mldsa.h 2.0 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162
  1. /* SPDX-License-Identifier: GPL-2.0-or-later */
  2. /*
  3. * Support for verifying ML-DSA signatures
  4. *
  5. * Copyright 2025 Google LLC
  6. */
  7. #ifndef _CRYPTO_MLDSA_H
  8. #define _CRYPTO_MLDSA_H
  9. #include <linux/types.h>
  10. /* Identifier for an ML-DSA parameter set */
  11. enum mldsa_alg {
  12. MLDSA44, /* ML-DSA-44 */
  13. MLDSA65, /* ML-DSA-65 */
  14. MLDSA87, /* ML-DSA-87 */
  15. };
  16. /* Lengths of ML-DSA public keys and signatures in bytes */
  17. #define MLDSA44_PUBLIC_KEY_SIZE 1312
  18. #define MLDSA65_PUBLIC_KEY_SIZE 1952
  19. #define MLDSA87_PUBLIC_KEY_SIZE 2592
  20. #define MLDSA44_SIGNATURE_SIZE 2420
  21. #define MLDSA65_SIGNATURE_SIZE 3309
  22. #define MLDSA87_SIGNATURE_SIZE 4627
  23. /**
  24. * mldsa_verify() - Verify an ML-DSA signature
  25. * @alg: The ML-DSA parameter set to use
  26. * @sig: The signature
  27. * @sig_len: Length of the signature in bytes. Should match the
  28. * MLDSA*_SIGNATURE_SIZE constant associated with @alg,
  29. * otherwise -EBADMSG will be returned.
  30. * @msg: The message
  31. * @msg_len: Length of the message in bytes
  32. * @pk: The public key
  33. * @pk_len: Length of the public key in bytes. Should match the
  34. * MLDSA*_PUBLIC_KEY_SIZE constant associated with @alg,
  35. * otherwise -EBADMSG will be returned.
  36. *
  37. * This verifies a signature using pure ML-DSA with the specified parameter set.
  38. * The context string is assumed to be empty. This corresponds to FIPS 204
  39. * Algorithm 3 "ML-DSA.Verify" with the ctx parameter set to the empty string
  40. * and the lengths of the signature and key given explicitly by the caller.
  41. *
  42. * Context: Might sleep
  43. *
  44. * Return:
  45. * * 0 if the signature is valid
  46. * * -EBADMSG if the signature and/or public key is malformed
  47. * * -EKEYREJECTED if the signature is invalid but otherwise well-formed
  48. * * -ENOMEM if out of memory so the validity of the signature is unknown
  49. */
  50. int mldsa_verify(enum mldsa_alg alg, const u8 *sig, size_t sig_len,
  51. const u8 *msg, size_t msg_len, const u8 *pk, size_t pk_len);
  52. #if IS_ENABLED(CONFIG_CRYPTO_LIB_MLDSA_KUNIT_TEST)
  53. /* Internal function, exposed only for unit testing */
  54. s32 mldsa_use_hint(u8 h, s32 r, s32 gamma2);
  55. #endif
  56. #endif /* _CRYPTO_MLDSA_H */