ECDSA can be used to generate a digital signature that can be authenticated.

There are two processes involved:

Signing the message, when the signature is calculated using a private key and a hash of the message.
Verifying the message, when the other party checks the signature using a hash of the message and a public key that corresponds to the private key used in the signing.

A valid signature indicates that:

the message comes from the owner of the private key,
the message was not altered after signing,
the owner of the private key cannot deny having sent the message.

From a technical point of view, a signature is a pair of big integers of size equal to the size of a private key used to generate the signature. Meaning of the integers depends on the selected digital signature scheme.

For information about public-private key management and general concepts regarding ECC, see ECC - Elliptic Curve Cryptography.

For detailed API documentation of this module, see Elliptic Curve Digital Signature (ECDSA).

API

The library provides two functions to perform ECDSA: nrf_crypto_ecdsa_sign and nrf_crypto_ecdsa_verify. Not all of these functions are implemented by the backends. See the table at Backends and nrf_crypto backend modules.

This library represents a signature as an array of bytes containing two big integers in big-endian order. Use nrf_crypto_ecc_byte_order_invert if little-endian order is required. Signature size depends on the curve type. Array type nrf_crypto_ecdsa_signature_t is big enough to hold a signature from any of the enabled curve types. There are also curve specific types, such as nrf_crypto_ecdsa_secp256r1_signature_t that can be used to reduce memory consumption. See Memory saving for more details.

Random number generator is required to perform signing in a secure way, see Dependencies.

Code examples

Signing a hash of the message:

nrf_crypto_ecdsa_sign_context_t sign_context;
nrf_crypto_ecc_private_key_t my_private_key;
nrf_crypto_ecdsa_signature_t signature;
size_t signature_size = sizeof(signature);
// ...
// Prepare my_private_key.
// ...
err_code = nrf_crypto_ecdsa_sign(&sign_context, // Context
 &my_private_key, // Private key
 p_hash, // Message hash
 hash_size, // Hash size
 signature, // signature
 &signature_size); // Signature size

Verifying a signature:

nrf_crypto_ecdsa_verify_context_t verify_context;
nrf_crypto_ecc_public_key_t some_public_key;
nrf_crypto_ecdsa_signature_t signature;
size_t signature_size = sizeof(signature);
// ...
// Prepare some_public_key.
// Receive signature and size_of_signature.
// ...
err_code = nrf_crypto_ecdsa_verify(&verify_context, // Context
 &some_public_key, // Public key
 p_hash, // Message hash
 hash_size, // Hash size
 signature, // Signature
 signature_size); // Signature size
if (err_code == NRF_SUCCESS)
{
 // Signature is valid
}
else if (err_code == NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE)
{
 // Signature is invalid
}
else
{
 // Some error occurred during signature verification
}

Backends

ECDSA functionality depends on the selected backend. See Backends for more details about backends. The following table summarizes the function availability:

API function	CC310 ¹	mbed TLS	Oberon ¹	µECC	CC310_BL
nrf_crypto_ecdsa_sign	✔	✔	✔	✔
nrf_crypto_ecdsa_verify	✔	✔	✔	✔	✔

¹ Hash size can only be 160, 224, 256, 384, or 512-bit long.
² Only hash of length 256 bit or longer.

Dependencies

RNG - Random Number Generator is required for nrf_crypto_ecdsa_sign. It must be correctly configured and initialized before calling the function.

ECDH Example

See ECDSA Example for an example that shows the ECDSA procedure.

For an example showing the verification procedure of ECDSA, see Test Example.