blob: bcc32aa29e1ae16eb922803bf9889402edf67544 [file] [log] [blame]
// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
// use this file except in compliance with the License. You may obtain a copy of
// the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// License for the specific language governing permissions and limitations under
// the License.
#ifndef DICE_BORINGSSL_ECDSA_UTILS_H_
#define DICE_BORINGSSL_ECDSA_UTILS_H_
#include <stddef.h>
#include <stdint.h>
#include "dice/dice.h"
#ifdef __cplusplus
extern "C" {
#endif
#define P256_PRIVATE_KEY_SIZE 32
#define P256_PUBLIC_KEY_SIZE 64
#define P256_SIGNATURE_SIZE 64
// Deterministically generates a public and private key pair from |seed|.
// Since this is deterministic, |seed| is as sensitive as a private key and can
// be used directly as the private key. The |private_key| may use an
// implementation defined format so may only be passed to the |sign| operation.
int P256KeypairFromSeed(uint8_t public_key[P256_PUBLIC_KEY_SIZE],
uint8_t private_key[P256_PRIVATE_KEY_SIZE],
const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]);
// Calculates a signature of |message_size| bytes from |message| using
// |private_key|. |private_key| was generated by |keypair_from_seed| to allow
// an implementation to use their own private key format. |signature| points to
// the buffer where the calculated signature is written.
int P256Sign(uint8_t signature[P256_SIGNATURE_SIZE], const uint8_t* message,
size_t message_size,
const uint8_t private_key[P256_PRIVATE_KEY_SIZE]);
// Verifies, using |public_key|, that |signature| covers |message_size| bytes
// from |message|.
int P256Verify(const uint8_t* message, size_t message_size,
const uint8_t signature[P256_SIGNATURE_SIZE],
const uint8_t public_key[P256_PUBLIC_KEY_SIZE]);
#define P384_PRIVATE_KEY_SIZE 48
#define P384_PUBLIC_KEY_SIZE 96
#define P384_SIGNATURE_SIZE 96
// Deterministically generates a public and private key pair from |seed|.
// Since this is deterministic, |seed| is as sensitive as a private key and can
// be used directly as the private key. The |private_key| may use an
// implementation defined format so may only be passed to the |sign| operation.
int P384KeypairFromSeed(uint8_t public_key[P384_PUBLIC_KEY_SIZE],
uint8_t private_key[P384_PRIVATE_KEY_SIZE],
const uint8_t seed[DICE_PRIVATE_KEY_SEED_SIZE]);
// Calculates a signature of |message_size| bytes from |message| using
// |private_key|. |private_key| was generated by |keypair_from_seed| to allow
// an implementation to use their own private key format. |signature| points to
// the buffer where the calculated signature is written.
int P384Sign(uint8_t signature[P384_SIGNATURE_SIZE], const uint8_t* message,
size_t message_size,
const uint8_t private_key[P384_PRIVATE_KEY_SIZE]);
// Verifies, using |public_key|, that |signature| covers |message_size| bytes
// from |message|.
int P384Verify(const uint8_t* message, size_t message_size,
const uint8_t signature[P384_SIGNATURE_SIZE],
const uint8_t public_key[P384_PUBLIC_KEY_SIZE]);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // DICE_BORINGSSL_ECDSA_UTILS_H_