ica_ecdsa_sign_ex
Purpose
Creates a deterministic ECDSA signature for the given hash data by using the given private
ICA_EC_KEY data structure and a known k value instead of a
random value.
Notes:
- In FIPS mode, this function is only allowed for internal self-tests. When being called from an application it returns EPERM.
- Creating deterministic signatures is only supported via CPACF on MSA9 or later. Check your icainfo [-c] output if ECDSA via CPACF is available on your hardware . The function returns EPERM if ECDSA is not supported via CPACF.
Format
int ica_ecdsa_sign_ex(ica_adapter_handle_t adapter_handle,
const ICA_EC_KEY *privkey,
const unsigned char *hash,
unsigned int hash_length,
unsigned char *signature,
unsigned int signature_length,
const unsigned char *k);
Required hardware support
- CPACF with MSA9 (IBM z15® or later) .
Parameters
- ica_adapter_handle_t adapter_handle
- Pointer to a previously opened device handle.
- const ICA_EC_KEY *privkey
- Pointer to a readable private
ICA_EC_KEYobject. - const unsigned char *hash
- Pointer to a readable buffer containing the hashed data for which the signature is to be generated.
- unsigned int hash_length
- The length of the hashed data. Supported lengths are 20, 28, 32, 48, and 64 bytes.
- unsigned char *signature
- Pointer to a writable buffer where the ECDSA signature is returned.
- unsigned int signature_length
- The length of the buffer. It must be greater or equal to 2*privlen as
returned when creating the
ICA_EC_KEYdata structure. - unsigned char *k
- Pointer to a readable buffer containing the k value, used together with the private key and input hash to create a deterministic signature. This allows to implement known-answer tests using test vectors available from various sources, for example, NIST or RFCs. The length of k is expected to be equal to the lengths of the r and s parts of the signature.
Return codes
- 0
- Success
- EINVAL
- If at least one invalid parameter is given.
- EIO
- If an internal processing error occurred.
- EPERM
- If ECDSA is not supported via CPACF (MSA9 or later).
For return codes indicating exceptions, see Return codes.