• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2021 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 
17 #include "tink/experimental/pqcrypto/signature/dilithium_sign_key_manager.h"
18 
19 #include <memory>
20 #include <utility>
21 
22 #include "absl/memory/memory.h"
23 #include "absl/status/status.h"
24 #include "absl/strings/str_cat.h"
25 #include "absl/strings/string_view.h"
26 #include "tink/experimental/pqcrypto/signature/dilithium_verify_key_manager.h"
27 #include "tink/experimental/pqcrypto/signature/subtle/dilithium_avx2_sign.h"
28 #include "tink/experimental/pqcrypto/signature/subtle/dilithium_key.h"
29 #include "tink/experimental/pqcrypto/signature/util/enums.h"
30 #include "tink/public_key_sign.h"
31 #include "tink/util/errors.h"
32 #include "tink/util/input_stream_util.h"
33 #include "tink/util/protobuf_helper.h"
34 #include "tink/util/secret_data.h"
35 #include "tink/util/status.h"
36 #include "tink/util/statusor.h"
37 #include "tink/util/validation.h"
38 
39 extern "C" {
40 #include "third_party/pqclean/crypto_sign/dilithium2/api.h"
41 #include "third_party/pqclean/crypto_sign/dilithium3/api.h"
42 #include "third_party/pqclean/crypto_sign/dilithium5/api.h"
43 }
44 
45 namespace crypto {
46 namespace tink {
47 
48 using ::crypto::tink::subtle::DilithiumPrivateKeyPqclean;
49 using ::crypto::tink::subtle::DilithiumPublicKeyPqclean;
50 using ::crypto::tink::util::EnumsPqcrypto;
51 using ::crypto::tink::util::Status;
52 using ::crypto::tink::util::StatusOr;
53 using ::google::crypto::tink::DilithiumKeyFormat;
54 using ::google::crypto::tink::DilithiumPrivateKey;
55 using ::google::crypto::tink::DilithiumPublicKey;
56 
CreateKey(const DilithiumKeyFormat & key_format) const57 StatusOr<DilithiumPrivateKey> DilithiumSignKeyManager::CreateKey(
58     const DilithiumKeyFormat& key_format) const {
59   DilithiumPrivateKey dilithium_sk;
60   dilithium_sk.set_version(get_version());
61 
62   DilithiumPublicKey* dilithium_pk = dilithium_sk.mutable_public_key();
63   dilithium_pk->set_version(get_version());
64 
65   util::StatusOr<
66       std::pair<DilithiumPrivateKeyPqclean, DilithiumPublicKeyPqclean>>
67       key_pair = DilithiumPrivateKeyPqclean::GenerateKeyPair(
68           key_format.params().key_size(),
69           EnumsPqcrypto::ProtoToSubtle(key_format.params().seed_expansion()));
70   if (!key_pair.status().ok()) {
71     return key_pair.status();
72   }
73 
74   dilithium_sk.set_key_value(
75       util::SecretDataAsStringView(key_pair->first.GetKeyData()));
76   dilithium_pk->set_key_value(key_pair->second.GetKeyData());
77   *(dilithium_pk->mutable_params()) = key_format.params();
78 
79   return dilithium_sk;
80 }
81 
82 StatusOr<std::unique_ptr<PublicKeySign>>
Create(const DilithiumPrivateKey & private_key) const83 DilithiumSignKeyManager::PublicKeySignFactory::Create(
84     const DilithiumPrivateKey& private_key) const {
85   util::SecretData sk_data =
86       util::SecretDataFromStringView(private_key.key_value());
87 
88   util::StatusOr<DilithiumPrivateKeyPqclean> dilithium_private_key =
89       DilithiumPrivateKeyPqclean::NewPrivateKey(
90           sk_data, EnumsPqcrypto::ProtoToSubtle(
91                        private_key.public_key().params().seed_expansion()));
92 
93   if (!dilithium_private_key.ok()) return dilithium_private_key.status();
94 
95   return subtle::DilithiumAvx2Sign::New(*dilithium_private_key);
96 }
97 
ValidateKey(const DilithiumPrivateKey & key) const98 Status DilithiumSignKeyManager::ValidateKey(
99     const DilithiumPrivateKey& key) const {
100   Status status = ValidateVersion(key.version(), get_version());
101   if (!status.ok()) return status;
102   if (key.key_value().length() != PQCLEAN_DILITHIUM2_CRYPTO_SECRETKEYBYTES &&
103       key.key_value().length() != PQCLEAN_DILITHIUM3_CRYPTO_SECRETKEYBYTES &&
104       key.key_value().length() != PQCLEAN_DILITHIUM5_CRYPTO_SECRETKEYBYTES) {
105     return Status(absl::StatusCode::kInvalidArgument,
106                   "Invalid dilithium private key size.");
107   }
108 
109   return util::OkStatus();
110 }
111 
ValidateKeyFormat(const DilithiumKeyFormat & key_format) const112 Status DilithiumSignKeyManager::ValidateKeyFormat(
113     const DilithiumKeyFormat& key_format) const {
114   if (!key_format.has_params()) {
115     return Status(absl::StatusCode::kInvalidArgument, "Missing params.");
116   }
117 
118   return DilithiumVerifyKeyManager().ValidateParams(key_format.params());
119 }
120 
121 }  // namespace tink
122 }  // namespace crypto
123