4 * \brief Elliptic curve DSA
6 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
7 * SPDX-License-Identifier: GPL-2.0
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, write to the Free Software Foundation, Inc.,
21 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 * This file is part of mbed TLS (https://tls.mbed.org)
25 #ifndef MBEDTLS_ECDSA_H
26 #define MBEDTLS_ECDSA_H
34 * Ecdsa-Sig-Value ::= SEQUENCE {
40 * 1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s,
41 * twice that + 1 (tag) + 2 (len) for the sequence
42 * (assuming ECP_MAX_BYTES is less than 126 for r and s,
43 * and less than 124 (total len <= 255) for the sequence)
45 #if MBEDTLS_ECP_MAX_BYTES > 124
46 #error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
48 /** Maximum size of an ECDSA signature in bytes */
49 #define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
52 * \brief ECDSA context structure
54 typedef mbedtls_ecp_keypair mbedtls_ecdsa_context
;
61 * \brief Compute ECDSA signature of a previously hashed message
63 * \note The deterministic version is usually prefered.
65 * \param grp ECP group
66 * \param r First output integer
67 * \param s Second output integer
68 * \param d Private signing key
69 * \param buf Message hash
70 * \param blen Length of buf
71 * \param f_rng RNG function
72 * \param p_rng RNG parameter
74 * \return 0 if successful,
75 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
77 int mbedtls_ecdsa_sign( mbedtls_ecp_group
*grp
, mbedtls_mpi
*r
, mbedtls_mpi
*s
,
78 const mbedtls_mpi
*d
, const unsigned char *buf
, size_t blen
,
79 int (*f_rng
)(void *, unsigned char *, size_t), void *p_rng
);
81 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
83 * \brief Compute ECDSA signature of a previously hashed message,
84 * deterministic version (RFC 6979).
86 * \param grp ECP group
87 * \param r First output integer
88 * \param s Second output integer
89 * \param d Private signing key
90 * \param buf Message hash
91 * \param blen Length of buf
92 * \param md_alg MD algorithm used to hash the message
94 * \return 0 if successful,
95 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
97 int mbedtls_ecdsa_sign_det( mbedtls_ecp_group
*grp
, mbedtls_mpi
*r
, mbedtls_mpi
*s
,
98 const mbedtls_mpi
*d
, const unsigned char *buf
, size_t blen
,
99 mbedtls_md_type_t md_alg
);
100 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
103 * \brief Verify ECDSA signature of a previously hashed message
105 * \param grp ECP group
106 * \param buf Message hash
107 * \param blen Length of buf
108 * \param Q Public key to use for verification
109 * \param r First integer of the signature
110 * \param s Second integer of the signature
112 * \return 0 if successful,
113 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
114 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
116 int mbedtls_ecdsa_verify( mbedtls_ecp_group
*grp
,
117 const unsigned char *buf
, size_t blen
,
118 const mbedtls_ecp_point
*Q
, const mbedtls_mpi
*r
, const mbedtls_mpi
*s
);
121 * \brief Compute ECDSA signature and write it to buffer,
122 * serialized as defined in RFC 4492 page 20.
123 * (Not thread-safe to use same context in multiple threads)
125 * \note The deterministice version (RFC 6979) is used if
126 * MBEDTLS_ECDSA_DETERMINISTIC is defined.
128 * \param ctx ECDSA context
129 * \param md_alg Algorithm that was used to hash the message
130 * \param hash Message hash
131 * \param hlen Length of hash
132 * \param sig Buffer that will hold the signature
133 * \param slen Length of the signature written
134 * \param f_rng RNG function
135 * \param p_rng RNG parameter
137 * \note The "sig" buffer must be at least as large as twice the
138 * size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
139 * curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
141 * \return 0 if successful,
142 * or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
143 * MBEDTLS_ERR_ASN1_XXX error code
145 int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context
*ctx
, mbedtls_md_type_t md_alg
,
146 const unsigned char *hash
, size_t hlen
,
147 unsigned char *sig
, size_t *slen
,
148 int (*f_rng
)(void *, unsigned char *, size_t),
151 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
152 #if ! defined(MBEDTLS_DEPRECATED_REMOVED)
153 #if defined(MBEDTLS_DEPRECATED_WARNING)
154 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
156 #define MBEDTLS_DEPRECATED
159 * \brief Compute ECDSA signature and write it to buffer,
160 * serialized as defined in RFC 4492 page 20.
161 * Deterministic version, RFC 6979.
162 * (Not thread-safe to use same context in multiple threads)
164 * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
166 * \param ctx ECDSA context
167 * \param hash Message hash
168 * \param hlen Length of hash
169 * \param sig Buffer that will hold the signature
170 * \param slen Length of the signature written
171 * \param md_alg MD algorithm used to hash the message
173 * \note The "sig" buffer must be at least as large as twice the
174 * size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
175 * curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
177 * \return 0 if successful,
178 * or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
179 * MBEDTLS_ERR_ASN1_XXX error code
181 int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context
*ctx
,
182 const unsigned char *hash
, size_t hlen
,
183 unsigned char *sig
, size_t *slen
,
184 mbedtls_md_type_t md_alg
) MBEDTLS_DEPRECATED
;
185 #undef MBEDTLS_DEPRECATED
186 #endif /* MBEDTLS_DEPRECATED_REMOVED */
187 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
190 * \brief Read and verify an ECDSA signature
192 * \param ctx ECDSA context
193 * \param hash Message hash
194 * \param hlen Size of hash
195 * \param sig Signature to read and verify
196 * \param slen Size of sig
198 * \return 0 if successful,
199 * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
200 * MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
201 * valid but its actual length is less than siglen,
202 * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code
204 int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context
*ctx
,
205 const unsigned char *hash
, size_t hlen
,
206 const unsigned char *sig
, size_t slen
);
209 * \brief Generate an ECDSA keypair on the given curve
211 * \param ctx ECDSA context in which the keypair should be stored
212 * \param gid Group (elliptic curve) to use. One of the various
213 * MBEDTLS_ECP_DP_XXX macros depending on configuration.
214 * \param f_rng RNG function
215 * \param p_rng RNG parameter
217 * \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code.
219 int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context
*ctx
, mbedtls_ecp_group_id gid
,
220 int (*f_rng
)(void *, unsigned char *, size_t), void *p_rng
);
223 * \brief Set an ECDSA context from an EC key pair
225 * \param ctx ECDSA context to set
226 * \param key EC key to use
228 * \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code.
230 int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context
*ctx
, const mbedtls_ecp_keypair
*key
);
233 * \brief Initialize context
235 * \param ctx Context to initialize
237 void mbedtls_ecdsa_init( mbedtls_ecdsa_context
*ctx
);
240 * \brief Free context
242 * \param ctx Context to free
244 void mbedtls_ecdsa_free( mbedtls_ecdsa_context
*ctx
);