Elliptic curve DSA. More...

#include "ecp.h"
#include "md.h"

Include dependency graph for ecdsa.h:

This graph shows which files directly or indirectly include this file:

Macros
#define	MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )

#define	MBEDTLS_DEPRECATED

Typedefs
typedef mbedtls_ecp_keypair	mbedtls_ecdsa_context
	ECDSA context structure. More...

Functions
int	mbedtls_ecdsa_sign (mbedtls_ecp_group grp, mbedtls_mpi r, mbedtls_mpi s, const mbedtls_mpi d, const unsigned char buf, size_t blen, int(f_rng)(void , unsigned char , size_t), void *p_rng)
	Compute ECDSA signature of a previously hashed message. More...

int	mbedtls_ecdsa_sign_det (mbedtls_ecp_group grp, mbedtls_mpi r, mbedtls_mpi s, const mbedtls_mpi d, const unsigned char *buf, size_t blen, mbedtls_md_type_t md_alg)
	Compute ECDSA signature of a previously hashed message, deterministic version (RFC 6979). More...

int	mbedtls_ecdsa_verify (mbedtls_ecp_group grp, const unsigned char buf, size_t blen, const mbedtls_ecp_point Q, const mbedtls_mpi r, const mbedtls_mpi *s)
	Verify ECDSA signature of a previously hashed message. More...

int	mbedtls_ecdsa_write_signature (mbedtls_ecdsa_context ctx, mbedtls_md_type_t md_alg, const unsigned char hash, size_t hlen, unsigned char sig, size_t slen, int(f_rng)(void , unsigned char , size_t), void p_rng)
	Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20. (Not thread-safe to use same context in multiple threads) More...

int	mbedtls_ecdsa_write_signature_det (mbedtls_ecdsa_context ctx, const unsigned char hash, size_t hlen, unsigned char sig, size_t slen, mbedtls_md_type_t md_alg) MBEDTLS_DEPRECATED
	Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20. Deterministic version, RFC 6979. (Not thread-safe to use same context in multiple threads) More...

int	mbedtls_ecdsa_read_signature (mbedtls_ecdsa_context ctx, const unsigned char hash, size_t hlen, const unsigned char *sig, size_t slen)
	Read and verify an ECDSA signature. More...

int	mbedtls_ecdsa_genkey (mbedtls_ecdsa_context ctx, mbedtls_ecp_group_id gid, int(f_rng)(void , unsigned char , size_t), void *p_rng)
	Generate an ECDSA keypair on the given curve. More...

int	mbedtls_ecdsa_from_keypair (mbedtls_ecdsa_context ctx, const mbedtls_ecp_keypair key)
	Set an ECDSA context from an EC key pair. More...

void	mbedtls_ecdsa_init (mbedtls_ecdsa_context *ctx)
	Initialize context. More...

void	mbedtls_ecdsa_free (mbedtls_ecdsa_context *ctx)
	Free context. More...

Detailed Description

Elliptic curve DSA.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

This file is part of mbed TLS (https://tls.mbed.org)

Macro Definition Documentation

◆ MBEDTLS_DEPRECATED

#define MBEDTLS_DEPRECATED

◆ MBEDTLS_ECDSA_MAX_LEN

#define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )

Maximum size of an ECDSA signature in bytes

Typedef Documentation

◆ mbedtls_ecdsa_context

typedef mbedtls_ecp_keypair mbedtls_ecdsa_context

ECDSA context structure.

Function Documentation

◆ mbedtls_ecdsa_free()

void mbedtls_ecdsa_free ( mbedtls_ecdsa_context * ctx )

Free context.

Parameters

ctx	Context to free

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_ecdsa_from_keypair()

int mbedtls_ecdsa_from_keypair	(	mbedtls_ecdsa_context *	ctx,
		const mbedtls_ecp_keypair *	key
	)

Set an ECDSA context from an EC key pair.

Parameters

ctx	ECDSA context to set
key	EC key to use

Returns: 0 on success, or a MBEDTLS_ERR_ECP_XXX code.

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_ecdsa_genkey()

int mbedtls_ecdsa_genkey	(	mbedtls_ecdsa_context *	ctx,
		mbedtls_ecp_group_id	gid,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng
	)

Generate an ECDSA keypair on the given curve.

Parameters

ctx	ECDSA context in which the keypair should be stored
gid	Group (elliptic curve) to use. One of the various MBEDTLS_ECP_DP_XXX macros depending on configuration.
f_rng	RNG function
p_rng	RNG parameter

Returns: 0 on success, or a MBEDTLS_ERR_ECP_XXX code.

Here is the call graph for this function:

◆ mbedtls_ecdsa_init()

void mbedtls_ecdsa_init ( mbedtls_ecdsa_context * ctx )

Initialize context.

Parameters

ctx	Context to initialize

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_ecdsa_read_signature()

int mbedtls_ecdsa_read_signature	(	mbedtls_ecdsa_context *	ctx,
		const unsigned char *	hash,
		size_t	hlen,
		const unsigned char *	sig,
		size_t	slen
	)

Read and verify an ECDSA signature.

Parameters

ctx	ECDSA context
hash	Message hash
hlen	Size of hash
sig	Signature to read and verify
slen	Size of sig

Note: If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.4 step 3.

Returns: 0 if successful, MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is valid but its actual length is less than siglen, or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_ecdsa_sign()

int mbedtls_ecdsa_sign	(	mbedtls_ecp_group *	grp,
		mbedtls_mpi *	r,
		mbedtls_mpi *	s,
		const mbedtls_mpi *	d,
		const unsigned char *	buf,
		size_t	blen,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng
	)

Compute ECDSA signature of a previously hashed message.

Note: The deterministic version is usually prefered.

Parameters

grp	ECP group
r	First output integer
s	Second output integer
d	Private signing key
buf	Message hash
blen	Length of buf
f_rng	RNG function
p_rng	RNG parameter

Note: If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.3 step 5.

Returns: 0 if successful, or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_ecdsa_sign_det()

int mbedtls_ecdsa_sign_det	(	mbedtls_ecp_group *	grp,
		mbedtls_mpi *	r,
		mbedtls_mpi *	s,
		const mbedtls_mpi *	d,
		const unsigned char *	buf,
		size_t	blen,
		mbedtls_md_type_t	md_alg
	)

Compute ECDSA signature of a previously hashed message, deterministic version (RFC 6979).

Parameters

grp	ECP group
r	First output integer
s	Second output integer
d	Private signing key
buf	Message hash
blen	Length of buf
md_alg	MD algorithm used to hash the message

Note: If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.3 step 5.

Returns: 0 if successful, or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_ecdsa_verify()

int mbedtls_ecdsa_verify	(	mbedtls_ecp_group *	grp,
		const unsigned char *	buf,
		size_t	blen,
		const mbedtls_ecp_point *	Q,
		const mbedtls_mpi *	r,
		const mbedtls_mpi *	s
	)

Verify ECDSA signature of a previously hashed message.

Parameters

grp	ECP group
buf	Message hash
blen	Length of buf
Q	Public key to use for verification
r	First integer of the signature
s	Second integer of the signature

Note: If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.4 step 3.

Returns: 0 if successful, MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_ecdsa_write_signature()

int mbedtls_ecdsa_write_signature	(	mbedtls_ecdsa_context *	ctx,
		mbedtls_md_type_t	md_alg,
		const unsigned char *	hash,
		size_t	hlen,
		unsigned char *	sig,
		size_t *	slen,
		int()(void , unsigned char *, size_t)	f_rng,
		void *	p_rng
	)

Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20. (Not thread-safe to use same context in multiple threads)

Note: The deterministic version (RFC 6979) is used if MBEDTLS_ECDSA_DETERMINISTIC is defined.

Parameters

ctx	ECDSA context
md_alg	Algorithm that was used to hash the message
hash	Message hash
hlen	Length of hash
sig	Buffer that will hold the signature
slen	Length of the signature written
f_rng	RNG function
p_rng	RNG parameter

Note: The "sig" buffer must be at least as large as twice the size of the curve used, plus 9 (eg. 73 bytes if a 256-bit curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.; If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.3 step 5.

Returns: 0 if successful, or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or MBEDTLS_ERR_ASN1_XXX error code

Here is the call graph for this function:

Here is the caller graph for this function:

◆ mbedtls_ecdsa_write_signature_det()

int mbedtls_ecdsa_write_signature_det	(	mbedtls_ecdsa_context *	ctx,
		const unsigned char *	hash,
		size_t	hlen,
		unsigned char *	sig,
		size_t *	slen,
		mbedtls_md_type_t	md_alg
	)

Compute ECDSA signature and write it to buffer, serialized as defined in RFC 4492 page 20. Deterministic version, RFC 6979. (Not thread-safe to use same context in multiple threads)

Deprecated:: Superseded by mbedtls_ecdsa_write_signature() in 2.0.0

Parameters

ctx	ECDSA context
hash	Message hash
hlen	Length of hash
sig	Buffer that will hold the signature
slen	Length of the signature written
md_alg	MD algorithm used to hash the message

Note: The "sig" buffer must be at least as large as twice the size of the curve used, plus 9 (eg. 73 bytes if a 256-bit curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.; If the bitlength of the message hash is larger than the bitlength of the group order, then the hash is truncated as prescribed by SEC1 4.1.3 step 5.

Returns: 0 if successful, or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or MBEDTLS_ERR_ASN1_XXX error code

Here is the call graph for this function:

Macros

Typedefs

Functions

Detailed Description

Macro Definition Documentation

◆ MBEDTLS_DEPRECATED

◆ MBEDTLS_ECDSA_MAX_LEN

Typedef Documentation

◆ mbedtls_ecdsa_context

Function Documentation

◆ mbedtls_ecdsa_free()

◆ mbedtls_ecdsa_from_keypair()

◆ mbedtls_ecdsa_genkey()

◆ mbedtls_ecdsa_init()

◆ mbedtls_ecdsa_read_signature()

◆ mbedtls_ecdsa_sign()

◆ mbedtls_ecdsa_sign_det()

◆ mbedtls_ecdsa_verify()

◆ mbedtls_ecdsa_write_signature()

◆ mbedtls_ecdsa_write_signature_det()