1 /* 2 * This file is part of the optimized implementation of the Picnic signature scheme. 3 * See the accompanying documentation for complete details. 4 * 5 * The code is provided under the MIT license, see LICENSE for 6 * more details. 7 * SPDX-License-Identifier: MIT 8 */ 9 10 #ifndef PICNIC_H 11 #define PICNIC_H 12 13 #if !defined(PICNIC_EXPORT) 14 #if !defined(PICNIC_STATIC) && (defined(_WIN16) || defined(_WIN32) || defined(_WIN64)) 15 #define PICNIC_EXPORT __declspec(dllimport) 16 #else 17 #define PICNIC_EXPORT 18 #endif 19 #endif 20 21 #if defined(_WIN16) || defined(_WIN32) || defined(_WIN64) 22 #define PICNIC_CALLING_CONVENTION __stdcall 23 #else 24 #define PICNIC_CALLING_CONVENTION 25 #endif 26 27 #include <stddef.h> 28 #include <stdint.h> 29 #include <stdio.h> 30 31 #include "oqs_picnic_macros.h" 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 #define PICNIC_CONCAT2(a, b) a##_##b 38 #define PICNIC_CONCAT(a, b) PICNIC_CONCAT2(a, b) 39 40 /* Block sizes of the LowMC ciphers per parameter */ 41 #define LOWMC_BLOCK_SIZE_Picnic_L1_FS 16 42 #define LOWMC_BLOCK_SIZE_Picnic_L1_UR 16 43 #define LOWMC_BLOCK_SIZE_Picnic_L3_FS 24 44 #define LOWMC_BLOCK_SIZE_Picnic_L3_UR 24 45 #define LOWMC_BLOCK_SIZE_Picnic_L5_FS 32 46 #define LOWMC_BLOCK_SIZE_Picnic_L5_UR 32 47 #define LOWMC_BLOCK_SIZE_Picnic3_L1 17 48 #define LOWMC_BLOCK_SIZE_Picnic3_L3 24 49 #define LOWMC_BLOCK_SIZE_Picnic3_L5 32 50 #define LOWMC_BLOCK_SIZE_Picnic_L1_full 17 51 #define LOWMC_BLOCK_SIZE_Picnic_L3_full 24 52 #define LOWMC_BLOCK_SIZE_Picnic_L5_full 32 53 54 #define LOWMC_BLOCK_SIZE(p) PICNIC_CONCAT(LOWMC_BLOCK_SIZE, p) 55 56 #define PICNIC_PRIVATE_KEY_SIZE(p) (1 + 3 * LOWMC_BLOCK_SIZE(p)) 57 #define PICNIC_PUBLIC_KEY_SIZE(p) (1 + 2 * LOWMC_BLOCK_SIZE(p)) 58 59 /* Max. signature sizes per parameter */ 60 #define PICNIC_SIGNATURE_SIZE_Picnic_L1_FS 34032 61 #define PICNIC_SIGNATURE_SIZE_Picnic_L1_UR 53961 62 #define PICNIC_SIGNATURE_SIZE_Picnic_L3_FS 76772 63 #define PICNIC_SIGNATURE_SIZE_Picnic_L3_UR 121845 64 #define PICNIC_SIGNATURE_SIZE_Picnic_L5_FS 132856 65 #define PICNIC_SIGNATURE_SIZE_Picnic_L5_UR 209506 66 #define PICNIC_SIGNATURE_SIZE_Picnic3_L1 14608 67 #define PICNIC_SIGNATURE_SIZE_Picnic3_L3 35024 68 #define PICNIC_SIGNATURE_SIZE_Picnic3_L5 61024 69 #define PICNIC_SIGNATURE_SIZE_Picnic_L1_full 32061 70 #define PICNIC_SIGNATURE_SIZE_Picnic_L3_full 71179 71 #define PICNIC_SIGNATURE_SIZE_Picnic_L5_full 126286 72 73 #define PICNIC_SIGNATURE_SIZE(p) PICNIC_CONCAT(PICNIC_SIGNATURE_SIZE, p) 74 75 #define PICNIC_MAX_LOWMC_BLOCK_SIZE LOWMC_BLOCK_SIZE(Picnic_L5_UR) 76 #define PICNIC_MAX_PRIVATEKEY_SIZE PICNIC_PRIVATE_KEY_SIZE(Picnic_L5_UR) 77 #define PICNIC_MAX_PUBLICKEY_SIZE PICNIC_PUBLIC_KEY_SIZE(Picnic_L5_UR) 78 #define PICNIC_MAX_SIGNATURE_SIZE PICNIC_SIGNATURE_SIZE(Picnic_L5_UR) 79 80 /** Parameter set names */ 81 typedef enum { 82 PARAMETER_SET_INVALID = 0, 83 /* ZKB++ with LowMC m=10 */ 84 Picnic_L1_FS = 1, 85 Picnic_L1_UR = 2, 86 Picnic_L3_FS = 3, 87 Picnic_L3_UR = 4, 88 Picnic_L5_FS = 5, 89 Picnic_L5_UR = 6, 90 /* KKW with full LowMC */ 91 Picnic3_L1 = 7, 92 Picnic3_L3 = 8, 93 Picnic3_L5 = 9, 94 /* ZKB++ with full LowMC */ 95 Picnic_L1_full = 10, 96 Picnic_L3_full = 11, 97 Picnic_L5_full = 12, 98 PARAMETER_SET_MAX_INDEX = 13 99 } picnic_params_t; 100 101 /** Public key */ 102 typedef struct { 103 uint8_t data[PICNIC_MAX_PUBLICKEY_SIZE]; 104 } picnic_publickey_t; 105 106 /** Private key */ 107 typedef struct { 108 uint8_t data[PICNIC_MAX_PRIVATEKEY_SIZE]; 109 } picnic_privatekey_t; 110 111 /** 112 * Get a string representation of the parameter set. 113 * 114 * @param parameters A parameter set 115 * 116 * @return A null-terminated string describing the parameter set. 117 */ 118 PICNIC_EXPORT const char* PICNIC_CALLING_CONVENTION 119 picnic_get_param_name(picnic_params_t parameters); 120 121 /* Signature API */ 122 123 /** 124 * Key generation function. 125 * Generates a public and private key pair, for the specified parameter set. 126 * 127 * @param[in] parameters The parameter set to use when generating a key. 128 * @param[out] pk The new public key. 129 * @param[out] sk The new private key. 130 * 131 * @return Returns 0 for success, or a nonzero value indicating an error. 132 * 133 * @see picnic_verify(), picnic_sign() 134 */ 135 PICNIC_EXPORT int PICNIC_CALLING_CONVENTION picnic_keygen(picnic_params_t parameters, 136 picnic_publickey_t* pk, 137 picnic_privatekey_t* sk); 138 139 /** 140 * Signature function. 141 * Signs a message with the given keypair. 142 * 143 * @param[in] sk The signer's private key. 144 * @param[in] message The message to be signed. 145 * @param[in] message_len The length of the message, in bytes. 146 * @param[out] signature A buffer to hold the signature. The required size does 147 * not exceed PICNIC_MAX_SIGNATURE_SIZE bytes. The specific max number of 148 * bytes required for a parameter set is given by picnic_signature_size(). Note 149 * that the length of each signature varies slightly, for the parameter sets 150 * using the FS transform. The parameter sets using the Unruh transform have a 151 * fixed length. 152 * @param[in,out] signature_len The length of the provided signature buffer. 153 * On success, this is set to the number of bytes written to the signature buffer. 154 * 155 * @return Returns 0 for success, or a nonzero value indicating an error. 156 * 157 * @see picnic_verify(), picnic_keygen(), picnic_signature_size() 158 */ 159 PICNIC_EXPORT int PICNIC_CALLING_CONVENTION picnic_sign(const picnic_privatekey_t* sk, 160 const uint8_t* message, size_t message_len, 161 uint8_t* signature, size_t* signature_len); 162 163 /** 164 * Get the number of bytes required to hold a signature. 165 * 166 * @param[in] parameters The parameter set of the signature. 167 * 168 * @return The number of bytes required to hold the signature created by 169 * picnic_sign 170 * 171 * @note The size of signatures with parameter sets using the FS transform vary 172 * slightly based on the random choices made during signing. This function 173 * will return a suffcient number of bytes to hold a signature, and the 174 * picnic_sign() function returns the exact number used for a given signature. 175 * 176 * @see picnic_sign() 177 */ 178 PICNIC_EXPORT size_t PICNIC_CALLING_CONVENTION picnic_signature_size(picnic_params_t parameters); 179 180 /** 181 * Verification function. 182 * Verifies a signature is valid with respect to a public key and message. 183 * 184 * @param[in] pk The signer's public key. 185 * @param[in] message The message the signature purpotedly signs. 186 * @param[in] message_len The length of the message, in bytes. 187 * @param[in] signature The signature to verify. 188 * @param[in] signature_len The length of the signature. 189 * 190 * @return Returns 0 for success, indicating a valid signature, or a nonzero 191 * value indicating an error or an invalid signature. 192 * 193 * @see picnic_sign(), picnic_keygen() 194 */ 195 PICNIC_EXPORT int PICNIC_CALLING_CONVENTION picnic_verify(const picnic_publickey_t* pk, 196 const uint8_t* message, 197 size_t message_len, 198 const uint8_t* signature, 199 size_t signature_len); 200 201 /** 202 * Serialize a public key. 203 * 204 * @param[in] key The public key to serialize 205 * @param[out] buf The buffer to write the key to. 206 * Must have size at least PICNIC_MAX_PUBLICKEY_SIZE bytes. 207 * @param[in] buflen The length of buf, in bytes 208 * 209 * @return Returns the number of bytes written. 210 */ 211 PICNIC_EXPORT int PICNIC_CALLING_CONVENTION picnic_write_public_key(const picnic_publickey_t* key, 212 uint8_t* buf, size_t buflen); 213 214 /** 215 * De-serialize a public key. 216 * 217 * @param[out] key The public key object to be populated. 218 * @param[in] buf The buffer to read the public key from. 219 * Must be at least PICNIC_MAX_PUBLICKEY_SIZE bytes. 220 * @param[in] buflen The length of buf, in bytes 221 * 222 * @return Returns 0 on success, or a nonzero value indicating an error. 223 */ 224 PICNIC_EXPORT int PICNIC_CALLING_CONVENTION picnic_read_public_key(picnic_publickey_t* key, 225 const uint8_t* buf, 226 size_t buflen); 227 228 /** 229 * Serialize a private key. 230 * 231 * @param[in] key The private key to serialize 232 * @param[out] buf The buffer to write the key to. 233 * Must have size at least PICNIC_MAX_PRIVATEKEY_SIZE bytes. 234 * @param[in] buflen The length of buf, in bytes 235 * 236 * @return Returns the number of bytes written. 237 */ 238 PICNIC_EXPORT int PICNIC_CALLING_CONVENTION picnic_write_private_key(const picnic_privatekey_t* key, 239 uint8_t* buf, size_t buflen); 240 241 /** 242 * De-serialize a private key. 243 * 244 * @param[out] key The private key object to be populated 245 * @param[in] buf The buffer to read the key from. 246 * Must have size at least PICNIC_MAX_PRIVATEKEY_SIZE bytes. 247 * @param[in] buflen The length of buf, in bytes 248 * 249 * @return Returns 0 on success, or a nonzero value indicating an error. 250 */ 251 PICNIC_EXPORT int PICNIC_CALLING_CONVENTION picnic_read_private_key(picnic_privatekey_t* key, 252 const uint8_t* buf, 253 size_t buflen); 254 255 /** 256 * Check that a key pair is valid. 257 * 258 * @param[in] privatekey The private key to check 259 * @param[in] publickey The public key to check 260 * 261 * @return Returns 0 if the key pair is valid, or a nonzero value indicating an error 262 */ 263 PICNIC_EXPORT int PICNIC_CALLING_CONVENTION 264 picnic_validate_keypair(const picnic_privatekey_t* privatekey, const picnic_publickey_t* publickey); 265 266 /** 267 * Clear data of a private key. 268 * 269 * @param[out] key The private key to clear 270 */ 271 PICNIC_EXPORT void PICNIC_CALLING_CONVENTION picnic_clear_private_key(picnic_privatekey_t* key); 272 273 /** 274 * Compute public key from private key. 275 * 276 * @param[in] privatekey The private key 277 * @param[out] publickey The public key to be populated 278 * @return Returns 0 on success, or a nonzero value indicating an error. 279 **/ 280 PICNIC_EXPORT int PICNIC_CALLING_CONVENTION picnic_sk_to_pk(const picnic_privatekey_t* privatekey, 281 picnic_publickey_t* publickey); 282 283 #ifdef __cplusplus 284 } 285 #endif 286 287 #endif 288