1*8fb009dcSAndroid Build Coastguard Worker /* Copyright (c) 2023, Google LLC 2*8fb009dcSAndroid Build Coastguard Worker * 3*8fb009dcSAndroid Build Coastguard Worker * Permission to use, copy, modify, and/or distribute this software for any 4*8fb009dcSAndroid Build Coastguard Worker * purpose with or without fee is hereby granted, provided that the above 5*8fb009dcSAndroid Build Coastguard Worker * copyright notice and this permission notice appear in all copies. 6*8fb009dcSAndroid Build Coastguard Worker * 7*8fb009dcSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8*8fb009dcSAndroid Build Coastguard Worker * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9*8fb009dcSAndroid Build Coastguard Worker * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10*8fb009dcSAndroid Build Coastguard Worker * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11*8fb009dcSAndroid Build Coastguard Worker * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12*8fb009dcSAndroid Build Coastguard Worker * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13*8fb009dcSAndroid Build Coastguard Worker * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14*8fb009dcSAndroid Build Coastguard Worker 15*8fb009dcSAndroid Build Coastguard Worker #ifndef OPENSSL_HEADER_SPX_H 16*8fb009dcSAndroid Build Coastguard Worker #define OPENSSL_HEADER_SPX_H 17*8fb009dcSAndroid Build Coastguard Worker 18*8fb009dcSAndroid Build Coastguard Worker #include <openssl/base.h> 19*8fb009dcSAndroid Build Coastguard Worker 20*8fb009dcSAndroid Build Coastguard Worker #if defined(__cplusplus) 21*8fb009dcSAndroid Build Coastguard Worker extern "C" { 22*8fb009dcSAndroid Build Coastguard Worker #endif 23*8fb009dcSAndroid Build Coastguard Worker 24*8fb009dcSAndroid Build Coastguard Worker 25*8fb009dcSAndroid Build Coastguard Worker #if defined(OPENSSL_UNSTABLE_EXPERIMENTAL_SPX) 26*8fb009dcSAndroid Build Coastguard Worker // This header implements experimental, draft versions of not-yet-standardized 27*8fb009dcSAndroid Build Coastguard Worker // primitives. When the standard is complete, these functions will be removed 28*8fb009dcSAndroid Build Coastguard Worker // and replaced with the final, incompatible standard version. They are 29*8fb009dcSAndroid Build Coastguard Worker // available now for short-lived experiments, but must not be deployed anywhere 30*8fb009dcSAndroid Build Coastguard Worker // durable, such as a long-lived key store. To use these functions define 31*8fb009dcSAndroid Build Coastguard Worker // OPENSSL_UNSTABLE_EXPERIMENTAL_SPX 32*8fb009dcSAndroid Build Coastguard Worker 33*8fb009dcSAndroid Build Coastguard Worker // SPX_N is the number of bytes in the hash output 34*8fb009dcSAndroid Build Coastguard Worker #define SPX_N 16 35*8fb009dcSAndroid Build Coastguard Worker 36*8fb009dcSAndroid Build Coastguard Worker // SPX_PUBLIC_KEY_BYTES is the nNumber of bytes in the public key of 37*8fb009dcSAndroid Build Coastguard Worker // SPHINCS+-SHA2-128s 38*8fb009dcSAndroid Build Coastguard Worker #define SPX_PUBLIC_KEY_BYTES 32 39*8fb009dcSAndroid Build Coastguard Worker 40*8fb009dcSAndroid Build Coastguard Worker // SPX_SECRET_KEY_BYTES is the number of bytes in the private key of 41*8fb009dcSAndroid Build Coastguard Worker // SPHINCS+-SHA2-128s 42*8fb009dcSAndroid Build Coastguard Worker #define SPX_SECRET_KEY_BYTES 64 43*8fb009dcSAndroid Build Coastguard Worker 44*8fb009dcSAndroid Build Coastguard Worker // SPX_SIGNATURE_BYTES is the number of bytes in a signature of 45*8fb009dcSAndroid Build Coastguard Worker // SPHINCS+-SHA2-128s 46*8fb009dcSAndroid Build Coastguard Worker #define SPX_SIGNATURE_BYTES 7856 47*8fb009dcSAndroid Build Coastguard Worker 48*8fb009dcSAndroid Build Coastguard Worker // SPX_generate_key generates a SPHINCS+-SHA2-128s key pair and writes the 49*8fb009dcSAndroid Build Coastguard Worker // result to |out_public_key| and |out_secret_key|. 50*8fb009dcSAndroid Build Coastguard Worker // Private key: SK.seed || SK.prf || PK.seed || PK.root 51*8fb009dcSAndroid Build Coastguard Worker // Public key: PK.seed || PK.root 52*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void SPX_generate_key( 53*8fb009dcSAndroid Build Coastguard Worker uint8_t out_public_key[SPX_PUBLIC_KEY_BYTES], 54*8fb009dcSAndroid Build Coastguard Worker uint8_t out_secret_key[SPX_SECRET_KEY_BYTES]); 55*8fb009dcSAndroid Build Coastguard Worker 56*8fb009dcSAndroid Build Coastguard Worker // SPX_generate_key_from_seed generates a SPHINCS+-SHA2-128s key pair from a 57*8fb009dcSAndroid Build Coastguard Worker // 48-byte seed and writes the result to |out_public_key| and |out_secret_key|. 58*8fb009dcSAndroid Build Coastguard Worker // Secret key: SK.seed || SK.prf || PK.seed || PK.root 59*8fb009dcSAndroid Build Coastguard Worker // Public key: PK.seed || PK.root 60*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void SPX_generate_key_from_seed( 61*8fb009dcSAndroid Build Coastguard Worker uint8_t out_public_key[SPX_PUBLIC_KEY_BYTES], 62*8fb009dcSAndroid Build Coastguard Worker uint8_t out_secret_key[SPX_SECRET_KEY_BYTES], 63*8fb009dcSAndroid Build Coastguard Worker const uint8_t seed[3 * SPX_N]); 64*8fb009dcSAndroid Build Coastguard Worker 65*8fb009dcSAndroid Build Coastguard Worker // SPX_sign generates a SPHINCS+-SHA2-128s signature over |msg| or length 66*8fb009dcSAndroid Build Coastguard Worker // |msg_len| using |secret_key| and writes the output to |out_signature|. 67*8fb009dcSAndroid Build Coastguard Worker // 68*8fb009dcSAndroid Build Coastguard Worker // if |randomized| is 0, deterministic signing is performed, otherwise, 69*8fb009dcSAndroid Build Coastguard Worker // non-deterministic signing is performed. 70*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void SPX_sign( 71*8fb009dcSAndroid Build Coastguard Worker uint8_t out_snignature[SPX_SIGNATURE_BYTES], 72*8fb009dcSAndroid Build Coastguard Worker const uint8_t secret_key[SPX_SECRET_KEY_BYTES], const uint8_t *msg, 73*8fb009dcSAndroid Build Coastguard Worker size_t msg_len, int randomized); 74*8fb009dcSAndroid Build Coastguard Worker 75*8fb009dcSAndroid Build Coastguard Worker // SPX_verify verifies a SPHINCS+-SHA2-128s signature in |signature| over |msg| 76*8fb009dcSAndroid Build Coastguard Worker // or length |msg_len| using |public_key|. 1 is returned if the signature 77*8fb009dcSAndroid Build Coastguard Worker // matches, 0 otherwise. 78*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int SPX_verify( 79*8fb009dcSAndroid Build Coastguard Worker const uint8_t signature[SPX_SIGNATURE_BYTES], 80*8fb009dcSAndroid Build Coastguard Worker const uint8_t public_key[SPX_SECRET_KEY_BYTES], const uint8_t *msg, 81*8fb009dcSAndroid Build Coastguard Worker size_t msg_len); 82*8fb009dcSAndroid Build Coastguard Worker 83*8fb009dcSAndroid Build Coastguard Worker #endif //OPENSSL_UNSTABLE_EXPERIMENTAL_SPX 84*8fb009dcSAndroid Build Coastguard Worker 85*8fb009dcSAndroid Build Coastguard Worker 86*8fb009dcSAndroid Build Coastguard Worker #if defined(__cplusplus) 87*8fb009dcSAndroid Build Coastguard Worker } // extern C 88*8fb009dcSAndroid Build Coastguard Worker #endif 89*8fb009dcSAndroid Build Coastguard Worker 90*8fb009dcSAndroid Build Coastguard Worker #endif // OPENSSL_HEADER_SPX_H 91