search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ndef parser vcard now handles xvcard
[RRG-proxmark3.git] / common / mbedtls / ecdsa.h
blobba4133645b6a20acce0fb151da5645a380402073
1 /**
2 * \file ecdsa.h
3 *
4 * \brief This file contains ECDSA definitions and functions.
5 *
6 * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
7 * <em>Standards for Efficient Cryptography Group (SECG):
8 * SEC1 Elliptic Curve Cryptography</em>.
9 * The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
10 * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
11 *
12 */
13 /*
14 * Copyright The Mbed TLS Contributors
15 * SPDX-License-Identifier: Apache-2.0
16 *
17 * Licensed under the Apache License, Version 2.0 (the "License"); you may
18 * not use this file except in compliance with the License.
19 * You may obtain a copy of the License at
20 *
21 * http://www.apache.org/licenses/LICENSE-2.0
22 *
23 * Unless required by applicable law or agreed to in writing, software
24 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
25 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
26 * See the License for the specific language governing permissions and
27 * limitations under the License.
28 */
29
30 #ifndef MBEDTLS_ECDSA_H
31 #define MBEDTLS_ECDSA_H
32
33 #if !defined(MBEDTLS_CONFIG_FILE)
34 #include "mbedtls/config.h"
35 #else
36 #include MBEDTLS_CONFIG_FILE
37 #endif
38
39 #include "mbedtls/ecp.h"
40 #include "mbedtls/md.h"
41
42 /**
43 * \brief Maximum ECDSA signature size for a given curve bit size
44 *
45 * \param bits Curve size in bits
46 * \return Maximum signature size in bytes
47 *
48 * \note This macro returns a compile-time constant if its argument
49 * is one. It may evaluate its argument multiple times.
50 */
51 /*
52 * Ecdsa-Sig-Value ::= SEQUENCE {
53 * r INTEGER,
54 * s INTEGER
55 * }
56 *
57 * For each of r and s, the value (V) may include an extra initial "0" bit.
58 */
59 #define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
60 ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
61 /*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
62 /*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
63
64 /** The maximal size of an ECDSA signature in Bytes. */
65 #define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
66
67 int ecdsa_signature_to_asn1(const mbedtls_mpi *r, const mbedtls_mpi *s, unsigned char *sig, size_t *slen);
68
69 #ifdef __cplusplus
70 extern "C" {
71 #endif
72
73 /**
74 * \brief The ECDSA context structure.
75 *
76 * \warning Performing multiple operations concurrently on the same
77 * ECDSA context is not supported; objects of this type
78 * should not be shared between multiple threads.
79 */
80 typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
81
82 #if defined(MBEDTLS_ECP_RESTARTABLE)
83
84 /**
85 * \brief Internal restart context for ecdsa_verify()
86 *
87 * \note Opaque struct, defined in ecdsa.c
88 */
89 typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
90
91 /**
92 * \brief Internal restart context for ecdsa_sign()
93 *
94 * \note Opaque struct, defined in ecdsa.c
95 */
96 typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
97
98 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
99 /**
100 * \brief Internal restart context for ecdsa_sign_det()
101 *
102 * \note Opaque struct, defined in ecdsa.c
103 */
104 typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
105 #endif
106
107 /**
108 * \brief General context for resuming ECDSA operations
109 */
110 typedef struct {
111 mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
112 shared administrative info */
113 mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */
114 mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */
115 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
116 mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */
117 #endif
118 } mbedtls_ecdsa_restart_ctx;
119
120 #else /* MBEDTLS_ECP_RESTARTABLE */
121
122 /* Now we can declare functions that take a pointer to that */
123 typedef void mbedtls_ecdsa_restart_ctx;
124
125 #endif /* MBEDTLS_ECP_RESTARTABLE */
126
127 /**
128 * \brief This function checks whether a given group can be used
129 * for ECDSA.
130 *
131 * \param gid The ECP group ID to check.
132 *
133 * \return \c 1 if the group can be used, \c 0 otherwise
134 */
135 int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid);
136
137 /**
138 * \brief This function computes the ECDSA signature of a
139 * previously-hashed message.
140 *
141 * \note The deterministic version implemented in
142 * mbedtls_ecdsa_sign_det() is usually preferred.
143 *
144 * \note If the bitlength of the message hash is larger than the
145 * bitlength of the group order, then the hash is truncated
146 * as defined in <em>Standards for Efficient Cryptography Group
147 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
148 * 4.1.3, step 5.
149 *
150 * \see ecp.h
151 *
152 * \param grp The context for the elliptic curve to use.
153 * This must be initialized and have group parameters
154 * set, for example through mbedtls_ecp_group_load().
155 * \param r The MPI context in which to store the first part
156 * the signature. This must be initialized.
157 * \param s The MPI context in which to store the second part
158 * the signature. This must be initialized.
159 * \param d The private signing key. This must be initialized.
160 * \param buf The content to be signed. This is usually the hash of
161 * the original data to be signed. This must be a readable
162 * buffer of length \p blen Bytes. It may be \c NULL if
163 * \p blen is zero.
164 * \param blen The length of \p buf in Bytes.
165 * \param f_rng The RNG function. This must not be \c NULL.
166 * \param p_rng The RNG context to be passed to \p f_rng. This may be
167 * \c NULL if \p f_rng doesn't need a context parameter.
168 *
169 * \return \c 0 on success.
170 * \return An \c MBEDTLS_ERR_ECP_XXX
171 * or \c MBEDTLS_MPI_XXX error code on failure.
172 */
173 int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
174 const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
175 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
176
177 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
178 #if ! defined(MBEDTLS_DEPRECATED_REMOVED)
179 #if defined(MBEDTLS_DEPRECATED_WARNING)
180 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
181 #else
182 #define MBEDTLS_DEPRECATED
183 #endif
184 /**
185 * \brief This function computes the ECDSA signature of a
186 * previously-hashed message, deterministic version.
187 *
188 * For more information, see <em>RFC-6979: Deterministic
189 * Usage of the Digital Signature Algorithm (DSA) and Elliptic
190 * Curve Digital Signature Algorithm (ECDSA)</em>.
191 *
192 * \note If the bitlength of the message hash is larger than the
193 * bitlength of the group order, then the hash is truncated as
194 * defined in <em>Standards for Efficient Cryptography Group
195 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
196 * 4.1.3, step 5.
197 *
198 * \warning Since the output of the internal RNG is always the same for
199 * the same key and message, this limits the efficiency of
200 * blinding and leaks information through side channels. For
201 * secure behavior use mbedtls_ecdsa_sign_det_ext() instead.
202 *
203 * (Optimally the blinding is a random value that is different
204 * on every execution. In this case the blinding is still
205 * random from the attackers perspective, but is the same on
206 * each execution. This means that this blinding does not
207 * prevent attackers from recovering secrets by combining
208 * several measurement traces, but may prevent some attacks
209 * that exploit relationships between secret data.)
210 *
211 * \see ecp.h
212 *
213 * \param grp The context for the elliptic curve to use.
214 * This must be initialized and have group parameters
215 * set, for example through mbedtls_ecp_group_load().
216 * \param r The MPI context in which to store the first part
217 * the signature. This must be initialized.
218 * \param s The MPI context in which to store the second part
219 * the signature. This must be initialized.
220 * \param d The private signing key. This must be initialized
221 * and setup, for example through mbedtls_ecp_gen_privkey().
222 * \param buf The hashed content to be signed. This must be a readable
223 * buffer of length \p blen Bytes. It may be \c NULL if
224 * \p blen is zero.
225 * \param blen The length of \p buf in Bytes.
226 * \param md_alg The hash algorithm used to hash the original data.
227 *
228 * \return \c 0 on success.
229 * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
230 * error code on failure.
231 */
232 int mbedtls_ecdsa_sign_det(mbedtls_ecp_group *grp, mbedtls_mpi *r,
233 mbedtls_mpi *s, const mbedtls_mpi *d,
234 const unsigned char *buf, size_t blen,
235 mbedtls_md_type_t md_alg) MBEDTLS_DEPRECATED;
236 #undef MBEDTLS_DEPRECATED
237 #endif /* MBEDTLS_DEPRECATED_REMOVED */
238
239 /**
240 * \brief This function computes the ECDSA signature of a
241 * previously-hashed message, deterministic version.
242 *
243 * For more information, see <em>RFC-6979: Deterministic
244 * Usage of the Digital Signature Algorithm (DSA) and Elliptic
245 * Curve Digital Signature Algorithm (ECDSA)</em>.
246 *
247 * \note If the bitlength of the message hash is larger than the
248 * bitlength of the group order, then the hash is truncated as
249 * defined in <em>Standards for Efficient Cryptography Group
250 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
251 * 4.1.3, step 5.
252 *
253 * \see ecp.h
254 *
255 * \param grp The context for the elliptic curve to use.
256 * This must be initialized and have group parameters
257 * set, for example through mbedtls_ecp_group_load().
258 * \param r The MPI context in which to store the first part
259 * the signature. This must be initialized.
260 * \param s The MPI context in which to store the second part
261 * the signature. This must be initialized.
262 * \param d The private signing key. This must be initialized
263 * and setup, for example through mbedtls_ecp_gen_privkey().
264 * \param buf The hashed content to be signed. This must be a readable
265 * buffer of length \p blen Bytes. It may be \c NULL if
266 * \p blen is zero.
267 * \param blen The length of \p buf in Bytes.
268 * \param md_alg The hash algorithm used to hash the original data.
269 * \param f_rng_blind The RNG function used for blinding. This must not be
270 * \c NULL.
271 * \param p_rng_blind The RNG context to be passed to \p f_rng. This may be
272 * \c NULL if \p f_rng doesn't need a context parameter.
273 *
274 * \return \c 0 on success.
275 * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
276 * error code on failure.
277 */
278 int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
279 mbedtls_mpi *s, const mbedtls_mpi *d,
280 const unsigned char *buf, size_t blen,
281 mbedtls_md_type_t md_alg,
282 int (*f_rng_blind)(void *, unsigned char *, size_t),
283 void *p_rng_blind);
284 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
285
286 /**
287 * \brief This function verifies the ECDSA signature of a
288 * previously-hashed message.
289 *
290 * \note If the bitlength of the message hash is larger than the
291 * bitlength of the group order, then the hash is truncated as
292 * defined in <em>Standards for Efficient Cryptography Group
293 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
294 * 4.1.4, step 3.
295 *
296 * \see ecp.h
297 *
298 * \param grp The ECP group to use.
299 * This must be initialized and have group parameters
300 * set, for example through mbedtls_ecp_group_load().
301 * \param buf The hashed content that was signed. This must be a readable
302 * buffer of length \p blen Bytes. It may be \c NULL if
303 * \p blen is zero.
304 * \param blen The length of \p buf in Bytes.
305 * \param Q The public key to use for verification. This must be
306 * initialized and setup.
307 * \param r The first integer of the signature.
308 * This must be initialized.
309 * \param s The second integer of the signature.
310 * This must be initialized.
311 *
312 * \return \c 0 on success.
313 * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
314 * is invalid.
315 * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
316 * error code on failure for any other reason.
317 */
318 int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
319 const unsigned char *buf, size_t blen,
320 const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
321 const mbedtls_mpi *s);
322
323 /**
324 * \brief This function computes the ECDSA signature and writes it
325 * to a buffer, serialized as defined in <em>RFC-4492:
326 * Elliptic Curve Cryptography (ECC) Cipher Suites for
327 * Transport Layer Security (TLS)</em>.
328 *
329 * \warning It is not thread-safe to use the same context in
330 * multiple threads.
331 *
332 * \note The deterministic version is used if
333 * #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
334 * information, see <em>RFC-6979: Deterministic Usage
335 * of the Digital Signature Algorithm (DSA) and Elliptic
336 * Curve Digital Signature Algorithm (ECDSA)</em>.
337 *
338 * \note If the bitlength of the message hash is larger than the
339 * bitlength of the group order, then the hash is truncated as
340 * defined in <em>Standards for Efficient Cryptography Group
341 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
342 * 4.1.3, step 5.
343 *
344 * \see ecp.h
345 *
346 * \param ctx The ECDSA context to use. This must be initialized
347 * and have a group and private key bound to it, for example
348 * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
349 * \param md_alg The message digest that was used to hash the message.
350 * \param hash The message hash to be signed. This must be a readable
351 * buffer of length \p blen Bytes.
352 * \param hlen The length of the hash \p hash in Bytes.
353 * \param sig The buffer to which to write the signature. This must be a
354 * writable buffer of length at least twice as large as the
355 * size of the curve used, plus 9. For example, 73 Bytes if
356 * a 256-bit curve is used. A buffer length of
357 * #MBEDTLS_ECDSA_MAX_LEN is always safe.
358 * \param slen The address at which to store the actual length of
359 * the signature written. Must not be \c NULL.
360 * \param f_rng The RNG function. This must not be \c NULL if
361 * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
362 * it is used only for blinding and may be set to \c NULL, but
363 * doing so is DEPRECATED.
364 * \param p_rng The RNG context to be passed to \p f_rng. This may be
365 * \c NULL if \p f_rng is \c NULL or doesn't use a context.
366 *
367 * \return \c 0 on success.
368 * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
369 * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
370 */
371 int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx,
372 mbedtls_md_type_t md_alg,
373 const unsigned char *hash, size_t hlen,
374 unsigned char *sig, size_t *slen,
375 int (*f_rng)(void *, unsigned char *, size_t),
376 void *p_rng);
377
378 /**
379 * \brief This function computes the ECDSA signature and writes it
380 * to a buffer, in a restartable way.
381 *
382 * \see \c mbedtls_ecdsa_write_signature()
383 *
384 * \note This function is like \c mbedtls_ecdsa_write_signature()
385 * but it can return early and restart according to the limit
386 * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
387 *
388 * \param ctx The ECDSA context to use. This must be initialized
389 * and have a group and private key bound to it, for example
390 * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
391 * \param md_alg The message digest that was used to hash the message.
392 * \param hash The message hash to be signed. This must be a readable
393 * buffer of length \p blen Bytes.
394 * \param hlen The length of the hash \p hash in Bytes.
395 * \param sig The buffer to which to write the signature. This must be a
396 * writable buffer of length at least twice as large as the
397 * size of the curve used, plus 9. For example, 73 Bytes if
398 * a 256-bit curve is used. A buffer length of
399 * #MBEDTLS_ECDSA_MAX_LEN is always safe.
400 * \param slen The address at which to store the actual length of
401 * the signature written. Must not be \c NULL.
402 * \param f_rng The RNG function. This must not be \c NULL if
403 * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
404 * it is unused and may be set to \c NULL.
405 * \param p_rng The RNG context to be passed to \p f_rng. This may be
406 * \c NULL if \p f_rng is \c NULL or doesn't use a context.
407 * \param rs_ctx The restart context to use. This may be \c NULL to disable
408 * restarting. If it is not \c NULL, it must point to an
409 * initialized restart context.
410 *
411 * \return \c 0 on success.
412 * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
413 * operations was reached: see \c mbedtls_ecp_set_max_ops().
414 * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
415 * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
416 */
417 int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx,
418 mbedtls_md_type_t md_alg,
419 const unsigned char *hash, size_t hlen,
420 unsigned char *sig, size_t *slen,
421 int (*f_rng)(void *, unsigned char *, size_t),
422 void *p_rng,
423 mbedtls_ecdsa_restart_ctx *rs_ctx);
424
425 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
426 #if ! defined(MBEDTLS_DEPRECATED_REMOVED)
427 #if defined(MBEDTLS_DEPRECATED_WARNING)
428 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
429 #else
430 #define MBEDTLS_DEPRECATED
431 #endif
432 /**
433 * \brief This function computes an ECDSA signature and writes
434 * it to a buffer, serialized as defined in <em>RFC-4492:
435 * Elliptic Curve Cryptography (ECC) Cipher Suites for
436 * Transport Layer Security (TLS)</em>.
437 *
438 * The deterministic version is defined in <em>RFC-6979:
439 * Deterministic Usage of the Digital Signature Algorithm (DSA)
440 * and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
441 *
442 * \warning It is not thread-safe to use the same context in
443 * multiple threads.
444 *
445 * \note If the bitlength of the message hash is larger than the
446 * bitlength of the group order, then the hash is truncated as
447 * defined in <em>Standards for Efficient Cryptography Group
448 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
449 * 4.1.3, step 5.
450 *
451 * \see ecp.h
452 *
453 * \deprecated Superseded by mbedtls_ecdsa_write_signature() in
454 * Mbed TLS version 2.0 and later.
455 *
456 * \param ctx The ECDSA context to use. This must be initialized
457 * and have a group and private key bound to it, for example
458 * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
459 * \param hash The message hash to be signed. This must be a readable
460 * buffer of length \p blen Bytes.
461 * \param hlen The length of the hash \p hash in Bytes.
462 * \param sig The buffer to which to write the signature. This must be a
463 * writable buffer of length at least twice as large as the
464 * size of the curve used, plus 9. For example, 73 Bytes if
465 * a 256-bit curve is used. A buffer length of
466 * #MBEDTLS_ECDSA_MAX_LEN is always safe.
467 * \param slen The address at which to store the actual length of
468 * the signature written. Must not be \c NULL.
469 * \param md_alg The message digest that was used to hash the message.
470 *
471 * \return \c 0 on success.
472 * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
473 * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
474 */
475 int mbedtls_ecdsa_write_signature_det(mbedtls_ecdsa_context *ctx,
476 const unsigned char *hash, size_t hlen,
477 unsigned char *sig, size_t *slen,
478 mbedtls_md_type_t md_alg) MBEDTLS_DEPRECATED;
479 #undef MBEDTLS_DEPRECATED
480 #endif /* MBEDTLS_DEPRECATED_REMOVED */
481 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
482
483 /**
484 * \brief This function reads and verifies an ECDSA signature.
485 *
486 * \note If the bitlength of the message hash is larger than the
487 * bitlength of the group order, then the hash is truncated as
488 * defined in <em>Standards for Efficient Cryptography Group
489 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
490 * 4.1.4, step 3.
491 *
492 * \see ecp.h
493 *
494 * \param ctx The ECDSA context to use. This must be initialized
495 * and have a group and public key bound to it.
496 * \param hash The message hash that was signed. This must be a readable
497 * buffer of length \p size Bytes.
498 * \param hlen The size of the hash \p hash.
499 * \param sig The signature to read and verify. This must be a readable
500 * buffer of length \p slen Bytes.
501 * \param slen The size of \p sig in Bytes.
502 *
503 * \return \c 0 on success.
504 * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
505 * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
506 * signature in \p sig, but its length is less than \p siglen.
507 * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
508 * error code on failure for any other reason.
509 */
510 int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
511 const unsigned char *hash, size_t hlen,
512 const unsigned char *sig, size_t slen);
513
514 /**
515 * \brief This function reads and verifies an ECDSA signature,
516 * in a restartable way.
517 *
518 * \see \c mbedtls_ecdsa_read_signature()
519 *
520 * \note This function is like \c mbedtls_ecdsa_read_signature()
521 * but it can return early and restart according to the limit
522 * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
523 *
524 * \param ctx The ECDSA context to use. This must be initialized
525 * and have a group and public key bound to it.
526 * \param hash The message hash that was signed. This must be a readable
527 * buffer of length \p size Bytes.
528 * \param hlen The size of the hash \p hash.
529 * \param sig The signature to read and verify. This must be a readable
530 * buffer of length \p slen Bytes.
531 * \param slen The size of \p sig in Bytes.
532 * \param rs_ctx The restart context to use. This may be \c NULL to disable
533 * restarting. If it is not \c NULL, it must point to an
534 * initialized restart context.
535 *
536 * \return \c 0 on success.
537 * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
538 * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
539 * signature in \p sig, but its length is less than \p siglen.
540 * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
541 * operations was reached: see \c mbedtls_ecp_set_max_ops().
542 * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
543 * error code on failure for any other reason.
544 */
545 int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
546 const unsigned char *hash, size_t hlen,
547 const unsigned char *sig, size_t slen,
548 mbedtls_ecdsa_restart_ctx *rs_ctx);
549
550 /**
551 * \brief This function generates an ECDSA keypair on the given curve.
552 *
553 * \see ecp.h
554 *
555 * \param ctx The ECDSA context to store the keypair in.
556 * This must be initialized.
557 * \param gid The elliptic curve to use. One of the various
558 * \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
559 * \param f_rng The RNG function to use. This must not be \c NULL.
560 * \param p_rng The RNG context to be passed to \p f_rng. This may be
561 * \c NULL if \p f_rng doesn't need a context argument.
562 *
563 * \return \c 0 on success.
564 * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
565 */
566 int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
567 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
568
569 /**
570 * \brief This function sets up an ECDSA context from an EC key pair.
571 *
572 * \see ecp.h
573 *
574 * \param ctx The ECDSA context to setup. This must be initialized.
575 * \param key The EC key to use. This must be initialized and hold
576 * a private-public key pair or a public key. In the former
577 * case, the ECDSA context may be used for signature creation
578 * and verification after this call. In the latter case, it
579 * may be used for signature verification.
580 *
581 * \return \c 0 on success.
582 * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
583 */
584 int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx,
585 const mbedtls_ecp_keypair *key);
586
587 /**
588 * \brief This function initializes an ECDSA context.
589 *
590 * \param ctx The ECDSA context to initialize.
591 * This must not be \c NULL.
592 */
593 void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx);
594
595 /**
596 * \brief This function frees an ECDSA context.
597 *
598 * \param ctx The ECDSA context to free. This may be \c NULL,
599 * in which case this function does nothing. If it
600 * is not \c NULL, it must be initialized.
601 */
602 void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx);
603
604 #if defined(MBEDTLS_ECP_RESTARTABLE)
605 /**
606 * \brief Initialize a restart context.
607 *
608 * \param ctx The restart context to initialize.
609 * This must not be \c NULL.
610 */
611 void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx);
612
613 /**
614 * \brief Free the components of a restart context.
615 *
616 * \param ctx The restart context to free. This may be \c NULL,
617 * in which case this function does nothing. If it
618 * is not \c NULL, it must be initialized.
619 */
620 void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx);
621 #endif /* MBEDTLS_ECP_RESTARTABLE */
622
623 #ifdef __cplusplus
624 }
625 #endif
626
627 #endif /* ecdsa.h */
Proxmark3 - the RFID research Swiss army knife. Iceman firmware