mbed TLS v1.3.21
Data Structures | Macros | Functions
ecdsa.h File Reference

Elliptic curve DSA. More...

#include "ecp.h"
#include "md.h"
Include dependency graph for ecdsa.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  ecdsa_context
 ECDSA context structure. More...
 

Macros

#define POLARSSL_ECDSA_MAX_LEN   ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) )
 Maximum size of an ECDSA signature in bytes. More...
 

Functions

int ecdsa_sign (ecp_group *grp, mpi *r, mpi *s, const mpi *d, const unsigned char *buf, size_t blen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Compute ECDSA signature of a previously hashed message. More...
 
int ecdsa_sign_det (ecp_group *grp, mpi *r, mpi *s, const mpi *d, const unsigned char *buf, size_t blen, md_type_t md_alg)
 Compute ECDSA signature of a previously hashed message (deterministic version) More...
 
int ecdsa_verify (ecp_group *grp, const unsigned char *buf, size_t blen, const ecp_point *Q, const mpi *r, const mpi *s)
 Verify ECDSA signature of a previously hashed message. More...
 
int ecdsa_write_signature (ecdsa_context *ctx, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20. More...
 
int ecdsa_write_signature_det (ecdsa_context *ctx, const unsigned char *hash, size_t hlen, unsigned char *sig, size_t *slen, md_type_t md_alg)
 Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20. More...
 
int ecdsa_read_signature (ecdsa_context *ctx, const unsigned char *hash, size_t hlen, const unsigned char *sig, size_t slen)
 Read and verify an ECDSA signature. More...
 
int ecdsa_genkey (ecdsa_context *ctx, ecp_group_id gid, int(*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 Generate an ECDSA keypair on the given curve. More...
 
int ecdsa_from_keypair (ecdsa_context *ctx, const ecp_keypair *key)
 Set an ECDSA context from an EC key pair. More...
 
void ecdsa_init (ecdsa_context *ctx)
 Initialize context. More...
 
void ecdsa_free (ecdsa_context *ctx)
 Free context. More...
 
int ecdsa_self_test (int verbose)
 Checkup routine. More...
 

Detailed Description

Elliptic curve DSA.

Copyright (C) 2006-2013, ARM Limited, All Rights Reserved

This file is part of mbed TLS (https://tls.mbed.org)

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Definition in file ecdsa.h.

Macro Definition Documentation

#define POLARSSL_ECDSA_MAX_LEN   ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) )

Maximum size of an ECDSA signature in bytes.

Definition at line 45 of file ecdsa.h.

Function Documentation

void ecdsa_free ( ecdsa_context ctx)

Free context.

Parameters
ctxContext to free
int ecdsa_from_keypair ( ecdsa_context ctx,
const ecp_keypair key 
)

Set an ECDSA context from an EC key pair.

Parameters
ctxECDSA context to set
keyEC key to use
Returns
0 on success, or a POLARSSL_ERR_ECP code.
int ecdsa_genkey ( ecdsa_context ctx,
ecp_group_id  gid,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Generate an ECDSA keypair on the given curve.

Parameters
ctxECDSA context in which the keypair should be stored
gidGroup (elliptic curve) to use. One of the various POLARSSL_ECP_DP_XXX macros depending on configuration.
f_rngRNG function
p_rngRNG parameter
Returns
0 on success, or a POLARSSL_ERR_ECP code.
void ecdsa_init ( ecdsa_context ctx)

Initialize context.

Parameters
ctxContext to initialize
int ecdsa_read_signature ( ecdsa_context ctx,
const unsigned char *  hash,
size_t  hlen,
const unsigned char *  sig,
size_t  slen 
)

Read and verify an ECDSA signature.

Parameters
ctxECDSA context
hashMessage hash
hlenSize of hash
sigSignature to read and verify
slenSize of sig
Note
If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.4 step 3.
Returns
0 if successful, POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid, POLARSSL_ERR_ECP_SIG_LEN_MISTMATCH if the signature is valid but its actual length is less than siglen, or a POLARSSL_ERR_ECP or POLARSSL_ERR_MPI error code
int ecdsa_self_test ( int  verbose)

Checkup routine.

Returns
0 if successful, or 1 if the test failed
int ecdsa_sign ( ecp_group grp,
mpi r,
mpi s,
const mpi d,
const unsigned char *  buf,
size_t  blen,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Compute ECDSA signature of a previously hashed message.

Parameters
grpECP group
rFirst output integer
sSecond output integer
dPrivate signing key
bufMessage hash
blenLength of buf
f_rngRNG function
p_rngRNG parameter
Note
If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.3 step 5.
Returns
0 if successful, or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
int ecdsa_sign_det ( ecp_group grp,
mpi r,
mpi s,
const mpi d,
const unsigned char *  buf,
size_t  blen,
md_type_t  md_alg 
)

Compute ECDSA signature of a previously hashed message (deterministic version)

Parameters
grpECP group
rFirst output integer
sSecond output integer
dPrivate signing key
bufMessage hash
blenLength of buf
md_algMD algorithm used to hash the message
Note
If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.3 step 5.
Returns
0 if successful, or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
int ecdsa_verify ( ecp_group grp,
const unsigned char *  buf,
size_t  blen,
const ecp_point Q,
const mpi r,
const mpi s 
)

Verify ECDSA signature of a previously hashed message.

Parameters
grpECP group
bufMessage hash
blenLength of buf
QPublic key to use for verification
rFirst integer of the signature
sSecond integer of the signature
Note
If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.4 step 3.
Returns
0 if successful, POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
int ecdsa_write_signature ( ecdsa_context ctx,
const unsigned char *  hash,
size_t  hlen,
unsigned char *  sig,
size_t *  slen,
int(*)(void *, unsigned char *, size_t)  f_rng,
void *  p_rng 
)

Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20.

(Not thread-safe to use same context in multiple threads)

Parameters
ctxECDSA context
hashMessage hash
hlenLength of hash
sigBuffer that will hold the signature
slenLength of the signature written
f_rngRNG function
p_rngRNG parameter
Note
The "sig" buffer must be at least as large as twice the size of the curve used, plus 7 (eg. 71 bytes if a 256-bit curve is used).
If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.3 step 5.
Returns
0 if successful, or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or POLARSSL_ERR_ASN1 error code
int ecdsa_write_signature_det ( ecdsa_context ctx,
const unsigned char *  hash,
size_t  hlen,
unsigned char *  sig,
size_t *  slen,
md_type_t  md_alg 
)

Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20.

Deterministic version, RFC 6979. (Not thread-safe to use same context in multiple threads)

Parameters
ctxECDSA context
hashMessage hash
hlenLength of hash
sigBuffer that will hold the signature
slenLength of the signature written
md_algMD algorithm used to hash the message
Note
The "sig" buffer must be at least as large as twice the size of the curve used, plus 7 (eg. 71 bytes if a 256-bit curve is used).
Returns
0 if successful, or a POLARSSL_ERR_ECP, POLARSSL_ERR_MPI or POLARSSL_ERR_ASN1 error code