Functions
Algorithms - DSA

Functions

WOLFSSL_API int wc_InitDsaKey (DsaKey *key)
 This function initializes a DsaKey object in order to use it for authentication via the Digital Signature Algorithm (DSA). More...
 
WOLFSSL_API void wc_FreeDsaKey (DsaKey *key)
 This function frees a DsaKey object after it has been used. More...
 
WOLFSSL_API int wc_DsaSign (const byte *digest, byte *out, DsaKey *key, WC_RNG *rng)
 This function signs the input digest and stores the result in the output buffer, out. More...
 
WOLFSSL_API int wc_DsaVerify (const byte *digest, const byte *sig, DsaKey *key, int *answer)
 This function verifies the signature of a digest, given a private key. It stores whether the key properly verifies in the answer parameter, with 1 corresponding to a successful verification, and 0 corresponding to failed verification. More...
 
WOLFSSL_API int wc_DsaPublicKeyDecode (const byte *input, word32 *inOutIdx, DsaKey *, word32)
 This function decodes a DER formatted certificate buffer containing a DSA public key, and stores the key in the given DsaKey structure. It also sets the inOutIdx parameter according to the length of the input read. More...
 
WOLFSSL_API int wc_DsaPrivateKeyDecode (const byte *input, word32 *inOutIdx, DsaKey *, word32)
 This function decodes a DER formatted certificate buffer containing a DSA private key, and stores the key in the given DsaKey structure. It also sets the inOutIdx parameter according to the length of the input read. More...
 
WOLFSSL_API int wc_DsaKeyToDer (DsaKey *key, byte *output, word32 inLen)
 Convert DsaKey key to DER format, write to output (inLen), return bytes written. More...
 
WOLFSSL_API int wc_MakeDsaKey (WC_RNG *rng, DsaKey *dsa)
 Create a DSA key. More...
 
WOLFSSL_API int wc_MakeDsaParameters (WC_RNG *rng, int modulus_size, DsaKey *dsa)
 FIPS 186-4 defines valid for modulus_size values as (1024, 160) (2048, 256) (3072, 256) More...
 

Detailed Description

Function Documentation

◆ wc_DsaKeyToDer()

WOLFSSL_API int wc_DsaKeyToDer ( DsaKey key,
byte *  output,
word32  inLen 
)

Convert DsaKey key to DER format, write to output (inLen), return bytes written.

Returns
outLen Success, number of bytes written
BAD_FUNC_ARG key or output are null or key->type is not DSA_PRIVATE.
MEMORY_E Error allocating memory.
Parameters
keyPointer to DsaKey structure to convert.
outputPointer to output buffer for converted key.
inLenLength of key input.

Example

DsaKey key;
WC_WC_RNG rng;
int derSz;
int bufferSize = // Sufficient buffer size;
byte der[bufferSize];
wc_InitRng(&rng);
wc_MakeDsaKey(&rng, &key);
derSz = wc_DsaKeyToDer(&key, der, bufferSize);
See also
wc_InitDsaKey
wc_FreeDsaKey
wc_MakeDsaKey

◆ wc_DsaPrivateKeyDecode()

WOLFSSL_API int wc_DsaPrivateKeyDecode ( const byte *  input,
word32 *  inOutIdx,
DsaKey ,
word32   
)

This function decodes a DER formatted certificate buffer containing a DSA private key, and stores the key in the given DsaKey structure. It also sets the inOutIdx parameter according to the length of the input read.

Returns
0 Returned on successfully setting the private key for the DsaKey object
ASN_PARSE_E Returned if there is an error in the encoding while reading the certificate buffer
ASN_DH_KEY_E Returned if one of the DSA parameters is incorrectly formatted
Parameters
inputpointer to the buffer containing the DER formatted DSA private key
inOutIdxpointer to an integer in which to store the final index of the certificate read
keypointer to the DsaKey structure in which to store the private key
inSzsize of the input buffer

Example

int ret, idx=0;
DsaKey key;
byte derBuff[] = { // DSA private key };
ret = wc_DsaPrivateKeyDecode(derBuff, &idx, &key, inSz);
if (ret != 0) {
// error reading private key
}
See also
wc_InitDsaKey
wc_DsaPublicKeyDecode

◆ wc_DsaPublicKeyDecode()

WOLFSSL_API int wc_DsaPublicKeyDecode ( const byte *  input,
word32 *  inOutIdx,
DsaKey ,
word32   
)

This function decodes a DER formatted certificate buffer containing a DSA public key, and stores the key in the given DsaKey structure. It also sets the inOutIdx parameter according to the length of the input read.

Returns
0 Returned on successfully setting the public key for the DsaKey object
ASN_PARSE_E Returned if there is an error in the encoding while reading the certificate buffer
ASN_DH_KEY_E Returned if one of the DSA parameters is incorrectly formatted
Parameters
inputpointer to the buffer containing the DER formatted DSA public key
inOutIdxpointer to an integer in which to store the final index of the certificate read
keypointer to the DsaKey structure in which to store the public key
inSzsize of the input buffer

Example

int ret, idx=0;
DsaKey key;
byte derBuff[] = { // DSA public key};
ret = wc_DsaPublicKeyDecode(derBuff, &idx, &key, inSz);
if (ret != 0) {
// error reading public key
}
See also
wc_InitDsaKey
wc_DsaPrivateKeyDecode

◆ wc_DsaSign()

WOLFSSL_API int wc_DsaSign ( const byte *  digest,
byte *  out,
DsaKey key,
WC_RNG rng 
)

This function signs the input digest and stores the result in the output buffer, out.

Returns
0 Returned on successfully signing the input digest
MP_INIT_E may be returned if there is an error in processing the DSA signature.
MP_READ_E may be returned if there is an error in processing the DSA signature.
MP_CMP_E may be returned if there is an error in processing the DSA signature.
MP_INVMOD_E may be returned if there is an error in processing the DSA signature.
MP_EXPTMOD_E may be returned if there is an error in processing the DSA signature.
MP_MOD_E may be returned if there is an error in processing the DSA signature.
MP_MUL_E may be returned if there is an error in processing the DSA signature.
MP_ADD_E may be returned if there is an error in processing the DSA signature.
MP_MULMOD_E may be returned if there is an error in processing the DSA signature.
MP_TO_E may be returned if there is an error in processing the DSA signature.
MP_MEM may be returned if there is an error in processing the DSA signature.
Parameters
digestpointer to the hash to sign
outpointer to the buffer in which to store the signature
keypointer to the initialized DsaKey structure with which to generate the signature
rngpointer to an initialized RNG to use with the signature generation

Example

DsaKey key;
// initialize DSA key, load private Key
int ret;
WC_RNG rng;
wc_InitRng(&rng);
byte hash[] = { // initialize with hash digest };
byte signature[40]; // signature will be 40 bytes (320 bits)
ret = wc_DsaSign(hash, signature, &key, &rng);
if (ret != 0) {
// error generating DSA signature
}
See also
wc_DsaVerify

◆ wc_DsaVerify()

WOLFSSL_API int wc_DsaVerify ( const byte *  digest,
const byte *  sig,
DsaKey key,
int *  answer 
)

This function verifies the signature of a digest, given a private key. It stores whether the key properly verifies in the answer parameter, with 1 corresponding to a successful verification, and 0 corresponding to failed verification.

Returns
0 Returned on successfully processing the verify request. Note: this does not mean that the signature is verified, only that the function succeeded
MP_INIT_E may be returned if there is an error in processing the DSA signature.
MP_READ_E may be returned if there is an error in processing the DSA signature.
MP_CMP_E may be returned if there is an error in processing the DSA signature.
MP_INVMOD_E may be returned if there is an error in processing the DSA signature.
MP_EXPTMOD_E may be returned if there is an error in processing the DSA signature.
MP_MOD_E may be returned if there is an error in processing the DSA signature.
MP_MUL_E may be returned if there is an error in processing the DSA signature.
MP_ADD_E may be returned if there is an error in processing the DSA signature.
MP_MULMOD_E may be returned if there is an error in processing the DSA signature.
MP_TO_E may be returned if there is an error in processing the DSA signature.
MP_MEM may be returned if there is an error in processing the DSA signature.
Parameters
digestpointer to the digest containing the subject of the signature
sigpointer to the buffer containing the signature to verify
keypointer to the initialized DsaKey structure with which to verify the signature
answerpointer to an integer which will store whether the verification was successful

Example

DsaKey key;
// initialize DSA key, load public Key
int ret;
int verified;
byte hash[] = { // initialize with hash digest };
byte signature[] = { // initialize with signature to verify };
ret = wc_DsaVerify(hash, signature, &key, &verified);
if (ret != 0) {
// error processing verify request
} else if (answer == 0) {
// invalid signature
}
See also
wc_DsaSign

◆ wc_FreeDsaKey()

WOLFSSL_API void wc_FreeDsaKey ( DsaKey key)

This function frees a DsaKey object after it has been used.

Returns
none No returns.
Parameters
keypointer to the DsaKey structure to free

Example

DsaKey key;
// initialize key, use for authentication
...
wc_FreeDsaKey(&key); // free DSA key
See also
wc_FreeDsaKey

◆ wc_InitDsaKey()

WOLFSSL_API int wc_InitDsaKey ( DsaKey key)

This function initializes a DsaKey object in order to use it for authentication via the Digital Signature Algorithm (DSA).

Returns
0 Returned on success.
BAD_FUNC_ARG Returned if a NULL key is passed in.
Parameters
keypointer to the DsaKey structure to initialize

Example

DsaKey key;
int ret;
ret = wc_InitDsaKey(&key); // initialize DSA key
See also
wc_FreeDsaKey

◆ wc_MakeDsaKey()

WOLFSSL_API int wc_MakeDsaKey ( WC_RNG rng,
DsaKey dsa 
)

Create a DSA key.

Returns
MP_OKAY Success
BAD_FUNC_ARG Either rng or dsa is null.
MEMORY_E Couldn't allocate memory for buffer.
MP_INIT_E Error initializing mp_int
Parameters
rngPointer to WC_RNG structure.
dsaPointer to DsaKey structure.

Example

WC_WC_RNG rng;
DsaKey dsa;
wc_InitRng(&rng);
wc_InitDsa(&dsa);
if(wc_MakeDsaKey(&rng, &dsa) != 0)
{
// Error creating key
}
See also
wc_InitDsaKey
wc_FreeDsaKey
wc_DsaSign

◆ wc_MakeDsaParameters()

WOLFSSL_API int wc_MakeDsaParameters ( WC_RNG rng,
int  modulus_size,
DsaKey dsa 
)

FIPS 186-4 defines valid for modulus_size values as (1024, 160) (2048, 256) (3072, 256)

Returns
0 Success
BAD_FUNC_ARG rng or dsa is null or modulus_size is invalid.
MEMORY_E Error attempting to allocate memory.
Parameters
rngpointer to wolfCrypt rng.
modulus_size1024, 2048, or 3072 are valid values.
dsaPointer to a DsaKey structure.

Example

DsaKey key;
WC_WC_RNG rng;
wc_InitRng(&rng);
if(wc_MakeDsaParameters(&rng, 1024, &genKey) != 0)
{
// Handle error
}
See also
wc_MakeDsaKey
wc_DsaKeyToDer
wc_InitDsaKey