private key handle as returned by otcrypto_hw_backed_key. For non-hardware-backed keys, the keyblob should be twice the length of the key. The value in the checksum field of the blinded key struct will be populated by the key generation function.
| [out] | private_key | Pointer to the blinded private key struct. |
| [out] | public_key | Pointer to the unblinded public key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_keygen_async_finalize | ( | otcrypto_blinded_key_t * | private_key, |
| otcrypto_unblinded_key_t * | public_key | ||
| ) |
Finalizes the asynchronous key generation for X25519.
Returns kOtcryptoStatusValueOk and copies private key (d) and public key (Q), if the OTBN status is done, or kOtcryptoStatusValueAsyncIncomplete if the OTBN is busy or kOtcryptoStatusValueInternalError if there is an error.
The caller must ensure that config matches the key configuration initially passed to the _start complement of this function.
| [out] | private_key | Pointer to the blinded private key struct. |
| [out] | public_key | Pointer to the unblinded public key struct. |
| OT_WARN_UNUSED_RESULT otcrypto_status_t otcrypto_x25519_keygen_async_start | ( | const otcrypto_blinded_key_t * | private_key | ) |
Starts the asynchronous key generation for X25519.
Initializes OTBN and begins generating an X25519 key pair. The caller should set the config field of private_key with their desired key configuration options. If the key is hardware-backed, the caller should pass a fully populated private key handle such as the kind returned by otcrypto_hw_backed_key.
No domain_parameter is needed and is automatically set for X25519.
| private_key | Destination structure for private key, or key handle. |