1 /* sakke.h 2 * 3 * Copyright (C) 2006-2021 wolfSSL Inc. 4 * 5 * This file is part of wolfSSL. 6 * 7 * wolfSSL is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * wolfSSL is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, write to the Free Software 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA 20 */ 21 22 /*! 23 \file wolfssl/wolfcrypt/sakke.h 24 */ 25 26 27 #ifndef WOLF_CRYPT_SAKKE_H 28 #define WOLF_CRYPT_SAKKE_H 29 30 #include <wolfssl/wolfcrypt/types.h> 31 32 #ifdef WOLFCRYPT_HAVE_SAKKE 33 34 #include <wolfssl/wolfcrypt/integer.h> 35 #include <wolfssl/wolfcrypt/ecc.h> 36 #include <wolfssl/wolfcrypt/hash.h> 37 #include <wolfssl/wolfcrypt/hmac.h> 38 39 #define WOLFCRYPT_SAKKE_KMS 40 #define WOLFCRYPT_SAKKE_CLIENT 41 42 #define SAKKE_ID_MAX_SIZE 128 43 44 /* Maximum number of loops of attempting to generate a key. */ 45 #ifndef SAKKE_MAX_GEN_COUNT 46 #define SAKKE_MAX_GEN_COUNT 10 47 #endif 48 49 50 /** MP integer in projective form. */ 51 typedef ecc_point mp_proj; 52 53 /** SAKKE ECC parameters in usable format. */ 54 typedef struct SakkeKeyParams { 55 /** Prime as an MP integer. */ 56 mp_int prime; 57 /** Q (order) as an MP integer. */ 58 mp_int q; 59 /** G (pairing base) as an MP integer. */ 60 mp_int g; 61 /** Temporary MP integer used during operations. */ 62 mp_int a; 63 /** Base point for elliptic curve operations as an ECC point. */ 64 ecc_point* base; 65 66 /** Bit indicate prime is set as an MP integer in SAKKE key. */ 67 byte havePrime:1; 68 /** Bit indicates q (order) is set as an MP integer in SAKKE key. */ 69 byte haveQ:1; 70 /** Bit indicates g (pairing base) is set as an MP integer in SAKKE key. */ 71 byte haveG:1; 72 /** Bit indicates a is set as an MP integer in SAKKE key. */ 73 byte haveA:1; 74 /** Bit indicates base point is set as an ECC point in SAKKE key. */ 75 byte haveBase:1; 76 } SakkeKeyParams; 77 78 /** Temporary values to use in SAKKE calculations. */ 79 typedef struct SakkeKeyTmp { 80 /** Temporary MP integer used during operations. */ 81 mp_int m1; 82 /** Temporary MP integer used during operations. */ 83 mp_int m2; 84 85 #ifdef WOLFCRYPT_SAKKE_CLIENT 86 /** Temporary elliptic curve point for use in operations. */ 87 ecc_point* p1; 88 /** Temporary elliptic curve point for use in operations. */ 89 ecc_point* p2; 90 /** Temporary MP projective integer for use in operations. */ 91 mp_proj* p3; 92 #endif 93 } SakkeKeyTmp; 94 95 #ifdef WOLFCRYPT_SAKKE_CLIENT 96 /** SAKKE data for the intermediate point I. */ 97 typedef struct SakkeKeyPointI { 98 /** Temporary elliptic curve point for use in operations. */ 99 ecc_point* i; 100 /** Table associated with point I. */ 101 byte* table; 102 /** Length of table */ 103 int tableLen; 104 /** Identity associated with point I. */ 105 byte id[SAKKE_ID_MAX_SIZE]; 106 /** Size of identity associated with point I. */ 107 word16 idSz; 108 } SakkeKeyPointI; 109 110 /** SAKKE data for the Receiver Secret Key (RSK). */ 111 typedef struct SakkeKeyRsk { 112 /** RSK (Receiver Secret Key). */ 113 ecc_point* rsk; 114 /** Table associated with point I. */ 115 byte* table; 116 /** Length of table */ 117 int tableLen; 118 /** Indicates whether an RSK value has been set. */ 119 byte set:1; 120 } SakkeKeyRsk; 121 #endif 122 123 /** 124 * SAKKE key. 125 */ 126 typedef struct SakkeKey { 127 /** ECC key to perform elliptic curve operations with. */ 128 ecc_key ecc; 129 130 /** ECC parameter in forms that can be used in computation. */ 131 SakkeKeyParams params; 132 /** Temporaries used during calculations. */ 133 SakkeKeyTmp tmp; 134 135 #ifdef WOLFCRYPT_SAKKE_CLIENT 136 /** Data relating to the RSK (Receiver Secret Key). */ 137 SakkeKeyRsk rsk; 138 /** Identity to perform operations with. */ 139 byte id[SAKKE_ID_MAX_SIZE]; 140 /** Size of identity in bytes. */ 141 word16 idSz; 142 143 /** Data relating to the intermediate point I. */ 144 SakkeKeyPointI i; 145 146 /** Generic hash algorithm object. */ 147 wc_HashAlg hash; 148 /** Temporary buffer for use in operations. */ 149 byte data[(MAX_ECC_BYTES * 2) + 1]; 150 #endif 151 152 /** Heap hint for dynamic memory allocation. */ 153 void* heap; 154 155 /** Bit indicates Z, public key, is in montgomery form. */ 156 byte zMont:1; 157 /** Bit indicate MP integers have been initialized. */ 158 byte mpInit:1; 159 } SakkeKey; 160 161 #ifdef __cplusplus 162 extern "C" { 163 #endif 164 165 WOLFSSL_API int wc_InitSakkeKey(SakkeKey* key, void* heap, int devId); 166 WOLFSSL_API int wc_InitSakkeKey_ex(SakkeKey* key, int keySize, int curveId, 167 void* heap, int devId); 168 WOLFSSL_API void wc_FreeSakkeKey(SakkeKey* key); 169 170 WOLFSSL_API int wc_MakeSakkeKey(SakkeKey* key, WC_RNG* rng); 171 WOLFSSL_API int wc_MakeSakkePublicKey(SakkeKey* key, ecc_point* pub); 172 173 WOLFSSL_API int wc_MakeSakkeRsk(SakkeKey* key, const byte* id, word16 idSz, 174 ecc_point* rsk); 175 WOLFSSL_API int wc_ValidateSakkeRsk(SakkeKey* key, const byte* id, word16 idSz, 176 ecc_point* rsk, int* valid); 177 178 WOLFSSL_API int wc_ExportSakkeKey(SakkeKey* key, byte* data, word32* sz); 179 WOLFSSL_API int wc_ImportSakkeKey(SakkeKey* key, const byte* data, word32 sz); 180 WOLFSSL_API int wc_ExportSakkePrivateKey(SakkeKey* key, byte* data, word32* sz); 181 WOLFSSL_API int wc_ImportSakkePrivateKey(SakkeKey* key, const byte* data, 182 word32 sz); 183 WOLFSSL_API int wc_ExportSakkePublicKey(SakkeKey* key, byte* data, 184 word32* sz, int raw); 185 WOLFSSL_API int wc_ImportSakkePublicKey(SakkeKey* key, const byte* data, 186 word32 sz, int trusted); 187 188 WOLFSSL_API int wc_EncodeSakkeRsk(const SakkeKey* key, ecc_point* rsk, 189 byte* out, word32* sz, int raw); 190 WOLFSSL_API int wc_DecodeSakkeRsk(const SakkeKey* key, const byte* data, 191 word32 sz, ecc_point* rsk); 192 WOLFSSL_API int wc_ImportSakkeRsk(SakkeKey* key, const byte* data, word32 sz); 193 194 WOLFSSL_API int wc_GetSakkeAuthSize(SakkeKey* key, word16* authSz); 195 196 WOLFSSL_API int wc_SetSakkeIdentity(SakkeKey* key, const byte* id, word16 idSz); 197 WOLFSSL_API int wc_MakeSakkePointI(SakkeKey* key, const byte* id, word16 idSz); 198 WOLFSSL_API int wc_GetSakkePointI(SakkeKey* key, byte* data, word32* sz); 199 WOLFSSL_API int wc_SetSakkePointI(SakkeKey* key, const byte* id, word16 idSz, 200 const byte* data, word32 sz); 201 WOLFSSL_API int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, 202 word32* len); 203 WOLFSSL_API int wc_SetSakkePointITable(SakkeKey* key, byte* table, word32 len); 204 WOLFSSL_API int wc_ClearSakkePointITable(SakkeKey* key); 205 206 WOLFSSL_API int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key, 207 enum wc_HashType hashType, byte* ssv, word16 ssvSz, byte* auth, 208 word16* authSz); 209 210 WOLFSSL_API int wc_GenerateSakkeRskTable(const SakkeKey* key, 211 const ecc_point* rsk, byte* table, word32* len); 212 WOLFSSL_API int wc_SetSakkeRsk(SakkeKey* key, const ecc_point* rsk, byte* table, 213 word32 len); 214 215 WOLFSSL_API int wc_GenerateSakkeSSV(SakkeKey* key, WC_RNG* rng, byte* ssv, 216 word16* ssvSz); 217 WOLFSSL_API int wc_DeriveSakkeSSV(SakkeKey* key, enum wc_HashType hashType, 218 byte* ssv, word16 ssvSz, const byte* auth, 219 word16 authSz); 220 221 #ifdef __cplusplus 222 } /* extern "C" */ 223 #endif 224 225 #endif /* WOLFCRYPT_HAVE_SAKKE */ 226 227 #endif /* WOLF_CRYPT_SAKKE_H */ 228 229