* cipher/dilithium.c (dilithium_keypair, dilithium_sign) (dilithium_verify): New. * cipher/dilithium.h: Likewise.
-- GnuPG-bug-id: 7640 Signed-off-by: NIIBE Yutaka <gni...@fsij.org> --- cipher/dilithium.c | 96 ++++++++++++++++++++++++++++++++++++++++++++++ cipher/dilithium.h | 19 +++++++++ 2 files changed, 115 insertions(+)
diff --git a/cipher/dilithium.c b/cipher/dilithium.c index 452c1b26..955feb2a 100644 --- a/cipher/dilithium.c +++ b/cipher/dilithium.c @@ -120,6 +120,102 @@ static int crypto_sign_verify_internal_5 (const uint8_t *sig, size_t siglen, const uint8_t *pre, size_t prelen, const uint8_t *pk); +int +dilithium_keypair (int algo, uint8_t *pk, uint8_t *sk, + const uint8_t seed[SEEDBYTES]) +{ + switch (algo) + { + case GCRY_MLDSA44: + return crypto_sign_keypair_internal_2 (pk, sk, seed); + case GCRY_MLDSA65: + default: + return crypto_sign_keypair_internal_3 (pk, sk, seed); + case GCRY_MLDSA87: + return crypto_sign_keypair_internal_5 (pk, sk, seed); + } +} + +int +dilithium_sign (int algo, uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk, const uint8_t rnd[RNDBYTES]) +{ + size_t i; + uint8_t pre[257]; + size_t prelen; + + if (ctx == NULL && ctxlen == -1) + prelen = 0; + else + { + /* Prepare pre = (0, ctxlen, ctx) */ + pre[0] = 0; + pre[1] = ctxlen; + for(i = 0; i < ctxlen; i++) + pre[2 + i] = ctx[i]; + prelen = 2 + ctxlen; + } + + switch (algo) + { + case GCRY_MLDSA44: + if (siglen != CRYPTO_BYTES_2) + return -1; + return crypto_sign_signature_internal_2 (sig, &siglen, m, mlen, + pre, prelen, rnd, sk); + case GCRY_MLDSA65: + default: + if (siglen != CRYPTO_BYTES_3) + return -1; + return crypto_sign_signature_internal_3 (sig, &siglen, m, mlen, + pre, prelen, rnd, sk); + case GCRY_MLDSA87: + if (siglen != CRYPTO_BYTES_5) + return -1; + return crypto_sign_signature_internal_5 (sig, &siglen, m, mlen, + pre, prelen, rnd, sk); + } +} + +int +dilithium_verify (int algo, const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk) +{ + size_t i; + uint8_t pre[257]; + size_t prelen; + + if (ctx == NULL && ctxlen == -1) + prelen = 0; + else + { + /* Prepare pre = (0, ctxlen, ctx) */ + pre[0] = 0; + pre[1] = ctxlen; + for(i = 0; i < ctxlen; i++) + pre[2 + i] = ctx[i]; + prelen = 2 + ctxlen; + } + + switch (algo) + { + case GCRY_MLDSA44: + return crypto_sign_verify_internal_2 (sig, siglen, m, mlen, + pre, prelen, pk); + case GCRY_MLDSA65: + default: + return crypto_sign_verify_internal_3 (sig, siglen, m, mlen, + pre, prelen, pk); + case GCRY_MLDSA87: + return crypto_sign_verify_internal_5 (sig, siglen, m, mlen, + pre, prelen, pk); + } +} + typedef struct { gcry_md_hd_t h; } keccak_state; diff --git a/cipher/dilithium.h b/cipher/dilithium.h index 7d3c9572..03a095c7 100644 --- a/cipher/dilithium.h +++ b/cipher/dilithium.h @@ -53,6 +53,25 @@ #define SEEDBYTES 32 #define RNDBYTES 32 +#ifdef _GCRYPT_IN_LIBGCRYPT +/**** Start of the glue code to libgcrypt ****/ +#define dilithium_keypair _gcry_mldsa_keypair +#define dilithium_encap _gcry_mldsa_encap +#define dilithium_decap _gcry_mldsa_decap +/**** End of the glue code ****/ + +int dilithium_keypair (int algo, uint8_t *pk, uint8_t *sk, + const uint8_t seed[SEEDBYTES]); +int dilithium_sign (int algo, uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *sk, const uint8_t rnd[RNDBYTES]); +int dilithium_verify (int algo, const uint8_t *sig, size_t siglen, + const uint8_t *m, size_t mlen, + const uint8_t *ctx, size_t ctxlen, + const uint8_t *pk); +#endif + #if defined(DILITHIUM_MODE) #ifndef DILITHIUM_INTERNAL_API_ONLY int crypto_sign_keypair (uint8_t *pk, uint8_t *sk);
_______________________________________________ Gcrypt-devel mailing list Gcrypt-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gcrypt-devel