Skip to content

Commit bdffc3d

Browse files
sjaeckelsjaeckel
committed
Update docs.
Signed-off-by: Steffen Jaeckel <[email protected]>
1 parent 47c721c commit bdffc3d

File tree

2 files changed

+163
-95
lines changed

2 files changed

+163
-95
lines changed

doc/crypt.tex

Lines changed: 82 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -5803,8 +5803,14 @@ \subsection{ANSI X9.63 Import (deprecated)}
58035803

58045804

58055805
\mysection{Signatures (ECDSA)}
5806-
There are also functions to sign and verify messages. They use the ANSI X9.62 ECDSA algorithm to generate and verify signatures in the
5807-
ANSI X9.62 format.
5806+
There are also functions to sign and verify messages. They use the \textit{ANSI X9.62} \textit{ECDSA} algorithm to generate and verify signatures in the
5807+
\textit{ANSI X9.62} format.
5808+
5809+
\textbf{BEWARE:} With \textit{ECC} if you try to sign a hash that is bigger than your \textit{ECC} key you can run into problems. The math
5810+
will still work, and in effect the signature will still work. With \textit{ECC} keys the strength of the signature is limited
5811+
by the size of the hash, or the size of the key, whichever is smaller. For example, if you sign with SHA256 and a
5812+
P--192 key, you have in effect 96--bits of security. The library will not warn you if you make this mistake, so it
5813+
is important to check yourself before using the signatures.
58085814

58095815
\subsection{Signature Generation}
58105816
To sign a message digest (hash) use the following function:
@@ -5817,12 +5823,12 @@ \subsection{Signature Generation}
58175823
unsigned long *outlen,
58185824
prng_state *prng,
58195825
int wprng,
5820-
ecc_key *key);
5826+
const ecc_key *key);
58215827
\end{verbatim}
58225828

5823-
This function will ECDSA sign the message digest stored in the array pointed to by \textit{in} of length \textit{inlen} octets. The signature
5824-
will be stored in the array pointed to by \textit{out} of length \textit{outlen} octets. The function requires a properly seeded PRNG, and
5825-
the ECC \textit{key} provided must be a private key.
5829+
This function will \textit{ECDSA} sign the message digest stored in the array pointed to by \code{in} of length \code{inlen} octets. The signature
5830+
will be stored in the array pointed to by \code{out} of length \code{outlen} octets. The function requires a properly seeded \textit{PRNG}, and
5831+
the \textit{ECC} \code{key} provided must be a private key.
58265832

58275833
\index{ecc\_sign\_hash\_rfc7518()}
58285834
\begin{verbatim}
@@ -5832,27 +5838,53 @@ \subsection{Signature Generation}
58325838
unsigned long *outlen,
58335839
prng_state *prng,
58345840
int wprng,
5835-
ecc_key *key);
5841+
const ecc_key *key);
58365842
\end{verbatim}
58375843

5838-
This function creates the same ECDSA signature as \textit{ecc\_sign\_hash} only the output format is different.
5844+
This function creates the same \textit{ECDSA} signature as \code{ecc\_sign\_hash()} only the output format is different.
58395845
The format follows \url{https://tools.ietf.org/html/rfc7518#section-3.4}, sometimes it is also called plain signature.
58405846

5841-
\index{ecc\_sign\_hash\_ex()}
5847+
\index{ecc\_sign\_hash\_rfc7518\_ex()}
58425848
\begin{verbatim}
5843-
int ecc_sign_hash_ex(const unsigned char *in,
5844-
unsigned long inlen,
5845-
unsigned char *out,
5846-
unsigned long *outlen,
5847-
prng_state *prng,
5848-
int wprng,
5849-
ecc_signature_type sigformat,
5850-
int *recid,
5851-
ecc_key *key);
5849+
int ecc_sign_hash_rfc7518_ex(const unsigned char *in,
5850+
unsigned long inlen,
5851+
unsigned char *out,
5852+
unsigned long *outlen,
5853+
prng_state *prng,
5854+
int wprng,
5855+
int *recid,
5856+
const ecc_key *key);
58525857
\end{verbatim}
58535858

5854-
This function is an extended version of the ECDSA signature in \textit{ecc\_sign\_hash}, but with a choice of output formats
5855-
and an optional output of the recovery ID for use with \textit{ecc\_recover\_key}.
5859+
This function is an extended version of the \textit{ECDSA} signature in \code{ecc\_sign\_hash\_rfc7518()}, but with an additional output of the recovery ID
5860+
for use with \code{ecc\_recover\_key()}.
5861+
5862+
\index{ecc\_sign\_hash\_rfc5656()}
5863+
\begin{verbatim}
5864+
int ecc_sign_hash_rfc5656(const unsigned char *in,
5865+
unsigned long inlen,
5866+
unsigned char *out,
5867+
unsigned long *outlen,
5868+
prng_state *prng,
5869+
int wprng,
5870+
const ecc_key *key);
5871+
\end{verbatim}
5872+
5873+
This function creates an \textit{ECDSA} signature and the output format is according to \textit{RFC5656}, i.e. \textit{SSH} compatible.
5874+
5875+
\index{ecc\_sign\_hash\_eth27()}
5876+
\begin{verbatim}
5877+
int ecc_sign_hash_eth27(const unsigned char *in,
5878+
unsigned long inlen,
5879+
unsigned char *out,
5880+
unsigned long *outlen,
5881+
prng_state *prng,
5882+
int wprng,
5883+
const ecc_key *key);
5884+
\end{verbatim}
5885+
5886+
This function creates an \textit{ECDSA} signature and the output format is according to the Ethereum format.
5887+
With this API the curve is limited to \textit{secp256k1}.
58565888

58575889
\subsection{Signature Verification}
58585890
\index{ecc\_verify\_hash()}
@@ -5862,14 +5894,14 @@ \subsection{Signature Verification}
58625894
const unsigned char *hash,
58635895
unsigned long hashlen,
58645896
int *stat,
5865-
ecc_key *key);
5897+
const ecc_key *key);
58665898
\end{verbatim}
58675899

5868-
This function will verify the ECDSA signature in the array pointed to by \textit{sig} of length \textit{siglen} octets, against the message digest
5869-
pointed to by the array \textit{hash} of length \textit{hashlen}. It will store a non--zero value in \textit{stat} if the signature is valid. Note:
5900+
This function will verify the \textit{ECDSA} signature in the array pointed to by \code{sig} of length \code{siglen} octets, against the message digest
5901+
pointed to by the array \code{hash} of length \code{hashlen}. It will store a non--zero value in \code{stat} if the signature is valid. Note:
58705902
the function will not return an error if the signature is invalid. It will return an error, if the actual signature payload is an invalid format.
5871-
The ECC \textit{key} must be the public (or private) ECC key corresponding to the key that performed the signature.
5872-
The function \textit{ecc\_verify\_hash} implements signature format according to X9.62 ECDSA, and the output is compliant for GF(p) curves.
5903+
The \textit{ECC} \code{key} must be the public (or private) \textit{ECC} key corresponding to the key that performed the signature.
5904+
The function \code{ecc\_verify\_hash()} implements signature format according to \textit{ANSI X9.62} EC\textit{DSA}, and the output is compliant for GF(p) curves.
58735905

58745906
\index{ecc\_verify\_hash\_rfc7518()}
58755907
\begin{verbatim}
@@ -5878,30 +5910,36 @@ \subsection{Signature Verification}
58785910
const unsigned char *hash,
58795911
unsigned long hashlen,
58805912
int *stat,
5881-
ecc_key *key);
5913+
const ecc_key *key);
58825914
\end{verbatim}
58835915

5884-
This function validate the ECDSA signature as \textit{ecc\_verify\_hash} only the signature input format
5916+
This function validates the \textit{ECDSA} signature as \code{ecc\_verify\_hash()}, only the signature input format
58855917
follows \url{https://tools.ietf.org/html/rfc7518#section-3.4}.
58865918

5887-
\index{ecc\_verify\_hash\_ex()}
5919+
\index{ecc\_verify\_hash\_rfc5656()}
58885920
\begin{verbatim}
5889-
int ecc_verify_hash_ex(const unsigned char *sig,
5890-
unsigned long siglen,
5891-
const unsigned char *hash,
5892-
unsigned long hashlen,
5893-
ecc_signature_type sigformat,
5894-
int *stat,
5895-
ecc_key *key);
5921+
int ecc_verify_hash_rfc5656(const unsigned char *sig,
5922+
unsigned long siglen,
5923+
const unsigned char *hash,
5924+
unsigned long hashlen,
5925+
int *stat,
5926+
const ecc_key *key);
58965927
\end{verbatim}
58975928

5898-
This function validates an ECDSA signature as \textit{ecc\_verify\_hash} but with a choice of signature formats.
5929+
This function validates the \textit{ECDSA} signature according to the format defined in \textit{RFC5656}, i.e. \textit{SSH} compatible.
58995930

5900-
{\bf BEWARE:} With ECC if you try to sign a hash that is bigger than your ECC key you can run into problems. The math
5901-
will still work, and in effect the signature will still work. With ECC keys the strength of the signature is limited
5902-
by the size of the hash, or the size of the key, whichever is smaller. For example, if you sign with SHA256 and a
5903-
P--192 key, you have in effect 96--bits of security. The library will not warn you if you make this mistake, so it
5904-
is important to check yourself before using the signatures.
5931+
5932+
\index{ecc\_verify\_hash\_eth27()}
5933+
\begin{verbatim}
5934+
int ecc_verify_hash_eth27(const unsigned char *sig,
5935+
unsigned long siglen,
5936+
const unsigned char *hash,
5937+
unsigned long hashlen,
5938+
int *stat,
5939+
const ecc_key *key);
5940+
\end{verbatim}
5941+
5942+
This function validates the \textit{ECDSA} signature according to the Ethereum format.
59055943

59065944
\subsection{Public Key Recovery}
59075945
\index{ecc\_recover\_key()}
@@ -5937,10 +5975,10 @@ \subsection{Signature Formats}
59375975
\begin{center}
59385976
\begin{tabular}{|l|l|}
59395977
\hline \textbf{sigformat} & \textbf{description} \\
5940-
\hline LTC\_ECCSIG\_ANSIX962 & ASN.1 encoded, ANSI X9.62 \\
5941-
\hline LTC\_ECCSIG\_RFC7518 & raw R, S values as defined in RFC7518 \\
5978+
\hline LTC\_ECCSIG\_ANSIX962 & ASN.1 encoded, \textit{ANSI X9.62} \\
5979+
\hline LTC\_ECCSIG\_RFC7518 & raw R, S values as defined in \textit{RFC7518} \\
59425980
\hline LTC\_ECCSIG\_ETH27 & raw R, S, V values (V has 27 added) \\
5943-
\hline LTC\_ECCSIG\_RFC5656 & SSH+ECDSA format as defined in RFC5656 \\
5981+
\hline LTC\_ECCSIG\_RFC5656 & \textit{SSH+ECDSA} format as defined in \textit{RFC5656} \\
59445982
\hline
59455983
\end{tabular}
59465984
\end{center}

src/headers/tomcrypt_pk.h

Lines changed: 81 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -316,19 +316,17 @@ void ecc_free(ecc_key *key);
316316
int ecc_export(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key);
317317
int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
318318
int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_curve *cu);
319-
#endif
320-
321-
int ecc_ansi_x963_export(const ecc_key *key, unsigned char *out, unsigned long *outlen);
322-
int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
323-
int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_curve *cu);
324319

325-
#if defined(LTC_DER)
326-
int ecc_export_openssl(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key);
327-
int ecc_import_openssl(const unsigned char *in, unsigned long inlen, ecc_key *key);
328-
int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, const password_ctx *pw_ctx, ecc_key *key);
329-
int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key);
320+
int ecc_export_openssl(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key);
321+
int ecc_import_openssl(const unsigned char *in, unsigned long inlen, ecc_key *key);
322+
int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, const password_ctx *pw_ctx, ecc_key *key);
323+
int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key);
330324
#endif
331325

326+
int ecc_ansi_x963_export(const ecc_key *key, unsigned char *out, unsigned long *outlen);
327+
int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
328+
int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_curve *cu);
329+
332330
int ecc_shared_secret(const ecc_key *private_key, const ecc_key *public_key,
333331
unsigned char *out, unsigned long *outlen);
334332

@@ -342,53 +340,85 @@ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
342340
unsigned char *out, unsigned long *outlen,
343341
const ecc_key *key);
344342

345-
int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
346-
unsigned char *out, unsigned long *outlen,
347-
prng_state *prng, int wprng, const ecc_key *key);
348-
#endif
349-
350-
int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen,
351-
unsigned char *out, unsigned long *outlen,
352-
prng_state *prng, int wprng, const ecc_key *key);
353-
354-
int ecc_sign_hash_rfc7518_ex(const unsigned char *in, unsigned long inlen,
355-
unsigned char *out, unsigned long *outlen,
356-
prng_state *prng, int wprng,
357-
int *recid, const ecc_key *key);
358-
359-
#if defined(LTC_SSH)
360-
int ecc_sign_hash_rfc5656(const unsigned char *in, unsigned long inlen,
361-
unsigned char *out, unsigned long *outlen,
362-
prng_state *prng, int wprng, const ecc_key *key);
363-
#endif
364-
365-
int ecc_sign_hash_eth27(const unsigned char *in, unsigned long inlen,
366-
unsigned char *out, unsigned long *outlen,
367-
prng_state *prng, int wprng, const ecc_key *key);
368-
369-
#if defined(LTC_DER)
370-
int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
371-
const unsigned char *hash, unsigned long hashlen,
372-
int *stat, const ecc_key *key);
343+
int ecc_sign_hash(const unsigned char *in,
344+
unsigned long inlen,
345+
unsigned char *out,
346+
unsigned long *outlen,
347+
prng_state *prng,
348+
int wprng,
349+
const ecc_key *key);
350+
351+
int ecc_verify_hash(const unsigned char *sig,
352+
unsigned long siglen,
353+
const unsigned char *hash,
354+
unsigned long hashlen,
355+
int *stat,
356+
const ecc_key *key);
373357
#endif
374358

375-
int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen,
376-
const unsigned char *hash, unsigned long hashlen,
377-
int *stat, const ecc_key *key);
359+
int ecc_sign_hash_rfc7518(const unsigned char *in,
360+
unsigned long inlen,
361+
unsigned char *out,
362+
unsigned long *outlen,
363+
prng_state *prng,
364+
int wprng,
365+
const ecc_key *key);
366+
367+
int ecc_sign_hash_rfc7518_ex(const unsigned char *in,
368+
unsigned long inlen,
369+
unsigned char *out,
370+
unsigned long *outlen,
371+
prng_state *prng,
372+
int wprng,
373+
int *recid,
374+
const ecc_key *key);
375+
376+
int ecc_verify_hash_rfc7518(const unsigned char *sig,
377+
unsigned long siglen,
378+
const unsigned char *hash,
379+
unsigned long hashlen,
380+
int *stat,
381+
const ecc_key *key);
378382

379383
#if defined(LTC_SSH)
380-
int ecc_verify_hash_rfc5656(const unsigned char *sig, unsigned long siglen,
381-
const unsigned char *hash, unsigned long hashlen,
382-
int *stat, const ecc_key *key);
384+
int ecc_sign_hash_rfc5656(const unsigned char *in,
385+
unsigned long inlen,
386+
unsigned char *out,
387+
unsigned long *outlen,
388+
prng_state *prng,
389+
int wprng,
390+
const ecc_key *key);
391+
392+
int ecc_verify_hash_rfc5656(const unsigned char *sig,
393+
unsigned long siglen,
394+
const unsigned char *hash,
395+
unsigned long hashlen,
396+
int *stat,
397+
const ecc_key *key);
383398
#endif
384399

385-
int ecc_verify_hash_eth27(const unsigned char *sig, unsigned long siglen,
386-
const unsigned char *hash, unsigned long hashlen,
387-
int *stat, const ecc_key *key);
388-
389-
int ecc_recover_key(const unsigned char *sig, unsigned long siglen,
390-
const unsigned char *hash, unsigned long hashlen,
391-
int recid, ecc_signature_type sigformat, ecc_key *key);
400+
int ecc_sign_hash_eth27(const unsigned char *in,
401+
unsigned long inlen,
402+
unsigned char *out,
403+
unsigned long *outlen,
404+
prng_state *prng,
405+
int wprng,
406+
const ecc_key *key);
407+
408+
int ecc_verify_hash_eth27(const unsigned char *sig,
409+
unsigned long siglen,
410+
const unsigned char *hash,
411+
unsigned long hashlen,
412+
int *stat,
413+
const ecc_key *key);
414+
415+
int ecc_recover_key(const unsigned char *sig,
416+
unsigned long siglen,
417+
const unsigned char *hash,
418+
unsigned long hashlen,
419+
int recid,
420+
ecc_signature_type sigformat,
421+
ecc_key *key);
392422

393423
#endif
394424

0 commit comments

Comments
 (0)