Digital Signature Algorithm (DSA)
[Discrete Logarithm Cryptography (DLC)]

Digital Signature Algorithm (DSA) in discrete logarithm (DL) domain. More...

Typedefs

typedef void(* C4eDlcDsaK2rFunc )(void *C4E_RESTRICT ctx, C4E_CONST C4eElement *C4E_RESTRICT k, C4eElement *C4E_RESTRICT r)
 Function which computes signature component r (one-time DSA public key respective the x-coordinate of a public ECDSA key) from the associated one-time private key k.
typedef void(* C4eDlcDsaU2vFunc )(void *C4E_RESTRICT ctx, C4E_CONST void *C4E_RESTRICT y, C4E_CONST C4eElement *C4E_RESTRICT u1, C4E_CONST C4eElement *C4E_RESTRICT u2, C4eElement *C4E_RESTRICT v)
 Function which computes signature verification variable v from intermediate values $ u_1 $ and $ u_2 $.

Functions

C4eSysStatus c4e_dlc_dsa_sign (C4eDlcDomain *C4E_RESTRICT dom, C4E_CONST C4eElement *C4E_RESTRICT x, C4eHashId hid, C4E_CONST C4eArchUint8 *C4E_RESTRICT digest, C4eArchDigit tmp[C4E_RESTRICT], C4eArchUint8 *C4E_RESTRICT signature)
 DSA signature of a digest, according to IEEE Std 1363 (DLSP-DSA) and FIPS 186-4, with binary encoded signature.
C4eSysStatus c4e_dlc_dsa_verify (C4eDlcDomain *C4E_RESTRICT dom, C4E_CONST C4eElement *C4E_RESTRICT y, C4eHashId hid, C4E_CONST C4eArchUint8 *C4E_RESTRICT digest, C4E_CONST C4eArchUint8 *C4E_RESTRICT signature, C4eArchSize len, C4eArchDigit tmp[C4E_RESTRICT])
 DSA signature verification, according to IEEE Std 1363 (DLVP-DSA) and FIPS 186-4, with binary encoded signature.

Detailed Description

Digital Signature Algorithm (DSA) in discrete logarithm (DL) domain.

Typedef Documentation

typedef void(* C4eDlcDsaK2rFunc)(void *C4E_RESTRICT ctx, C4E_CONST C4eElement *C4E_RESTRICT k, C4eElement *C4E_RESTRICT r)

Function which computes signature component r (one-time DSA public key respective the x-coordinate of a public ECDSA key) from the associated one-time private key k.

See ANSI X9.62 tables G-3 to G-6 for a general overview.

Note:
This function pointer type is used as a parameter to the universal DSA signing routine c4e_dlc_dsa_unisig().
Precondition:
The validity of the private [EC]DSA key k must be assured by the caller.
Parameters:
[in] ctx Pointer to an context, which was passed as 1st argument to c4e_dlc_dsa_unisig().
[in] k Pointer to a (one-time) [EC]DSA private key.
[out] r Calculated signature component r and temp. digits space in r->digits. The required digits space depends on the realization of this callback. An error in calculation must be mapped to r = 0.
See also:
c4e_dlc_dsa_unisig(), C4E_ELEM_SET_ZERO()

Definition at line 70 of file c4e_dlc_dsa.h.

typedef void(* C4eDlcDsaU2vFunc)(void *C4E_RESTRICT ctx, C4E_CONST void *C4E_RESTRICT y, C4E_CONST C4eElement *C4E_RESTRICT u1, C4E_CONST C4eElement *C4E_RESTRICT u2, C4eElement *C4E_RESTRICT v)

Function which computes signature verification variable v from intermediate values $ u_1 $ and $ u_2 $.

See ANSI X9.62 tables G-3 to G-6 for a general overview.

Note:
This function pointer type is used as a parameter to the universal DSA signing routine c4e_dlc_dsa_univfy().
Precondition:
The validity of the public [EC]DSA key y must be assured by the caller.
Parameters:
[in] ctx Pointer to an context, which was passed as 1st argument to c4e_dlc_dsa_univfy().
[in] y Pointer to [EC]DSA public key.
[in] u1 Intermediate variable $ u_1 $ (according to ANSI X9.62 and FIPS 186-4), possibly destroyed.
[in] u2 Intermediate variable $ u_1 $ (according to ANSI X9.62 and FIPS 186-4), possibly destroyed.
[out] v Calculated signature verification variable v and temp. digits space in v->digits. The required digits space depends on the realization of this callback. An error in calculation must be mapped to v = 0.
See also:
c4e_dlc_dsa_univfy()

Definition at line 103 of file c4e_dlc_dsa.h.

Function Documentation

C4eSysStatus c4e_dlc_dsa_sign ( C4eDlcDomain *C4E_RESTRICT  dom,
C4E_CONST C4eElement *C4E_RESTRICT  x,
C4eHashId  hid,
C4E_CONST C4eArchUint8 *C4E_RESTRICT  digest,
C4eArchDigit  tmp[C4E_RESTRICT],
C4eArchUint8 *C4E_RESTRICT  signature 
)

DSA signature of a digest, according to IEEE Std 1363 (DLSP-DSA) and FIPS 186-4, with binary encoded signature.

The Digital Signature Algorithm (DSA) is based on the following formulas for calculating the signature (r,s):

\begin{align*} r &= (g^k \bmod p) \bmod q \\ s &= k^{-1}(z + xr) \bmod q \end{align*}

with z the (partial) digest, g the generator, k the (random) one-time private key, x the private key and p the modulus of prime field $ \mathbb{F}_p $ in dom->m.

Note:
The first signature part r is also called one-time public key.
Because of the randomness of the one-time private key k each signature differs from another, also if private key x and digest are the same as in the previous one.
In this DSA implementation the smallest size of modulus C4eDlcDomain::m depends on the smallest size of prime divisor C4eDlcDomain::q (via macros C4E_MODN_POW_SPACE() and C4E_GFP_INV_SPACE()) and the value of architecture define C4E_ARCH_DIGIT_SIZE, e.g. resulting in:
  • 320 bit for a 160-bit digest (SHA-1);
  • 448 bit for a 224-bit digest (SHA-224);
  • 512 bit for a 256-bit digest (SHA-256); in case C4E_ARCH_DIGIT_SIZE is 4U.
Attention:
The domain parameters dom->m.val and dom->q.val are temporary modified - so they must be writable. After function return they hold the same values as at function entry.
Precondition:
The validity of the DSA domain parameters in dom must be assured by the caller, either implicit or by using function c4e_dlc_domchk().
The validity of the private DSA key x must be assured by the caller, either implicit or by using function c4e_dlc_keychk_prv().
The caller must provide temporary memory space in array tmp[], using macro C4E_DLC_TMP_NUM() in conjunction with temp. space qualifier C4E_DLC_DSA_TMPID_SIGN.
The Random Number Generator (RNG) must be initialized at user side, then installed via function c4e_rng_install().
Bibliography:
Standard Specifications For Public-Key Cryptography. Std 1363-2000, IEEE, 2000.
Bibliography:
Digitale Signature Standard (DSS). FIPS Publication 186-4, National Institute of Standards and Technology, 2013.
Parameters:
[in] dom Pointer to DSA domain parameters.
[in] x Pointer to DSA private key x < dom->q.
[in] hid Hash algorithm identifier associated with digest and it's length.
[in] digest Digest calculated by the caller using a hash function.
tmp Array of temporary space elements (see preconditions for details on size).
[out] signature Signature buffer, with implicit length of (2U * dom->q.len) bytes. It is binary encoded according to IEEE Std 1363, annex E.3.1.
Returns:
Status
Return values:
C4E_STATUS_OK If the operation was successful.
other If the operation has failed.
See also:
c4e_dlc_dsa_verify(), c4e_dlc_keychk_prv(), c4e_dlc_domchk(), C4E_DLC_TMP_NUM()
C4eSysStatus c4e_dlc_dsa_verify ( C4eDlcDomain *C4E_RESTRICT  dom,
C4E_CONST C4eElement *C4E_RESTRICT  y,
C4eHashId  hid,
C4E_CONST C4eArchUint8 *C4E_RESTRICT  digest,
C4E_CONST C4eArchUint8 *C4E_RESTRICT  signature,
C4eArchSize  len,
C4eArchDigit  tmp[C4E_RESTRICT] 
)

DSA signature verification, according to IEEE Std 1363 (DLVP-DSA) and FIPS 186-4, with binary encoded signature.

The Digital Signature Algorithm (DSA) is based on the following formulas for verification of the signature (r,s):

\begin{align*} w &= s^{-1} \bmod q \\ u_1 &= z w \bmod q \\ u_2 &= r w \bmod q \\ v &= (g^{u_1} y^{u_2} \bmod p) \bmod q \end{align*}

with z the (partial) digest, g the generator, y the public key and p the modulus of prime field $ \mathbb{F}_p $. The condition for a correct signature is: $ v = r $.

Attention:
The domain parameters dom->m.val and dom->q.val are temporary modified - so they must be writable. After function return they hold the same values as at function entry.
Precondition:
The validity of the DSA domain parameters in dom must be assured by the caller, either implicit or by using function c4e_dlc_domchk().
The validity of DSA public key y must be assured by the caller, for example by using function c4e_dlc_keychk_pub().
The caller must provide temporary memory space in array tmp[], using macro C4E_DLC_TMP_NUM() in conjunction with temp. space qualifier C4E_DLC_DSA_TMPID_VERIFY.
Bibliography:
Standard Specifications For Public-Key Cryptography. Std 1363-2000, IEEE, 2000.
Bibliography:
Digitale Signature Standard (DSS). FIPS Publication 186-4, National Institute of Standards and Technology, 2013.
Parameters:
[in] dom Pointer to DSA domain parameters.
[in] y Pointer to DSA public key.
[in] hid Hash algorithm identifier associated with digest and it's length.
[in] digest Digest calculated by the caller using a hash function.
[in] signature Signature to be verified. It must be binary encoded according to IEEE Std 1363, annex E.3.1.
[in] len Length of signature in bytes.
tmp Array of temporary space elements (see preconditions for details on size).
Returns:
Status
Return values:
C4E_STATUS_OK If the signature is valid.
other If the signature verification has failed.
See also:
c4e_dlc_dsa_sign(), c4e_dlc_keychk_pub(), c4e_dlc_domchk(), C4E_DLC_TMP_NUM()
Generated by Ralf Hoppe, Ginsterweg 49, 73230 Kirchheim unter Teck, Germany
on Sun Jun 7 14:10:51 2015 for CRY4E using doxygen 1.6.1