Willie Solano
mbed TLS Build
include/mbedtls/ecdsa.h@1:1a219dea6cb5, 2019-06-04 (annotated)
- Committer:
- williequesada
- Date:
- Tue Jun 04 16:03:38 2019 +0000
- Revision:
- 1:1a219dea6cb5
- Parent:
- 0:cdf462088d13
compartir a Pablo
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| markrad | 0:cdf462088d13 | 1 | /** |
| markrad | 0:cdf462088d13 | 2 | * \file ecdsa.h |
| markrad | 0:cdf462088d13 | 3 | * |
| markrad | 0:cdf462088d13 | 4 | * \brief Elliptic curve DSA |
| markrad | 0:cdf462088d13 | 5 | * |
| markrad | 0:cdf462088d13 | 6 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| markrad | 0:cdf462088d13 | 7 | * SPDX-License-Identifier: Apache-2.0 |
| markrad | 0:cdf462088d13 | 8 | * |
| markrad | 0:cdf462088d13 | 9 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| markrad | 0:cdf462088d13 | 10 | * not use this file except in compliance with the License. |
| markrad | 0:cdf462088d13 | 11 | * You may obtain a copy of the License at |
| markrad | 0:cdf462088d13 | 12 | * |
| markrad | 0:cdf462088d13 | 13 | * http://www.apache.org/licenses/LICENSE-2.0 |
| markrad | 0:cdf462088d13 | 14 | * |
| markrad | 0:cdf462088d13 | 15 | * Unless required by applicable law or agreed to in writing, software |
| markrad | 0:cdf462088d13 | 16 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| markrad | 0:cdf462088d13 | 17 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| markrad | 0:cdf462088d13 | 18 | * See the License for the specific language governing permissions and |
| markrad | 0:cdf462088d13 | 19 | * limitations under the License. |
| markrad | 0:cdf462088d13 | 20 | * |
| markrad | 0:cdf462088d13 | 21 | * This file is part of mbed TLS (https://tls.mbed.org) |
| markrad | 0:cdf462088d13 | 22 | */ |
| markrad | 0:cdf462088d13 | 23 | #ifndef MBEDTLS_ECDSA_H |
| markrad | 0:cdf462088d13 | 24 | #define MBEDTLS_ECDSA_H |
| markrad | 0:cdf462088d13 | 25 | |
| markrad | 0:cdf462088d13 | 26 | #include "ecp.h" |
| markrad | 0:cdf462088d13 | 27 | #include "md.h" |
| markrad | 0:cdf462088d13 | 28 | |
| markrad | 0:cdf462088d13 | 29 | /* |
| markrad | 0:cdf462088d13 | 30 | * RFC 4492 page 20: |
| markrad | 0:cdf462088d13 | 31 | * |
| markrad | 0:cdf462088d13 | 32 | * Ecdsa-Sig-Value ::= SEQUENCE { |
| markrad | 0:cdf462088d13 | 33 | * r INTEGER, |
| markrad | 0:cdf462088d13 | 34 | * s INTEGER |
| markrad | 0:cdf462088d13 | 35 | * } |
| markrad | 0:cdf462088d13 | 36 | * |
| markrad | 0:cdf462088d13 | 37 | * Size is at most |
| markrad | 0:cdf462088d13 | 38 | * 1 (tag) + 1 (len) + 1 (initial 0) + ECP_MAX_BYTES for each of r and s, |
| markrad | 0:cdf462088d13 | 39 | * twice that + 1 (tag) + 2 (len) for the sequence |
| markrad | 0:cdf462088d13 | 40 | * (assuming ECP_MAX_BYTES is less than 126 for r and s, |
| markrad | 0:cdf462088d13 | 41 | * and less than 124 (total len <= 255) for the sequence) |
| markrad | 0:cdf462088d13 | 42 | */ |
| markrad | 0:cdf462088d13 | 43 | #if MBEDTLS_ECP_MAX_BYTES > 124 |
| markrad | 0:cdf462088d13 | 44 | #error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN" |
| markrad | 0:cdf462088d13 | 45 | #endif |
| markrad | 0:cdf462088d13 | 46 | /** Maximum size of an ECDSA signature in bytes */ |
| markrad | 0:cdf462088d13 | 47 | #define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) ) |
| markrad | 0:cdf462088d13 | 48 | |
| markrad | 0:cdf462088d13 | 49 | /** |
| markrad | 0:cdf462088d13 | 50 | * \brief ECDSA context structure |
| markrad | 0:cdf462088d13 | 51 | */ |
| markrad | 0:cdf462088d13 | 52 | typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; |
| markrad | 0:cdf462088d13 | 53 | |
| markrad | 0:cdf462088d13 | 54 | #ifdef __cplusplus |
| markrad | 0:cdf462088d13 | 55 | extern "C" { |
| markrad | 0:cdf462088d13 | 56 | #endif |
| markrad | 0:cdf462088d13 | 57 | |
| markrad | 0:cdf462088d13 | 58 | /** |
| markrad | 0:cdf462088d13 | 59 | * \brief Compute ECDSA signature of a previously hashed message |
| markrad | 0:cdf462088d13 | 60 | * |
| markrad | 0:cdf462088d13 | 61 | * \note The deterministic version is usually prefered. |
| markrad | 0:cdf462088d13 | 62 | * |
| markrad | 0:cdf462088d13 | 63 | * \param grp ECP group |
| markrad | 0:cdf462088d13 | 64 | * \param r First output integer |
| markrad | 0:cdf462088d13 | 65 | * \param s Second output integer |
| markrad | 0:cdf462088d13 | 66 | * \param d Private signing key |
| markrad | 0:cdf462088d13 | 67 | * \param buf Message hash |
| markrad | 0:cdf462088d13 | 68 | * \param blen Length of buf |
| markrad | 0:cdf462088d13 | 69 | * \param f_rng RNG function |
| markrad | 0:cdf462088d13 | 70 | * \param p_rng RNG parameter |
| markrad | 0:cdf462088d13 | 71 | * |
| markrad | 0:cdf462088d13 | 72 | * \return 0 if successful, |
| markrad | 0:cdf462088d13 | 73 | * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code |
| markrad | 0:cdf462088d13 | 74 | */ |
| markrad | 0:cdf462088d13 | 75 | int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, |
| markrad | 0:cdf462088d13 | 76 | const mbedtls_mpi *d, const unsigned char *buf, size_t blen, |
| markrad | 0:cdf462088d13 | 77 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); |
| markrad | 0:cdf462088d13 | 78 | |
| markrad | 0:cdf462088d13 | 79 | #if defined(MBEDTLS_ECDSA_DETERMINISTIC) |
| markrad | 0:cdf462088d13 | 80 | /** |
| markrad | 0:cdf462088d13 | 81 | * \brief Compute ECDSA signature of a previously hashed message, |
| markrad | 0:cdf462088d13 | 82 | * deterministic version (RFC 6979). |
| markrad | 0:cdf462088d13 | 83 | * |
| markrad | 0:cdf462088d13 | 84 | * \param grp ECP group |
| markrad | 0:cdf462088d13 | 85 | * \param r First output integer |
| markrad | 0:cdf462088d13 | 86 | * \param s Second output integer |
| markrad | 0:cdf462088d13 | 87 | * \param d Private signing key |
| markrad | 0:cdf462088d13 | 88 | * \param buf Message hash |
| markrad | 0:cdf462088d13 | 89 | * \param blen Length of buf |
| markrad | 0:cdf462088d13 | 90 | * \param md_alg MD algorithm used to hash the message |
| markrad | 0:cdf462088d13 | 91 | * |
| markrad | 0:cdf462088d13 | 92 | * \return 0 if successful, |
| markrad | 0:cdf462088d13 | 93 | * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code |
| markrad | 0:cdf462088d13 | 94 | */ |
| markrad | 0:cdf462088d13 | 95 | int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, |
| markrad | 0:cdf462088d13 | 96 | const mbedtls_mpi *d, const unsigned char *buf, size_t blen, |
| markrad | 0:cdf462088d13 | 97 | mbedtls_md_type_t md_alg ); |
| markrad | 0:cdf462088d13 | 98 | #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ |
| markrad | 0:cdf462088d13 | 99 | |
| markrad | 0:cdf462088d13 | 100 | /** |
| markrad | 0:cdf462088d13 | 101 | * \brief Verify ECDSA signature of a previously hashed message |
| markrad | 0:cdf462088d13 | 102 | * |
| markrad | 0:cdf462088d13 | 103 | * \param grp ECP group |
| markrad | 0:cdf462088d13 | 104 | * \param buf Message hash |
| markrad | 0:cdf462088d13 | 105 | * \param blen Length of buf |
| markrad | 0:cdf462088d13 | 106 | * \param Q Public key to use for verification |
| markrad | 0:cdf462088d13 | 107 | * \param r First integer of the signature |
| markrad | 0:cdf462088d13 | 108 | * \param s Second integer of the signature |
| markrad | 0:cdf462088d13 | 109 | * |
| markrad | 0:cdf462088d13 | 110 | * \return 0 if successful, |
| markrad | 0:cdf462088d13 | 111 | * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid |
| markrad | 0:cdf462088d13 | 112 | * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code |
| markrad | 0:cdf462088d13 | 113 | */ |
| markrad | 0:cdf462088d13 | 114 | int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, |
| markrad | 0:cdf462088d13 | 115 | const unsigned char *buf, size_t blen, |
| markrad | 0:cdf462088d13 | 116 | const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s); |
| markrad | 0:cdf462088d13 | 117 | |
| markrad | 0:cdf462088d13 | 118 | /** |
| markrad | 0:cdf462088d13 | 119 | * \brief Compute ECDSA signature and write it to buffer, |
| markrad | 0:cdf462088d13 | 120 | * serialized as defined in RFC 4492 page 20. |
| markrad | 0:cdf462088d13 | 121 | * (Not thread-safe to use same context in multiple threads) |
| markrad | 0:cdf462088d13 | 122 | * |
| markrad | 0:cdf462088d13 | 123 | * \note The deterministice version (RFC 6979) is used if |
| markrad | 0:cdf462088d13 | 124 | * MBEDTLS_ECDSA_DETERMINISTIC is defined. |
| markrad | 0:cdf462088d13 | 125 | * |
| markrad | 0:cdf462088d13 | 126 | * \param ctx ECDSA context |
| markrad | 0:cdf462088d13 | 127 | * \param md_alg Algorithm that was used to hash the message |
| markrad | 0:cdf462088d13 | 128 | * \param hash Message hash |
| markrad | 0:cdf462088d13 | 129 | * \param hlen Length of hash |
| markrad | 0:cdf462088d13 | 130 | * \param sig Buffer that will hold the signature |
| markrad | 0:cdf462088d13 | 131 | * \param slen Length of the signature written |
| markrad | 0:cdf462088d13 | 132 | * \param f_rng RNG function |
| markrad | 0:cdf462088d13 | 133 | * \param p_rng RNG parameter |
| markrad | 0:cdf462088d13 | 134 | * |
| markrad | 0:cdf462088d13 | 135 | * \note The "sig" buffer must be at least as large as twice the |
| markrad | 0:cdf462088d13 | 136 | * size of the curve used, plus 9 (eg. 73 bytes if a 256-bit |
| markrad | 0:cdf462088d13 | 137 | * curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe. |
| markrad | 0:cdf462088d13 | 138 | * |
| markrad | 0:cdf462088d13 | 139 | * \return 0 if successful, |
| markrad | 0:cdf462088d13 | 140 | * or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or |
| markrad | 0:cdf462088d13 | 141 | * MBEDTLS_ERR_ASN1_XXX error code |
| markrad | 0:cdf462088d13 | 142 | */ |
| markrad | 0:cdf462088d13 | 143 | int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, |
| markrad | 0:cdf462088d13 | 144 | const unsigned char *hash, size_t hlen, |
| markrad | 0:cdf462088d13 | 145 | unsigned char *sig, size_t *slen, |
| markrad | 0:cdf462088d13 | 146 | int (*f_rng)(void *, unsigned char *, size_t), |
| markrad | 0:cdf462088d13 | 147 | void *p_rng ); |
| markrad | 0:cdf462088d13 | 148 | |
| markrad | 0:cdf462088d13 | 149 | #if defined(MBEDTLS_ECDSA_DETERMINISTIC) |
| markrad | 0:cdf462088d13 | 150 | #if ! defined(MBEDTLS_DEPRECATED_REMOVED) |
| markrad | 0:cdf462088d13 | 151 | #if defined(MBEDTLS_DEPRECATED_WARNING) |
| markrad | 0:cdf462088d13 | 152 | #define MBEDTLS_DEPRECATED __attribute__((deprecated)) |
| markrad | 0:cdf462088d13 | 153 | #else |
| markrad | 0:cdf462088d13 | 154 | #define MBEDTLS_DEPRECATED |
| markrad | 0:cdf462088d13 | 155 | #endif |
| markrad | 0:cdf462088d13 | 156 | /** |
| markrad | 0:cdf462088d13 | 157 | * \brief Compute ECDSA signature and write it to buffer, |
| markrad | 0:cdf462088d13 | 158 | * serialized as defined in RFC 4492 page 20. |
| markrad | 0:cdf462088d13 | 159 | * Deterministic version, RFC 6979. |
| markrad | 0:cdf462088d13 | 160 | * (Not thread-safe to use same context in multiple threads) |
| markrad | 0:cdf462088d13 | 161 | * |
| markrad | 0:cdf462088d13 | 162 | * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 |
| markrad | 0:cdf462088d13 | 163 | * |
| markrad | 0:cdf462088d13 | 164 | * \param ctx ECDSA context |
| markrad | 0:cdf462088d13 | 165 | * \param hash Message hash |
| markrad | 0:cdf462088d13 | 166 | * \param hlen Length of hash |
| markrad | 0:cdf462088d13 | 167 | * \param sig Buffer that will hold the signature |
| markrad | 0:cdf462088d13 | 168 | * \param slen Length of the signature written |
| markrad | 0:cdf462088d13 | 169 | * \param md_alg MD algorithm used to hash the message |
| markrad | 0:cdf462088d13 | 170 | * |
| markrad | 0:cdf462088d13 | 171 | * \note The "sig" buffer must be at least as large as twice the |
| markrad | 0:cdf462088d13 | 172 | * size of the curve used, plus 9 (eg. 73 bytes if a 256-bit |
| markrad | 0:cdf462088d13 | 173 | * curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe. |
| markrad | 0:cdf462088d13 | 174 | * |
| markrad | 0:cdf462088d13 | 175 | * \return 0 if successful, |
| markrad | 0:cdf462088d13 | 176 | * or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or |
| markrad | 0:cdf462088d13 | 177 | * MBEDTLS_ERR_ASN1_XXX error code |
| markrad | 0:cdf462088d13 | 178 | */ |
| markrad | 0:cdf462088d13 | 179 | int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, |
| markrad | 0:cdf462088d13 | 180 | const unsigned char *hash, size_t hlen, |
| markrad | 0:cdf462088d13 | 181 | unsigned char *sig, size_t *slen, |
| markrad | 0:cdf462088d13 | 182 | mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED; |
| markrad | 0:cdf462088d13 | 183 | #undef MBEDTLS_DEPRECATED |
| markrad | 0:cdf462088d13 | 184 | #endif /* MBEDTLS_DEPRECATED_REMOVED */ |
| markrad | 0:cdf462088d13 | 185 | #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ |
| markrad | 0:cdf462088d13 | 186 | |
| markrad | 0:cdf462088d13 | 187 | /** |
| markrad | 0:cdf462088d13 | 188 | * \brief Read and verify an ECDSA signature |
| markrad | 0:cdf462088d13 | 189 | * |
| markrad | 0:cdf462088d13 | 190 | * \param ctx ECDSA context |
| markrad | 0:cdf462088d13 | 191 | * \param hash Message hash |
| markrad | 0:cdf462088d13 | 192 | * \param hlen Size of hash |
| markrad | 0:cdf462088d13 | 193 | * \param sig Signature to read and verify |
| markrad | 0:cdf462088d13 | 194 | * \param slen Size of sig |
| markrad | 0:cdf462088d13 | 195 | * |
| markrad | 0:cdf462088d13 | 196 | * \return 0 if successful, |
| markrad | 0:cdf462088d13 | 197 | * MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, |
| markrad | 0:cdf462088d13 | 198 | * MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is |
| markrad | 0:cdf462088d13 | 199 | * valid but its actual length is less than siglen, |
| markrad | 0:cdf462088d13 | 200 | * or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code |
| markrad | 0:cdf462088d13 | 201 | */ |
| markrad | 0:cdf462088d13 | 202 | int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, |
| markrad | 0:cdf462088d13 | 203 | const unsigned char *hash, size_t hlen, |
| markrad | 0:cdf462088d13 | 204 | const unsigned char *sig, size_t slen ); |
| markrad | 0:cdf462088d13 | 205 | |
| markrad | 0:cdf462088d13 | 206 | /** |
| markrad | 0:cdf462088d13 | 207 | * \brief Generate an ECDSA keypair on the given curve |
| markrad | 0:cdf462088d13 | 208 | * |
| markrad | 0:cdf462088d13 | 209 | * \param ctx ECDSA context in which the keypair should be stored |
| markrad | 0:cdf462088d13 | 210 | * \param gid Group (elliptic curve) to use. One of the various |
| markrad | 0:cdf462088d13 | 211 | * MBEDTLS_ECP_DP_XXX macros depending on configuration. |
| markrad | 0:cdf462088d13 | 212 | * \param f_rng RNG function |
| markrad | 0:cdf462088d13 | 213 | * \param p_rng RNG parameter |
| markrad | 0:cdf462088d13 | 214 | * |
| markrad | 0:cdf462088d13 | 215 | * \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code. |
| markrad | 0:cdf462088d13 | 216 | */ |
| markrad | 0:cdf462088d13 | 217 | int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, |
| markrad | 0:cdf462088d13 | 218 | int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); |
| markrad | 0:cdf462088d13 | 219 | |
| markrad | 0:cdf462088d13 | 220 | /** |
| markrad | 0:cdf462088d13 | 221 | * \brief Set an ECDSA context from an EC key pair |
| markrad | 0:cdf462088d13 | 222 | * |
| markrad | 0:cdf462088d13 | 223 | * \param ctx ECDSA context to set |
| markrad | 0:cdf462088d13 | 224 | * \param key EC key to use |
| markrad | 0:cdf462088d13 | 225 | * |
| markrad | 0:cdf462088d13 | 226 | * \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code. |
| markrad | 0:cdf462088d13 | 227 | */ |
| markrad | 0:cdf462088d13 | 228 | int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ); |
| markrad | 0:cdf462088d13 | 229 | |
| markrad | 0:cdf462088d13 | 230 | /** |
| markrad | 0:cdf462088d13 | 231 | * \brief Initialize context |
| markrad | 0:cdf462088d13 | 232 | * |
| markrad | 0:cdf462088d13 | 233 | * \param ctx Context to initialize |
| markrad | 0:cdf462088d13 | 234 | */ |
| markrad | 0:cdf462088d13 | 235 | void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); |
| markrad | 0:cdf462088d13 | 236 | |
| markrad | 0:cdf462088d13 | 237 | /** |
| markrad | 0:cdf462088d13 | 238 | * \brief Free context |
| markrad | 0:cdf462088d13 | 239 | * |
| markrad | 0:cdf462088d13 | 240 | * \param ctx Context to free |
| markrad | 0:cdf462088d13 | 241 | */ |
| markrad | 0:cdf462088d13 | 242 | void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); |
| markrad | 0:cdf462088d13 | 243 | |
| markrad | 0:cdf462088d13 | 244 | #ifdef __cplusplus |
| markrad | 0:cdf462088d13 | 245 | } |
| markrad | 0:cdf462088d13 | 246 | #endif |
| markrad | 0:cdf462088d13 | 247 | |
| markrad | 0:cdf462088d13 | 248 | #endif /* ecdsa.h */ |
