include/dice/boringssl_mldsa_utils.h - open-dice - Git at Google

 // Copyright 2026 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
 // use this file except in compliance with the License. You may obtain a copy of
 // the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 // License for the specific language governing permissions and limitations under
 // the License.

 #ifndef DICE_BORINGSSL_MLDSA_UTILS_H_
 #define DICE_BORINGSSL_MLDSA_UTILS_H_

 #include <stddef.h>
 #include <stdint.h>

 #include "dice/dice.h"

 #ifdef __cplusplus
 extern "C" {
 #endif

 #define MLDSA65_PRIVATE_KEY_SIZE 32
 #define MLDSA65_PUBLIC_KEY_SIZE 1952
 #define MLDSA65_SIGNATURE_SIZE 3309

 // Deterministically generates a public and private key pair from |seed|.
 // This implementation keeps the seed representation for private key and hence
 // |seed| is the same as private key and, if needed, can be used directly as
 // the private key. The |private_key| may use the expanded format so may only
 // be passed to the |sign| operation.
 int Mldsa65KeypairFromSeed(uint8_t public_key[MLDSA65_PUBLIC_KEY_SIZE],
                            uint8_t private_key[MLDSA65_PRIVATE_KEY_SIZE],
                            const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]);

 // Calculates a signature of |message_size| bytes from |message| using
 // |private_key|. |private_key| was generated by |keypair_from_seed| to allow
 // an implementation to use their own private key format. |signature| points to
 // the buffer where the calculated signature is written.
 int Mldsa65Sign(uint8_t signature[MLDSA65_SIGNATURE_SIZE],
                 const uint8_t* message, size_t message_size,
                 const uint8_t private_key[MLDSA65_PRIVATE_KEY_SIZE]);

 // Verifies, using |public_key|, that |signature| covers |message_size| bytes
 // from |message|.
 int Mldsa65Verify(const uint8_t* message, size_t message_size,
                   const uint8_t signature[MLDSA65_SIGNATURE_SIZE],
                   const uint8_t public_key[MLDSA65_PUBLIC_KEY_SIZE]);

 #define MLDSA87_PRIVATE_KEY_SIZE 32
 #define MLDSA87_PUBLIC_KEY_SIZE 2592
 #define MLDSA87_SIGNATURE_SIZE 4627

 // Deterministically generates a public and private key pair from |seed|.
 // This implementation keeps the seed representation for private key and hence
 // |seed| is the same as private key and, if needed, can be used directly as
 // the private key. The |private_key| may use the expanded format so may only
 // be passed to the |sign| operation.
 int Mldsa87KeypairFromSeed(uint8_t public_key[MLDSA87_PUBLIC_KEY_SIZE],
                            uint8_t private_key[MLDSA87_PRIVATE_KEY_SIZE],
                            const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]);

 // Calculates a signature of |message_size| bytes from |message| using
 // |private_key|. |private_key| was generated by |keypair_from_seed| to allow
 // an implementation to use their own private key format. |signature| points to
 // the buffer where the calculated signature is written.
 int Mldsa87Sign(uint8_t signature[MLDSA87_SIGNATURE_SIZE],
                 const uint8_t* message, size_t message_size,
                 const uint8_t private_key[MLDSA87_PRIVATE_KEY_SIZE]);

 // Verifies, using |public_key|, that |signature| covers |message_size| bytes
 // from |message|.
 int Mldsa87Verify(const uint8_t* message, size_t message_size,
                   const uint8_t signature[MLDSA87_SIGNATURE_SIZE],
                   const uint8_t public_key[MLDSA87_PUBLIC_KEY_SIZE]);

 #ifdef __cplusplus
 }  // extern "C"
 #endif

 #endif  // DICE_BORINGSSL_MLDSA_UTILS_H_
	// Copyright 2026 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License"); you may not
	// use this file except in compliance with the License. You may obtain a copy of
	// the License at
	//
	// https://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	// License for the specific language governing permissions and limitations under
	// the License.

	#ifndef DICE_BORINGSSL_MLDSA_UTILS_H_
	#define DICE_BORINGSSL_MLDSA_UTILS_H_

	#include <stddef.h>
	#include <stdint.h>

	#include "dice/dice.h"

	#ifdef __cplusplus
	extern "C" {
	#endif

	#define MLDSA65_PRIVATE_KEY_SIZE 32
	#define MLDSA65_PUBLIC_KEY_SIZE 1952
	#define MLDSA65_SIGNATURE_SIZE 3309

	// Deterministically generates a public and private key pair from \|seed\|.
	// This implementation keeps the seed representation for private key and hence
	// \|seed\| is the same as private key and, if needed, can be used directly as
	// the private key. The \|private_key\| may use the expanded format so may only
	// be passed to the \|sign\| operation.
	int Mldsa65KeypairFromSeed(uint8_t public_key[MLDSA65_PUBLIC_KEY_SIZE],
	uint8_t private_key[MLDSA65_PRIVATE_KEY_SIZE],
	const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]);

	// Calculates a signature of \|message_size\| bytes from \|message\| using
	// \|private_key\|. \|private_key\| was generated by \|keypair_from_seed\| to allow
	// an implementation to use their own private key format. \|signature\| points to
	// the buffer where the calculated signature is written.
	int Mldsa65Sign(uint8_t signature[MLDSA65_SIGNATURE_SIZE],
	const uint8_t* message, size_t message_size,
	const uint8_t private_key[MLDSA65_PRIVATE_KEY_SIZE]);

	// Verifies, using \|public_key\|, that \|signature\| covers \|message_size\| bytes
	// from \|message\|.
	int Mldsa65Verify(const uint8_t* message, size_t message_size,
	const uint8_t signature[MLDSA65_SIGNATURE_SIZE],
	const uint8_t public_key[MLDSA65_PUBLIC_KEY_SIZE]);

	#define MLDSA87_PRIVATE_KEY_SIZE 32
	#define MLDSA87_PUBLIC_KEY_SIZE 2592
	#define MLDSA87_SIGNATURE_SIZE 4627

	// Deterministically generates a public and private key pair from \|seed\|.
	// This implementation keeps the seed representation for private key and hence
	// \|seed\| is the same as private key and, if needed, can be used directly as
	// the private key. The \|private_key\| may use the expanded format so may only
	// be passed to the \|sign\| operation.
	int Mldsa87KeypairFromSeed(uint8_t public_key[MLDSA87_PUBLIC_KEY_SIZE],
	uint8_t private_key[MLDSA87_PRIVATE_KEY_SIZE],
	const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]);

	// Calculates a signature of \|message_size\| bytes from \|message\| using
	// \|private_key\|. \|private_key\| was generated by \|keypair_from_seed\| to allow
	// an implementation to use their own private key format. \|signature\| points to
	// the buffer where the calculated signature is written.
	int Mldsa87Sign(uint8_t signature[MLDSA87_SIGNATURE_SIZE],
	const uint8_t* message, size_t message_size,
	const uint8_t private_key[MLDSA87_PRIVATE_KEY_SIZE]);

	// Verifies, using \|public_key\|, that \|signature\| covers \|message_size\| bytes
	// from \|message\|.
	int Mldsa87Verify(const uint8_t* message, size_t message_size,
	const uint8_t signature[MLDSA87_SIGNATURE_SIZE],
	const uint8_t public_key[MLDSA87_PUBLIC_KEY_SIZE]);

	#ifdef __cplusplus
	} // extern "C"
	#endif

	#endif // DICE_BORINGSSL_MLDSA_UTILS_H_