OpenSL ecdsa(3openssl)
NAME
ecdsa - Elliptic Curve Digital Signature Algorithm
SYNOPSIS
#include
ECDSASIG* ECDSASIGnew(void);
void ECDSASIGfree(ECDSASIG *sig);
int i2dECDSASIG(const ECDSASIG *sig, unsigned char **pp);
ECDSASIG* d2iECDSASIG(ECDSASIG **sig, const unsigned char **pp,
long len);
ECDSASIG* ECDSAdosign(const unsigned char *dgst, int dgstlen,
ECKEY *eckey);
ECDSASIG* ECDSAdosignex(const unsigned char *dgst, int dgstlen,
const BIGNUM *kinv, const BIGNUM *rp,
ECKEY *eckey);
int ECDSAdoverify(const unsigned char *dgst, int dgstlen,
const ECDSASIG *sig, ECKEY* eckey);
int ECDSAsignsetup(ECKEY *eckey, BNCTX *ctx,
BIGNUM **kinv, BIGNUM **rp);
int ECDSAsign(int type, const unsigned char *dgst,
int dgstlen, unsigned char *sig,
unsigned int *siglen, ECKEY *eckey);
int ECDSAsignex(int type, const unsigned char *dgst,
int dgstlen, unsigned char *sig,
unsigned int *siglen, const BIGNUM *kinv,
const BIGNUM *rp, ECKEY *eckey);
int ECDSAverify(int type, const unsigned char *dgst,
int dgstlen, const unsigned char *sig,
int siglen, ECKEY *eckey);
int ECDSAsize(const ECKEY *eckey);
const ECDSAMETHOD* ECDSAOpenSL(void);
void ECDSAsetdefaultmethod(const ECDSAMETHOD *meth);
const ECDSAMETHOD* ECDSAgetdefaultmethod(void);
int ECDSAsetmethod(ECKEY *eckey,const ECDSAMETHOD *meth);
int ECDSAgetexnewindex(long argl, void *argp,
CRYPTOEXnew *newfunc,
CRYPTOEXdup *dupfunc,
CRYPTOEXfree *freefunc);
int ECDSAsetexdata(ECKEY *d, int idx, void *arg);
void* ECDSAgetexdata(ECKEY *d, int idx);
DESCRIPTION
The ECDSASIG structure consists of two BIGNUMs for the r
and s value of a ECDSA signature (see X9.62 or FIPS 186-2).
OpenSL-0.9.8 Last change: Oct 11 2005 1
OpenSL ecdsa(3openssl)
struct
{
BIGNUM *r;
BIGNUM *s;
} ECDSASIG;
ECDSASIGnew() allocates a new ECDSASIG structure (note:
this function also allocates the BIGNUMs) and initialize it.
ECDSASIGfree() frees the ECDSASIG structure sig.
i2dECDSASIG() creates the DER encoding of the ECDSA
signature sig and writes the encoded signature to *pp (note:
if pp is NUL i2dECDSASIG returns the expected length in
bytes of the DER encoded signature). i2dECDSASIG returns
the length of the DER encoded signature (or 0 on error).
d2iECDSASIG() decodes a DER encoded ECDSA signature and
returns the decoded signature in a newly allocated ECDSASIG
structure. *sig points to the buffer containing the DER
encoded signature of size len.
ECDSAsize() returns the maximum length of a DER encoded
ECDSA signature created with the private EC key eckey.
ECDSAsignsetup() may be used to precompute parts of the
signing operation. eckey is the private EC key and ctx is a
pointer to BNCTX structure (or NUL). The precomputed
values or returned in kinv and rp and can be used in a later
call to ECDSAsignex or ECDSAdosignex.
ECDSAsign() is wrapper function for ECDSAsignex with kinv
and rp set to NUL.
ECDSAsignex() computes a digital signature of the dgstlen
bytes hash value dgst using the private EC key eckey and the
optional pre-computed values kinv and rp. The DER encoded
signatures is stored in sig and it's length is returned in
siglen. Note: sig must point to ECDSAsize bytes of memory.
The parameter type is ignored.
ECDSAverify() verifies that the signature in sig of size
siglen is a valid ECDSA signature of the hash value value
dgst of size dgstlen using the public key eckey. The
parameter type is ignored.
ECDSAdosign() is wrapper function for ECDSAdosignex
with kinv and rp set to NUL.
ECDSAdosignex() computes a digital signature of the
dgstlen bytes hash value dgst using the private key eckey
and the optional pre-computed values kinv and rp. The
OpenSL-0.9.8 Last change: Oct 11 2005 2
OpenSL ecdsa(3openssl)
signature is returned in a newly allocated ECDSASIG
structure (or NUL on error).
ECDSAdoverify() verifies that the signature sig is a valid
ECDSA signature of the hash value dgst of size dgstlen
using the public key eckey.
RETURN VALUES
ECDSAsize() returns the maximum length signature or 0 on
error.
ECDSAsignsetup() and ECDSAsign() return 1 if successful
or -1 on error.
ECDSAverify() and ECDSAdoverify() return 1 for a valid
signature, 0 for an invalid signature and -1 on error. The
error codes can be obtained by ERgeterror(3).
EXAMPLES
Creating a ECDSA signature of given SHA-1 hash value using
the named curve secp192k1.
First step: create a ECKEY object (note: this part is not
ECDSA specific)
int ret;
ECDSASIG *sig;
ECKEY *eckey = ECKEYnew();
if (eckey == NUL)
{
/* error */
}
key->group = ECGROUPnewbynid(NIDsecp192k1);
if (key->group == NUL)
{
/* error */
}
if (!ECKEYgeneratekey(eckey))
{
/* error */
}
Second step: compute the ECDSA signature of a SHA-1 hash
value using ECDSAdosign
sig = ECDSAdosign(digest, 20, eckey);
if (sig == NUL)
{
/* error */
}
OpenSL-0.9.8 Last change: Oct 11 2005 3
OpenSL ecdsa(3openssl)
or using ECDSAsign
unsigned char *buffer, *pp;
int buflen;
buflen = ECDSAsize(eckey);
buffer = OPENSLmalloc(buflen);
pp = buffer;
if (!ECDSAsign(0, dgst, dgstlen, pp, &buflen, eckey);
{
/* error */
}
Third step: verify the created ECDSA signature using
ECDSAdoverify
ret = ECDSAdoverify(digest, 20, sig, eckey);
or using ECDSAverify
ret = ECDSAverify(0, digest, 20, buffer, buflen, eckey);
and finally evaluate the return value:
if (ret == -1)
{
/* error */
}
else if (ret == 0)
{
/* incorrect signature */
}
else /* ret == 1 */
{
/* signature ok */
}
CONFORMING TO
ANSI X9.62, US Federal Information Processing Standard FIPS
186-2 (Digital Signature Standard, DS)
SEE ALSO
dsa(3), rsa(3)
HISTORY
The ecdsa implementation was first introduced in OpenSL
0.9.8
AUTHOR
Nils Larsch for the OpenSL project
(http:/www.openssl.org).
OpenSL-0.9.8 Last change: Oct 11 2005 4
|
