Software APIs
verify.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 //
5 // Derived from code in the SPHINCS+ reference implementation (CC0 license):
6 // https://github.com/sphincs/sphincsplus/blob/ed15dd78658f63288c7492c00260d86154b84637/ref/api.h
7 
8 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_SPHINCSPLUS_VERIFY_H_
9 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_SPHINCSPLUS_VERIFY_H_
10 
11 #include <stddef.h>
12 #include <stdint.h>
13 
14 #include "sw/device/lib/base/macros.h"
15 #include "sw/device/silicon_creator/lib/error.h"
16 #include "sw/device/silicon_creator/lib/sigverify/sphincsplus/params.h"
17 
18 #ifdef __cplusplus
19 extern "C" {
20 #endif
21 
22 enum {
23  /**
24  * Size of SPHINCS+ root node.
25  */
26  kSpxVerifyRootNumWords = kSpxNWords,
27  /**
28  * Size of SPHINCS+ signature in bytes.
29  */
30  kSpxVerifySigBytes = kSpxBytes,
31  /**
32  * Size of SPHINCS+ signature in words.
33  */
34  kSpxVerifySigWords = kSpxBytes / sizeof(uint32_t),
35  /**
36  * Size of SPHINCS+ public key in bytes.
37  */
38  kSpxVerifyPkBytes = kSpxPkBytes,
39  /**
40  * Size of SPHINCS+ public key in words.
41  */
42  kSpxVerifyPkWords = kSpxPkWords,
43 };
44 
45 /**
46  * Computes the root for a signature and message under a given public key.
47  *
48  * The signature is valid if the computed root matches the root from the public
49  * key; the final comparison is left to the caller.
50  *
51  * @param sig Input signature (`kSpxVerifySigBytes` bytes long).
52  * @param msg_prefix_1 Optional message prefix.
53  * @param msg_prefix_1_len Length of the first prefix.
54  * @param msg_prefix_2 Optional message prefix.
55  * @param msg_prefix_2_len Length of the second prefix.
56  * @param msg_prefix_3 Optional message prefix.
57  * @param msg_prefix_3_len Length of the third prefix.
58  * @param msg Input message.
59  * @param msg_len Legth of message (bytes).
60  * @param pk Public key (`kSpxVerifyPkBytes` bytes long).
61  * @param[out] root Buffer for computed tree root (`kSpxVerifyRootNumWords`
62  * words long).
63  * @return Error code indicating if the operation succeeded.
64  */
65 OT_WARN_UNUSED_RESULT
66 rom_error_t spx_verify(const uint32_t *sig, const uint8_t *msg_prefix_1,
67  size_t msg_prefix_1_len, const uint8_t *msg_prefix_2,
68  size_t msg_prefix_2_len, const uint8_t *msg_prefix_3,
69  size_t msg_prefix_3_len, const uint8_t *msg,
70  size_t msg_len, const uint32_t *pk, uint32_t *root);
71 
72 /**
73  * Extract the public key root.
74  *
75  * @param pk Public key (`kSpxVerifyPkBytes` bytes long).
76  * @param[out] root Buffer for the public key root (`kSpxVerifyRootNumWords`
77  * words long).
78  */
79 void spx_public_key_root(const uint32_t *pk, uint32_t *root);
80 
81 #ifdef __cplusplus
82 }
83 #endif
84 
85 #endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_SPHINCSPLUS_VERIFY_H_
Return to OpenTitan Documentation