1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5b077aed3SPierre ProncheryECDSA_SIG_new, ECDSA_SIG_free, 6b077aed3SPierre ProncheryECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0 7b077aed3SPierre Pronchery- Functions for creating, destroying and manipulating ECDSA_SIG objects 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim=head1 SYNOPSIS 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim #include <openssl/ecdsa.h> 12e71b7053SJung-uk Kim 13e71b7053SJung-uk Kim ECDSA_SIG *ECDSA_SIG_new(void); 14e71b7053SJung-uk Kim void ECDSA_SIG_free(ECDSA_SIG *sig); 15e71b7053SJung-uk Kim void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); 16e71b7053SJung-uk Kim const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig); 17e71b7053SJung-uk Kim const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); 18e71b7053SJung-uk Kim int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); 19e71b7053SJung-uk Kim 20e71b7053SJung-uk Kim=head1 DESCRIPTION 21e71b7053SJung-uk Kim 22e71b7053SJung-uk KimB<ECDSA_SIG> is an opaque structure consisting of two BIGNUMs for the 23b077aed3SPierre ProncheryI<r> and I<s> value of an Elliptic Curve Digital Signature Algorithm (ECDSA) signature 24b077aed3SPierre Pronchery(see FIPS186-4 or X9.62). 25b077aed3SPierre ProncheryThe B<ECDSA_SIG> object was mainly used by the deprecated low level functions described in 26b077aed3SPierre ProncheryL<ECDSA_sign(3)>, it is still required in order to be able to set or get the values of 27b077aed3SPierre ProncheryI<r> and I<s> into or from a signature. This is mainly used for testing purposes as shown 28b077aed3SPierre Proncheryin the L</EXAMPLES>. 29e71b7053SJung-uk Kim 30b077aed3SPierre ProncheryECDSA_SIG_new() allocates an empty B<ECDSA_SIG> structure. 31b077aed3SPierre ProncheryNote: before OpenSSL 1.1.0, the I<r> and I<s> components were initialised. 32e71b7053SJung-uk Kim 33b077aed3SPierre ProncheryECDSA_SIG_free() frees the B<ECDSA_SIG> structure I<sig>. 34*a7148ab3SEnji CooperIf the argument is NULL, nothing is done. 35e71b7053SJung-uk Kim 36b077aed3SPierre ProncheryECDSA_SIG_get0() returns internal pointers the I<r> and I<s> values contained 37b077aed3SPierre Proncheryin I<sig> and stores them in I<*pr> and I<*ps>, respectively. 38b077aed3SPierre ProncheryThe pointer I<pr> or I<ps> can be NULL, in which case the corresponding value 39e71b7053SJung-uk Kimis not returned. 40e71b7053SJung-uk Kim 41b077aed3SPierre ProncheryThe values I<r>, I<s> can also be retrieved separately by the corresponding 42e71b7053SJung-uk Kimfunction ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s(), respectively. 43e71b7053SJung-uk Kim 44b077aed3SPierre ProncheryNon-NULL I<r> and I<s> values can be set on the I<sig> by calling 45b077aed3SPierre ProncheryECDSA_SIG_set0(). Calling this function transfers the memory management of the 46b077aed3SPierre Proncheryvalues to the B<ECDSA_SIG> object, and therefore the values that have been 47b077aed3SPierre Proncherypassed in should not be freed by the caller. 48e71b7053SJung-uk Kim 49da327cd2SJung-uk KimSee L<i2d_ECDSA_SIG(3)> and L<d2i_ECDSA_SIG(3)> for information about encoding 50da327cd2SJung-uk Kimand decoding ECDSA signatures to/from DER. 51e71b7053SJung-uk Kim 52e71b7053SJung-uk Kim=head1 RETURN VALUES 53e71b7053SJung-uk Kim 54e71b7053SJung-uk KimECDSA_SIG_new() returns NULL if the allocation fails. 55e71b7053SJung-uk Kim 56e71b7053SJung-uk KimECDSA_SIG_set0() returns 1 on success or 0 on failure. 57e71b7053SJung-uk Kim 58e71b7053SJung-uk KimECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, 59e71b7053SJung-uk Kimor NULL if it is unset. 60e71b7053SJung-uk Kim 61e71b7053SJung-uk Kim=head1 EXAMPLES 62e71b7053SJung-uk Kim 63b077aed3SPierre ProncheryExtract signature I<r> and I<s> values from a ECDSA I<signature> 64b077aed3SPierre Proncheryof size I<signaturelen>: 65e71b7053SJung-uk Kim 66b077aed3SPierre Pronchery ECDSA_SIG *obj; 67b077aed3SPierre Pronchery const BIGNUM *r, *s; 68e71b7053SJung-uk Kim 69b077aed3SPierre Pronchery /* Load a signature into the ECDSA_SIG object */ 70b077aed3SPierre Pronchery obj = d2i_ECDSA_SIG(NULL, &signature, signaturelen); 71b077aed3SPierre Pronchery if (obj == NULL) 72e71b7053SJung-uk Kim /* error */ 73e71b7053SJung-uk Kim 74b077aed3SPierre Pronchery r = ECDSA_SIG_get0_r(obj); 75b077aed3SPierre Pronchery s = ECDSA_SIG_get0_s(obj); 76b077aed3SPierre Pronchery if (r == NULL || s == NULL) 77e71b7053SJung-uk Kim /* error */ 78e71b7053SJung-uk Kim 79b077aed3SPierre Pronchery /* Use BN_bn2binpad() here to convert to r and s into byte arrays */ 80e71b7053SJung-uk Kim 81b077aed3SPierre Pronchery /* 82b077aed3SPierre Pronchery * Do not try to access I<r> or I<s> after calling ECDSA_SIG_free(), 83b077aed3SPierre Pronchery * as they are both freed by this call. 84b077aed3SPierre Pronchery */ 85b077aed3SPierre Pronchery ECDSA_SIG_free(obj); 86e71b7053SJung-uk Kim 87b077aed3SPierre ProncheryConvert I<r> and I<s> byte arrays into an ECDSA_SIG I<signature> of 88b077aed3SPierre Proncherysize I<signaturelen>: 89b077aed3SPierre Pronchery 90b077aed3SPierre Pronchery ECDSA_SIG *obj = NULL; 91b077aed3SPierre Pronchery unsigned char *signature = NULL; 92b077aed3SPierre Pronchery size_t signaturelen; 93b077aed3SPierre Pronchery BIGNUM *rbn = NULL, *sbn = NULL; 94b077aed3SPierre Pronchery 95b077aed3SPierre Pronchery obj = ECDSA_SIG_new(); 96b077aed3SPierre Pronchery if (obj == NULL) 97b077aed3SPierre Pronchery /* error */ 98b077aed3SPierre Pronchery rbn = BN_bin2bn(r, rlen, NULL); 99b077aed3SPierre Pronchery sbn = BN_bin2bn(s, slen, NULL); 100b077aed3SPierre Pronchery if (rbn == NULL || sbn == NULL) 101e71b7053SJung-uk Kim /* error */ 102e71b7053SJung-uk Kim 103b077aed3SPierre Pronchery if (!ECDSA_SIG_set0(obj, rbn, sbn)) 104e71b7053SJung-uk Kim /* error */ 105b077aed3SPierre Pronchery /* Set these to NULL since they are now owned by obj */ 106b077aed3SPierre Pronchery rbn = sbn = NULL; 107b077aed3SPierre Pronchery 108b077aed3SPierre Pronchery signaturelen = i2d_ECDSA_SIG(obj, &signature); 109b077aed3SPierre Pronchery if (signaturelen <= 0) 110b077aed3SPierre Pronchery /* error */ 111b077aed3SPierre Pronchery 112b077aed3SPierre Pronchery /* 113b077aed3SPierre Pronchery * This signature could now be passed to L<EVP_DigestVerify(3)> 114b077aed3SPierre Pronchery * or L<EVP_DigestVerifyFinal(3)> 115b077aed3SPierre Pronchery */ 116b077aed3SPierre Pronchery 117b077aed3SPierre Pronchery BN_free(rbn); 118b077aed3SPierre Pronchery BN_free(sbn); 119b077aed3SPierre Pronchery OPENSSL_free(signature); 120b077aed3SPierre Pronchery ECDSA_SIG_free(obj); 121e71b7053SJung-uk Kim 122e71b7053SJung-uk Kim=head1 CONFORMING TO 123e71b7053SJung-uk Kim 124b077aed3SPierre ProncheryANSI X9.62, 125b077aed3SPierre ProncheryUS Federal Information Processing Standard FIPS186-4 126e71b7053SJung-uk Kim(Digital Signature Standard, DSS) 127e71b7053SJung-uk Kim 128e71b7053SJung-uk Kim=head1 SEE ALSO 129e71b7053SJung-uk Kim 130610a21fdSJung-uk KimL<EC_KEY_new(3)>, 131e71b7053SJung-uk KimL<EVP_DigestSignInit(3)>, 132da327cd2SJung-uk KimL<EVP_DigestVerifyInit(3)>, 133b077aed3SPierre ProncheryL<EVP_PKEY_sign(3)> 134da327cd2SJung-uk KimL<i2d_ECDSA_SIG(3)>, 135b077aed3SPierre ProncheryL<d2i_ECDSA_SIG(3)>, 136b077aed3SPierre ProncheryL<ECDSA_sign(3)> 137e71b7053SJung-uk Kim 138e71b7053SJung-uk Kim=head1 COPYRIGHT 139e71b7053SJung-uk Kim 140*a7148ab3SEnji CooperCopyright 2004-2024 The OpenSSL Project Authors. All Rights Reserved. 141e71b7053SJung-uk Kim 142b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 143e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 144e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 145e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 146e71b7053SJung-uk Kim 147e71b7053SJung-uk Kim=cut 148