ica_ecdsa_sign_ex

Purpose

Creates a deterministic ECDSA signature for the given hash data by using the given private ICA_EC_KEY data structure and a known k value instead of a random value.

Notes:

  • In FIPS mode, this function is only allowed for internal self-tests. When being called from an application it returns EPERM.
  • Creating deterministic signatures is only supported via CPACF on MSA9 or later. Check your icainfo [-c] output if ECDSA via CPACF is available on your hardware . The function returns EPERM if ECDSA is not supported via CPACF.

Format


int ica_ecdsa_sign_ex(ica_adapter_handle_t adapter_handle,
  const ICA_EC_KEY *privkey,
  const unsigned char *hash, 
  unsigned int hash_length,
  unsigned char *signature, 
  unsigned int signature_length,
  const unsigned char *k);

Required hardware support

  • CPACF with MSA9 (IBM z15® or later) .

Parameters

ica_adapter_handle_t adapter_handle
Pointer to a previously opened device handle.
const ICA_EC_KEY *privkey
Pointer to a readable private ICA_EC_KEY object.
const unsigned char *hash
Pointer to a readable buffer containing the hashed data for which the signature is to be generated.
unsigned int hash_length
The length of the hashed data. Supported lengths are 20, 28, 32, 48, and 64 bytes.
unsigned char *signature
Pointer to a writable buffer where the ECDSA signature is returned.
unsigned int signature_length
The length of the buffer. It must be greater or equal to 2*privlen as returned when creating the ICA_EC_KEY data structure.
unsigned char *k
Pointer to a readable buffer containing the k value, used together with the private key and input hash to create a deterministic signature. This allows to implement known-answer tests using test vectors available from various sources, for example, NIST or RFCs. The length of k is expected to be equal to the lengths of the r and s parts of the signature.

Return codes

0
Success
EINVAL
If at least one invalid parameter is given.
EIO
If an internal processing error occurred.
EPERM
If ECDSA is not supported via CPACF (MSA9 or later).

For return codes indicating exceptions, see Return codes.