Module type Mirage_crypto_ec.Dsa

Digital signature algorithm.

type priv

The type for private keys.

type pub

The type for public keys.

val byte_length : int

byte_length is the size of a ECDSA signature in bytes.

val bit_length : int

bit_length is the number of significant bits in a ECDSA signature

Serialisation

val priv_of_octets : string -> (priv, error) Stdlib.result

priv_of_octets buf decodes a private key from the buffer buf. If the provided data is invalid, an error is returned.

val priv_to_octets : priv -> string

priv_to_octets p encode the private key p to a buffer.

val pub_of_octets : string -> (pub, error) Stdlib.result

pub_of_octets buf decodes a public key from the buffer buf. If the provided data is invalid, an error is returned.

val pub_to_octets : ?compress:bool -> pub -> string

pub_to_octets ~compress p encodes the public key p into a buffer. If compress is provided and true (default false), the compressed representation is returned.

Deriving the public key

val pub_of_priv : priv -> pub

pub_of_priv p extracts the public key from the private key p.

Key generation

val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub

generate ~g () generates a key pair.

Cryptographic operations

val sign : key:priv -> ?k:string -> string -> string * string

sign ~key ~k digest signs the message digest using the private key. The digest is not processed further - it should be the hash of the message to sign. If k is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r and s.

Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k - thus it is advised to provide a good nonce (k) explicitly, which is independent of key and digest.

  • raises Invalid_argument

    if k is not suitable or not in range.

val verify : key:pub -> (string * string) -> string -> bool

verify ~key (r, s) digest verifies the signature r, s on the message digest with the public key. The return value is true if verification was successful, false otherwise. If the message has more bits than the group order, the result is false.

module K_gen (H : Digestif.S) : sig ... end

K_gen can be instantiated over a hashing module to obtain an RFC6979 compliant k-generator for that hash.

Misc

module Precompute : sig ... end

Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec before compilation