Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
1 年多 前同步成功

通知 10
Star 18
Fork 1
T
Third Party Openssl
切换分支/标签
查找文件 普通视图历史永久链接Permalink
ecdsa.pod 6.4 KB
Newer Older
G
Add ECDSA documentation.  
Geoff Thorpe 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 
=pod

=head1 NAME

ecdsa - Elliptic Curve Digital Signature Algorithm

=head1 SYNOPSIS

 #include <openssl/ecdsa.h>

 ECDSA_SIG*	ECDSA_SIG_new(void);
 void		ECDSA_SIG_free(ECDSA_SIG *sig);
 int		i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
 ECDSA_SIG*	d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, 
		long len);

 ECDSA_DATA*	ECDSA_DATA_new(void);
 ECDSA_DATA*	ECDSA_DATA_new_method(ENGINE *eng);
 void		ECDSA_DATA_free(ECDSA_DATA *data);
 ECDSA_DATA*	ecdsa_check(EC_KEY *eckey);

 ECDSA_SIG*	ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
			EC_KEY *eckey);
 int		ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
N
update  
Nils Larsch 已提交
25 
			const ECDSA_SIG *sig, EC_KEY* eckey);
G
Add ECDSA documentation.  
Geoff Thorpe 已提交
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 
 int		ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx,
			BIGNUM **kinv, BIGNUM **rp);
 int		ECDSA_sign(int type, const unsigned char *dgst,
			int dgstlen, unsigned char *sig,
			unsigned int *siglen, EC_KEY *eckey);
 int		ECDSA_verify(int type, const unsigned char *dgst,
			int dgstlen, const unsigned char *sig,
			int siglen, EC_KEY *eckey);
 int		ECDSA_size(const EC_KEY *eckey);

 const ECDSA_METHOD*	ECDSA_OpenSSL(void);
 void		ECDSA_set_default_method(const ECDSA_METHOD *meth);
 const ECDSA_METHOD*	ECDSA_get_default_method(void);
 int		ECDSA_set_method(EC_KEY *eckey,const ECDSA_METHOD *meth);

 int		ECDSA_get_ex_new_index(long argl, void *argp,
			CRYPTO_EX_new *new_func,
			CRYPTO_EX_dup *dup_func,
			CRYPTO_EX_free *free_func);
 int		ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
 void*		ECDSA_get_ex_data(EC_KEY *d, int idx);

=head1 DESCRIPTION

The B<ECDSA_SIG> structure consists of two BIGNUMs for the
r and s value of a ECDSA signature (see X9.62 or FIPS 186-2).

 struct
	{
	BIGNUM *r;
	BIGNUM *s;
 } ECDSA_SIG;

ECDSA_SIG_new() allocates a new B<ECDSA_SIG> structure (note: this
function also allocates the BIGNUMs) and initialize it.

ECDSA_SIG_free() frees the B<ECDSA_SIG> structure B<sig>.

i2d_ECDSA_SIG() creates the DER encoding of the ECDSA signature
B<sig> and writes the encoded signature to B<*pp> (note: if B<pp>
is NULL B<i2d_ECDSA_SIG> returns the expected length in bytes of 
the DER encoded signature). B<i2d_ECDSA_SIG> returns the length
of the DER encoded signature (or 0 on error).

d2i_ECDSA_SIG() decodes a DER encoded ECDSA signature and returns
the decoded signature in a newly allocated B<ECDSA_SIG> structure.
B<*sig> points to the buffer containing the DER encoded signature
of size B<len>.

The B<ECDSA_DATA> structure extends the B<EC_KEY_METH_DATA>
structure with ECDSA specific data.

 struct
	{
	/* EC_KEY_METH_DATA part */
	int  (*init)(EC_KEY *);
	void (*finish)(EC_KEY *);
	/* method (ECDSA) specific part */
	BIGNUM	*kinv;	/* signing pre-calc */
	BIGNUM	*r;	/* signing pre-calc */
	...
	} 
 ECDSA_DATA;

B<kinv> and B<r> are used to store precomputed values (see
B<ECDSA_sign_setup>). 

ECDSA_DATA_new() returns a newly allocated and initialized
B<ECDSA_DATA> structure (or NULL on error). 

ECDSA_DATA_free() frees the B<ECDSA_DATA> structure B<data>.

ecdsa_check() returns the pointer to the B<ECDSA_DATA>
structure in B<EC_KEY-E<gt>meth_data> (if B<EC_KEY-E<gt>meth_data>
is not a pointer to a B<ECDSA_DATA> structure then the old
data is freed and a new B<ECDSA_DATA> structure is allocated
using B<ECDSA_DATA_new>).

ECDSA_size() returns the maximum length of a DER encoded
ECDSA signature created with the private EC key B<eckey>.

ECDSA_sign_setup() may be used to precompute parts of the
signing operation. B<eckey> is the private EC key and B<ctx>
is a pointer to B<BN_CTX> structure (or NULL). The precomputed
values or returned in B<kinv> and B<rp> and can be used in a
later call to B<ECDSA_sign> or B<ECDSA_do_sign> when placed in
B<ECDSA_DATA-E<gt>kinv> and B<ECDSA_DATA-E<gt>r>.

ECDSA_sign() computes a digital signature of the B<dgstlen> bytes
hash value B<dgst> using the private EC key B<eckey> and places
the DER encoding of the created signature in B<sig>. The length
of the created signature is returned in B<sig_len>. Note: B<sig>
must point to B<ECDSA_size> bytes of memory. The parameter B<type>
is ignored.

ECDSA_verify() verifies that the signature in B<sig> of size
B<siglen> is a valid ECDSA signature of the hash value
value B<dgst> of size B<dgstlen> using the public key B<eckey>.
The parameter B<type> is ignored.

ECDSA_do_sign() computes a digital signature of the B<dgst_len>
bytes hash value B<dgst> using the private key B<eckey> and 
returns the signature in a newly allocated B<ECDSA_SIG> structure
(or NULL on error).

ECDSA_do_verify() verifies that the signature B<sig> is a valid
ECDSA signature of the hash value B<dgst> of size B<dgst_len>
using the public key B<eckey>.

=head1 RETURN VALUES

ECDSA_size() returns the maximum length signature or 0 on error.

ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or -1
on error.

ECDSA_verify() and ECDSA_do_verify() return 1 for a valid
signature, 0 for an invalid signature and -1 on error.
The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.

=head1 EXAMPLES

Creating a ECDSA signature of given SHA-1 hash value using the
named curve secp192k1.

First step: create a EC_KEY object (note: this part is B<not> ECDSA
specific)

 int        ret;
 ECDSA_SIG *sig;
 EC_KEY    *eckey = EC_KEY_new();
 if (eckey == NULL)
	{
	/* error */
	}
 key->group = EC_GROUP_new_by_nid(NID_secp192k1);
 if (key->group == NULL)
	{
	/* error */
	}
 if (!EC_KEY_generate_key(eckey))
	{
	/* error */
	}

Second step: compute the ECDSA signature of a SHA-1 hash value 
using B<ECDSA_do_sign> 

 sig = ECDSA_do_sign(digest, 20, eckey);
 if (sig == NULL)
	{
	/* error */
	}

or using B<ECDSA_sign>

 unsigned char *buffer, *pp;
 int            buf_len;
 buf_len = ECDSA_size(eckey);
 buffer  = OPENSSL_malloc(buf_len);
 pp = buffer;
 if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey);
	{
	/* error */
	}

Third step: verify the created ECDSA signature using B<ECDSA_do_verify>

 ret = ECDSA_do_verify(digest, 20, sig, eckey);

or using B<ECDSA_verify>

 ret = ECDSA_verify(0, digest, 20, buffer, buf_len, eckey);

and finally evaluate the return value:

 if (ret == -1)
	{
	/* error */
	}
 else if (ret == 0)
	{
	/* incorrect signature */
	}
 else	/* ret == 1 */
	{
	/* signature ok */
	}

=head1 CONFORMING TO

ANSI X9.62, US Federal Information Processing Standard FIPS 186-2
(Digital Signature Standard, DSS)

=head1 SEE ALSO

L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>

=head1 HISTORY

The ecdsa implementation was first introduced in OpenSSL 0.9.8

=head1 AUTHOR

Nils Larsch for the OpenSSL project (http://www.openssl.org).

=cut