s[31] = (uint8_t) (s11 >> 17);
}
-int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
- const uint8_t public_key[32], const uint8_t private_key[32],
- OSSL_LIB_CTX *libctx, const char *propq)
+int
+ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+ const uint8_t public_key[32], const uint8_t private_key[32],
+ OSSL_LIB_CTX *libctx, const char *propq)
{
uint8_t az[SHA512_DIGEST_LENGTH];
uint8_t nonce[SHA512_DIGEST_LENGTH];
static const char allzeroes[15];
-int ED25519_verify(const uint8_t *message, size_t message_len,
- const uint8_t signature[64], const uint8_t public_key[32],
- OSSL_LIB_CTX *libctx, const char *propq)
+int
+ossl_ed25519_verify(const uint8_t *message, size_t message_len,
+ const uint8_t signature[64], const uint8_t public_key[32],
+ OSSL_LIB_CTX *libctx, const char *propq)
{
int i;
ge_p3 A;
return res;
}
-int ED25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
- const uint8_t private_key[32], const char *propq)
+int
+ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
+ const uint8_t private_key[32],
+ const char *propq)
{
uint8_t az[SHA512_DIGEST_LENGTH];
ge_p3 A;
return 1;
}
-int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
- const uint8_t peer_public_value[32])
+int
+ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+ const uint8_t peer_public_value[32])
{
static const uint8_t kZeros[32] = {0};
x25519_scalar_mult(out_shared_key, private_key, peer_public_value);
return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
}
-void X25519_public_from_private(uint8_t out_public_value[32],
+void
+ossl_x25519_public_from_private(uint8_t out_public_value[32],
const uint8_t private_key[32])
{
uint8_t e[32];
}
/** identity = (0,1) */
-const curve448_point_t curve448_point_identity =
+const curve448_point_t ossl_curve448_point_identity =
{ {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} };
static void point_double_internal(curve448_point_t p, const curve448_point_t q,
gf_mul(p->t, b, d);
}
-void curve448_point_double(curve448_point_t p, const curve448_point_t q)
+void ossl_curve448_point_double(curve448_point_t p, const curve448_point_t q)
{
point_double_internal(p, q, 0);
}
sub_niels_from_pt(p, pn->n, before_double);
}
-c448_bool_t curve448_point_eq(const curve448_point_t p,
- const curve448_point_t q)
+c448_bool_t
+ossl_curve448_point_eq(const curve448_point_t p,
+ const curve448_point_t q)
{
mask_t succ;
gf a, b;
return mask_to_bool(succ);
}
-c448_bool_t curve448_point_valid(const curve448_point_t p)
+c448_bool_t
+ossl_curve448_point_valid(const curve448_point_t p)
{
mask_t out;
gf a, b, c;
constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx);
}
-void curve448_precomputed_scalarmul(curve448_point_t out,
+void
+ossl_curve448_precomputed_scalarmul(curve448_point_t out,
const curve448_precomputed_s * table,
const curve448_scalar_t scalar)
{
niels_t ni;
curve448_scalar_t scalar1x;
- curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
- curve448_scalar_halve(scalar1x, scalar1x);
+ ossl_curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
+ ossl_curve448_scalar_halve(scalar1x, scalar1x);
for (i = s; i > 0; i--) {
if (i != s)
OPENSSL_cleanse(scalar1x, sizeof(scalar1x));
}
-void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(
uint8_t enc[EDDSA_448_PUBLIC_BYTES],
const curve448_point_t p)
{
OPENSSL_cleanse(y, sizeof(y));
OPENSSL_cleanse(z, sizeof(z));
OPENSSL_cleanse(t, sizeof(t));
- curve448_point_destroy(q);
+ ossl_curve448_point_destroy(q);
}
-c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+c448_error_t
+ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(
curve448_point_t p,
const uint8_t enc[EDDSA_448_PUBLIC_BYTES])
{
}
OPENSSL_cleanse(enc2, sizeof(enc2));
- assert(curve448_point_valid(p) || ~succ);
+ assert(ossl_curve448_point_valid(p) || ~succ);
return c448_succeed_if(mask_to_bool(succ));
}
-c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES],
- const uint8_t base[X_PUBLIC_BYTES],
- const uint8_t scalar[X_PRIVATE_BYTES])
+c448_error_t
+ossl_x448_int(uint8_t out[X_PUBLIC_BYTES],
+ const uint8_t base[X_PUBLIC_BYTES],
+ const uint8_t scalar[X_PRIVATE_BYTES])
{
gf x1, x2, z2, x3, z3, t1, t2;
int t;
return c448_succeed_if(mask_to_bool(nz));
}
-void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
out[X_PUBLIC_BYTES],
const curve448_point_t p)
{
gf_mul(q->z, q->t, q->y); /* y/x */
gf_sqr(q->y, q->z); /* (y/x)^2 */
gf_serialize(out, q->y, 1);
- curve448_point_destroy(q);
+ ossl_curve448_point_destroy(q);
}
-void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
- const uint8_t scalar[X_PRIVATE_BYTES])
+void ossl_x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
+ const uint8_t scalar[X_PRIVATE_BYTES])
{
/* Scalar conditioning */
uint8_t scalar2[X_PRIVATE_BYTES];
scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8));
scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8);
- curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
+ ossl_curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
/* Compensate for the encoding ratio */
for (i = 1; i < X448_ENCODE_RATIO; i <<= 1)
- curve448_scalar_halve(the_scalar, the_scalar);
+ ossl_curve448_scalar_halve(the_scalar, the_scalar);
- curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar);
- curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
- curve448_point_destroy(p);
+ ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base,
+ the_scalar);
+ ossl_curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
+ ossl_curve448_point_destroy(p);
}
/* Control for variable-time scalar multiply algorithms. */
if (tbits == 0)
return;
- curve448_point_double(tmp, working);
+ ossl_curve448_point_double(tmp, working);
pt_to_pniels(twop, tmp);
add_pniels_to_pt(tmp, output[0], 0);
pt_to_pniels(output[i], tmp);
}
- curve448_point_destroy(tmp);
+ ossl_curve448_point_destroy(tmp);
OPENSSL_cleanse(twop, sizeof(twop));
}
-void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+void
+ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
const curve448_scalar_t scalar1,
const curve448_point_t base2,
const curve448_scalar_t scalar2)
i = control_var[0].power;
if (i < 0) {
- curve448_point_copy(combo, curve448_point_identity);
+ curve448_point_copy(combo, ossl_curve448_point_identity);
return;
}
if (i > control_pre[0].power) {
contv++;
} else if (i == control_pre[0].power && i >= 0) {
pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
- add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1],
+ add_niels_to_pt(combo,
+ ossl_curve448_wnaf_base[control_pre[0].addend >> 1],
i);
contv++;
contp++;
} else {
i = control_pre[0].power;
- niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]);
+ niels_to_pt(combo, ossl_curve448_wnaf_base[control_pre[0].addend >> 1]);
contp++;
}
if (control_pre[contp].addend > 0)
add_niels_to_pt(combo,
- curve448_wnaf_base[control_pre[contp].addend
+ ossl_curve448_wnaf_base[control_pre[contp].addend
>> 1], i);
else
sub_niels_from_pt(combo,
- curve448_wnaf_base[(-control_pre
+ ossl_curve448_wnaf_base[(-control_pre
[contp].addend) >> 1], i);
contp++;
}
(void)ncb_pre;
}
-void curve448_point_destroy(curve448_point_t point)
+void ossl_curve448_point_destroy(curve448_point_t point)
{
OPENSSL_cleanse(point, sizeof(curve448_point_t));
}
-int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
- const uint8_t peer_public_value[56])
+int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+ const uint8_t peer_public_value[56])
{
- return x448_int(out_shared_key, peer_public_value, private_key)
+ return ossl_x448_int(out_shared_key, peer_public_value, private_key)
== C448_SUCCESS;
}
-void X448_public_from_private(uint8_t out_public_value[56],
- const uint8_t private_key[56])
+void ossl_x448_public_from_private(uint8_t out_public_value[56],
+ const uint8_t private_key[56])
{
- x448_derive_public_key(out_public_value, private_key);
+ ossl_x448_derive_public_key(out_public_value, private_key);
}
# define OSSL_CRYPTO_EC_CURVE448_LOCAL_H
# include "curve448utils.h"
-int ED448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
- const uint8_t public_key[57], const uint8_t private_key[57],
- const uint8_t *context, size_t context_len, const char *propq);
+int
+ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
+ const uint8_t public_key[57], const uint8_t private_key[57],
+ const uint8_t *context, size_t context_len, const char *propq);
-int ED448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
- const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len, const char *propq);
+int
+ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len,
+ const char *propq);
#endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */
}}
}
};
-const struct curve448_precomputed_s *curve448_precomputed_base
+const struct curve448_precomputed_s *ossl_curve448_precomputed_base
= &curve448_precomputed_base_table;
static const niels_t curve448_wnaf_base_table[32] = {
0x001979c0df237316ULL, 0x00501e953a919b87ULL)},
}}
};
-const niels_t *curve448_wnaf_base = curve448_wnaf_base_table;
+const niels_t *ossl_curve448_wnaf_base = curve448_wnaf_base_table;
* pubkey (out): The public key.
* privkey (in): The private key.
*/
-c448_error_t c448_ed448_derive_public_key(
- OSSL_LIB_CTX *ctx,
- uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
- const uint8_t privkey [EDDSA_448_PRIVATE_BYTES],
- const char *propq);
+c448_error_t
+ossl_c448_ed448_derive_public_key(
+ OSSL_LIB_CTX *ctx,
+ uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
+ const uint8_t privkey [EDDSA_448_PRIVATE_BYTES],
+ const char *propq);
/*
* EdDSA signing.
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
-c448_error_t c448_ed448_sign(
- OSSL_LIB_CTX *ctx,
- uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message, size_t message_len,
- uint8_t prehashed, const uint8_t *context,
- size_t context_len,
- const char *propq);
+c448_error_t
+ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx,
+ uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+ const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t *message, size_t message_len,
+ uint8_t prehashed, const uint8_t *context,
+ size_t context_len,
+ const char *propq);
/*
* EdDSA signing with prehash.
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
-c448_error_t c448_ed448_sign_prehash(
- OSSL_LIB_CTX *ctx,
- uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t hash[64],
- const uint8_t *context,
- size_t context_len,
- const char *propq);
+c448_error_t
+ossl_c448_ed448_sign_prehash(OSSL_LIB_CTX *ctx,
+ uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+ const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t hash[64],
+ const uint8_t *context,
+ size_t context_len,
+ const char *propq);
/*
* EdDSA signature verification.
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
-c448_error_t c448_ed448_verify(OSSL_LIB_CTX *ctx,
- const uint8_t
- signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t
- pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message, size_t message_len,
- uint8_t prehashed, const uint8_t *context,
- uint8_t context_len,
- const char *propq);
+c448_error_t
+ossl_c448_ed448_verify(OSSL_LIB_CTX *ctx,
+ const uint8_t
+ signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t
+ pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t *message, size_t message_len,
+ uint8_t prehashed, const uint8_t *context,
+ uint8_t context_len,
+ const char *propq);
/*
* EdDSA signature verification.
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
-c448_error_t c448_ed448_verify_prehash(
- OSSL_LIB_CTX *ctx,
- const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t hash[64],
- const uint8_t *context,
- uint8_t context_len,
- const char *propq);
+c448_error_t
+ossl_c448_ed448_verify_prehash(
+ OSSL_LIB_CTX *ctx,
+ const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t hash[64],
+ const uint8_t *context,
+ uint8_t context_len,
+ const char *propq);
/*
* EdDSA point encoding. Used internally, exposed externally.
* enc (out): The encoded point.
* p (in): The point.
*/
-void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(
uint8_t enc [EDDSA_448_PUBLIC_BYTES],
const curve448_point_t p);
* enc (out): The encoded point.
* p (in): The point.
*/
-c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+c448_error_t
+ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(
curve448_point_t p,
const uint8_t enc[EDDSA_448_PUBLIC_BYTES]);
* x (out): The ECDH private key as in RFC7748
* ed (in): The EdDSA private key
*/
-c448_error_t c448_ed448_convert_private_key_to_x448(
- OSSL_LIB_CTX *ctx,
- uint8_t x[X448_PRIVATE_BYTES],
- const uint8_t ed[EDDSA_448_PRIVATE_BYTES],
- const char *propq);
+c448_error_t
+ossl_c448_ed448_convert_private_key_to_x448(
+ OSSL_LIB_CTX *ctx,
+ uint8_t x[X448_PRIVATE_BYTES],
+ const uint8_t ed[EDDSA_448_PRIVATE_BYTES],
+ const char *propq);
#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */
}
/* In this file because it uses the hash */
-c448_error_t c448_ed448_convert_private_key_to_x448(
+c448_error_t
+ossl_c448_ed448_convert_private_key_to_x448(
OSSL_LIB_CTX *ctx,
uint8_t x[X448_PRIVATE_BYTES],
const uint8_t ed [EDDSA_448_PRIVATE_BYTES],
EDDSA_448_PRIVATE_BYTES, propq);
}
-c448_error_t c448_ed448_derive_public_key(
+c448_error_t
+ossl_c448_ed448_derive_public_key(
OSSL_LIB_CTX *ctx,
uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
clamp(secret_scalar_ser);
- curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
- sizeof(secret_scalar_ser));
+ ossl_curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
+ sizeof(secret_scalar_ser));
/*
* Since we are going to mul_by_cofactor during encoding, divide by it
* we might start at 2 instead of 1.
*/
for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
- curve448_scalar_halve(secret_scalar, secret_scalar);
+ ossl_curve448_scalar_halve(secret_scalar, secret_scalar);
- curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar);
+ ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base,
+ secret_scalar);
- curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
+ ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
/* Cleanup */
- curve448_scalar_destroy(secret_scalar);
- curve448_point_destroy(p);
+ ossl_curve448_scalar_destroy(secret_scalar);
+ ossl_curve448_point_destroy(p);
OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser));
return C448_SUCCESS;
}
-c448_error_t c448_ed448_sign(
- OSSL_LIB_CTX *ctx,
- uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message, size_t message_len,
- uint8_t prehashed, const uint8_t *context,
- size_t context_len, const char *propq)
+c448_error_t
+ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx,
+ uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+ const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t *message, size_t message_len,
+ uint8_t prehashed, const uint8_t *context,
+ size_t context_len, const char *propq)
{
curve448_scalar_t secret_scalar;
EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
EDDSA_448_PRIVATE_BYTES, propq))
goto err;
clamp(expanded);
- curve448_scalar_decode_long(secret_scalar, expanded,
- EDDSA_448_PRIVATE_BYTES);
+ ossl_curve448_scalar_decode_long(secret_scalar, expanded,
+ EDDSA_448_PRIVATE_BYTES);
/* Hash to create the nonce */
if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context,
if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce)))
goto err;
- curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
+ ossl_curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
OPENSSL_cleanse(nonce, sizeof(nonce));
}
curve448_scalar_t nonce_scalar_2;
curve448_point_t p;
- curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
+ ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
- curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
+ ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
- curve448_precomputed_scalarmul(p, curve448_precomputed_base,
- nonce_scalar_2);
- curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
- curve448_point_destroy(p);
- curve448_scalar_destroy(nonce_scalar_2);
+ ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base,
+ nonce_scalar_2);
+ ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
+ ossl_curve448_point_destroy(p);
+ ossl_curve448_scalar_destroy(nonce_scalar_2);
}
{
|| !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
goto err;
- curve448_scalar_decode_long(challenge_scalar, challenge,
- sizeof(challenge));
+ ossl_curve448_scalar_decode_long(challenge_scalar, challenge,
+ sizeof(challenge));
OPENSSL_cleanse(challenge, sizeof(challenge));
}
- curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
- curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
+ ossl_curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
+ ossl_curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES);
memcpy(signature, nonce_point, sizeof(nonce_point));
- curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
- challenge_scalar);
+ ossl_curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
+ challenge_scalar);
- curve448_scalar_destroy(secret_scalar);
- curve448_scalar_destroy(nonce_scalar);
- curve448_scalar_destroy(challenge_scalar);
+ ossl_curve448_scalar_destroy(secret_scalar);
+ ossl_curve448_scalar_destroy(nonce_scalar);
+ ossl_curve448_scalar_destroy(challenge_scalar);
ret = C448_SUCCESS;
err:
return ret;
}
-c448_error_t c448_ed448_sign_prehash(
+c448_error_t
+ossl_c448_ed448_sign_prehash(
OSSL_LIB_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
const uint8_t hash[64], const uint8_t *context,
size_t context_len, const char *propq)
{
- return c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
- context, context_len, propq);
+ return ossl_c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
+ context, context_len, propq);
}
-c448_error_t c448_ed448_verify(
+c448_error_t
+ossl_c448_ed448_verify(
OSSL_LIB_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
return C448_FAILURE;
error =
- curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
+ ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
if (C448_SUCCESS != error)
return error;
error =
- curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
+ ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
if (C448_SUCCESS != error)
return error;
}
EVP_MD_CTX_free(hashctx);
- curve448_scalar_decode_long(challenge_scalar, challenge,
- sizeof(challenge));
+ ossl_curve448_scalar_decode_long(challenge_scalar, challenge,
+ sizeof(challenge));
OPENSSL_cleanse(challenge, sizeof(challenge));
}
- curve448_scalar_sub(challenge_scalar, curve448_scalar_zero,
- challenge_scalar);
+ ossl_curve448_scalar_sub(challenge_scalar, ossl_curve448_scalar_zero,
+ challenge_scalar);
- curve448_scalar_decode_long(response_scalar,
- &signature[EDDSA_448_PUBLIC_BYTES],
- EDDSA_448_PRIVATE_BYTES);
+ ossl_curve448_scalar_decode_long(response_scalar,
+ &signature[EDDSA_448_PUBLIC_BYTES],
+ EDDSA_448_PRIVATE_BYTES);
/* pk_point = -c(x(P)) + (cx + k)G = kG */
- curve448_base_double_scalarmul_non_secret(pk_point,
- response_scalar,
- pk_point, challenge_scalar);
- return c448_succeed_if(curve448_point_eq(pk_point, r_point));
+ ossl_curve448_base_double_scalarmul_non_secret(pk_point,
+ response_scalar,
+ pk_point, challenge_scalar);
+ return c448_succeed_if(ossl_curve448_point_eq(pk_point, r_point));
}
-c448_error_t c448_ed448_verify_prehash(
+c448_error_t
+ossl_c448_ed448_verify_prehash(
OSSL_LIB_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64], const uint8_t *context,
uint8_t context_len, const char *propq)
{
- return c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
- context_len, propq);
+ return ossl_c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
+ context_len, propq);
}
-int ED448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
- size_t message_len, const uint8_t public_key[57],
- const uint8_t private_key[57], const uint8_t *context,
- size_t context_len, const char *propq)
+int
+ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
+ size_t message_len, const uint8_t public_key[57],
+ const uint8_t private_key[57], const uint8_t *context,
+ size_t context_len, const char *propq)
{
- return c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
- message_len, 0, context, context_len,propq)
- == C448_SUCCESS;
+ return ossl_c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
+ message_len, 0, context, context_len,
+ propq) == C448_SUCCESS;
}
-int ED448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
- const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len, const char *propq)
+int
+ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len, const char *propq)
{
- return c448_ed448_verify(ctx, signature, public_key, message, message_len,
- 0, context, (uint8_t)context_len,
- propq) == C448_SUCCESS;
+ return ossl_c448_ed448_verify(ctx, signature, public_key, message,
+ message_len, 0, context, (uint8_t)context_len,
+ propq) == C448_SUCCESS;
}
-int ED448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
- const uint8_t public_key[57], const uint8_t private_key[57],
- const uint8_t *context, size_t context_len, const char *propq)
+int
+ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
+ const uint8_t public_key[57], const uint8_t private_key[57],
+ const uint8_t *context, size_t context_len, const char *propq)
{
- return c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, hash,
- context, context_len, propq) == C448_SUCCESS;
-
+ return ossl_c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key,
+ hash, context, context_len,
+ propq) == C448_SUCCESS;
}
-int ED448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
- const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len, const char *propq)
+int
+ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len,
+ const char *propq)
{
- return c448_ed448_verify_prehash(ctx, signature, public_key, hash, context,
- (uint8_t)context_len, propq) == C448_SUCCESS;
+ return ossl_c448_ed448_verify_prehash(ctx, signature, public_key, hash,
+ context, (uint8_t)context_len,
+ propq) == C448_SUCCESS;
}
-int ED448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
- const uint8_t private_key[57], const char *propq)
+int
+ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
+ const uint8_t private_key[57], const char *propq)
{
- return c448_ed448_derive_public_key(ctx, out_public_key, private_key, propq)
- == C448_SUCCESS;
+ return ossl_c448_ed448_derive_public_key(ctx, out_public_key, private_key,
+ propq) == C448_SUCCESS;
}
} curve448_scalar_t[1];
/* A scalar equal to 1. */
-extern const curve448_scalar_t curve448_scalar_one;
+extern const curve448_scalar_t ossl_curve448_scalar_one;
/* A scalar equal to 0. */
-extern const curve448_scalar_t curve448_scalar_zero;
+extern const curve448_scalar_t ossl_curve448_scalar_zero;
/* The identity point on the curve. */
-extern const curve448_point_t curve448_point_identity;
+extern const curve448_point_t ossl_curve448_point_identity;
/* Precomputed table for the base point on the curve. */
-extern const struct curve448_precomputed_s *curve448_precomputed_base;
-extern const niels_t *curve448_wnaf_base;
+extern const struct curve448_precomputed_s *ossl_curve448_precomputed_base;
+extern const niels_t *ossl_curve448_wnaf_base;
/*
* Read a scalar from wire format or from bytes.
* C448_FAILURE: The scalar was greater than the modulus, and has been reduced
* modulo that modulus.
*/
-c448_error_t curve448_scalar_decode(curve448_scalar_t out,
- const unsigned char ser[C448_SCALAR_BYTES]);
+c448_error_t
+ossl_curve448_scalar_decode(curve448_scalar_t out,
+ const unsigned char ser[C448_SCALAR_BYTES]);
/*
* Read a scalar from wire format or from bytes. Reduces mod scalar prime.
* ser_len (in): Length of serialized form.
* out (out): Deserialized form.
*/
-void curve448_scalar_decode_long(curve448_scalar_t out,
+void
+ossl_curve448_scalar_decode_long(curve448_scalar_t out,
const unsigned char *ser, size_t ser_len);
/*
* ser (out): Serialized form of a scalar.
* s (in): Deserialized scalar.
*/
-void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+void
+ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
const curve448_scalar_t s);
/*
* b (in): Another scalar.
* out (out): a+b.
*/
-void curve448_scalar_add(curve448_scalar_t out,
+void
+ossl_curve448_scalar_add(curve448_scalar_t out,
const curve448_scalar_t a, const curve448_scalar_t b);
/*
* b (in): Another scalar.
* out (out): a-b.
*/
-void curve448_scalar_sub(curve448_scalar_t out,
+void
+ossl_curve448_scalar_sub(curve448_scalar_t out,
const curve448_scalar_t a, const curve448_scalar_t b);
/*
* b (in): Another scalar.
* out (out): a*b.
*/
-void curve448_scalar_mul(curve448_scalar_t out,
+void
+ossl_curve448_scalar_mul(curve448_scalar_t out,
const curve448_scalar_t a, const curve448_scalar_t b);
/*
* a (in): A scalar.
* out (out): a/2.
*/
-void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
+void
+ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
/*
* Copy a scalar. The scalars may alias each other, in which case this
* C448_TRUE: The points are equal.
* C448_FALSE: The points are not equal.
*/
-__owur c448_bool_t curve448_point_eq(const curve448_point_t a,
- const curve448_point_t b);
+__owur c448_bool_t
+ossl_curve448_point_eq(const curve448_point_t a,
+ const curve448_point_t b);
/*
* Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially
* two_a (out): The sum a+a.
* a (in): A point.
*/
-void curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
+void
+ossl_curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
/*
* RFC 7748 Diffie-Hellman scalarmul. This function uses a different
* C448_FAILURE: The scalarmul didn't succeed, because the base point is in a
* small subgroup.
*/
-__owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES],
- const uint8_t base[X448_PUBLIC_BYTES],
- const uint8_t scalar[X448_PRIVATE_BYTES]);
+__owur c448_error_t
+ossl_x448_int(uint8_t out[X448_PUBLIC_BYTES],
+ const uint8_t base[X448_PUBLIC_BYTES],
+ const uint8_t scalar[X448_PRIVATE_BYTES]);
/*
* Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748.
* out (out): The scaled and encoded point.
* p (in): The point to be scaled and encoded.
*/
-void curve448_point_mul_by_ratio_and_encode_like_x448(
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_x448(
uint8_t out[X448_PUBLIC_BYTES],
const curve448_point_t p);
* out (out): The scaled point base*scalar
* scalar (in): The scalar to multiply by.
*/
-void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
+void
+ossl_x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
const uint8_t scalar[X448_PRIVATE_BYTES]);
/*
* base (in): The point to be scaled.
* scalar (in): The scalar to multiply by.
*/
-void curve448_precomputed_scalarmul(curve448_point_t scaled,
+void
+ossl_curve448_precomputed_scalarmul(curve448_point_t scaled,
const curve448_precomputed_s * base,
const curve448_scalar_t scalar);
* Warning: This function takes variable time, and may leak the scalars used.
* It is designed for signature verification.
*/
-void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+void
+ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
const curve448_scalar_t scalar1,
const curve448_point_t base2,
const curve448_scalar_t scalar2);
* C448_TRUE The point is valid.
* C448_FALSE The point is invalid.
*/
-__owur c448_bool_t curve448_point_valid(const curve448_point_t to_test);
+__owur c448_bool_t
+ossl_curve448_point_valid(const curve448_point_t to_test);
/* Overwrite scalar with zeros. */
-void curve448_scalar_destroy(curve448_scalar_t scalar);
+void ossl_curve448_scalar_destroy(curve448_scalar_t scalar);
/* Overwrite point with zeros. */
-void curve448_point_destroy(curve448_point_t point);
+void ossl_curve448_point_destroy(curve448_point_t point);
#endif /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */
#define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */
-const curve448_scalar_t curve448_scalar_one = {{{1}}};
-const curve448_scalar_t curve448_scalar_zero = {{{0}}};
+const curve448_scalar_t ossl_curve448_scalar_one = {{{1}}};
+const curve448_scalar_t ossl_curve448_scalar_zero = {{{0}}};
/*
* {extra,accum} - sub +? p
sc_subx(out, accum, sc_p, sc_p, hi_carry);
}
-void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a,
- const curve448_scalar_t b)
+void ossl_curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a,
+ const curve448_scalar_t b)
{
sc_montmul(out, a, b);
sc_montmul(out, out, sc_r2);
}
-void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a,
+void
+ossl_curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a,
const curve448_scalar_t b)
{
sc_subx(out, a->limb, b, sc_p, 0);
}
-void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a,
+void
+ossl_curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a,
const curve448_scalar_t b)
{
c448_dword_t chain = 0;
}
}
-c448_error_t curve448_scalar_decode(
- curve448_scalar_t s,
- const unsigned char ser[C448_SCALAR_BYTES])
+c448_error_t
+ossl_curve448_scalar_decode(curve448_scalar_t s,
+ const unsigned char ser[C448_SCALAR_BYTES])
{
unsigned int i;
c448_dsword_t accum = 0;
accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS;
/* Here accum == 0 or -1 */
- curve448_scalar_mul(s, s, curve448_scalar_one); /* ham-handed reduce */
+ ossl_curve448_scalar_mul(s, s, ossl_curve448_scalar_one); /* ham-handed reduce */
return c448_succeed_if(~word_is_zero((uint32_t)accum));
}
-void curve448_scalar_destroy(curve448_scalar_t scalar)
+void ossl_curve448_scalar_destroy(curve448_scalar_t scalar)
{
OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t));
}
-void curve448_scalar_decode_long(curve448_scalar_t s,
+void
+ossl_curve448_scalar_decode_long(curve448_scalar_t s,
const unsigned char *ser, size_t ser_len)
{
size_t i;
curve448_scalar_t t1, t2;
if (ser_len == 0) {
- curve448_scalar_copy(s, curve448_scalar_zero);
+ curve448_scalar_copy(s, ossl_curve448_scalar_zero);
return;
}
if (ser_len == sizeof(curve448_scalar_t)) {
assert(i == 0);
/* ham-handed reduce */
- curve448_scalar_mul(s, t1, curve448_scalar_one);
- curve448_scalar_destroy(t1);
+ ossl_curve448_scalar_mul(s, t1, ossl_curve448_scalar_one);
+ ossl_curve448_scalar_destroy(t1);
return;
}
while (i) {
i -= C448_SCALAR_BYTES;
sc_montmul(t1, t1, sc_r2);
- (void)curve448_scalar_decode(t2, ser + i);
- curve448_scalar_add(t1, t1, t2);
+ (void)ossl_curve448_scalar_decode(t2, ser + i);
+ ossl_curve448_scalar_add(t1, t1, t2);
}
curve448_scalar_copy(s, t1);
- curve448_scalar_destroy(t1);
- curve448_scalar_destroy(t2);
+ ossl_curve448_scalar_destroy(t1);
+ ossl_curve448_scalar_destroy(t2);
}
-void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+void
+ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
const curve448_scalar_t s)
{
unsigned int i, j, k = 0;
}
}
-void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a)
+void
+ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a)
{
c448_word_t mask = 0 - (a->limb[0] & 1);
c448_dword_t chain = 0;
{
switch (key->type) {
case ECX_KEY_TYPE_X25519:
- X25519_public_from_private(key->pubkey, key->privkey);
+ ossl_x25519_public_from_private(key->pubkey, key->privkey);
break;
case ECX_KEY_TYPE_ED25519:
- if (!ED25519_public_from_private(key->libctx, key->pubkey, key->privkey,
- key->propq)) {
+ if (!ossl_ed25519_public_from_private(key->libctx, key->pubkey,
+ key->privkey, key->propq)) {
ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY);
return 0;
}
break;
case ECX_KEY_TYPE_X448:
- X448_public_from_private(key->pubkey, key->privkey);
+ ossl_x448_public_from_private(key->pubkey, key->privkey);
break;
case ECX_KEY_TYPE_ED448:
- if (!ED448_public_from_private(key->libctx, key->pubkey, key->privkey,
- key->propq)) {
+ if (!ossl_ed448_public_from_private(key->libctx, key->pubkey,
+ key->privkey, key->propq)) {
ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY);
return 0;
}
if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
|| (key != NULL
- && X25519(key, privkey, pubkey) == 0))
+ && ossl_x25519(key, privkey, pubkey) == 0))
return 0;
*keylen = X25519_KEYLEN;
return 1;
if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
|| (key != NULL
- && X448(key, privkey, pubkey) == 0))
+ && ossl_x448(key, privkey, pubkey) == 0))
return 0;
*keylen = X448_KEYLEN;
return 1;
return 0;
}
- if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
- NULL) == 0)
+ if (ossl_ed25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
+ NULL) == 0)
return 0;
*siglen = ED25519_SIGSIZE;
return 1;
return 0;
}
- if (ED448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey, edkey->privkey,
- NULL, 0, edkey->propq) == 0)
+ if (ossl_ed448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey,
+ edkey->privkey, NULL, 0, edkey->propq) == 0)
return 0;
*siglen = ED448_SIGSIZE;
return 1;
if (siglen != ED25519_SIGSIZE)
return 0;
- return ED25519_verify(tbs, tbslen, sig, edkey->pubkey,
- edkey->libctx, edkey->propq);
+ return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey,
+ edkey->libctx, edkey->propq);
}
static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
if (siglen != ED448_SIGSIZE)
return 0;
- return ED448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey, NULL, 0,
- edkey->propq);
+ return ossl_ed448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey,
+ NULL, 0, edkey->propq);
}
static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
void ossl_ecx_key_free(ECX_KEY *key);
int ossl_ecx_key_up_ref(ECX_KEY *key);
-int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
- const uint8_t peer_public_value[32]);
-void X25519_public_from_private(uint8_t out_public_value[32],
- const uint8_t private_key[32]);
-
-int ED25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
- const uint8_t private_key[32], const char *propq);
-int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
- const uint8_t public_key[32], const uint8_t private_key[32],
- OSSL_LIB_CTX *libctx, const char *propq);
-int ED25519_verify(const uint8_t *message, size_t message_len,
- const uint8_t signature[64], const uint8_t public_key[32],
- OSSL_LIB_CTX *libctx, const char *propq);
-
-int ED448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
- const uint8_t private_key[57], const char *propq);
-int ED448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
- size_t message_len, const uint8_t public_key[57],
- const uint8_t private_key[57], const uint8_t *context,
- size_t context_len, const char *propq);
-
-int ED448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
- const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len, const char *propq);
-
-int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
- const uint8_t peer_public_value[56]);
-void X448_public_from_private(uint8_t out_public_value[56],
+int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+ const uint8_t peer_public_value[32]);
+void ossl_x25519_public_from_private(uint8_t out_public_value[32],
+ const uint8_t private_key[32]);
+
+int
+ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32],
+ const uint8_t private_key[32],
+ const char *propq);
+int
+ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+ const uint8_t public_key[32], const uint8_t private_key[32],
+ OSSL_LIB_CTX *libctx, const char *propq);
+int
+ossl_ed25519_verify(const uint8_t *message, size_t message_len,
+ const uint8_t signature[64], const uint8_t public_key[32],
+ OSSL_LIB_CTX *libctx, const char *propq);
+
+int
+ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
+ const uint8_t private_key[57], const char *propq);
+int
+ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
+ size_t message_len, const uint8_t public_key[57],
+ const uint8_t private_key[57], const uint8_t *context,
+ size_t context_len, const char *propq);
+
+int
+ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len, const char *propq);
+
+int
+ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+ const uint8_t peer_public_value[56]);
+void
+ossl_x448_public_from_private(uint8_t out_public_value[56],
const uint8_t private_key[56]);
}
} else
#endif
- if (X25519(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) {
+ if (ossl_x25519(secret, ecxctx->key->privkey,
+ ecxctx->peerkey->pubkey) == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION);
return 0;
}
}
} else
#endif
- if (X448(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) {
+ if (ossl_x448(secret, ecxctx->key->privkey,
+ ecxctx->peerkey->pubkey) == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION);
return 0;
}
privkey[0] &= 248;
privkey[X25519_KEYLEN - 1] &= 127;
privkey[X25519_KEYLEN - 1] |= 64;
- X25519_public_from_private(key->pubkey, privkey);
+ ossl_x25519_public_from_private(key->pubkey, privkey);
break;
case ECX_KEY_TYPE_X448:
privkey[0] &= 252;
privkey[X448_KEYLEN - 1] |= 128;
- X448_public_from_private(key->pubkey, privkey);
+ ossl_x448_public_from_private(key->pubkey, privkey);
break;
case ECX_KEY_TYPE_ED25519:
- if (!ED25519_public_from_private(gctx->libctx, key->pubkey, privkey,
- gctx->propq))
+ if (!ossl_ed25519_public_from_private(gctx->libctx, key->pubkey, privkey,
+ gctx->propq))
goto err;
break;
case ECX_KEY_TYPE_ED448:
- if (!ED448_public_from_private(gctx->libctx, key->pubkey, privkey,
- gctx->propq))
+ if (!ossl_ed448_public_from_private(gctx->libctx, key->pubkey, privkey,
+ gctx->propq))
goto err;
break;
}
switch (type) {
case ECX_KEY_TYPE_X25519:
- X25519_public_from_private(pub, ecx->privkey);
+ ossl_x25519_public_from_private(pub, ecx->privkey);
break;
case ECX_KEY_TYPE_X448:
- X448_public_from_private(pub, ecx->privkey);
+ ossl_x448_public_from_private(pub, ecx->privkey);
break;
case ECX_KEY_TYPE_ED25519:
- if (!ED25519_public_from_private(ecx->libctx, pub, ecx->privkey,
- ecx->propq))
+ if (!ossl_ed25519_public_from_private(ecx->libctx, pub, ecx->privkey,
+ ecx->propq))
return 0;
break;
case ECX_KEY_TYPE_ED448:
- if (!ED448_public_from_private(ecx->libctx, pub, ecx->privkey,
- ecx->propq))
+ if (!ossl_ed448_public_from_private(ecx->libctx, pub, ecx->privkey,
+ ecx->propq))
return 0;
break;
default:
if (S390X_CAN_SIGN(ED25519))
return s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen);
#endif /* S390X_EC_ASM */
- if (ED25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey,
- peddsactx->libctx, NULL) == 0) {
+ if (ossl_ed25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey,
+ peddsactx->libctx, NULL) == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
return 0;
}
if (S390X_CAN_SIGN(ED448))
return s390x_ed448_digestsign(edkey, sigret, tbs, tbslen);
#endif /* S390X_EC_ASM */
- if (ED448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey,
- edkey->privkey, NULL, 0, edkey->propq) == 0) {
+ if (ossl_ed448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey,
+ edkey->privkey, NULL, 0, edkey->propq) == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN);
return 0;
}
return s390x_ed25519_digestverify(edkey, sig, tbs, tbslen);
#endif /* S390X_EC_ASM */
- return ED25519_verify(tbs, tbslen, sig, edkey->pubkey, peddsactx->libctx,
- edkey->propq);
+ return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey,
+ peddsactx->libctx, edkey->propq);
}
int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig,
return s390x_ed448_digestverify(edkey, sig, tbs, tbslen);
#endif /* S390X_EC_ASM */
- return ED448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey,
- NULL, 0, edkey->propq);
+ return ossl_ed448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey,
+ NULL, 0, edkey->propq);
}
static void eddsa_freectx(void *vpeddsactx)
EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
if (!TEST_ptr(hashctx)
- || !TEST_true(ED448_sign(NULL, outsig, NULL, 0, pubkey1, privkey1,
- NULL, 0, NULL))
+ || !TEST_true(ossl_ed448_sign(NULL, outsig, NULL, 0, pubkey1,
+ privkey1, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig1, outsig, sizeof(sig1)), 0)
- || !TEST_true(ED448_sign(NULL, outsig, msg2, sizeof(msg2), pubkey2,
- privkey2, NULL, 0, NULL))
+ || !TEST_true(ossl_ed448_sign(NULL, outsig, msg2, sizeof(msg2),
+ pubkey2, privkey2, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig2, outsig, sizeof(sig2)), 0)
- || !TEST_true(ED448_sign(NULL, outsig, msg3, sizeof(msg3), pubkey3,
- privkey3, context3, sizeof(context3), NULL))
+ || !TEST_true(ossl_ed448_sign(NULL, outsig, msg3, sizeof(msg3),
+ pubkey3, privkey3, context3,
+ sizeof(context3), NULL))
|| !TEST_int_eq(memcmp(sig3, outsig, sizeof(sig3)), 0)
- || !TEST_true(ED448_sign(NULL, outsig, msg4, sizeof(msg4), pubkey4,
- privkey4, NULL, 0, NULL))
+ || !TEST_true(ossl_ed448_sign(NULL, outsig, msg4, sizeof(msg4),
+ pubkey4, privkey4, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig4, outsig, sizeof(sig4)), 0)
- || !TEST_true(ED448_sign(NULL, outsig, msg5, sizeof(msg5), pubkey5,
- privkey5, NULL, 0, NULL))
+ || !TEST_true(ossl_ed448_sign(NULL, outsig, msg5, sizeof(msg5),
+ pubkey5, privkey5, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig5, outsig, sizeof(sig5)), 0)
- || !TEST_true(ED448_sign(NULL, outsig, msg6, sizeof(msg6), pubkey6,
- privkey6, NULL, 0, NULL))
+ || !TEST_true(ossl_ed448_sign(NULL, outsig, msg6, sizeof(msg6),
+ pubkey6, privkey6, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig6, outsig, sizeof(sig6)), 0)
- || !TEST_true(ED448_sign(NULL, outsig, msg7, sizeof(msg7), pubkey7,
- privkey7, NULL, 0, NULL))
+ || !TEST_true(ossl_ed448_sign(NULL, outsig, msg7, sizeof(msg7),
+ pubkey7, privkey7, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig7, outsig, sizeof(sig7)), 0)
- || !TEST_true(ED448_sign(NULL, outsig, msg8, sizeof(msg8), pubkey8,
- privkey8, NULL, 0, NULL))
+ || !TEST_true(ossl_ed448_sign(NULL, outsig, msg8, sizeof(msg8),
+ pubkey8, privkey8, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig8, outsig, sizeof(sig8)), 0)
- || !TEST_true(ED448_sign(NULL, outsig, msg9, sizeof(msg9), pubkey9,
- privkey9, NULL, 0, NULL))
+ || !TEST_true(ossl_ed448_sign(NULL, outsig, msg9, sizeof(msg9),
+ pubkey9, privkey9, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0)
- || !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg1,
- sizeof(phmsg1)), phpubkey1, phprivkey1,
- NULL, 0, NULL))
+ || !TEST_true(ossl_ed448ph_sign(NULL, outsig, dohash(hashctx, phmsg1,
+ sizeof(phmsg1)), phpubkey1,
+ phprivkey1, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0)
- || !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg2,
- sizeof(phmsg2)), phpubkey2, phprivkey2,
- phcontext2, sizeof(phcontext2), NULL))
+ || !TEST_true(ossl_ed448ph_sign(NULL, outsig, dohash(hashctx, phmsg2,
+ sizeof(phmsg2)), phpubkey2,
+ phprivkey2, phcontext2,
+ sizeof(phcontext2), NULL))
|| !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) {
EVP_MD_CTX_free(hashctx);
return 0;
/* Curve448 tests */
- if (!TEST_true(X448(out, in_scalar1, in_u1))
+ if (!TEST_true(ossl_x448(out, in_scalar1, in_u1))
|| !TEST_int_eq(memcmp(out, out_u1, sizeof(out)), 0)
- || !TEST_true(X448(out, in_scalar2, in_u2))
+ || !TEST_true(ossl_x448(out, in_scalar2, in_u2))
|| !TEST_int_eq(memcmp(out, out_u2, sizeof(out)), 0))
return 0;
fflush(stdout);
}
- if (!TEST_true(X448(out, k, u)))
+ if (!TEST_true(ossl_x448(out, k, u)))
return 0;
if (i == 1 || i == 1000 || i == 1000000) {