Functions
int	lc_dilithium_ed25519_ctx_alloc (struct lc_dilithium_ed25519_ctx **ctx)
	Allocates Dilithium-ED25519 context on heap.
void	lc_dilithium_ed25519_ctx_zero_free (struct lc_dilithium_ed25519_ctx *ctx)
	Zeroizes and frees Dilithium-ED25519 context on heap.
void	lc_dilithium_ed25519_ctx_zero (struct lc_dilithium_ed25519_ctx *ctx)
	Zeroizes Dilithium-ED25519 context either on heap or on stack.
void	lc_dilithium_ed25519_ctx_hash (struct lc_dilithium_ed25519_ctx ctx, const struct lc_hash hash)
	Set the hash type that was used for pre-hashing the message. The message digest ist used with the HashML-DSA. The message digest is to be provided via the message pointer in the sign/verify APIs.
void	lc_dilithium_ed25519_ctx_internal (struct lc_dilithium_ed25519_ctx *ctx)
	Mark the Dilithium context to execute ML-DSA.Sign_internal / ML-DSA.Verify_internal.
void	lc_dilithium_ed25519_ctx_userctx (struct lc_dilithium_ed25519_ctx ctx, const uint8_t userctx, size_t userctxlen)
	Specify the optional user context string to be applied with the Dilithium-ED25519 signature operation.
void	lc_dilithium_ed25519_ctx_randomizer (struct lc_dilithium_ed25519_ctx ctx, const uint8_t randomizer, size_t randomizerlen)
	Specify the optional randomizer to be applied with the Dilithium-ED25519 signature operation.
enum lc_dilithium_type	lc_dilithium_ed25519_sk_type (const struct lc_dilithium_ed25519_sk *sk)
	Obtain Dilithium type from secret key.
enum lc_dilithium_type	lc_dilithium_ed25519_pk_type (const struct lc_dilithium_ed25519_pk *pk)
	Obtain Dilithium type from public key.
enum lc_dilithium_type	lc_dilithium_ed25519_sig_type (const struct lc_dilithium_ed25519_sig *sig)
	Obtain Dilithium type from signature.
LC_PURE unsigned int	lc_dilithium_ed25519_sk_size (enum lc_dilithium_type dilithium_type)
	Return the size of the Dilithium secret key.
LC_PURE unsigned int	lc_dilithium_ed25519_pk_size (enum lc_dilithium_type dilithium_type)
	Return the size of the Dilithium public key.
LC_PURE unsigned int	lc_dilithium_ed25519_sig_size (enum lc_dilithium_type dilithium_type)
	Return the size of the Dilithium signature.
int	lc_dilithium_ed25519_sk_load (struct lc_dilithium_ed25519_sk sk, const uint8_t dilithium_src_key, size_t dilithium_src_key_len, const uint8_t *ed25519_src_key, size_t ed25519_src_key_len)
	Load a Dilithium secret key provided with a buffer into the leancrypto data structure.
int	lc_dilithium_ed25519_pk_load (struct lc_dilithium_ed25519_pk pk, const uint8_t dilithium_src_key, size_t dilithium_src_key_len, const uint8_t *ed25519_src_key, size_t ed25519_src_key_len)
	Load a Dilithium public key provided with a buffer into the leancrypto data structure.
int	lc_dilithium_ed25519_sig_load (struct lc_dilithium_ed25519_sig sig, const uint8_t dilithium_src_sig, size_t dilithium_src_sig_len, const uint8_t *ed25519_src_sig, size_t ed25519_src_sig_len)
	Load a Dilithium signature provided with a buffer into the leancrypto data structure.
int	lc_dilithium_ed25519_sk_ptr (uint8_t *dilithium_key, size_t dilithium_key_len, uint8_t *ed25519_key, size_t ed25519_key_len, struct lc_dilithium_ed25519_sk *sk)
	Obtain the reference to the Dilithium key and its length.
int	lc_dilithium_ed25519_pk_ptr (uint8_t *dilithium_key, size_t dilithium_key_len, uint8_t *ed25519_key, size_t ed25519_key_len, struct lc_dilithium_ed25519_pk *pk)
	Obtain the reference to the Dilithium key and its length.
int	lc_dilithium_ed25519_sig_ptr (uint8_t *dilithium_sig, size_t dilithium_sig_len, uint8_t *ed25519_sig, size_t ed25519_sig_len, struct lc_dilithium_ed25519_sig *sig)
	Obtain the reference to the Dilithium signature and its length.
int	lc_dilithium_ed25519_keypair (struct lc_dilithium_ed25519_pk pk, struct lc_dilithium_ed25519_sk sk, struct lc_rng_ctx *rng_ctx, enum lc_dilithium_type dilithium_type)
	Generates Dilithium public and private key.
int	lc_dilithium_ed25519_sign (struct lc_dilithium_ed25519_sig sig, const uint8_t m, size_t mlen, const struct lc_dilithium_ed25519_sk sk, struct lc_rng_ctx rng_ctx)
	Computes signature in one shot.
int	lc_dilithium_ed25519_sign_ctx (struct lc_dilithium_ed25519_sig sig, struct lc_dilithium_ed25519_ctx ctx, const uint8_t m, size_t mlen, const struct lc_dilithium_ed25519_sk sk, struct lc_rng_ctx *rng_ctx)
	Computes signature with Dilithium context in one shot.
int	lc_dilithium_ed25519_sign_init (struct lc_dilithium_ed25519_ctx ctx, const struct lc_dilithium_ed25519_sk sk)
	Initializes signature operation in stream mode.
int	lc_dilithium_ed25519_sign_update (struct lc_dilithium_ed25519_ctx ctx, const uint8_t m, size_t mlen)
	Updates signature in stream mode.
int	lc_dilithium_ed25519_sign_final (struct lc_dilithium_ed25519_sig sig, struct lc_dilithium_ed25519_ctx ctx, const struct lc_dilithium_ed25519_sk sk, struct lc_rng_ctx rng_ctx)
	Computes signature in stream mode.
int	lc_dilithium_ed25519_verify (const struct lc_dilithium_ed25519_sig sig, const uint8_t m, size_t mlen, const struct lc_dilithium_ed25519_pk *pk)
	Verifies signature in one shot.
int	lc_dilithium_ed25519_verify_ctx (const struct lc_dilithium_ed25519_sig sig, struct lc_dilithium_ed25519_ctx ctx, const uint8_t m, size_t mlen, const struct lc_dilithium_ed25519_pk pk)
	Verifies signature with Dilithium context in one shot.
int	lc_dilithium_ed25519_verify_init (struct lc_dilithium_ed25519_ctx ctx, const struct lc_dilithium_ed25519_pk pk)
	Initializes signature verification operation in stream mode.
int	lc_dilithium_ed25519_verify_update (struct lc_dilithium_ed25519_ctx ctx, const uint8_t m, size_t mlen)
	Updates signature verification in stream mode.
int	lc_dilithium_ed25519_verify_final (const struct lc_dilithium_ed25519_sig sig, struct lc_dilithium_ed25519_ctx ctx, const struct lc_dilithium_ed25519_pk *pk)
	Verifies signature in stream mode.
int	lc_dilithium_ed448_ctx_alloc (struct lc_dilithium_ed448_ctx **ctx)
	Allocates Dilithium-ED448 context on heap.
void	lc_dilithium_ed448_ctx_zero_free (struct lc_dilithium_ed448_ctx *ctx)
	Zeroizes and frees Dilithium-ED448 context on heap.
void	lc_dilithium_ed448_ctx_zero (struct lc_dilithium_ed448_ctx *ctx)
	Zeroizes Dilithium-ED448 context either on heap or on stack.
void	lc_dilithium_ed448_ctx_hash (struct lc_dilithium_ed448_ctx ctx, const struct lc_hash hash)
	Set the hash type that was used for pre-hashing the message. The message digest ist used with the HashML-DSA. The message digest is to be provided via the message pointer in the sign/verify APIs.
void	lc_dilithium_ed448_ctx_internal (struct lc_dilithium_ed448_ctx *ctx)
	Mark the Dilithium context to execute ML-DSA.Sign_internal / ML-DSA.Verify_internal.
void	lc_dilithium_ed448_ctx_userctx (struct lc_dilithium_ed448_ctx ctx, const uint8_t userctx, size_t userctxlen)
	Specify the optional user context string to be applied with the Dilithium-ED448 signature operation.
void	lc_dilithium_ed448_ctx_randomizer (struct lc_dilithium_ed448_ctx ctx, const uint8_t randomizer, size_t randomizerlen)
	Specify the optional randomizer to be applied with the Dilithium-ED25519 signature operation.
enum lc_dilithium_type	lc_dilithium_ed448_sk_type (const struct lc_dilithium_ed448_sk *sk)
	Obtain Dilithium type from secret key.
enum lc_dilithium_type	lc_dilithium_ed448_pk_type (const struct lc_dilithium_ed448_pk *pk)
	Obtain Dilithium type from public key.
enum lc_dilithium_type	lc_dilithium_ed448_sig_type (const struct lc_dilithium_ed448_sig *sig)
	Obtain Dilithium type from signature.
LC_PURE unsigned int	lc_dilithium_ed448_sk_size (enum lc_dilithium_type dilithium_type)
	Return the size of the Dilithium secret key.
LC_PURE unsigned int	lc_dilithium_ed448_pk_size (enum lc_dilithium_type dilithium_type)
	Return the size of the Dilithium public key.
LC_PURE unsigned int	lc_dilithium_ed448_sig_size (enum lc_dilithium_type dilithium_type)
	Return the size of the Dilithium signature.
int	lc_dilithium_ed448_sk_load (struct lc_dilithium_ed448_sk sk, const uint8_t dilithium_src_key, size_t dilithium_src_key_len, const uint8_t *ed448_src_key, size_t ed448_src_key_len)
	Load a Dilithium secret key provided with a buffer into the leancrypto data structure.
int	lc_dilithium_ed448_pk_load (struct lc_dilithium_ed448_pk pk, const uint8_t dilithium_src_key, size_t dilithium_src_key_len, const uint8_t *ed448_src_key, size_t ed448_src_key_len)
	Load a Dilithium public key provided with a buffer into the leancrypto data structure.
int	lc_dilithium_ed448_sig_load (struct lc_dilithium_ed448_sig sig, const uint8_t dilithium_src_sig, size_t dilithium_src_sig_len, const uint8_t *ed448_src_sig, size_t ed448_src_sig_len)
	Load a Dilithium signature provided with a buffer into the leancrypto data structure.
int	lc_dilithium_ed448_sk_ptr (uint8_t *dilithium_key, size_t dilithium_key_len, uint8_t *ed448_key, size_t ed448_key_len, struct lc_dilithium_ed448_sk *sk)
	Obtain the reference to the Dilithium key and its length.
int	lc_dilithium_ed448_pk_ptr (uint8_t *dilithium_key, size_t dilithium_key_len, uint8_t *ed448_key, size_t ed448_key_len, struct lc_dilithium_ed448_pk *pk)
	Obtain the reference to the Dilithium key and its length.
int	lc_dilithium_ed448_sig_ptr (uint8_t *dilithium_sig, size_t dilithium_sig_len, uint8_t *ed448_sig, size_t ed448_sig_len, struct lc_dilithium_ed448_sig *sig)
	Obtain the reference to the Dilithium signature and its length.
int	lc_dilithium_ed448_keypair (struct lc_dilithium_ed448_pk pk, struct lc_dilithium_ed448_sk sk, struct lc_rng_ctx *rng_ctx, enum lc_dilithium_type dilithium_type)
	Generates Dilithium public and private key.
int	lc_dilithium_ed448_sign (struct lc_dilithium_ed448_sig sig, const uint8_t m, size_t mlen, const struct lc_dilithium_ed448_sk sk, struct lc_rng_ctx rng_ctx)
	Computes signature in one shot.
int	lc_dilithium_ed448_sign_ctx (struct lc_dilithium_ed448_sig sig, struct lc_dilithium_ed448_ctx ctx, const uint8_t m, size_t mlen, const struct lc_dilithium_ed448_sk sk, struct lc_rng_ctx *rng_ctx)
	Computes signature with Dilithium context in one shot.
int	lc_dilithium_ed448_sign_init (struct lc_dilithium_ed448_ctx ctx, const struct lc_dilithium_ed448_sk sk)
	Initializes signature operation in stream mode.
int	lc_dilithium_ed448_sign_update (struct lc_dilithium_ed448_ctx ctx, const uint8_t m, size_t mlen)
	Updates signature in stream mode.
int	lc_dilithium_ed448_sign_final (struct lc_dilithium_ed448_sig sig, struct lc_dilithium_ed448_ctx ctx, const struct lc_dilithium_ed448_sk sk, struct lc_rng_ctx rng_ctx)
	Computes signature in stream mode.
int	lc_dilithium_ed448_verify (const struct lc_dilithium_ed448_sig sig, const uint8_t m, size_t mlen, const struct lc_dilithium_ed448_pk *pk)
	Verifies signature in one shot.
int	lc_dilithium_ed448_verify_ctx (const struct lc_dilithium_ed448_sig sig, struct lc_dilithium_ed448_ctx ctx, const uint8_t m, size_t mlen, const struct lc_dilithium_ed448_pk pk)
	Verifies signature with Dilithium context in one shot.
int	lc_dilithium_ed448_verify_init (struct lc_dilithium_ed448_ctx ctx, const struct lc_dilithium_ed448_pk pk)
	Initializes signature verification operation in stream mode.
int	lc_dilithium_ed448_verify_update (struct lc_dilithium_ed448_ctx ctx, const uint8_t m, size_t mlen)
	Updates signature verification in stream mode.
int	lc_dilithium_ed448_verify_final (const struct lc_dilithium_ed448_sig sig, struct lc_dilithium_ed448_ctx ctx, const struct lc_dilithium_ed448_pk *pk)
	Verifies signature in stream mode.

Detailed Description

The Dilithium hybrid API performs signature operations with Dilithium and the classic ED25519 algorithm at the same time. The API is identical to the Dilithium API and can be used as a drop-in replacement.

ED25519ph is used for the hybrid signature operation compliant to RFC8032 using a NULL context. This approach is taken to support the stream mode operation with init / update / final.

To support the stream mode of the Dilithium signature operation, a context structure is required. This context structure can be allocated either on the stack or heap with LC_DILITHIUM_ED25519_CTX_ON_STACK or lc_dilithium_ed25519_ctx_alloc. The context should be zeroized and freed (only for heap) with lc_dilithium_ed25519_ctx_zero or lc_dilithium_ed25519_ctx_zero_free.

The Dilithium hybrid API performs signature operations with Dilithium and the classic ED448 algorithm at the same time. The API is identical to the Dilithium API and can be used as a drop-in replacement.

ED448ph is used for the hybrid signature operation compliant to RFC8032 using a NULL context. This approach is taken to support the stream mode operation with init / update / final.

To support the stream mode of the Dilithium signature operation, a context structure is required. This context structure can be allocated either on the stack or heap with LC_DILITHIUM_ED448_CTX_ON_STACK or lc_dilithium_ed448_ctx_alloc. The context should be zeroized and freed (only for heap) with lc_dilithium_ed448_ctx_zero or lc_dilithium_ed448_ctx_zero_free.

Note: The APIs for ML-DSA ED25519 and ED448 are identical. You can switch between both by simply applying a global search and replace of 25519 <-> 448.

Function Documentation

◆ lc_dilithium_ed25519_ctx_alloc()

int lc_dilithium_ed25519_ctx_alloc ( struct lc_dilithium_ed25519_ctx ** ctx )

Allocates Dilithium-ED25519 context on heap.

Parameters

[out] ctx Dilithium-ED25519 context pointer

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed25519_ctx_hash()

void lc_dilithium_ed25519_ctx_hash	(	struct lc_dilithium_ed25519_ctx *	ctx,
		const struct lc_hash *	hash )

Set the hash type that was used for pre-hashing the message. The message digest ist used with the HashML-DSA. The message digest is to be provided via the message pointer in the sign/verify APIs.

Parameters

[in]	ctx	Dilithium-ED25519 context
[in]	hash	Hash context referencing the used hash for pre-hashing the message

◆ lc_dilithium_ed25519_ctx_internal()

void lc_dilithium_ed25519_ctx_internal ( struct lc_dilithium_ed25519_ctx * ctx )

Mark the Dilithium context to execute ML-DSA.Sign_internal / ML-DSA.Verify_internal.

Parameters

[in] ctx Dilithium-ED25519 context

◆ lc_dilithium_ed25519_ctx_randomizer()

void lc_dilithium_ed25519_ctx_randomizer	(	struct lc_dilithium_ed25519_ctx *	ctx,
		const uint8_t *	randomizer,
		size_t	randomizerlen )

Specify the optional randomizer to be applied with the Dilithium-ED25519 signature operation.

Parameters

[in]	ctx	Dilithium-ED25519 context
[in]	randomizer	Randomizer
[in]	randomizerlen	Size of randomizer

◆ lc_dilithium_ed25519_ctx_userctx()

void lc_dilithium_ed25519_ctx_userctx	(	struct lc_dilithium_ed25519_ctx *	ctx,
		const uint8_t *	userctx,
		size_t	userctxlen )

Specify the optional user context string to be applied with the Dilithium-ED25519 signature operation.

Warning: The operation of the HashComposite-ML-DSA operation clears out this context during processing. If this context is reused, the caller MUST set the cotext again.

Parameters

[in]	ctx	Dilithium-ED25519 context
[in]	userctx	User context string
[in]	userctxlen	Size of the user context string

◆ lc_dilithium_ed25519_ctx_zero()

void lc_dilithium_ed25519_ctx_zero ( struct lc_dilithium_ed25519_ctx * ctx )

Zeroizes Dilithium-ED25519 context either on heap or on stack.

Parameters

[out] ctx Dilithium-ED25519 context pointer

◆ lc_dilithium_ed25519_ctx_zero_free()

void lc_dilithium_ed25519_ctx_zero_free ( struct lc_dilithium_ed25519_ctx * ctx )

Zeroizes and frees Dilithium-ED25519 context on heap.

Parameters

[out] ctx Dilithium-ED25519 context pointer

◆ lc_dilithium_ed25519_keypair()

int lc_dilithium_ed25519_keypair	(	struct lc_dilithium_ed25519_pk *	pk,
		struct lc_dilithium_ed25519_sk *	sk,
		struct lc_rng_ctx *	rng_ctx,
		enum lc_dilithium_type	dilithium_type )

Generates Dilithium public and private key.

Parameters

[out]	pk	pointer to allocated output public key
[out]	sk	pointer to allocated output private key
[in]	rng_ctx	pointer to seeded random number generator context
[in]	dilithium_type	type of the Dilithium key to generate

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed25519_pk_load()

int lc_dilithium_ed25519_pk_load	(	struct lc_dilithium_ed25519_pk *	pk,
		const uint8_t *	dilithium_src_key,
		size_t	dilithium_src_key_len,
		const uint8_t *	ed25519_src_key,
		size_t	ed25519_src_key_len )

Load a Dilithium public key provided with a buffer into the leancrypto data structure.

Parameters

[out]	pk	Secret key to be filled (the caller must have it allocated)
[in]	dilithium_src_key	Buffer that holds the Dilithium key to be imported
[in]	dilithium_src_key_len	Buffer length that holds the key to be imported
[in]	ed25519_src_key	Buffer that holds the ED25519 key to be imported
[in]	ed25519_src_key_len	Buffer length that holds the key to be imported

Returns: 0 on success or < 0 on error

◆ lc_dilithium_ed25519_pk_ptr()

int lc_dilithium_ed25519_pk_ptr	(	uint8_t **	dilithium_key,
		size_t *	dilithium_key_len,
		uint8_t **	ed25519_key,
		size_t *	ed25519_key_len,
		struct lc_dilithium_ed25519_pk *	pk )

Obtain the reference to the Dilithium key and its length.

Note: Only pointer references into the leancrypto data structure are returned which implies that any modification will modify the leancrypto key, too.

Parameters

[out]	dilithium_key	Dilithium key pointer
[out]	dilithium_key_len	Length of the key buffer
[out]	ed25519_key	ED25519 key pointer
[out]	ed25519_key_len	ED25519 of the key buffer
[in]	pk	Dilithium publi key from which the references are obtained

Returns: 0 on success, != 0 on error

◆ lc_dilithium_ed25519_pk_size()

LC_PURE unsigned int lc_dilithium_ed25519_pk_size ( enum lc_dilithium_type dilithium_type )

Return the size of the Dilithium public key.

Parameters

[in] dilithium_type Dilithium type for which the size is requested

Returns: requested size

◆ lc_dilithium_ed25519_pk_type()

enum lc_dilithium_type lc_dilithium_ed25519_pk_type ( const struct lc_dilithium_ed25519_pk * pk )

Obtain Dilithium type from public key.

Parameters

[in] pk Public key from which the type is to be obtained

Returns: key type

◆ lc_dilithium_ed25519_sig_load()

int lc_dilithium_ed25519_sig_load	(	struct lc_dilithium_ed25519_sig *	sig,
		const uint8_t *	dilithium_src_sig,
		size_t	dilithium_src_sig_len,
		const uint8_t *	ed25519_src_sig,
		size_t	ed25519_src_sig_len )

Load a Dilithium signature provided with a buffer into the leancrypto data structure.

Parameters

[out]	sig	Secret key to be filled (the caller must have it allocated)
[in]	dilithium_src_sig	Buffer that holds the Dilithium signature to be imported
[in]	dilithium_src_sig_len	Buffer length that holds the Dilithium signature to be imported
[in]	ed25519_src_sig	Buffer that holds the ED25519 signature to be imported
[in]	ed25519_src_sig_len	Buffer length that holds the ED25519 signature to be imported

Returns: 0 on success or < 0 on error

◆ lc_dilithium_ed25519_sig_ptr()

int lc_dilithium_ed25519_sig_ptr	(	uint8_t **	dilithium_sig,
		size_t *	dilithium_sig_len,
		uint8_t **	ed25519_sig,
		size_t *	ed25519_sig_len,
		struct lc_dilithium_ed25519_sig *	sig )

Obtain the reference to the Dilithium signature and its length.

Note: Only pointer references into the leancrypto data structure are returned which implies that any modification will modify the leancrypto signature, too.

Parameters

[out]	dilithium_sig	Dilithium signature pointer
[out]	dilithium_sig_len	Length of the signature buffer
[out]	ed25519_sig	ED25519 signature pointer
[out]	ed25519_sig_len	ED25519 of the signature buffer
[in]	sig	Dilithium signature from which the references are obtained

Returns: 0 on success, != 0 on error

◆ lc_dilithium_ed25519_sig_size()

LC_PURE unsigned int lc_dilithium_ed25519_sig_size ( enum lc_dilithium_type dilithium_type )

Return the size of the Dilithium signature.

Parameters

[in] dilithium_type Dilithium type for which the size is requested

Returns: requested size

◆ lc_dilithium_ed25519_sig_type()

enum lc_dilithium_type lc_dilithium_ed25519_sig_type ( const struct lc_dilithium_ed25519_sig * sig )

Obtain Dilithium type from signature.

Parameters

[in] sig Signature from which the type is to be obtained

Returns: key type

◆ lc_dilithium_ed25519_sign()

int lc_dilithium_ed25519_sign	(	struct lc_dilithium_ed25519_sig *	sig,
		const uint8_t *	m,
		size_t	mlen,
		const struct lc_dilithium_ed25519_sk *	sk,
		struct lc_rng_ctx *	rng_ctx )

Computes signature in one shot.

Note: The one-shot API provides the algorithm of Composite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html

Parameters

[out]	sig	pointer to output signature
[in]	m	pointer to message to be signed
[in]	mlen	length of message
[in]	sk	pointer to bit-packed secret key
[in]	rng_ctx	pointer to seeded random number generator context - when pointer is non-NULL, perform a randomized signing. Otherwise use deterministic signing.

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed25519_sign_ctx()

int lc_dilithium_ed25519_sign_ctx	(	struct lc_dilithium_ed25519_sig *	sig,
		struct lc_dilithium_ed25519_ctx *	ctx,
		const uint8_t *	m,
		size_t	mlen,
		const struct lc_dilithium_ed25519_sk *	sk,
		struct lc_rng_ctx *	rng_ctx )

Computes signature with Dilithium context in one shot.

This API allows the caller to provide an arbitrary context buffer which is hashed together with the message to form the message digest to be signed.

Note: The one-shot API provides the algorithm of Composite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html If the caller specifies a hash algorithm as pre-hash algorithm in the context via lc_dilithium_ctx_hash then only the ML-DSA part is affected and changed into a HashML-DSA which implies that the resulting operation is still Composite-ML-DSA but with a HashML-DSA used internally - i.e. the resulting algorithm does not comply to any standard. Therefore, it is best to not use this method.

Parameters

[out]	sig	pointer to output signature
[in]	ctx	reference to the allocated Dilithium context handle
[in]	m	pointer to message to be signed
[in]	mlen	length of message
[in]	sk	pointer to bit-packed secret key
[in]	rng_ctx	pointer to seeded random number generator context - when pointer is non-NULL, perform a randomized signing. Otherwise use deterministic signing.

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed25519_sign_final()

int lc_dilithium_ed25519_sign_final	(	struct lc_dilithium_ed25519_sig *	sig,
		struct lc_dilithium_ed25519_ctx *	ctx,
		const struct lc_dilithium_ed25519_sk *	sk,
		struct lc_rng_ctx *	rng_ctx )

Computes signature in stream mode.

Parameters

[out]	sig	pointer to output signature
[in]	ctx	Dilithium-ED25519 context pointer
[in]	sk	pointer to bit-packed secret key
[in]	rng_ctx	pointer to seeded random number generator context - when pointer is non-NULL, perform a randomized signing. Otherwise use deterministic signing.

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed25519_sign_init()

int lc_dilithium_ed25519_sign_init	(	struct lc_dilithium_ed25519_ctx *	ctx,
		const struct lc_dilithium_ed25519_sk *	sk )

Initializes signature operation in stream mode.

Note: The stream API provides the algorithm of HashComposite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html. The reason is that ED25519 cannot operate in stream mode and thus must be turned into using a pre-hashed message.

Parameters

[in]	ctx	Dilithium-ED25519 context pointer
[in]	sk	pointer to bit-packed secret key

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed25519_sign_update()

int lc_dilithium_ed25519_sign_update	(	struct lc_dilithium_ed25519_ctx *	ctx,
		const uint8_t *	m,
		size_t	mlen )

Updates signature in stream mode.

Parameters

[in]	ctx	Dilithium-ED25519 context pointer
[in]	m	pointer to message to be signed
[in]	mlen	length of message

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed25519_sk_load()

int lc_dilithium_ed25519_sk_load	(	struct lc_dilithium_ed25519_sk *	sk,
		const uint8_t *	dilithium_src_key,
		size_t	dilithium_src_key_len,
		const uint8_t *	ed25519_src_key,
		size_t	ed25519_src_key_len )

Load a Dilithium secret key provided with a buffer into the leancrypto data structure.

Parameters

[out]	sk	Secret key to be filled (the caller must have it allocated)
[in]	dilithium_src_key	Buffer that holds the Dilithium key to be imported
[in]	dilithium_src_key_len	Buffer length that holds the key to be imported
[in]	ed25519_src_key	Buffer that holds the ED25519 key to be imported
[in]	ed25519_src_key_len	Buffer length that holds the key to be imported

Returns: 0 on success or < 0 on error

◆ lc_dilithium_ed25519_sk_ptr()

int lc_dilithium_ed25519_sk_ptr	(	uint8_t **	dilithium_key,
		size_t *	dilithium_key_len,
		uint8_t **	ed25519_key,
		size_t *	ed25519_key_len,
		struct lc_dilithium_ed25519_sk *	sk )

Obtain the reference to the Dilithium key and its length.

Note: Only pointer references into the leancrypto data structure are returned which implies that any modification will modify the leancrypto key, too.

Parameters

[out]	dilithium_key	Dilithium key pointer
[out]	dilithium_key_len	Length of the key buffer
[out]	ed25519_key	ED25519 key pointer
[out]	ed25519_key_len	ED25519 of the key buffer
[in]	sk	Dilithium secret key from which the references are obtained

Returns: 0 on success, != 0 on error

◆ lc_dilithium_ed25519_sk_size()

LC_PURE unsigned int lc_dilithium_ed25519_sk_size ( enum lc_dilithium_type dilithium_type )

Return the size of the Dilithium secret key.

Parameters

[in] dilithium_type Dilithium type for which the size is requested

Returns: requested size

◆ lc_dilithium_ed25519_sk_type()

enum lc_dilithium_type lc_dilithium_ed25519_sk_type ( const struct lc_dilithium_ed25519_sk * sk )

Obtain Dilithium type from secret key.

Parameters

[in] sk Secret key from which the type is to be obtained

Returns: key type

◆ lc_dilithium_ed25519_verify()

int lc_dilithium_ed25519_verify	(	const struct lc_dilithium_ed25519_sig *	sig,
		const uint8_t *	m,
		size_t	mlen,
		const struct lc_dilithium_ed25519_pk *	pk )

Verifies signature in one shot.

Note: The one-shot API provides the algorithm of Composite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html

Parameters

[in]	sig	pointer to input signature
[in]	m	pointer to message
[in]	mlen	length of message
[in]	pk	pointer to bit-packed public key

Returns: 0 if signature could be verified correctly and -EBADMSG when signature cannot be verified, < 0 on other errors

◆ lc_dilithium_ed25519_verify_ctx()

int lc_dilithium_ed25519_verify_ctx	(	const struct lc_dilithium_ed25519_sig *	sig,
		struct lc_dilithium_ed25519_ctx *	ctx,
		const uint8_t *	m,
		size_t	mlen,
		const struct lc_dilithium_ed25519_pk *	pk )

Verifies signature with Dilithium context in one shot.

This API allows the caller to provide an arbitrary context buffer which is hashed together with the message to form the message digest to be signed.

Note: The one-shot API provides the algorithm of Composite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html If the caller specifies a hash algorithm as pre-hash algorithm in the context via lc_dilithium_ctx_hash then only the ML-DSA part is affected and changed into a HashML-DSA which implies that the resulting operation is still Composite-ML-DSA but with a HashML-DSA used internally - i.e. the resulting algorithm does not comply to any standard. Therefore, it is best to not use this method.

Parameters

[in]	sig	pointer to input signature
[in]	ctx	reference to the allocated Dilithium context handle
[in]	m	pointer to message
[in]	mlen	length of message
[in]	pk	pointer to bit-packed public key

Returns: 0 if signature could be verified correctly and -EBADMSG when signature cannot be verified, < 0 on other errors

◆ lc_dilithium_ed25519_verify_final()

int lc_dilithium_ed25519_verify_final	(	const struct lc_dilithium_ed25519_sig *	sig,
		struct lc_dilithium_ed25519_ctx *	ctx,
		const struct lc_dilithium_ed25519_pk *	pk )

Verifies signature in stream mode.

Parameters

[in]	sig	pointer to input signatur
[in]	ctx	Dilithium-ED25519 context pointer
[in]	pk	pointer to bit-packed public key

Returns: 0 if signature could be verified correctly and -EBADMSG when signature cannot be verified, < 0 on other errors

◆ lc_dilithium_ed25519_verify_init()

int lc_dilithium_ed25519_verify_init	(	struct lc_dilithium_ed25519_ctx *	ctx,
		const struct lc_dilithium_ed25519_pk *	pk )

Initializes signature verification operation in stream mode.

Note: The stream API provides the algorithm of HashComposite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html. The reason is that ED25519 cannot operate in stream mode and thus must be turned into using a pre-hashed message.

Parameters

[in]	ctx	Dilithium-ED25519 context pointer
[in]	pk	pointer to bit-packed public key

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed25519_verify_update()

int lc_dilithium_ed25519_verify_update	(	struct lc_dilithium_ed25519_ctx *	ctx,
		const uint8_t *	m,
		size_t	mlen )

Updates signature verification in stream mode.

Parameters

[in]	ctx	Dilithium-ED25519 context pointer
[in]	m	pointer to message to be signed
[in]	mlen	length of message

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed448_ctx_alloc()

int lc_dilithium_ed448_ctx_alloc ( struct lc_dilithium_ed448_ctx ** ctx )

Allocates Dilithium-ED448 context on heap.

Parameters

[out] ctx Dilithium-ED448 context pointer

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed448_ctx_hash()

void lc_dilithium_ed448_ctx_hash	(	struct lc_dilithium_ed448_ctx *	ctx,
		const struct lc_hash *	hash )

Set the hash type that was used for pre-hashing the message. The message digest ist used with the HashML-DSA. The message digest is to be provided via the message pointer in the sign/verify APIs.

Parameters

[in]	ctx	Dilithium-ED448 context
[in]	hash	Hash context referencing the used hash for pre-hashing the message

◆ lc_dilithium_ed448_ctx_internal()

void lc_dilithium_ed448_ctx_internal ( struct lc_dilithium_ed448_ctx * ctx )

Mark the Dilithium context to execute ML-DSA.Sign_internal / ML-DSA.Verify_internal.

Parameters

[in] ctx Dilithium-ED448 context

◆ lc_dilithium_ed448_ctx_randomizer()

void lc_dilithium_ed448_ctx_randomizer	(	struct lc_dilithium_ed448_ctx *	ctx,
		const uint8_t *	randomizer,
		size_t	randomizerlen )

Specify the optional randomizer to be applied with the Dilithium-ED25519 signature operation.

Parameters

[in]	ctx	Dilithium-ED25519 context
[in]	randomizer	Randomizer
[in]	randomizerlen	Size of randomizer

◆ lc_dilithium_ed448_ctx_userctx()

void lc_dilithium_ed448_ctx_userctx	(	struct lc_dilithium_ed448_ctx *	ctx,
		const uint8_t *	userctx,
		size_t	userctxlen )

Specify the optional user context string to be applied with the Dilithium-ED448 signature operation.

Warning: The operation of the HashComposite-ML-DSA operation clears out this context during processing. If this context is reused, the caller MUST set the cotext again.

Parameters

[in]	ctx	Dilithium-ED448 context
[in]	userctx	User context string
[in]	userctxlen	Size of the user context string

◆ lc_dilithium_ed448_ctx_zero()

void lc_dilithium_ed448_ctx_zero ( struct lc_dilithium_ed448_ctx * ctx )

Zeroizes Dilithium-ED448 context either on heap or on stack.

Parameters

[out] ctx Dilithium-ED448 context pointer

◆ lc_dilithium_ed448_ctx_zero_free()

void lc_dilithium_ed448_ctx_zero_free ( struct lc_dilithium_ed448_ctx * ctx )

Zeroizes and frees Dilithium-ED448 context on heap.

Parameters

[out] ctx Dilithium-ED448 context pointer

◆ lc_dilithium_ed448_keypair()

int lc_dilithium_ed448_keypair	(	struct lc_dilithium_ed448_pk *	pk,
		struct lc_dilithium_ed448_sk *	sk,
		struct lc_rng_ctx *	rng_ctx,
		enum lc_dilithium_type	dilithium_type )

Generates Dilithium public and private key.

Parameters

[out]	pk	pointer to allocated output public key
[out]	sk	pointer to allocated output private key
[in]	rng_ctx	pointer to seeded random number generator context
[in]	dilithium_type	type of the Dilithium key to generate

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed448_pk_load()

int lc_dilithium_ed448_pk_load	(	struct lc_dilithium_ed448_pk *	pk,
		const uint8_t *	dilithium_src_key,
		size_t	dilithium_src_key_len,
		const uint8_t *	ed448_src_key,
		size_t	ed448_src_key_len )

Load a Dilithium public key provided with a buffer into the leancrypto data structure.

Parameters

[out]	pk	Secret key to be filled (the caller must have it allocated)
[in]	dilithium_src_key	Buffer that holds the Dilithium key to be imported
[in]	dilithium_src_key_len	Buffer length that holds the key to be imported
[in]	ed448_src_key	Buffer that holds the ED448 key to be imported
[in]	ed448_src_key_len	Buffer length that holds the key to be imported

Returns: 0 on success or < 0 on error

◆ lc_dilithium_ed448_pk_ptr()

int lc_dilithium_ed448_pk_ptr	(	uint8_t **	dilithium_key,
		size_t *	dilithium_key_len,
		uint8_t **	ed448_key,
		size_t *	ed448_key_len,
		struct lc_dilithium_ed448_pk *	pk )

Obtain the reference to the Dilithium key and its length.

Note: Only pointer references into the leancrypto data structure are returned which implies that any modification will modify the leancrypto key, too.

Parameters

[out]	dilithium_key	Dilithium key pointer
[out]	dilithium_key_len	Length of the key buffer
[out]	ed448_key	ED448 key pointer
[out]	ed448_key_len	ED448 of the key buffer
[in]	pk	Dilithium publi key from which the references are obtained

Returns: 0 on success, != 0 on error

◆ lc_dilithium_ed448_pk_size()

LC_PURE unsigned int lc_dilithium_ed448_pk_size ( enum lc_dilithium_type dilithium_type )

Return the size of the Dilithium public key.

Parameters

[in] dilithium_type Dilithium type for which the size is requested

Returns: requested size

◆ lc_dilithium_ed448_pk_type()

enum lc_dilithium_type lc_dilithium_ed448_pk_type ( const struct lc_dilithium_ed448_pk * pk )

Obtain Dilithium type from public key.

Parameters

[in] pk Public key from which the type is to be obtained

Returns: key type

◆ lc_dilithium_ed448_sig_load()

int lc_dilithium_ed448_sig_load	(	struct lc_dilithium_ed448_sig *	sig,
		const uint8_t *	dilithium_src_sig,
		size_t	dilithium_src_sig_len,
		const uint8_t *	ed448_src_sig,
		size_t	ed448_src_sig_len )

Load a Dilithium signature provided with a buffer into the leancrypto data structure.

Parameters

[out]	sig	Secret key to be filled (the caller must have it allocated)
[in]	dilithium_src_sig	Buffer that holds the Dilithium signature to be imported
[in]	dilithium_src_sig_len	Buffer length that holds the Dilithium signature to be imported
[in]	ed448_src_sig	Buffer that holds the ED448 signature to be imported
[in]	ed448_src_sig_len	Buffer length that holds the ED448 signature to be imported

Returns: 0 on success or < 0 on error

◆ lc_dilithium_ed448_sig_ptr()

int lc_dilithium_ed448_sig_ptr	(	uint8_t **	dilithium_sig,
		size_t *	dilithium_sig_len,
		uint8_t **	ed448_sig,
		size_t *	ed448_sig_len,
		struct lc_dilithium_ed448_sig *	sig )

Obtain the reference to the Dilithium signature and its length.

Note: Only pointer references into the leancrypto data structure are returned which implies that any modification will modify the leancrypto signature, too.

Parameters

[out]	dilithium_sig	Dilithium signature pointer
[out]	dilithium_sig_len	Length of the signature buffer
[out]	ed448_sig	ED448 signature pointer
[out]	ed448_sig_len	ED448 of the signature buffer
[in]	sig	Dilithium signature from which the references are obtained

Returns: 0 on success, != 0 on error

◆ lc_dilithium_ed448_sig_size()

LC_PURE unsigned int lc_dilithium_ed448_sig_size ( enum lc_dilithium_type dilithium_type )

Return the size of the Dilithium signature.

Parameters

[in] dilithium_type Dilithium type for which the size is requested

Returns: requested size

◆ lc_dilithium_ed448_sig_type()

enum lc_dilithium_type lc_dilithium_ed448_sig_type ( const struct lc_dilithium_ed448_sig * sig )

Obtain Dilithium type from signature.

Parameters

[in] sig Signature from which the type is to be obtained

Returns: key type

◆ lc_dilithium_ed448_sign()

int lc_dilithium_ed448_sign	(	struct lc_dilithium_ed448_sig *	sig,
		const uint8_t *	m,
		size_t	mlen,
		const struct lc_dilithium_ed448_sk *	sk,
		struct lc_rng_ctx *	rng_ctx )

Computes signature in one shot.

Note: The one-shot API provides the algorithm of Composite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html

Parameters

[out]	sig	pointer to output signature
[in]	m	pointer to message to be signed
[in]	mlen	length of message
[in]	sk	pointer to bit-packed secret key
[in]	rng_ctx	pointer to seeded random number generator context - when pointer is non-NULL, perform a randomized signing. Otherwise use deterministic signing.

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed448_sign_ctx()

int lc_dilithium_ed448_sign_ctx	(	struct lc_dilithium_ed448_sig *	sig,
		struct lc_dilithium_ed448_ctx *	ctx,
		const uint8_t *	m,
		size_t	mlen,
		const struct lc_dilithium_ed448_sk *	sk,
		struct lc_rng_ctx *	rng_ctx )

Computes signature with Dilithium context in one shot.

This API allows the caller to provide an arbitrary context buffer which is hashed together with the message to form the message digest to be signed.

Note: The one-shot API provides the algorithm of Composite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html If the caller specifies a hash algorithm as pre-hash algorithm in the context via lc_dilithium_ctx_hash then only the ML-DSA part is affected and changed into a HashML-DSA which implies that the resulting operation is still Composite-ML-DSA but with a HashML-DSA used internally - i.e. the resulting algorithm does not comply to any standard. Therefore, it is best to not use this method.

Parameters

[out]	sig	pointer to output signature
[in]	ctx	reference to the allocated Dilithium context handle
[in]	m	pointer to message to be signed
[in]	mlen	length of message
[in]	sk	pointer to bit-packed secret key
[in]	rng_ctx	pointer to seeded random number generator context - when pointer is non-NULL, perform a randomized signing. Otherwise use deterministic signing.

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed448_sign_final()

int lc_dilithium_ed448_sign_final	(	struct lc_dilithium_ed448_sig *	sig,
		struct lc_dilithium_ed448_ctx *	ctx,
		const struct lc_dilithium_ed448_sk *	sk,
		struct lc_rng_ctx *	rng_ctx )

Computes signature in stream mode.

Parameters

[out]	sig	pointer to output signature
[in]	ctx	Dilithium-ED448 context pointer
[in]	sk	pointer to bit-packed secret key
[in]	rng_ctx	pointer to seeded random number generator context - when pointer is non-NULL, perform a randomized signing. Otherwise use deterministic signing.

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed448_sign_init()

int lc_dilithium_ed448_sign_init	(	struct lc_dilithium_ed448_ctx *	ctx,
		const struct lc_dilithium_ed448_sk *	sk )

Initializes signature operation in stream mode.

Note: The stream API provides the algorithm of HashComposite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html. The reason is that ED448 cannot operate in stream mode and thus must be turned into using a pre-hashed message.

Parameters

[in]	ctx	Dilithium-ED448 context pointer
[in]	sk	pointer to bit-packed secret key

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed448_sign_update()

int lc_dilithium_ed448_sign_update	(	struct lc_dilithium_ed448_ctx *	ctx,
		const uint8_t *	m,
		size_t	mlen )

Updates signature in stream mode.

Parameters

[in]	ctx	Dilithium-ED448 context pointer
[in]	m	pointer to message to be signed
[in]	mlen	length of message

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed448_sk_load()

int lc_dilithium_ed448_sk_load	(	struct lc_dilithium_ed448_sk *	sk,
		const uint8_t *	dilithium_src_key,
		size_t	dilithium_src_key_len,
		const uint8_t *	ed448_src_key,
		size_t	ed448_src_key_len )

Load a Dilithium secret key provided with a buffer into the leancrypto data structure.

Parameters

[out]	sk	Secret key to be filled (the caller must have it allocated)
[in]	dilithium_src_key	Buffer that holds the Dilithium key to be imported
[in]	dilithium_src_key_len	Buffer length that holds the key to be imported
[in]	ed448_src_key	Buffer that holds the ED448 key to be imported
[in]	ed448_src_key_len	Buffer length that holds the key to be imported

Returns: 0 on success or < 0 on error

◆ lc_dilithium_ed448_sk_ptr()

int lc_dilithium_ed448_sk_ptr	(	uint8_t **	dilithium_key,
		size_t *	dilithium_key_len,
		uint8_t **	ed448_key,
		size_t *	ed448_key_len,
		struct lc_dilithium_ed448_sk *	sk )

Obtain the reference to the Dilithium key and its length.

Note: Only pointer references into the leancrypto data structure are returned which implies that any modification will modify the leancrypto key, too.

Parameters

[out]	dilithium_key	Dilithium key pointer
[out]	dilithium_key_len	Length of the key buffer
[out]	ed448_key	ED448 key pointer
[out]	ed448_key_len	ED448 of the key buffer
[in]	sk	Dilithium secret key from which the references are obtained

Returns: 0 on success, != 0 on error

◆ lc_dilithium_ed448_sk_size()

LC_PURE unsigned int lc_dilithium_ed448_sk_size ( enum lc_dilithium_type dilithium_type )

Return the size of the Dilithium secret key.

Parameters

[in] dilithium_type Dilithium type for which the size is requested

Returns: requested size

◆ lc_dilithium_ed448_sk_type()

enum lc_dilithium_type lc_dilithium_ed448_sk_type ( const struct lc_dilithium_ed448_sk * sk )

Obtain Dilithium type from secret key.

Parameters

[in] sk Secret key from which the type is to be obtained

Returns: key type

◆ lc_dilithium_ed448_verify()

int lc_dilithium_ed448_verify	(	const struct lc_dilithium_ed448_sig *	sig,
		const uint8_t *	m,
		size_t	mlen,
		const struct lc_dilithium_ed448_pk *	pk )

Verifies signature in one shot.

Note: The one-shot API provides the algorithm of Composite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html

Parameters

[in]	sig	pointer to input signature
[in]	m	pointer to message
[in]	mlen	length of message
[in]	pk	pointer to bit-packed public key

Returns: 0 if signature could be verified correctly and -EBADMSG when signature cannot be verified, < 0 on other errors

◆ lc_dilithium_ed448_verify_ctx()

int lc_dilithium_ed448_verify_ctx	(	const struct lc_dilithium_ed448_sig *	sig,
		struct lc_dilithium_ed448_ctx *	ctx,
		const uint8_t *	m,
		size_t	mlen,
		const struct lc_dilithium_ed448_pk *	pk )

Verifies signature with Dilithium context in one shot.

This API allows the caller to provide an arbitrary context buffer which is hashed together with the message to form the message digest to be signed.

Note: The one-shot API provides the algorithm of Composite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html If the caller specifies a hash algorithm as pre-hash algorithm in the context via lc_dilithium_ctx_hash then only the ML-DSA part is affected and changed into a HashML-DSA which implies that the resulting operation is still Composite-ML-DSA but with a HashML-DSA used internally - i.e. the resulting algorithm does not comply to any standard. Therefore, it is best to not use this method.

Parameters

[in]	sig	pointer to input signature
[in]	ctx	reference to the allocated Dilithium context handle
[in]	m	pointer to message
[in]	mlen	length of message
[in]	pk	pointer to bit-packed public key

Returns: 0 if signature could be verified correctly and -EBADMSG when signature cannot be verified, < 0 on other errors

◆ lc_dilithium_ed448_verify_final()

int lc_dilithium_ed448_verify_final	(	const struct lc_dilithium_ed448_sig *	sig,
		struct lc_dilithium_ed448_ctx *	ctx,
		const struct lc_dilithium_ed448_pk *	pk )

Verifies signature in stream mode.

Parameters

[in]	sig	pointer to input signatur
[in]	ctx	Dilithium-ED448 context pointer
[in]	pk	pointer to bit-packed public key

Returns: 0 if signature could be verified correctly and -EBADMSG when signature cannot be verified, < 0 on other errors

◆ lc_dilithium_ed448_verify_init()

int lc_dilithium_ed448_verify_init	(	struct lc_dilithium_ed448_ctx *	ctx,
		const struct lc_dilithium_ed448_pk *	pk )

Initializes signature verification operation in stream mode.

Note: The stream API provides the algorithm of HashComposite-ML-DSA as outlined in https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-03.html. The reason is that ED448 cannot operate in stream mode and thus must be turned into using a pre-hashed message.

Parameters

[in]	ctx	Dilithium-ED448 context pointer
[in]	pk	pointer to bit-packed public key

Returns: 0 (success) or < 0 on error

◆ lc_dilithium_ed448_verify_update()

int lc_dilithium_ed448_verify_update	(	struct lc_dilithium_ed448_ctx *	ctx,
		const uint8_t *	m,
		size_t	mlen )

Updates signature verification in stream mode.

Parameters

[in]	ctx	Dilithium-ED448 context pointer
[in]	m	pointer to message to be signed
[in]	mlen	length of message

Returns: 0 (success) or < 0 on error

Functions

Detailed Description

Function Documentation

◆ lc_dilithium_ed25519_ctx_alloc()

◆ lc_dilithium_ed25519_ctx_hash()

◆ lc_dilithium_ed25519_ctx_internal()

◆ lc_dilithium_ed25519_ctx_randomizer()

◆ lc_dilithium_ed25519_ctx_userctx()

◆ lc_dilithium_ed25519_ctx_zero()

◆ lc_dilithium_ed25519_ctx_zero_free()

◆ lc_dilithium_ed25519_keypair()

◆ lc_dilithium_ed25519_pk_load()

◆ lc_dilithium_ed25519_pk_ptr()

◆ lc_dilithium_ed25519_pk_size()

◆ lc_dilithium_ed25519_pk_type()

◆ lc_dilithium_ed25519_sig_load()

◆ lc_dilithium_ed25519_sig_ptr()

◆ lc_dilithium_ed25519_sig_size()

◆ lc_dilithium_ed25519_sig_type()

◆ lc_dilithium_ed25519_sign()

◆ lc_dilithium_ed25519_sign_ctx()

◆ lc_dilithium_ed25519_sign_final()

◆ lc_dilithium_ed25519_sign_init()

◆ lc_dilithium_ed25519_sign_update()

◆ lc_dilithium_ed25519_sk_load()

◆ lc_dilithium_ed25519_sk_ptr()

◆ lc_dilithium_ed25519_sk_size()

◆ lc_dilithium_ed25519_sk_type()

◆ lc_dilithium_ed25519_verify()

◆ lc_dilithium_ed25519_verify_ctx()

◆ lc_dilithium_ed25519_verify_final()

◆ lc_dilithium_ed25519_verify_init()

◆ lc_dilithium_ed25519_verify_update()

◆ lc_dilithium_ed448_ctx_alloc()

◆ lc_dilithium_ed448_ctx_hash()

◆ lc_dilithium_ed448_ctx_internal()

◆ lc_dilithium_ed448_ctx_randomizer()

◆ lc_dilithium_ed448_ctx_userctx()

◆ lc_dilithium_ed448_ctx_zero()

◆ lc_dilithium_ed448_ctx_zero_free()

◆ lc_dilithium_ed448_keypair()

◆ lc_dilithium_ed448_pk_load()

◆ lc_dilithium_ed448_pk_ptr()

◆ lc_dilithium_ed448_pk_size()

◆ lc_dilithium_ed448_pk_type()

◆ lc_dilithium_ed448_sig_load()

◆ lc_dilithium_ed448_sig_ptr()

◆ lc_dilithium_ed448_sig_size()

◆ lc_dilithium_ed448_sig_type()

◆ lc_dilithium_ed448_sign()

◆ lc_dilithium_ed448_sign_ctx()

◆ lc_dilithium_ed448_sign_final()

◆ lc_dilithium_ed448_sign_init()

◆ lc_dilithium_ed448_sign_update()

◆ lc_dilithium_ed448_sk_load()

◆ lc_dilithium_ed448_sk_ptr()

◆ lc_dilithium_ed448_sk_size()

◆ lc_dilithium_ed448_sk_type()

◆ lc_dilithium_ed448_verify()

◆ lc_dilithium_ed448_verify_ctx()

◆ lc_dilithium_ed448_verify_final()

◆ lc_dilithium_ed448_verify_init()

◆ lc_dilithium_ed448_verify_update()