1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncheryECDSA_size, ECDSA_sign, ECDSA_do_sign, 6*b077aed3SPierre ProncheryECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, 7*b077aed3SPierre ProncheryECDSA_do_sign_ex - deprecated low-level elliptic curve digital signature algorithm 8*b077aed3SPierre Pronchery(ECDSA) functions 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery=head1 SYNOPSIS 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery #include <openssl/ecdsa.h> 13*b077aed3SPierre Pronchery 14*b077aed3SPierre ProncheryThe following functions have been deprecated since OpenSSL 3.0, and can be 15*b077aed3SPierre Proncheryhidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value, 16*b077aed3SPierre Proncherysee L<openssl_user_macros(7)>: 17*b077aed3SPierre Pronchery 18*b077aed3SPierre Pronchery int ECDSA_size(const EC_KEY *eckey); 19*b077aed3SPierre Pronchery 20*b077aed3SPierre Pronchery int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, 21*b077aed3SPierre Pronchery unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); 22*b077aed3SPierre Pronchery ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, 23*b077aed3SPierre Pronchery EC_KEY *eckey); 24*b077aed3SPierre Pronchery 25*b077aed3SPierre Pronchery int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, 26*b077aed3SPierre Pronchery const unsigned char *sig, int siglen, EC_KEY *eckey); 27*b077aed3SPierre Pronchery int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, 28*b077aed3SPierre Pronchery const ECDSA_SIG *sig, EC_KEY* eckey); 29*b077aed3SPierre Pronchery 30*b077aed3SPierre Pronchery ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, 31*b077aed3SPierre Pronchery const BIGNUM *kinv, const BIGNUM *rp, 32*b077aed3SPierre Pronchery EC_KEY *eckey); 33*b077aed3SPierre Pronchery int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); 34*b077aed3SPierre Pronchery int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, 35*b077aed3SPierre Pronchery unsigned char *sig, unsigned int *siglen, 36*b077aed3SPierre Pronchery const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); 37*b077aed3SPierre Pronchery 38*b077aed3SPierre Pronchery=head1 DESCRIPTION 39*b077aed3SPierre Pronchery 40*b077aed3SPierre ProncherySee L<ECDSA_SIG_new(3)> for a description of the B<ECDSA_SIG> object. 41*b077aed3SPierre Pronchery 42*b077aed3SPierre ProncherySee L<i2d_ECDSA_SIG(3)> and L<d2i_ECDSA_SIG(3)> for information about encoding 43*b077aed3SPierre Proncheryand decoding ECDSA signatures to/from DER. 44*b077aed3SPierre Pronchery 45*b077aed3SPierre ProncheryAll of the functions described below are deprecated. Applications should 46*b077aed3SPierre Proncheryuse the higher level B<EVP> interface such as L<EVP_DigestSignInit(3)> 47*b077aed3SPierre Proncheryor L<EVP_DigestVerifyInit(3)> instead. 48*b077aed3SPierre Pronchery 49*b077aed3SPierre ProncheryECDSA_size() returns the maximum length of a DER encoded ECDSA signature 50*b077aed3SPierre Proncherycreated with the private EC key I<eckey>. To obtain the actual signature 51*b077aed3SPierre Proncherysize use L<EVP_PKEY_sign(3)> with a NULL I<sig> parameter. 52*b077aed3SPierre Pronchery 53*b077aed3SPierre ProncheryECDSA_sign() computes a digital signature of the I<dgstlen> bytes hash value 54*b077aed3SPierre ProncheryI<dgst> using the private EC key I<eckey>. The DER encoded signatures is 55*b077aed3SPierre Proncherystored in I<sig> and its length is returned in I<sig_len>. Note: I<sig> must 56*b077aed3SPierre Proncherypoint to ECDSA_size(eckey) bytes of memory. The parameter I<type> is currently 57*b077aed3SPierre Proncheryignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with I<kinv> 58*b077aed3SPierre Proncheryand I<rp> set to NULL. 59*b077aed3SPierre Pronchery 60*b077aed3SPierre ProncheryECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned 61*b077aed3SPierre Proncheryas a newly allocated B<ECDSA_SIG> structure (or NULL on error). ECDSA_do_sign() 62*b077aed3SPierre Proncheryis a wrapper function for ECDSA_do_sign_ex() with I<kinv> and I<rp> set to 63*b077aed3SPierre ProncheryNULL. 64*b077aed3SPierre Pronchery 65*b077aed3SPierre ProncheryECDSA_verify() verifies that the signature in I<sig> of size I<siglen> is a 66*b077aed3SPierre Proncheryvalid ECDSA signature of the hash value I<dgst> of size I<dgstlen> using the 67*b077aed3SPierre Proncherypublic key I<eckey>. The parameter I<type> is ignored. 68*b077aed3SPierre Pronchery 69*b077aed3SPierre ProncheryECDSA_do_verify() is similar to ECDSA_verify() except the signature is 70*b077aed3SPierre Proncherypresented in the form of a pointer to an B<ECDSA_SIG> structure. 71*b077aed3SPierre Pronchery 72*b077aed3SPierre ProncheryThe remaining functions utilise the internal I<kinv> and I<r> values used 73*b077aed3SPierre Proncheryduring signature computation. Most applications will never need to call these 74*b077aed3SPierre Proncheryand some external ECDSA ENGINE implementations may not support them at all if 75*b077aed3SPierre Proncheryeither I<kinv> or I<r> is not NULL. 76*b077aed3SPierre Pronchery 77*b077aed3SPierre ProncheryECDSA_sign_setup() may be used to precompute parts of the signing operation. 78*b077aed3SPierre ProncheryI<eckey> is the private EC key and I<ctx> is a pointer to B<BN_CTX> structure 79*b077aed3SPierre Pronchery(or NULL). The precomputed values or returned in I<kinv> and I<rp> and can be 80*b077aed3SPierre Proncheryused in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex(). 81*b077aed3SPierre Pronchery 82*b077aed3SPierre ProncheryECDSA_sign_ex() computes a digital signature of the I<dgstlen> bytes hash value 83*b077aed3SPierre ProncheryI<dgst> using the private EC key I<eckey> and the optional pre-computed values 84*b077aed3SPierre ProncheryI<kinv> and I<rp>. The DER encoded signature is stored in I<sig> and its 85*b077aed3SPierre Proncherylength is returned in I<sig_len>. Note: I<sig> must point to ECDSA_size(eckey) 86*b077aed3SPierre Proncherybytes of memory. The parameter I<type> is ignored. 87*b077aed3SPierre Pronchery 88*b077aed3SPierre ProncheryECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is 89*b077aed3SPierre Proncheryreturned as a newly allocated B<ECDSA_SIG> structure (or NULL on error). 90*b077aed3SPierre Pronchery 91*b077aed3SPierre Pronchery=head1 RETURN VALUES 92*b077aed3SPierre Pronchery 93*b077aed3SPierre ProncheryECDSA_size() returns the maximum length signature or 0 on error. 94*b077aed3SPierre Pronchery 95*b077aed3SPierre ProncheryECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful 96*b077aed3SPierre Proncheryor 0 on error. 97*b077aed3SPierre Pronchery 98*b077aed3SPierre ProncheryECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated 99*b077aed3SPierre ProncheryB<ECDSA_SIG> structure or NULL on error. 100*b077aed3SPierre Pronchery 101*b077aed3SPierre ProncheryECDSA_verify() and ECDSA_do_verify() return 1 for a valid 102*b077aed3SPierre Proncherysignature, 0 for an invalid signature and -1 on error. 103*b077aed3SPierre ProncheryThe error codes can be obtained by L<ERR_get_error(3)>. 104*b077aed3SPierre Pronchery 105*b077aed3SPierre Pronchery=head1 EXAMPLES 106*b077aed3SPierre Pronchery 107*b077aed3SPierre ProncheryCreating an ECDSA signature of a given SHA-256 hash value using the 108*b077aed3SPierre Proncherynamed curve prime256v1 (aka P-256). 109*b077aed3SPierre ProncheryThis example uses deprecated functionality. See L</DESCRIPTION>. 110*b077aed3SPierre Pronchery 111*b077aed3SPierre ProncheryFirst step: create an EC_KEY object (note: this part is B<not> ECDSA 112*b077aed3SPierre Proncheryspecific) 113*b077aed3SPierre Pronchery 114*b077aed3SPierre Pronchery int ret; 115*b077aed3SPierre Pronchery ECDSA_SIG *sig; 116*b077aed3SPierre Pronchery EC_KEY *eckey; 117*b077aed3SPierre Pronchery 118*b077aed3SPierre Pronchery eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 119*b077aed3SPierre Pronchery if (eckey == NULL) 120*b077aed3SPierre Pronchery /* error */ 121*b077aed3SPierre Pronchery if (EC_KEY_generate_key(eckey) == 0) 122*b077aed3SPierre Pronchery /* error */ 123*b077aed3SPierre Pronchery 124*b077aed3SPierre ProncherySecond step: compute the ECDSA signature of a SHA-256 hash value 125*b077aed3SPierre Proncheryusing ECDSA_do_sign(): 126*b077aed3SPierre Pronchery 127*b077aed3SPierre Pronchery sig = ECDSA_do_sign(digest, 32, eckey); 128*b077aed3SPierre Pronchery if (sig == NULL) 129*b077aed3SPierre Pronchery /* error */ 130*b077aed3SPierre Pronchery 131*b077aed3SPierre Proncheryor using ECDSA_sign(): 132*b077aed3SPierre Pronchery 133*b077aed3SPierre Pronchery unsigned char *buffer, *pp; 134*b077aed3SPierre Pronchery int buf_len; 135*b077aed3SPierre Pronchery 136*b077aed3SPierre Pronchery buf_len = ECDSA_size(eckey); 137*b077aed3SPierre Pronchery buffer = OPENSSL_malloc(buf_len); 138*b077aed3SPierre Pronchery pp = buffer; 139*b077aed3SPierre Pronchery if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) 140*b077aed3SPierre Pronchery /* error */ 141*b077aed3SPierre Pronchery 142*b077aed3SPierre ProncheryThird step: verify the created ECDSA signature using ECDSA_do_verify(): 143*b077aed3SPierre Pronchery 144*b077aed3SPierre Pronchery ret = ECDSA_do_verify(digest, 32, sig, eckey); 145*b077aed3SPierre Pronchery 146*b077aed3SPierre Proncheryor using ECDSA_verify(): 147*b077aed3SPierre Pronchery 148*b077aed3SPierre Pronchery ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); 149*b077aed3SPierre Pronchery 150*b077aed3SPierre Proncheryand finally evaluate the return value: 151*b077aed3SPierre Pronchery 152*b077aed3SPierre Pronchery if (ret == 1) 153*b077aed3SPierre Pronchery /* signature ok */ 154*b077aed3SPierre Pronchery else if (ret == 0) 155*b077aed3SPierre Pronchery /* incorrect signature */ 156*b077aed3SPierre Pronchery else 157*b077aed3SPierre Pronchery /* error */ 158*b077aed3SPierre Pronchery 159*b077aed3SPierre Pronchery=head1 CONFORMING TO 160*b077aed3SPierre Pronchery 161*b077aed3SPierre ProncheryANSI X9.62, US Federal Information Processing Standard FIPS186-2 162*b077aed3SPierre Pronchery(Digital Signature Standard, DSS) 163*b077aed3SPierre Pronchery 164*b077aed3SPierre Pronchery=head1 SEE ALSO 165*b077aed3SPierre Pronchery 166*b077aed3SPierre ProncheryL<EC_KEY_new(3)>, 167*b077aed3SPierre ProncheryL<EVP_DigestSignInit(3)>, 168*b077aed3SPierre ProncheryL<EVP_DigestVerifyInit(3)>, 169*b077aed3SPierre ProncheryL<EVP_PKEY_sign(3)> 170*b077aed3SPierre ProncheryL<i2d_ECDSA_SIG(3)>, 171*b077aed3SPierre ProncheryL<d2i_ECDSA_SIG(3)> 172*b077aed3SPierre Pronchery 173*b077aed3SPierre Pronchery=head1 HISTORY 174*b077aed3SPierre Pronchery 175*b077aed3SPierre ProncheryAll functionality described here was deprecated in OpenSSL 3.0. 176*b077aed3SPierre Pronchery 177*b077aed3SPierre Pronchery=head1 COPYRIGHT 178*b077aed3SPierre Pronchery 179*b077aed3SPierre ProncheryCopyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved. 180*b077aed3SPierre Pronchery 181*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 182*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 183*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 184*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 185*b077aed3SPierre Pronchery 186*b077aed3SPierre Pronchery=cut 187