Skip to content

Algorithms - DSA

Functions

Name
int wc_InitDsaKey(DsaKey * key)
This function initializes a DsaKey object in order to use it for authentication via the Digital Signature Algorithm (DSA).
void wc_FreeDsaKey(DsaKey * key)
This function frees a DsaKey object after it has been used.
int wc_DsaSign(const byte * digest, byte * out, DsaKey * key, WC_RNG * rng)
This function signs the input digest and stores the result in the output buffer, out.
int wc_DsaVerify(const byte * digest, const byte * sig, DsaKey * key, int * answer)
This function verifies the signature of a digest, given a private key. It stores whether the key properly verifies in the answer parameter, with 1 corresponding to a successful verification, and 0 corresponding to failed verification.
int wc_DsaPublicKeyDecode(const byte * input, word32 * inOutIdx, DsaKey * key, word32 inSz)
This function decodes a DER formatted certificate buffer containing a DSA public key, and stores the key in the given DsaKey structure. It also sets the inOutIdx parameter according to the length of the input read.
int wc_DsaPrivateKeyDecode(const byte * input, word32 * inOutIdx, DsaKey * key, word32 inSz)
This function decodes a DER formatted certificate buffer containing a DSA private key, and stores the key in the given DsaKey structure. It also sets the inOutIdx parameter according to the length of the input read.
int wc_DsaKeyToDer(DsaKey * key, byte * output, word32 inLen)
Convert DsaKey key to DER format, write to output (inLen), return bytes written.
int wc_MakeDsaKey(WC_RNG * rng, DsaKey * dsa)
Create a DSA key.
int wc_MakeDsaParameters(WC_RNG * rng, int modulus_size, DsaKey * dsa)
FIPS 186_4 defines valid for modulus_size values as (1024, 160) (2048, 256) (3072, 256)

Functions Documentation

function wc_InitDsaKey

int wc_InitDsaKey(
    DsaKey * key
)

This function initializes a DsaKey object in order to use it for authentication via the Digital Signature Algorithm (DSA).

Parameters:

  • key pointer to the DsaKey structure to initialize

See: wc_FreeDsaKey

Return:

  • 0 Returned on success.
  • BAD_FUNC_ARG Returned if a NULL key is passed in.

Example

DsaKey key;
int ret;
ret = wc_InitDsaKey(&key); // initialize DSA key

function wc_FreeDsaKey

void wc_FreeDsaKey(
    DsaKey * key
)

This function frees a DsaKey object after it has been used.

Parameters:

  • key pointer to the DsaKey structure to free

See: wc_FreeDsaKey

Return: none No returns.

Example

DsaKey key;
// initialize key, use for authentication
...
wc_FreeDsaKey(&key); // free DSA key

function wc_DsaSign

int wc_DsaSign(
    const byte * digest,
    byte * out,
    DsaKey * key,
    WC_RNG * rng
)

This function signs the input digest and stores the result in the output buffer, out.

Parameters:

  • digest pointer to the hash to sign
  • out pointer to the buffer in which to store the signature
  • key pointer to the initialized DsaKey structure with which to generate the signature
  • rng pointer to an initialized RNG to use with the signature generation

See: wc_DsaVerify

Return:

  • 0 Returned on successfully signing the input digest
  • MP_INIT_E may be returned if there is an error in processing the DSA signature.
  • MP_READ_E may be returned if there is an error in processing the DSA signature.
  • MP_CMP_E may be returned if there is an error in processing the DSA signature.
  • MP_INVMOD_E may be returned if there is an error in processing the DSA signature.
  • MP_EXPTMOD_E may be returned if there is an error in processing the DSA signature.
  • MP_MOD_E may be returned if there is an error in processing the DSA signature.
  • MP_MUL_E may be returned if there is an error in processing the DSA signature.
  • MP_ADD_E may be returned if there is an error in processing the DSA signature.
  • MP_MULMOD_E may be returned if there is an error in processing the DSA signature.
  • MP_TO_E may be returned if there is an error in processing the DSA signature.
  • MP_MEM may be returned if there is an error in processing the DSA signature.

Example

DsaKey key;
// initialize DSA key, load private Key
int ret;
WC_RNG rng;
wc_InitRng(&rng);
byte hash[] = { // initialize with hash digest };
byte signature[40]; // signature will be 40 bytes (320 bits)

ret = wc_DsaSign(hash, signature, &key, &rng);
if (ret != 0) {
    // error generating DSA signature
}

function wc_DsaVerify

int wc_DsaVerify(
    const byte * digest,
    const byte * sig,
    DsaKey * key,
    int * answer
)

This function verifies the signature of a digest, given a private key. It stores whether the key properly verifies in the answer parameter, with 1 corresponding to a successful verification, and 0 corresponding to failed verification.

Parameters:

  • digest pointer to the digest containing the subject of the signature
  • sig pointer to the buffer containing the signature to verify
  • key pointer to the initialized DsaKey structure with which to verify the signature
  • answer pointer to an integer which will store whether the verification was successful

See: wc_DsaSign

Return:

  • 0 Returned on successfully processing the verify request. Note: this does not mean that the signature is verified, only that the function succeeded
  • MP_INIT_E may be returned if there is an error in processing the DSA signature.
  • MP_READ_E may be returned if there is an error in processing the DSA signature.
  • MP_CMP_E may be returned if there is an error in processing the DSA signature.
  • MP_INVMOD_E may be returned if there is an error in processing the DSA signature.
  • MP_EXPTMOD_E may be returned if there is an error in processing the DSA signature.
  • MP_MOD_E may be returned if there is an error in processing the DSA signature.
  • MP_MUL_E may be returned if there is an error in processing the DSA signature.
  • MP_ADD_E may be returned if there is an error in processing the DSA signature.
  • MP_MULMOD_E may be returned if there is an error in processing the DSA signature.
  • MP_TO_E may be returned if there is an error in processing the DSA signature.
  • MP_MEM may be returned if there is an error in processing the DSA signature.

Example

DsaKey key;
// initialize DSA key, load public Key

int ret;
int verified;
byte hash[] = { // initialize with hash digest };
byte signature[] = { // initialize with signature to verify };
ret = wc_DsaVerify(hash, signature, &key, &verified);
if (ret != 0) {
    // error processing verify request
} else if (answer == 0) {
    // invalid signature
}

function wc_DsaPublicKeyDecode

int wc_DsaPublicKeyDecode(
    const byte * input,
    word32 * inOutIdx,
    DsaKey * key,
    word32 inSz
)

This function decodes a DER formatted certificate buffer containing a DSA public key, and stores the key in the given DsaKey structure. It also sets the inOutIdx parameter according to the length of the input read.

Parameters:

  • input pointer to the buffer containing the DER formatted DSA public key
  • inOutIdx pointer to an integer in which to store the final index of the certificate read
  • key pointer to the DsaKey structure in which to store the public key
  • inSz size of the input buffer

See:

Return:

  • 0 Returned on successfully setting the public key for the DsaKey object
  • ASN_PARSE_E Returned if there is an error in the encoding while reading the certificate buffer
  • ASN_DH_KEY_E Returned if one of the DSA parameters is incorrectly formatted

Example

int ret, idx=0;

DsaKey key;
wc_InitDsaKey(&key);
byte derBuff[] = { // DSA public key};
ret = wc_DsaPublicKeyDecode(derBuff, &idx, &key, inSz);
if (ret != 0) {
    // error reading public key
}

function wc_DsaPrivateKeyDecode

int wc_DsaPrivateKeyDecode(
    const byte * input,
    word32 * inOutIdx,
    DsaKey * key,
    word32 inSz
)

This function decodes a DER formatted certificate buffer containing a DSA private key, and stores the key in the given DsaKey structure. It also sets the inOutIdx parameter according to the length of the input read.

Parameters:

  • input pointer to the buffer containing the DER formatted DSA private key
  • inOutIdx pointer to an integer in which to store the final index of the certificate read
  • key pointer to the DsaKey structure in which to store the private key
  • inSz size of the input buffer

See:

Return:

  • 0 Returned on successfully setting the private key for the DsaKey object
  • ASN_PARSE_E Returned if there is an error in the encoding while reading the certificate buffer
  • ASN_DH_KEY_E Returned if one of the DSA parameters is incorrectly formatted

Example

int ret, idx=0;

DsaKey key;
wc_InitDsaKey(&key);
byte derBuff[] = { // DSA private key };
ret = wc_DsaPrivateKeyDecode(derBuff, &idx, &key, inSz);
if (ret != 0) {
    // error reading private key
}

function wc_DsaKeyToDer

int wc_DsaKeyToDer(
    DsaKey * key,
    byte * output,
    word32 inLen
)

Convert DsaKey key to DER format, write to output (inLen), return bytes written.

Parameters:

  • key Pointer to DsaKey structure to convert.
  • output Pointer to output buffer for converted key.
  • inLen Length of key input.

See:

Return:

  • outLen Success, number of bytes written
  • BAD_FUNC_ARG key or output are null or key->type is not DSA_PRIVATE.
  • MEMORY_E Error allocating memory.

Example

DsaKey key;
WC_RNG rng;
int derSz;
int bufferSize = // Sufficient buffer size;
byte der[bufferSize];

wc_InitDsaKey(&key);
wc_InitRng(&rng);
wc_MakeDsaKey(&rng, &key);
derSz = wc_DsaKeyToDer(&key, der, bufferSize);

function wc_MakeDsaKey

int wc_MakeDsaKey(
    WC_RNG * rng,
    DsaKey * dsa
)

Create a DSA key.

Parameters:

  • rng Pointer to WC_RNG structure.
  • dsa Pointer to DsaKey structure.

See:

Return:

  • MP_OKAY Success
  • BAD_FUNC_ARG Either rng or dsa is null.
  • MEMORY_E Couldn't allocate memory for buffer.
  • MP_INIT_E Error initializing mp_int

Example

WC_RNG rng;
DsaKey dsa;
wc_InitRng(&rng);
wc_InitDsa(&dsa);
if(wc_MakeDsaKey(&rng, &dsa) != 0)
{
    // Error creating key
}

function wc_MakeDsaParameters

int wc_MakeDsaParameters(
    WC_RNG * rng,
    int modulus_size,
    DsaKey * dsa
)

FIPS 186-4 defines valid for modulus_size values as (1024, 160) (2048, 256) (3072, 256)

Parameters:

  • rng pointer to wolfCrypt rng.
  • modulus_size 1024, 2048, or 3072 are valid values.
  • dsa Pointer to a DsaKey structure.

See:

Return:

  • 0 Success
  • BAD_FUNC_ARG rng or dsa is null or modulus_size is invalid.
  • MEMORY_E Error attempting to allocate memory.

Example

DsaKey key;
WC_RNG rng;
wc_InitDsaKey(&key);
wc_InitRng(&rng);
if(wc_MakeDsaParameters(&rng, 1024, &genKey) != 0)
{
    // Handle error
}

Updated on 2024-11-22 at 01:12:39 +0000