yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve ECDSA documentation

Browse source 
- Rephrase file/function/parameter/enum/define/error descriptions into full
  and clear sentences.
- Make sure to adhere to the Arm writing guidelines.
- Fix missing/incorrect Doxygen tags.
- Standardize terminology used within the file.

GitHub PR: #1318
This commit is contained in:
Rose Zadik 2018-01-25 21:58:53 +00:00 committed by Jaeden Amero
parent de2d6221c8
commit bff87d905d
1 changed files with 168 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

275
include/mbedtls/ecdsa.h
View file

@ -1,10 +1,16 @@
/** /**
* \file ecdsa.h * \file ecdsa.h
* *
* \brief Elliptic curve DSA * \brief The Elliptic Curve Digital Signature Algorithm (ECDSA).
*
* ECDSA is defined in <em>Standards for Efficient Cryptography Group (SECG):
* SEC1 Elliptic Curve Cryptography</em>.
* The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
* Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
*
*/ */
/* /*
* Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
* *
* Licensed under the Apache License, Version 2.0 (the "License"); you may * Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -19,8 +25,9 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
* *
* This file is part of mbed TLS (https://tls.mbed.org) * This file is part of Mbed TLS (https://tls.mbed.org)
*/ */
#ifndef MBEDTLS_ECDSA_H #ifndef MBEDTLS_ECDSA_H
#define MBEDTLS_ECDSA_H #define MBEDTLS_ECDSA_H
@ -28,7 +35,7 @@
#include "md.h" #include "md.h"
/* /*
* RFC 4492 page 20: * RFC-4492 page 20:
* *
* Ecdsa-Sig-Value ::= SEQUENCE { * Ecdsa-Sig-Value ::= SEQUENCE {
* r INTEGER, * r INTEGER,
@ -44,11 +51,11 @@
#if MBEDTLS_ECP_MAX_BYTES > 124 #if MBEDTLS_ECP_MAX_BYTES > 124
#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN" #error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
#endif #endif
/** Maximum size of an ECDSA signature in bytes */ /** The maximal size of an ECDSA signature in Bytes. */
#define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) ) #define MBEDTLS_ECDSA_MAX_LEN ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
/** /**
* \brief ECDSA context structure * \brief The ECDSA context structure.
*/ */
typedef mbedtls_ecp_keypair mbedtls_ecdsa_context; typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
@ -57,25 +64,30 @@ extern "C" {
#endif #endif
/** /**
* \brief Compute ECDSA signature of a previously hashed message * \brief This function computes the ECDSA signature of a
* previously-hashed message.
* *
* \note The deterministic version is usually prefered. * \note The deterministic version is usually preferred.
* *
* \param grp ECP group * \param grp The ECP group.
* \param r First output integer * \param r The first output integer.
* \param s Second output integer * \param s The second output integer.
* \param d Private signing key * \param d The private signing key.
* \param buf Message hash * \param buf The message hash.
* \param blen Length of buf * \param blen The length of \p buf.
* \param f_rng RNG function * \param f_rng The RNG function.
* \param p_rng RNG parameter * \param p_rng The RNG parameter.
* *
* \note If the bitlength of the message hash is larger than the * \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as * bitlength of the group order, then the hash is truncated
* prescribed by SEC1 4.1.3 step 5. * as defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
* *
* \return 0 if successful, * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code * or \c MBEDTLS_MPI_XXX error code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen, const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
@ -83,23 +95,31 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
/** /**
* \brief Compute ECDSA signature of a previously hashed message, * \brief This function computes the ECDSA signature of a
* deterministic version (RFC 6979). * previously-hashed message, deterministic version.
* For more information, see <em>RFC-6979: Deterministic
* Usage of the Digital Signature Algorithm (DSA) and Elliptic
* Curve Digital Signature Algorithm (ECDSA)</em>.
* *
* \param grp ECP group * \param grp The ECP group.
* \param r First output integer * \param r The first output integer.
* \param s Second output integer * \param s The second output integer.
* \param d Private signing key * \param d The private signing key.
* \param buf Message hash * \param buf The message hash.
* \param blen Length of buf * \param blen The length of \p buf.
* \param md_alg MD algorithm used to hash the message * \param md_alg The MD algorithm used to hash the message.
* *
* \note If the bitlength of the message hash is larger than the * \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as * bitlength of the group order, then the hash is truncated as
* prescribed by SEC1 4.1.3 step 5. * defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
* *
* \return 0 if successful, * \return \c 0 on success,
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
const mbedtls_mpi *d, const unsigned char *buf, size_t blen, const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
@ -107,55 +127,73 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
/** /**
* \brief Verify ECDSA signature of a previously hashed message * \brief This function verifies the ECDSA signature of a
* previously-hashed message.
* *
* \param grp ECP group * \param grp The ECP group.
* \param buf Message hash * \param buf The message hash.
* \param blen Length of buf * \param blen The length of \p buf.
* \param Q Public key to use for verification * \param Q The public key to use for verification.
* \param r First integer of the signature * \param r The first integer of the signature.
* \param s Second integer of the signature * \param s The second integer of the signature.
* *
* \note If the bitlength of the message hash is larger than the * \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as * bitlength of the group order, then the hash is truncated as
* prescribed by SEC1 4.1.4 step 3. * defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.4, step 3.
* *
* \return 0 if successful, * \return \c 0 on success,
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
* error code on failure for any other reason.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp, int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
const unsigned char *buf, size_t blen, const unsigned char *buf, size_t blen,
const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s); const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
/** /**
* \brief Compute ECDSA signature and write it to buffer, * \brief This function computes the ECDSA signature and writes it
* serialized as defined in RFC 4492 page 20. * to a buffer, serialized as defined in <em>RFC-4492:
* (Not thread-safe to use same context in multiple threads) * Elliptic Curve Cryptography (ECC) Cipher Suites for
* Transport Layer Security (TLS)</em>.
* *
* \note The deterministic version (RFC 6979) is used if * \warning It is not thread-safe to use the same context in
* MBEDTLS_ECDSA_DETERMINISTIC is defined. * multiple threads.
* *
* \param ctx ECDSA context * \note The deterministic version is used if
* \param md_alg Algorithm that was used to hash the message * #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
* \param hash Message hash * information, see <em>RFC-6979: Deterministic Usage
* \param hlen Length of hash * of the Digital Signature Algorithm (DSA) and Elliptic
* \param sig Buffer that will hold the signature * Curve Digital Signature Algorithm (ECDSA)</em>.
* \param slen Length of the signature written
* \param f_rng RNG function
* \param p_rng RNG parameter
* *
* \note The "sig" buffer must be at least as large as twice the * \param ctx The ECDSA context.
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit * \param md_alg The message digest that was used to hash the message.
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe. * \param hash The message hash.
* \param hlen The length of the hash.
* \param sig The buffer that holds the signature.
* \param slen The length of the signature written.
* \param f_rng The RNG function.
* \param p_rng The RNG parameter.
*
* \note The \p sig buffer must be at least twice as large as the
* size of the curve used, plus 9. For example, 73 Bytes if
* a 256-bit curve is used. A buffer length of
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
* *
* \note If the bitlength of the message hash is larger than the * \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as * bitlength of the group order, then the hash is truncated as
* prescribed by SEC1 4.1.3 step 5. * defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
* *
* \return 0 if successful, * \return \c 0 on success,
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* MBEDTLS_ERR_ASN1_XXX error code * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg, int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
const unsigned char *hash, size_t hlen, const unsigned char *hash, size_t hlen,
@ -171,31 +209,43 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t
#define MBEDTLS_DEPRECATED #define MBEDTLS_DEPRECATED
#endif #endif
/** /**
* \brief Compute ECDSA signature and write it to buffer, * \brief This function computes an ECDSA signature and writes it to a buffer,
* serialized as defined in RFC 4492 page 20. * serialized as defined in <em>RFC-4492: Elliptic Curve Cryptography
* Deterministic version, RFC 6979. * (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
* (Not thread-safe to use same context in multiple threads) *
* The deterministic version is defined in <em>RFC-6979:
* Deterministic Usage of the Digital Signature Algorithm (DSA) and
* Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
*
* \warning It is not thread-safe to use the same context in
* multiple threads.
* *
* \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0 * \deprecated Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
* *
* \param ctx ECDSA context * \param ctx The ECDSA context.
* \param hash Message hash * \param hash The Message hash.
* \param hlen Length of hash * \param hlen The length of the hash.
* \param sig Buffer that will hold the signature * \param sig The buffer that holds the signature.
* \param slen Length of the signature written * \param slen The length of the signature written.
* \param md_alg MD algorithm used to hash the message * \param md_alg The MD algorithm used to hash the message.
* *
* \note The "sig" buffer must be at least as large as twice the * \note The \p sig buffer must be at least twice as large as the
* size of the curve used, plus 9 (eg. 73 bytes if a 256-bit * size of the curve used, plus 9. For example, 73 Bytes if a
* curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe. * 256-bit curve is used. A buffer length of
* #MBEDTLS_ECDSA_MAX_LEN is always safe.
* *
* \note If the bitlength of the message hash is larger than the * \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as * bitlength of the group order, then the hash is truncated as
* prescribed by SEC1 4.1.3 step 5. * defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.3, step 5.
* *
* \return 0 if successful, * \return \c 0 on success,
* or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or * or an \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
* MBEDTLS_ERR_ASN1_XXX error code * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen, const unsigned char *hash, size_t hlen,
@ -206,63 +256,74 @@ int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
/** /**
* \brief Read and verify an ECDSA signature * \brief This function reads and verifies an ECDSA signature.
* *
* \param ctx ECDSA context * \param ctx The ECDSA context.
* \param hash Message hash * \param hash The message hash.
* \param hlen Size of hash * \param hlen The size of the hash.
* \param sig Signature to read and verify * \param sig The signature to read and verify.
* \param slen Size of sig * \param slen The size of \p sig.
* *
* \note If the bitlength of the message hash is larger than the * \note If the bitlength of the message hash is larger than the
* bitlength of the group order, then the hash is truncated as * bitlength of the group order, then the hash is truncated as
* prescribed by SEC1 4.1.4 step 3. * defined in <em>Standards for Efficient Cryptography Group
* (SECG): SEC1 Elliptic Curve Cryptography</em>, section
* 4.1.4, step 3.
* *
* \return 0 if successful, * \return \c 0 on success,
* MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid, * #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
* MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is * #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
* valid but its actual length is less than siglen, * valid but its actual length is less than \p siglen,
* or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code * or an \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
* error code on failure for any other reason.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx, int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
const unsigned char *hash, size_t hlen, const unsigned char *hash, size_t hlen,
const unsigned char *sig, size_t slen ); const unsigned char *sig, size_t slen );
/** /**
* \brief Generate an ECDSA keypair on the given curve * \brief This function generates an ECDSA keypair on the given curve.
* *
* \param ctx ECDSA context in which the keypair should be stored * \param ctx The ECDSA context to store the keypair in.
* \param gid Group (elliptic curve) to use. One of the various * \param gid The elliptic curve to use. One of the various
* MBEDTLS_ECP_DP_XXX macros depending on configuration. * \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
* \param f_rng RNG function * \param f_rng The RNG function.
* \param p_rng RNG parameter * \param p_rng The RNG parameter.
* *
* \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code. * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
* failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/** /**
* \brief Set an ECDSA context from an EC key pair * \brief This function sets an ECDSA context from an EC key pair.
* *
* \param ctx ECDSA context to set * \param ctx The ECDSA context to set.
* \param key EC key to use * \param key The EC key to use.
* *
* \return 0 on success, or a MBEDTLS_ERR_ECP_XXX code. * \return \c 0 on success, or an \c MBEDTLS_ERR_ECP_XXX code on
* failure.
*
* \see ecp.h
*/ */
int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key ); int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
/** /**
* \brief Initialize context * \brief This function initializes an ECDSA context.
* *
* \param ctx Context to initialize * \param ctx The ECDSA context to initialize.
*/ */
void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx ); void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
/** /**
* \brief Free context * \brief This function frees an ECDSA context.
* *
* \param ctx Context to free * \param ctx The ECDSA context to free.
*/ */
void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx ); void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );