1*8fb009dcSAndroid Build Coastguard Worker /* ==================================================================== 2*8fb009dcSAndroid Build Coastguard Worker * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. 3*8fb009dcSAndroid Build Coastguard Worker * 4*8fb009dcSAndroid Build Coastguard Worker * Redistribution and use in source and binary forms, with or without 5*8fb009dcSAndroid Build Coastguard Worker * modification, are permitted provided that the following conditions 6*8fb009dcSAndroid Build Coastguard Worker * are met: 7*8fb009dcSAndroid Build Coastguard Worker * 8*8fb009dcSAndroid Build Coastguard Worker * 1. Redistributions of source code must retain the above copyright 9*8fb009dcSAndroid Build Coastguard Worker * notice, this list of conditions and the following disclaimer. 10*8fb009dcSAndroid Build Coastguard Worker * 11*8fb009dcSAndroid Build Coastguard Worker * 2. Redistributions in binary form must reproduce the above copyright 12*8fb009dcSAndroid Build Coastguard Worker * notice, this list of conditions and the following disclaimer in 13*8fb009dcSAndroid Build Coastguard Worker * the documentation and/or other materials provided with the 14*8fb009dcSAndroid Build Coastguard Worker * distribution. 15*8fb009dcSAndroid Build Coastguard Worker * 16*8fb009dcSAndroid Build Coastguard Worker * 3. All advertising materials mentioning features or use of this 17*8fb009dcSAndroid Build Coastguard Worker * software must display the following acknowledgment: 18*8fb009dcSAndroid Build Coastguard Worker * "This product includes software developed by the OpenSSL Project 19*8fb009dcSAndroid Build Coastguard Worker * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 20*8fb009dcSAndroid Build Coastguard Worker * 21*8fb009dcSAndroid Build Coastguard Worker * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 22*8fb009dcSAndroid Build Coastguard Worker * endorse or promote products derived from this software without 23*8fb009dcSAndroid Build Coastguard Worker * prior written permission. For written permission, please contact 24*8fb009dcSAndroid Build Coastguard Worker * [email protected]. 25*8fb009dcSAndroid Build Coastguard Worker * 26*8fb009dcSAndroid Build Coastguard Worker * 5. Products derived from this software may not be called "OpenSSL" 27*8fb009dcSAndroid Build Coastguard Worker * nor may "OpenSSL" appear in their names without prior written 28*8fb009dcSAndroid Build Coastguard Worker * permission of the OpenSSL Project. 29*8fb009dcSAndroid Build Coastguard Worker * 30*8fb009dcSAndroid Build Coastguard Worker * 6. Redistributions of any form whatsoever must retain the following 31*8fb009dcSAndroid Build Coastguard Worker * acknowledgment: 32*8fb009dcSAndroid Build Coastguard Worker * "This product includes software developed by the OpenSSL Project 33*8fb009dcSAndroid Build Coastguard Worker * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 34*8fb009dcSAndroid Build Coastguard Worker * 35*8fb009dcSAndroid Build Coastguard Worker * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 36*8fb009dcSAndroid Build Coastguard Worker * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 37*8fb009dcSAndroid Build Coastguard Worker * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 38*8fb009dcSAndroid Build Coastguard Worker * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 39*8fb009dcSAndroid Build Coastguard Worker * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 40*8fb009dcSAndroid Build Coastguard Worker * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 41*8fb009dcSAndroid Build Coastguard Worker * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 42*8fb009dcSAndroid Build Coastguard Worker * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 43*8fb009dcSAndroid Build Coastguard Worker * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 44*8fb009dcSAndroid Build Coastguard Worker * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 45*8fb009dcSAndroid Build Coastguard Worker * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 46*8fb009dcSAndroid Build Coastguard Worker * OF THE POSSIBILITY OF SUCH DAMAGE. 47*8fb009dcSAndroid Build Coastguard Worker * ==================================================================== 48*8fb009dcSAndroid Build Coastguard Worker * 49*8fb009dcSAndroid Build Coastguard Worker * This product includes cryptographic software written by Eric Young 50*8fb009dcSAndroid Build Coastguard Worker * ([email protected]). This product includes software written by Tim 51*8fb009dcSAndroid Build Coastguard Worker * Hudson ([email protected]). */ 52*8fb009dcSAndroid Build Coastguard Worker 53*8fb009dcSAndroid Build Coastguard Worker #ifndef OPENSSL_HEADER_ECDSA_H 54*8fb009dcSAndroid Build Coastguard Worker #define OPENSSL_HEADER_ECDSA_H 55*8fb009dcSAndroid Build Coastguard Worker 56*8fb009dcSAndroid Build Coastguard Worker #include <openssl/base.h> 57*8fb009dcSAndroid Build Coastguard Worker 58*8fb009dcSAndroid Build Coastguard Worker #include <openssl/ec_key.h> 59*8fb009dcSAndroid Build Coastguard Worker 60*8fb009dcSAndroid Build Coastguard Worker #if defined(__cplusplus) 61*8fb009dcSAndroid Build Coastguard Worker extern "C" { 62*8fb009dcSAndroid Build Coastguard Worker #endif 63*8fb009dcSAndroid Build Coastguard Worker 64*8fb009dcSAndroid Build Coastguard Worker 65*8fb009dcSAndroid Build Coastguard Worker // ECDSA contains functions for signing and verifying with the Digital Signature 66*8fb009dcSAndroid Build Coastguard Worker // Algorithm over elliptic curves. 67*8fb009dcSAndroid Build Coastguard Worker 68*8fb009dcSAndroid Build Coastguard Worker 69*8fb009dcSAndroid Build Coastguard Worker // Signing and verifying. 70*8fb009dcSAndroid Build Coastguard Worker 71*8fb009dcSAndroid Build Coastguard Worker // ECDSA_sign signs |digest_len| bytes from |digest| with |key| and writes the 72*8fb009dcSAndroid Build Coastguard Worker // resulting signature to |sig|, which must have |ECDSA_size(key)| bytes of 73*8fb009dcSAndroid Build Coastguard Worker // space. On successful exit, |*sig_len| is set to the actual number of bytes 74*8fb009dcSAndroid Build Coastguard Worker // written. The |type| argument should be zero. It returns one on success and 75*8fb009dcSAndroid Build Coastguard Worker // zero otherwise. 76*8fb009dcSAndroid Build Coastguard Worker // 77*8fb009dcSAndroid Build Coastguard Worker // WARNING: |digest| must be the output of some hash function on the data to be 78*8fb009dcSAndroid Build Coastguard Worker // signed. Passing unhashed inputs will not result in a secure signature scheme. 79*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int ECDSA_sign(int type, const uint8_t *digest, 80*8fb009dcSAndroid Build Coastguard Worker size_t digest_len, uint8_t *sig, 81*8fb009dcSAndroid Build Coastguard Worker unsigned int *sig_len, const EC_KEY *key); 82*8fb009dcSAndroid Build Coastguard Worker 83*8fb009dcSAndroid Build Coastguard Worker // ECDSA_verify verifies that |sig_len| bytes from |sig| constitute a valid 84*8fb009dcSAndroid Build Coastguard Worker // signature by |key| of |digest|. (The |type| argument should be zero.) It 85*8fb009dcSAndroid Build Coastguard Worker // returns one on success or zero if the signature is invalid or an error 86*8fb009dcSAndroid Build Coastguard Worker // occurred. 87*8fb009dcSAndroid Build Coastguard Worker // 88*8fb009dcSAndroid Build Coastguard Worker // WARNING: |digest| must be the output of some hash function on the data to be 89*8fb009dcSAndroid Build Coastguard Worker // verified. Passing unhashed inputs will not result in a secure signature 90*8fb009dcSAndroid Build Coastguard Worker // scheme. 91*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int ECDSA_verify(int type, const uint8_t *digest, 92*8fb009dcSAndroid Build Coastguard Worker size_t digest_len, const uint8_t *sig, 93*8fb009dcSAndroid Build Coastguard Worker size_t sig_len, const EC_KEY *key); 94*8fb009dcSAndroid Build Coastguard Worker 95*8fb009dcSAndroid Build Coastguard Worker // ECDSA_size returns the maximum size of an ECDSA signature using |key|. It 96*8fb009dcSAndroid Build Coastguard Worker // returns zero if |key| is NULL or if it doesn't have a group set. 97*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT size_t ECDSA_size(const EC_KEY *key); 98*8fb009dcSAndroid Build Coastguard Worker 99*8fb009dcSAndroid Build Coastguard Worker 100*8fb009dcSAndroid Build Coastguard Worker // Low-level signing and verification. 101*8fb009dcSAndroid Build Coastguard Worker // 102*8fb009dcSAndroid Build Coastguard Worker // Low-level functions handle signatures as |ECDSA_SIG| structures which allow 103*8fb009dcSAndroid Build Coastguard Worker // the two values in an ECDSA signature to be handled separately. 104*8fb009dcSAndroid Build Coastguard Worker 105*8fb009dcSAndroid Build Coastguard Worker struct ecdsa_sig_st { 106*8fb009dcSAndroid Build Coastguard Worker BIGNUM *r; 107*8fb009dcSAndroid Build Coastguard Worker BIGNUM *s; 108*8fb009dcSAndroid Build Coastguard Worker }; 109*8fb009dcSAndroid Build Coastguard Worker 110*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_new returns a fresh |ECDSA_SIG| structure or NULL on error. 111*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_new(void); 112*8fb009dcSAndroid Build Coastguard Worker 113*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_free frees |sig| its member |BIGNUM|s. 114*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void ECDSA_SIG_free(ECDSA_SIG *sig); 115*8fb009dcSAndroid Build Coastguard Worker 116*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_get0_r returns the r component of |sig|. 117*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); 118*8fb009dcSAndroid Build Coastguard Worker 119*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_get0_s returns the s component of |sig|. 120*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); 121*8fb009dcSAndroid Build Coastguard Worker 122*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_get0 sets |*out_r| and |*out_s|, if non-NULL, to the two 123*8fb009dcSAndroid Build Coastguard Worker // components of |sig|. 124*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **out_r, 125*8fb009dcSAndroid Build Coastguard Worker const BIGNUM **out_s); 126*8fb009dcSAndroid Build Coastguard Worker 127*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_set0 sets |sig|'s components to |r| and |s|, neither of which may 128*8fb009dcSAndroid Build Coastguard Worker // be NULL. On success, it takes ownership of each argument and returns one. 129*8fb009dcSAndroid Build Coastguard Worker // Otherwise, it returns zero. 130*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); 131*8fb009dcSAndroid Build Coastguard Worker 132*8fb009dcSAndroid Build Coastguard Worker // ECDSA_do_sign signs |digest_len| bytes from |digest| with |key| and returns 133*8fb009dcSAndroid Build Coastguard Worker // the resulting signature structure, or NULL on error. 134*8fb009dcSAndroid Build Coastguard Worker // 135*8fb009dcSAndroid Build Coastguard Worker // WARNING: |digest| must be the output of some hash function on the data to be 136*8fb009dcSAndroid Build Coastguard Worker // signed. Passing unhashed inputs will not result in a secure signature scheme. 137*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT ECDSA_SIG *ECDSA_do_sign(const uint8_t *digest, 138*8fb009dcSAndroid Build Coastguard Worker size_t digest_len, const EC_KEY *key); 139*8fb009dcSAndroid Build Coastguard Worker 140*8fb009dcSAndroid Build Coastguard Worker // ECDSA_do_verify verifies that |sig| constitutes a valid signature by |key| 141*8fb009dcSAndroid Build Coastguard Worker // of |digest|. It returns one on success or zero if the signature is invalid 142*8fb009dcSAndroid Build Coastguard Worker // or on error. 143*8fb009dcSAndroid Build Coastguard Worker // 144*8fb009dcSAndroid Build Coastguard Worker // WARNING: |digest| must be the output of some hash function on the data to be 145*8fb009dcSAndroid Build Coastguard Worker // verified. Passing unhashed inputs will not result in a secure signature 146*8fb009dcSAndroid Build Coastguard Worker // scheme. 147*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int ECDSA_do_verify(const uint8_t *digest, size_t digest_len, 148*8fb009dcSAndroid Build Coastguard Worker const ECDSA_SIG *sig, const EC_KEY *key); 149*8fb009dcSAndroid Build Coastguard Worker 150*8fb009dcSAndroid Build Coastguard Worker 151*8fb009dcSAndroid Build Coastguard Worker // ASN.1 functions. 152*8fb009dcSAndroid Build Coastguard Worker 153*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_parse parses a DER-encoded ECDSA-Sig-Value structure from |cbs| and 154*8fb009dcSAndroid Build Coastguard Worker // advances |cbs|. It returns a newly-allocated |ECDSA_SIG| or NULL on error. 155*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_parse(CBS *cbs); 156*8fb009dcSAndroid Build Coastguard Worker 157*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_from_bytes parses |in| as a DER-encoded ECDSA-Sig-Value structure. 158*8fb009dcSAndroid Build Coastguard Worker // It returns a newly-allocated |ECDSA_SIG| structure or NULL on error. 159*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT ECDSA_SIG *ECDSA_SIG_from_bytes(const uint8_t *in, 160*8fb009dcSAndroid Build Coastguard Worker size_t in_len); 161*8fb009dcSAndroid Build Coastguard Worker 162*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_marshal marshals |sig| as a DER-encoded ECDSA-Sig-Value and appends 163*8fb009dcSAndroid Build Coastguard Worker // the result to |cbb|. It returns one on success and zero on error. 164*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int ECDSA_SIG_marshal(CBB *cbb, const ECDSA_SIG *sig); 165*8fb009dcSAndroid Build Coastguard Worker 166*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_to_bytes marshals |sig| as a DER-encoded ECDSA-Sig-Value and, on 167*8fb009dcSAndroid Build Coastguard Worker // success, sets |*out_bytes| to a newly allocated buffer containing the result 168*8fb009dcSAndroid Build Coastguard Worker // and returns one. Otherwise, it returns zero. The result should be freed with 169*8fb009dcSAndroid Build Coastguard Worker // |OPENSSL_free|. 170*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int ECDSA_SIG_to_bytes(uint8_t **out_bytes, size_t *out_len, 171*8fb009dcSAndroid Build Coastguard Worker const ECDSA_SIG *sig); 172*8fb009dcSAndroid Build Coastguard Worker 173*8fb009dcSAndroid Build Coastguard Worker // ECDSA_SIG_max_len returns the maximum length of a DER-encoded ECDSA-Sig-Value 174*8fb009dcSAndroid Build Coastguard Worker // structure for a group whose order is represented in |order_len| bytes, or 175*8fb009dcSAndroid Build Coastguard Worker // zero on overflow. 176*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT size_t ECDSA_SIG_max_len(size_t order_len); 177*8fb009dcSAndroid Build Coastguard Worker 178*8fb009dcSAndroid Build Coastguard Worker 179*8fb009dcSAndroid Build Coastguard Worker // Testing-only functions. 180*8fb009dcSAndroid Build Coastguard Worker 181*8fb009dcSAndroid Build Coastguard Worker // ECDSA_sign_with_nonce_and_leak_private_key_for_testing behaves like 182*8fb009dcSAndroid Build Coastguard Worker // |ECDSA_do_sign| but uses |nonce| for the ECDSA nonce 'k', instead of a random 183*8fb009dcSAndroid Build Coastguard Worker // value. |nonce| is interpreted as a big-endian integer. It must be reduced 184*8fb009dcSAndroid Build Coastguard Worker // modulo the group order and padded with zeros up to |BN_num_bytes(order)| 185*8fb009dcSAndroid Build Coastguard Worker // bytes. 186*8fb009dcSAndroid Build Coastguard Worker // 187*8fb009dcSAndroid Build Coastguard Worker // WARNING: This function is only exported for testing purposes, when using test 188*8fb009dcSAndroid Build Coastguard Worker // vectors or fuzzing strategies. It must not be used outside tests and may leak 189*8fb009dcSAndroid Build Coastguard Worker // any private keys it is used with. 190*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT ECDSA_SIG * 191*8fb009dcSAndroid Build Coastguard Worker ECDSA_sign_with_nonce_and_leak_private_key_for_testing(const uint8_t *digest, 192*8fb009dcSAndroid Build Coastguard Worker size_t digest_len, 193*8fb009dcSAndroid Build Coastguard Worker const EC_KEY *eckey, 194*8fb009dcSAndroid Build Coastguard Worker const uint8_t *nonce, 195*8fb009dcSAndroid Build Coastguard Worker size_t nonce_len); 196*8fb009dcSAndroid Build Coastguard Worker 197*8fb009dcSAndroid Build Coastguard Worker 198*8fb009dcSAndroid Build Coastguard Worker // Deprecated functions. 199*8fb009dcSAndroid Build Coastguard Worker 200*8fb009dcSAndroid Build Coastguard Worker // d2i_ECDSA_SIG parses aa DER-encoded ECDSA-Sig-Value structure from |len| 201*8fb009dcSAndroid Build Coastguard Worker // bytes at |*inp|, as described in |d2i_SAMPLE|. 202*8fb009dcSAndroid Build Coastguard Worker // 203*8fb009dcSAndroid Build Coastguard Worker // Use |ECDSA_SIG_parse| instead. 204*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **out, const uint8_t **inp, 205*8fb009dcSAndroid Build Coastguard Worker long len); 206*8fb009dcSAndroid Build Coastguard Worker 207*8fb009dcSAndroid Build Coastguard Worker // i2d_ECDSA_SIG marshals |sig| as a DER-encoded ECDSA-Sig-Value, as described 208*8fb009dcSAndroid Build Coastguard Worker // in |i2d_SAMPLE|. 209*8fb009dcSAndroid Build Coastguard Worker // 210*8fb009dcSAndroid Build Coastguard Worker // Use |ECDSA_SIG_marshal| instead. 211*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int i2d_ECDSA_SIG(const ECDSA_SIG *sig, uint8_t **outp); 212*8fb009dcSAndroid Build Coastguard Worker 213*8fb009dcSAndroid Build Coastguard Worker 214*8fb009dcSAndroid Build Coastguard Worker #if defined(__cplusplus) 215*8fb009dcSAndroid Build Coastguard Worker } // extern C 216*8fb009dcSAndroid Build Coastguard Worker 217*8fb009dcSAndroid Build Coastguard Worker extern "C++" { 218*8fb009dcSAndroid Build Coastguard Worker 219*8fb009dcSAndroid Build Coastguard Worker BSSL_NAMESPACE_BEGIN 220*8fb009dcSAndroid Build Coastguard Worker 221*8fb009dcSAndroid Build Coastguard Worker BORINGSSL_MAKE_DELETER(ECDSA_SIG, ECDSA_SIG_free) 222*8fb009dcSAndroid Build Coastguard Worker 223*8fb009dcSAndroid Build Coastguard Worker BSSL_NAMESPACE_END 224*8fb009dcSAndroid Build Coastguard Worker 225*8fb009dcSAndroid Build Coastguard Worker } // extern C++ 226*8fb009dcSAndroid Build Coastguard Worker 227*8fb009dcSAndroid Build Coastguard Worker #endif 228*8fb009dcSAndroid Build Coastguard Worker 229*8fb009dcSAndroid Build Coastguard Worker #define ECDSA_R_BAD_SIGNATURE 100 230*8fb009dcSAndroid Build Coastguard Worker #define ECDSA_R_MISSING_PARAMETERS 101 231*8fb009dcSAndroid Build Coastguard Worker #define ECDSA_R_NEED_NEW_SETUP_VALUES 102 232*8fb009dcSAndroid Build Coastguard Worker #define ECDSA_R_NOT_IMPLEMENTED 103 233*8fb009dcSAndroid Build Coastguard Worker #define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 234*8fb009dcSAndroid Build Coastguard Worker #define ECDSA_R_ENCODE_ERROR 105 235*8fb009dcSAndroid Build Coastguard Worker #define ECDSA_R_TOO_MANY_ITERATIONS 106 236*8fb009dcSAndroid Build Coastguard Worker 237*8fb009dcSAndroid Build Coastguard Worker #endif // OPENSSL_HEADER_ECDSA_H 238