/** * MIT License * * Copyright (c) 2018 Infineon Technologies AG * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in all * copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE * * * \file ecdsa_utils.h * * \brief This file contains utilities for ECDSA signature encoding/decoding * * * \addtogroup grOptigaUtil * @{ */ #ifndef _H_ECDSA_UTILS_H_ #define _H_ECDSA_UTILS_H_ #ifdef __cplusplus extern "C" { #endif #include #include #include // Encode two integers in DER format // TAG + LENGTH needs 2 bytes for this implementation. // If the highest bit of the integer is set we need an extra byte. /** @brief Maximum overhead of the ASN.1 encoding for the R and S components as concatenated DER INTEGERs */ #define ECDSA_RS_MAX_ASN1_OVERHEAD ((2 + 1) * 2) // Encode two integers as SEQUENCE of INTEGERs in DER format // TAG + LENGTH fields need 2 bytes and if the highest bit of the integer is set, // we need an extra byte, so we have 3 bytes overhead per INTEGER. // SEQUENCE encoding needs an addtional 2 bytes overhead, for TAG + LENGTH fields. // By limiting the LENGTH field to one byte, we are limited to 127 bytes for the two DER INTEGERS, // this allows a maximum of 60 bytes per R and S component which is sufficient for the // NIST P-256 and NIST P-384 curves we deal with. /** @brief Maximum overhead of the ASN.1 encoding for the R and S components as SEQUENCE of INTEGERs */ #define ECDSA_SIGNATURE_MAX_ASN1_OVERHEAD (ECDSA_RS_MAX_ASN1_OVERHEAD + 2) /** * @brief Encodes the ECDSA signature components (r, s) as two concatenated ASN.1 INTEGERs. This is the format * the OPTIGA hostcode expects. * * @param[in] r Component R of the ECDSA signature * @param[in] s Component S of the ECDSA signature * @param[in] rs_len Length of each buffer for the R and S components of the ECDSA signature, must be smaller than 127 * @param[out] asn_sig Buffer where the ASN.1 encoded result will be stored * @param[out] asn_sig_len Length of the ASN.1 encoded data that was copied into the output buffer * @returns true on success, false on error * @note The output buffer must be at least 2*rs_len + ECDSA_SIGNATURE_MAX_ASN1_OVERHEAD to fit the result in all cases. * @note If the function returns false, all output values are invalid. */ bool ecdsa_rs_to_asn1_integers(const uint8_t* r, const uint8_t* s, size_t rs_len, uint8_t* asn_sig, size_t* asn_sig_len); /** * @brief Encodes the ECDSA signature components (r, s) as ASN.1 SEQUENCE of two INTEGERs. This is the format * mbedTLS and OpenSSL use. * * @param[in] r Component R of the ECDSA signature * @param[in] s Component S of the ECDSA signature * @param[in] rs_len Length of each buffer for the R and S components of the ECDSA signature, must be smaller than 127 * @param[out] asn_sig Buffer where the ASN.1-encoded ECDSA signature will be stored * @param[out] asn_sig_len Length of the actual data that was copied into the output buffer * @returns true on success, false on error * @note The output buffer must be at least 2*rs_len + ECDSA_RS_MAX_ASN1_OVERHEAD to fit the result in all cases * @note If the function returns false, all output values are invalid. */ bool ecdsa_rs_to_asn1_signature(const uint8_t* r, const uint8_t* s, size_t rs_len, uint8_t* asn_sig, size_t* asn_sig_len); /** * @brief decodes two concatenated ASN.1 integers to the R and S components of an ECDSA signature * @param[in] asn1 Buffer containing the ASN.1 encoded R and S values as two concatenated DER INTEGERs * @param[in] asn1_len Length of the asn1 buffer * @param[out] rs Output buffer for the concatenated R and S values * @param[in] rs_len Length of the rs buffer * @returns true on success, false else * @note The R and S components will be padded with zeros in the output buffer and each component will take rs_len/2 bytes. * e.g.: [ (0x00) R | S ], where '|' denotes the border for half the rs buffer, * 'R' and 'S' the bytes of the R and S components and '(0x00)' one or multiple padding bytes * needed to completely fill the buffer. * If you need to know the exact length of R and S use asn1_to_ecdsa_rs_sep(...) * @note If the function returns false, all output values are invalid. */ bool asn1_to_ecdsa_rs(const uint8_t* asn1, size_t asn1_len, uint8_t* rs, size_t rs_len); /** * @brief decodes two concatenated ASN.1 integers to the R and S components of an ECDSA signature with separate buffers for R and S * @param[in] asn1 Buffer containing the ASN.1 encoded R and S values as two concatenated DER INTEGERs * @param[in] asn1_len Length of the asn1 buffer * @param[out] r Output buffer for the R value * @param[in,out] r_len Length of the r buffer, contains the number of non padding bytes afterwards * @param[out] s Output buffer for the S value * @param[in,out] s_len Length of the s buffer, contains the number of non padding bytes afterwards * @returns true on success, false else * @note The r and s buffers will be padded at the least significant byte with zeros to the length of the buffer. * @note If the function returns false, all output values are invalid. */ bool asn1_to_ecdsa_rs_sep(const uint8_t* asn1, size_t asn1_len, uint8_t* r, size_t* r_len, uint8_t* s, size_t* s_len); #ifdef __cplusplus } #endif #endif // _H_ECDSA_UTILS_H_ /** * @} */