Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 953a1665e2
Branches Tags
openssl
/
doc
/
crypto
/
ecdsa.pod

ecdsa.pod 6.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. ECDSA_SIG_new, ECDSA_SIG_free, i2d_ECDSA_SIG, d2i_ECDSA_SIG, ECDSA_size, ECDSA_sign_setup, ECDSA_sign, ECDSA_sign_ex, ECDSA_verify, ECDSA_do_sign, ECDSA_do_sign_ex, ECDSA_do_verify - Elliptic Curve Digital Signature Algorithm
    6. 

  6. 

  7. =head1 SYNOPSIS
    8. 

  8. 

  9.  #include <openssl/ecdsa.h>
    10. 

  10. 

  11.  ECDSA_SIG*	ECDSA_SIG_new(void);
    12. 

  12.  void		ECDSA_SIG_free(ECDSA_SIG *sig);
    13. 

  13.  int		i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
    14. 

  14.  ECDSA_SIG*	d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, 
    15. 

  15. 		long len);
    16. 

  16. 

  17.  ECDSA_SIG*	ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
    18. 

  18. 			EC_KEY *eckey);
    19. 

  19.  ECDSA_SIG*	ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 
    20. 

  20. 			const BIGNUM *kinv, const BIGNUM *rp,
    21. 

  21. 			EC_KEY *eckey);
    22. 

  22.  int		ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
    23. 

  23. 			const ECDSA_SIG *sig, EC_KEY* eckey);
    24. 

  24.  int		ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
    25. 

  25. 			BIGNUM **kinv, BIGNUM **rp);
    26. 

  26.  int		ECDSA_sign(int type, const unsigned char *dgst,
    27. 

  27. 			int dgstlen, unsigned char *sig,
    28. 

  28. 			unsigned int *siglen, EC_KEY *eckey);
    29. 

  29.  int		ECDSA_sign_ex(int type, const unsigned char *dgst,
    30. 

  30. 			int dgstlen, unsigned char *sig,
    31. 

  31. 			unsigned int *siglen, const BIGNUM *kinv, 
    32. 

  32. 			const BIGNUM *rp, EC_KEY *eckey);
    33. 

  33.  int		ECDSA_verify(int type, const unsigned char *dgst,
    34. 

  34. 			int dgstlen, const unsigned char *sig,
    35. 

  35. 			int siglen, EC_KEY *eckey);
    36. 

  36.  int		ECDSA_size(const EC_KEY *eckey);
    37. 

  37. 

  38.  const ECDSA_METHOD*	ECDSA_OpenSSL(void);
    39. 

  39.  void		ECDSA_set_default_method(const ECDSA_METHOD *meth);
    40. 

  40.  const ECDSA_METHOD*	ECDSA_get_default_method(void);
    41. 

  41.  int		ECDSA_set_method(EC_KEY *eckey,const ECDSA_METHOD *meth);
    42. 

  42. 

  43.  int		ECDSA_get_ex_new_index(long argl, void *argp,
    44. 

  44. 			CRYPTO_EX_new *new_func,
    45. 

  45. 			CRYPTO_EX_dup *dup_func,
    46. 

  46. 			CRYPTO_EX_free *free_func);
    47. 

  47.  int		ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
    48. 

  48.  void*		ECDSA_get_ex_data(EC_KEY *d, int idx);
    49. 

  49. 

  50. =head1 DESCRIPTION
    51. 

  51. 

  52. The B<ECDSA_SIG> structure consists of two BIGNUMs for the
    53. 

  53. r and s value of a ECDSA signature (see X9.62 or FIPS 186-2).
    54. 

  54. 

  55.  struct
    56. 

  56. 	{
    57. 

  57. 	BIGNUM *r;
    58. 

  58. 	BIGNUM *s;
    59. 

  59.  } ECDSA_SIG;
    60. 

  60. 

  61. ECDSA_SIG_new() allocates a new B<ECDSA_SIG> structure (note: this
    62. 

  62. function also allocates the BIGNUMs) and initialize it.
    63. 

  63. 

  64. ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>.
    65. 

  65. 

  66. i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature
    67. 

  67. B<sig> and writes the encoded signature to B<*pp> (note: if B<pp>
    68. 

  68. is NULL B<i2d_ECDSA_SIG> returns the expected length in bytes of 
    69. 

  69. the DER encoded signature). B<i2d_ECDSA_SIG> returns the length
    70. 

  70. of the DER encoded signature (or 0 on error).
    71. 

  71. 

  72. d2i_ECDSA_SIG() decodes a DER encoded ECDSA signature and returns
    73. 

  73. the decoded signature in a newly allocated B<ECDSA_SIG> structure.
    74. 

  74. B<*sig> points to the buffer containing the DER encoded signature
    75. 

  75. of size B<len>.
    76. 

  76. 

  77. ECDSA_size() returns the maximum length of a DER encoded
    78. 

  78. ECDSA signature created with the private EC key B<eckey>.
    79. 

  79. 

  80. ECDSA_sign_setup() may be used to precompute parts of the
    81. 

  81. signing operation. B<eckey> is the private EC key and B<ctx>
    82. 

  82. is a pointer to B<BN_CTX> structure (or NULL). The precomputed
    83. 

  83. values or returned in B<kinv> and B<rp> and can be used in a
    84. 

  84. later call to B<ECDSA_sign_ex> or B<ECDSA_do_sign_ex>.
    85. 

  85. 

  86. ECDSA_sign() is wrapper function for ECDSA_sign_ex with B<kinv>
    87. 

  87. and B<rp> set to NULL.
    88. 

  88. 

  89. ECDSA_sign_ex() computes a digital signature of the B<dgstlen> bytes
    90. 

  90. hash value B<dgst> using the private EC key B<eckey> and the optional
    91. 

  91. pre-computed values B<kinv> and B<rp>. The DER encoded signatures is
    92. 

  92. stored in B<sig> and it's length is returned in B<sig_len>. Note: B<sig>
    93. 

  93. must point to B<ECDSA_size> bytes of memory. The parameter B<type>
    94. 

  94. is ignored.
    95. 

  95. 

  96. ECDSA_verify() verifies that the signature in B<sig> of size
    97. 

  97. B<siglen> is a valid ECDSA signature of the hash value
    98. 

  98. B<dgst> of size B<dgstlen> using the public key B<eckey>.
    99. 

  99. The parameter B<type> is ignored.
    100. 

  100. 

  101. ECDSA_do_sign() is wrapper function for ECDSA_do_sign_ex with B<kinv>
    102. 

  102. and B<rp> set to NULL.
    103. 

  103. 

  104. ECDSA_do_sign_ex() computes a digital signature of the B<dgst_len>
    105. 

  105. bytes hash value B<dgst> using the private key B<eckey> and the
    106. 

  106. optional pre-computed values B<kinv> and B<rp>. The signature is
    107. 

  107. returned in a newly allocated B<ECDSA_SIG> structure (or NULL on error).
    108. 

  108. 

  109. ECDSA_do_verify() verifies that the signature B<sig> is a valid
    110. 

  110. ECDSA signature of the hash value B<dgst> of size B<dgst_len>
    111. 

  111. using the public key B<eckey>.
    112. 

  112. 

  113. =head1 RETURN VALUES
    114. 

  114. 

  115. ECDSA_size() returns the maximum length signature or 0 on error.
    116. 

  116. 

  117. ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or 0
    118. 

  118. on error.
    119. 

  119. 

  120. ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
    121. 

  121. signature, 0 for an invalid signature and -1 on error.
    122. 

  122. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
    123. 

  123. 

  124. =head1 EXAMPLES
    125. 

  125. 

  126. Creating a ECDSA signature of given SHA-1 hash value using the
    127. 

  127. named curve secp192k1.
    128. 

  128. 

  129. First step: create a EC_KEY object (note: this part is B<not> ECDSA
    130. 

  130. specific)
    131. 

  131. 

  132.  int        ret;
    133. 

  133.  ECDSA_SIG *sig;
    134. 

  134.  EC_KEY    *eckey;
    135. 

  135.  eckey = EC_KEY_new_by_curve_name(NID_secp192k1);
    136. 

  136.  if (eckey == NULL)
    137. 

  137. 	{
    138. 

  138. 	/* error */
    139. 

  139. 	}
    140. 

  140.  if (!EC_KEY_generate_key(eckey))
    141. 

  141. 	{
    142. 

  142. 	/* error */
    143. 

  143. 	}
    144. 

  144. 

  145. Second step: compute the ECDSA signature of a SHA-1 hash value 
    146. 

  146. using B<ECDSA_do_sign> 
    147. 

  147. 

  148.  sig = ECDSA_do_sign(digest, 20, eckey);
    149. 

  149.  if (sig == NULL)
    150. 

  150. 	{
    151. 

  151. 	/* error */
    152. 

  152. 	}
    153. 

  153. 

  154. or using B<ECDSA_sign>
    155. 

  155. 

  156.  unsigned char *buffer, *pp;
    157. 

  157.  int            buf_len;
    158. 

  158.  buf_len = ECDSA_size(eckey);
    159. 

  159.  buffer  = OPENSSL_malloc(buf_len);
    160. 

  160.  pp = buffer;
    161. 

  161.  if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey);
    162. 

  162. 	{
    163. 

  163. 	/* error */
    164. 

  164. 	}
    165. 

  165. 

  166. Third step: verify the created ECDSA signature using B<ECDSA_do_verify>
    167. 

  167. 

  168.  ret = ECDSA_do_verify(digest, 20, sig, eckey);
    169. 

  169. 

  170. or using B<ECDSA_verify>
    171. 

  171. 

  172.  ret = ECDSA_verify(0, digest, 20, buffer, buf_len, eckey);
    173. 

  173. 

  174. and finally evaluate the return value:
    175. 

  175. 

  176.  if (ret == -1)
    177. 

  177. 	{
    178. 

  178. 	/* error */
    179. 

  179. 	}
    180. 

  180.  else if (ret == 0)
    181. 

  181. 	{
    182. 

  182. 	/* incorrect signature */
    183. 

  183. 	}
    184. 

  184.  else	/* ret == 1 */
    185. 

  185. 	{
    186. 

  186. 	/* signature ok */
    187. 

  187. 	}
    188. 

  188. 

  189. =head1 CONFORMING TO
    190. 

  190. 

  191. ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
    192. 

  192. (Digital Signature Standard, DSS)
    193. 

  193. 

  194. =head1 SEE ALSO
    195. 

  195. 

  196. L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>
    197. 

  197. 

  198. =head1 HISTORY
    199. 

  199. 

  200. The ecdsa implementation was first introduced in OpenSSL 0.9.8
    201. 

  201. 

  202. =head1 AUTHOR
    203. 

  203. 

  204. Nils Larsch for the OpenSSL project (http://www.openssl.org).
    205. 

  205. 

  206. =cut
    207.