Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/include/crypto/mldsa.h
121794 views
1
/* SPDX-License-Identifier: GPL-2.0-or-later */

2
/*

3
 * Support for verifying ML-DSA signatures

4
 *

5
 * Copyright 2025 Google LLC

6
 */

7
#ifndef _CRYPTO_MLDSA_H

8
#define _CRYPTO_MLDSA_H

9


10
#include <linux/types.h>

11


12
/* Identifier for an ML-DSA parameter set */

13
enum mldsa_alg {

14
	MLDSA44, /* ML-DSA-44 */

15
	MLDSA65, /* ML-DSA-65 */

16
	MLDSA87, /* ML-DSA-87 */

17
};

18


19
/* Lengths of ML-DSA public keys and signatures in bytes */

20
#define MLDSA44_PUBLIC_KEY_SIZE 1312

21
#define MLDSA65_PUBLIC_KEY_SIZE 1952

22
#define MLDSA87_PUBLIC_KEY_SIZE 2592

23
#define MLDSA44_SIGNATURE_SIZE 2420

24
#define MLDSA65_SIGNATURE_SIZE 3309

25
#define MLDSA87_SIGNATURE_SIZE 4627

26


27
/**

28
 * mldsa_verify() - Verify an ML-DSA signature

29
 * @alg: The ML-DSA parameter set to use

30
 * @sig: The signature

31
 * @sig_len: Length of the signature in bytes.  Should match the

32
 *	     MLDSA*_SIGNATURE_SIZE constant associated with @alg,

33
 *	     otherwise -EBADMSG will be returned.

34
 * @msg: The message

35
 * @msg_len: Length of the message in bytes

36
 * @pk: The public key

37
 * @pk_len: Length of the public key in bytes.  Should match the

38
 *	    MLDSA*_PUBLIC_KEY_SIZE constant associated with @alg,

39
 *	    otherwise -EBADMSG will be returned.

40
 *

41
 * This verifies a signature using pure ML-DSA with the specified parameter set.

42
 * The context string is assumed to be empty.  This corresponds to FIPS 204

43
 * Algorithm 3 "ML-DSA.Verify" with the ctx parameter set to the empty string

44
 * and the lengths of the signature and key given explicitly by the caller.

45
 *

46
 * Context: Might sleep

47
 *

48
 * Return:

49
 * * 0 if the signature is valid

50
 * * -EBADMSG if the signature and/or public key is malformed

51
 * * -EKEYREJECTED if the signature is invalid but otherwise well-formed

52
 * * -ENOMEM if out of memory so the validity of the signature is unknown

53
 */

54
int mldsa_verify(enum mldsa_alg alg, const u8 *sig, size_t sig_len,

55
		 const u8 *msg, size_t msg_len, const u8 *pk, size_t pk_len);

56


57
#if IS_ENABLED(CONFIG_CRYPTO_LIB_MLDSA_KUNIT_TEST)

58
/* Internal function, exposed only for unit testing */

59
s32 mldsa_use_hint(u8 h, s32 r, s32 gamma2);

60
#endif

61


62
#endif /* _CRYPTO_MLDSA_H */

63


64