Performing Elliptic Curve Operations
288 RSA BSAFE Crypto-C Developer’s Guide
Step 4: Update
Now, using B_SignUpdate, pass in the data to be signed:
Step 5: Final
First you must allocate space to store the signature. The output of the ECDSA
signature is the BER encoding of a sequence of two integers, (r,s). At most, the size of
the output will be six bytes more than twice the length of the order. Retrieve the field
element length from
ecParamsObj
and do a simple manipulation to find the field
element length in bytes.
Now, finalize the process and retrieve the signature. Note that the Reference Manual
entry for
AI_EC_DSAWithDigest indicates that you will have to pass in a properly
if ((status = B_SignInit (ecDSASign, privateKey, EC_DSA_CHOOSER,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
unsigned char *dataToSign = "Some arbitrarily long piece of data to
sign...";
unsigned int dataToSignLen = strlen(dataToSign) + 1;
if ((status = B_SignUpdate (ecDSASign, dataToSign, dataToSignLen,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
A_EC_PARAMS *ecParamInfo;
unsigned int order, maxSignatureLen;
unsigned char *signature;
if ((status = B_GetAlgorithmInfo ((POINTER *)&ecParamInfo, ecParamsObj,
AI_ECParameters)) != 0)
break;
order = (ecParamInfo->order.len + 7) / 8;
maxSignatureLen = (2 * order) + 6;
signature = T_malloc(maxSignatureLen);
if ((status = (signature == NULL_PTR)) != 0)
break;
