1 /*
2  * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 
8 #ifndef _CC_ECPKI_ECDSA_H
9 #define _CC_ECPKI_ECDSA_H
10 
11 /*!
12 @file
13 @brief This file defines the APIs that support the ECDSA functions.
14 @defgroup cc_ecpki_ecdsa CryptoCell ECDSA APIs
15 @{
16 @ingroup cryptocell_ecpki
17 
18 */
19 
20 #include "cc_error.h"
21 #include "cc_ecpki_types.h"
22 #include "cc_hash_defs.h"
23 #include "cc_rnd_common.h"
24 
25 #ifdef __cplusplus
26 extern "C"
27 {
28 #endif
29 
30 
31 
32 /**************************************************************************
33  *                CC_EcdsaSign - integrated function
34  **************************************************************************/
35 /*!
36 @brief This function performs an ECDSA sign operation in integrated form.
37 
38 \note Using of HASH functions with HASH size greater than EC modulus size, is not recommended!.
39 Algorithm according to the ANSI X9.62-2005: Public Key Cryptography for the Financial Services Industry, The Elliptic
40 Curve Digital Signature Algorithm (ECDSA) standard.
41 
42 The message data may be either a non-hashed data or a digest of a hash function.
43 For a non-hashed data, the message data will be hashed using the hash function indicated by ::CCEcpkiHashOpMode_t.
44 For a digest, ::CCEcpkiHashOpMode_t should indicate the hash function that the message data was created by, and it will not be hashed.
45 
46 
47 @return CC_OK on success.
48 @return A non-zero value on failure as defined cc_ecpki_error.h, cc_hash_error.h or cc_rnd_error.h.
49 **/
50 CIMPORT_C CCError_t CC_EcdsaSign(
51                      CCRndContext_t         *pRndContext,            /*!< [in/out] Pointer to the RND context buffer. */
52                      CCEcdsaSignUserContext_t   *pSignUserContext,   /*!< [in/out] Pointer to the user buffer for signing the database. */
53                      CCEcpkiUserPrivKey_t       *pSignerPrivKey,     /*!< [in]  A pointer to a user private key structure. */
54                      CCEcpkiHashOpMode_t        hashMode,            /*!< [in]  One of the supported SHA-x HASH modes, as defined in
55                                                    ::CCEcpkiHashOpMode_t.
56                                                    \note MD5 is not supported. */
57                      uint8_t                    *pMessageDataIn,     /*!< [in] Pointer to the input data to be signed.
58                                                    The size of the scatter/gather list representing the data buffer
59                                                    is limited to 128 entries, and the size of each entry is limited
60                                                    to 64KB (fragments larger than 64KB are broken into
61                                                    fragments <= 64KB). */
62                      size_t                     messageSizeInBytes,  /*!< [in]  Size of message data in bytes. */
63                      uint8_t                    *pSignatureOut,      /*!< [in]  Pointer to a buffer for output of signature. */
64                      size_t                     *pSignatureOutSize   /*!< [in/out] Pointer to the signature size. Used to pass the size of
65                                                        the SignatureOut buffer (in), which must be >=
66                                                        2 * OrderSizeInBytes. When the API returns,
67                                                        it is replaced with the size of the actual signature (out). */
68                      );
69 
70 
71 
72 /**************************************************************************
73  *                CC_EcdsaVerify integrated function
74  **************************************************************************/
75 /*!
76 @brief This function performs an ECDSA verify operation in integrated form.
77 Algorithm according to the ANSI X9.62-2005: Public Key Cryptography for the Financial Services Industry,
78 The Elliptic Curve Digital Signature Algorithm (ECDSA) standard.
79 
80 The message data may be either a non-hashed data or a digest of a hash function.
81 For a non-hashed data, the message data will be hashed using the hash function indicated by ::CCEcpkiHashOpMode_t.
82 For a digest, ::CCEcpkiHashOpMode_t should indicate the hash function that the message data was created by, and it will not be hashed.
83 
84 @return CC_OK on success.
85 @return A non-zero value on failure as defined cc_ecpki_error.h or cc_hash_error.h.
86 */
87 CIMPORT_C CCError_t CC_EcdsaVerify (
88                     CCEcdsaVerifyUserContext_t *pVerifyUserContext, /*!< [in] Pointer to the user buffer for signing the database. */
89                     CCEcpkiUserPublKey_t       *pUserPublKey,       /*!< [in] Pointer to a user public key structure. */
90                     CCEcpkiHashOpMode_t         hashMode,           /*!< [in] One of the supported SHA-x HASH modes, as defined in
91                                                   ::CCEcpkiHashOpMode_t.
92                                                   \note MD5 is not supported. */
93                     uint8_t                     *pSignatureIn,       /*!< [in] Pointer to the signature to be verified. */
94                     size_t                      SignatureSizeBytes,  /*!< [in] Size of the signature (in bytes).  */
95                     uint8_t                     *pMessageDataIn,     /*!< [in] Pointer to the input data that was signed (same as given to
96                                                       the signing function). The size of the scatter/gather list representing
97                                                       the data buffer is limited to 128 entries, and the size of each entry is
98                                                       limited to 64KB (fragments larger than 64KB are broken into fragments <= 64KB). */
99                     size_t                      messageSizeInBytes   /*!< [in] Size of the input data (in bytes). */
100                     );
101 
102 
103 /**********************************************************************************************************/
104 
105 
106 #ifdef __cplusplus
107 }
108 #endif
109 /**
110 @}
111  */
112 
113 #endif
114