• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 #ifndef CRYPT_ML_DSA_LOCAL_H
16 #define CRYPT_ML_DSA_LOCAL_H
17 #include "crypt_mldsa.h"
18 #include "sal_atomic.h"
19 #include "crypt_local_types.h"
20 
21 #define MLDSA_SEED_BYTES_LEN 32
22 #define MLDSA_PUBLIC_SEED_LEN 32
23 #define MLDSA_PRIVATE_SEED_LEN 64
24 #define MLDSA_SIGNING_SEED_LEN 32
25 #define MLDSA_EXPANDED_SEED_BYTES_LEN (MLDSA_PUBLIC_SEED_LEN + MLDSA_PRIVATE_SEED_LEN + MLDSA_SIGNING_SEED_LEN)
26 #define MLDSA_SEED_EXTEND_BYTES_LEN (MLDSA_SEED_BYTES_LEN + 2)
27 
28 #define  MLDSA_K_MAX 8
29 #define  MLDSA_L_MAX 7
30 
31 #define MLDSA_TR_MSG_LEN  64
32 #define MLDSA_XOF_MSG_LEN  64
33 #define MLDSA_N         256
34 #define MLDSA_N_BYTE    32
35 
36 #define GAMMA_BITS_OF_MLDSA_44 18
37 #define GAMMA_BITS_OF_MLDSA_65_87 20
38 #define K_VALUE_OF_MLDSA_44 4
39 
40 #define MLDSA_Q    8380417
41 #define MLDSA_QINV    58728449  // MLDSA_Q^(-1) mod 2^32
42 #define MLDSA_D    13
43 #define MLDSA_PUBKEY_POLYT_PACKEDBYTES 320
44 #define MLDSA_MAX_CTX_BYTES 255
45 #define MLDSA_SIGN_PREFIX_BYTES 2
46 
47 // This is Barrett Modular Multiplication, mod is MLDSA_Q.
48 #define MLDSA_MOD_Q(val) {int32_t m = ((val) + (1 << 22u)) >> 23u; (val) = (val) - m * MLDSA_Q;}
49 
50 typedef struct {
51     uint8_t k;
52     uint8_t l;
53     uint8_t eta;
54     uint8_t tau;
55     uint32_t beta;
56     uint32_t gamma1;
57     uint32_t gamma2;
58     uint8_t omega;
59     uint32_t secBits;
60     uint32_t publicKeyLen;
61     uint32_t privateKeyLen;
62     uint32_t signatureLen;
63 } CRYPT_ML_DSA_Info;
64 
65 struct CryptMlDsaCtx {
66     const CRYPT_ML_DSA_Info *info;
67     uint8_t *pubKey;
68     uint32_t pubLen;
69     uint8_t *prvKey;
70     uint32_t prvLen;
71     uint8_t *ctxInfo;
72     uint32_t ctxLen;
73     bool isMuMsg;
74     bool needEncodeCtx;
75     bool needPreHash;
76     bool deterministicSignFlag;
77     BSL_SAL_RefCount references;
78     void *libCtx;
79 };
80 
81 void MLDSA_ComputesNTT(int32_t w[MLDSA_N]);
82 void MLDSA_ComputesINVNTT(int32_t w[MLDSA_N]);
83 int32_t MLDSA_MontgomeryReduce(int64_t a);
84 
85 int32_t MLDSA_KeyGenInternal(CRYPT_ML_DSA_Ctx *ctx, uint8_t *d);
86 
87 int32_t MLDSA_SignInternal(const CRYPT_ML_DSA_Ctx *ctx, CRYPT_Data *msg, uint8_t *out, uint32_t *outLen,
88     uint8_t *rand);
89 
90 int32_t MLDSA_VerifyInternal(const CRYPT_ML_DSA_Ctx *ctx, CRYPT_Data *msg, const uint8_t *sign, uint32_t signLen);
91 
92 #endif    // ML_DSA_LOCAL_H