Software APIs
ed25519.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_ED25519_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_ED25519_H_
7 
8 #include "datatypes.h"
9 
10 /**
11  * @file
12  * @brief Ed25519 operations for OpenTitan cryptography library.
13  */
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif // __cplusplus
18 
19 /**
20  * Hashing mode for EdDSA signatures.
21  *
22  * Values are hardened.
23  */
24 typedef enum otcrypto_eddsa_sign_mode {
25  // Signature mode EdDSA.
26  kOtcryptoEddsaSignModeEddsa = 0xae1,
27  // Signature mode Hashed EdDSA.
28  kOtcryptoEddsaSignModeHashEddsa = 0x9a6,
29 } otcrypto_eddsa_sign_mode_t;
30 
31 /**
32  * Generates a key pair for Ed25519.
33  *
34  * The caller should allocate and partially populate the blinded key struct,
35  * including populating the key configuration and allocating space for the
36  * keyblob. For a hardware-backed key, use the private key handle returned by
37  * `otcrypto_hw_backed_key`. Otherwise, the mode should indicate Ed25519 and the
38  * keyblob should be 80 bytes. The value in the `checksum` field of the blinded
39  * key struct will be populated by the key generation function.
40  *
41  * @param[out] private_key Pointer to the blinded private key struct.
42  * @param[out] public_key Pointer to the unblinded public key struct.
43  * @return Result of the Ed25519 key generation.
44  */
45 OT_WARN_UNUSED_RESULT
46 otcrypto_status_t otcrypto_ed25519_keygen(otcrypto_blinded_key_t *private_key,
47  otcrypto_unblinded_key_t *public_key);
48 
49 /**
50  * Generates an Ed25519 digital signature.
51  *
52  * @param private_key Pointer to the blinded private key struct.
53  * @param input_message Input message to be signed.
54  * @param sign_mode EdDSA signature hashing mode.
55  * @param[out] signature Pointer to the EdDSA signature with (r,s) values.
56  * @return Result of the Ed25519 signature generation.
57  */
58 OT_WARN_UNUSED_RESULT
59 otcrypto_status_t otcrypto_ed25519_sign(
60  const otcrypto_blinded_key_t *private_key,
61  otcrypto_const_byte_buf_t input_message,
62  otcrypto_eddsa_sign_mode_t sign_mode, otcrypto_word32_buf_t signature);
63 
64 /**
65  * Verifies an Ed25519 signature.
66  *
67  * The caller must check the `verification_result` parameter, NOT only the
68  * returned status code, to know if the signature passed verification. The
69  * status code, as for other operations, only indicates whether errors were
70  * encountered, and may return OK even when the signature is invalid.
71  *
72  * @param public_key Pointer to the unblinded public key struct.
73  * @param input_message Input message to be signed for verification.
74  * @param sign_mode EdDSA signature hashing mode.
75  * @param signature Pointer to the signature to be verified.
76  * @param[out] verification_result Whether the signature passed verification.
77  * @return Result of the Ed25519 verification operation.
78  */
79 OT_WARN_UNUSED_RESULT
80 otcrypto_status_t otcrypto_ed25519_verify(
81  const otcrypto_unblinded_key_t *public_key,
82  otcrypto_const_byte_buf_t input_message,
83  otcrypto_eddsa_sign_mode_t sign_mode, otcrypto_const_word32_buf_t signature,
84  hardened_bool_t *verification_result);
85 
86 /**
87  * Starts asynchronous key generation for Ed25519.
88  *
89  * See `otcrypto_ed25519_keygen` for requirements on input values.
90  *
91  * @param private_key Destination structure for private key, or key handle.
92  * @return Result of asynchronous Ed25519 keygen start operation.
93  */
94 OT_WARN_UNUSED_RESULT
95 otcrypto_status_t otcrypto_ed25519_keygen_async_start(
96  const otcrypto_blinded_key_t *private_key);
97 
98 /**
99  * Finalizes asynchronous key generation for Ed25519.
100  *
101  * See `otcrypto_ed25519_keygen` for requirements on input values.
102  *
103  * May block until the operation is complete.
104  *
105  * The caller should ensure that the private key configuration matches that
106  * passed to the `_start` function.
107  *
108  * @param[out] private_key Pointer to the blinded private key struct.
109  * @param[out] public_key Pointer to the unblinded public key struct.
110  * @return Result of asynchronous ed25519 keygen finalize operation.
111  */
112 OT_WARN_UNUSED_RESULT
113 otcrypto_status_t otcrypto_ed25519_keygen_async_finalize(
114  otcrypto_blinded_key_t *private_key, otcrypto_unblinded_key_t *public_key);
115 
116 /**
117  * Starts asynchronous signature generation for Ed25519.
118  *
119  * See `otcrypto_ed25519_sign` for requirements on input values.
120  *
121  * @param private_key Pointer to the blinded private key struct.
122  * @param input_message Input message to be signed.
123  * @param sign_mode EdDSA signature hashing mode.
124  * @param[out] signature Pointer to the EdDSA signature to get (r) value.
125  * @return Result of async Ed25519 start operation.
126  */
127 OT_WARN_UNUSED_RESULT
128 otcrypto_status_t otcrypto_ed25519_sign_async_start(
129  const otcrypto_blinded_key_t *private_key,
130  otcrypto_const_byte_buf_t input_message,
131  otcrypto_eddsa_sign_mode_t sign_mode, otcrypto_word32_buf_t signature);
132 
133 /**
134  * Finalizes asynchronous signature generation for Ed25519.
135  *
136  * See `otcrypto_ecdsa_p256_sign` for requirements on input values.
137  *
138  * May block until the operation is complete.
139  *
140  * @param[out] signature Pointer to the EdDSA signature to get (s) value.
141  * @return Result of async Ed25519 finalize operation.
142  */
143 OT_WARN_UNUSED_RESULT
144 otcrypto_status_t otcrypto_ed25519_sign_async_finalize(
145  otcrypto_word32_buf_t signature);
146 
147 /**
148  * Starts asynchronous signature verification for Ed25519.
149  *
150  * See `otcrypto_ecdsa_p256_verify` for requirements on input values.
151  *
152  * @param public_key Pointer to the unblinded public key struct.
153  * @param input_message Input message to be signed for verification.
154  * @param sign_mode EdDSA signature hashing mode.
155  * @param signature Pointer to the signature to be verified.
156  * @return Result of async Ed25519 verification start operation.
157  */
158 OT_WARN_UNUSED_RESULT
159 otcrypto_status_t otcrypto_ed25519_verify_async_start(
160  const otcrypto_unblinded_key_t *public_key,
161  otcrypto_const_byte_buf_t input_message,
162  otcrypto_eddsa_sign_mode_t sign_mode,
163  otcrypto_const_word32_buf_t signature);
164 
165 /**
166  * Finalizes asynchronous signature verification for Ed25519.
167  *
168  * See `otcrypto_ecdsa_p256_verify` for requirements on input values.
169  *
170  * May block until the operation is complete.
171  *
172  * The caller must check the `verification_result` parameter, NOT only the
173  * returned status code, to know if the signature passed verification. The
174  * status code, as for other operations, only indicates whether errors were
175  * encountered, and may return OK even when the signature is invalid.
176  *
177  * @param[out] verification_result Whether the signature passed verification.
178  * @return Result of async Ed25519 verification finalize operation.
179  */
180 OT_WARN_UNUSED_RESULT
181 otcrypto_status_t otcrypto_ed25519_verify_async_finalize(
182  hardened_bool_t *verification_result);
183 
184 #ifdef __cplusplus
185 } // extern "C"
186 #endif // __cplusplus
187 
188 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_ED25519_H_
Return to OpenTitan Documentation