4 * \brief This file contains ECDSA definitions and functions.
\r
6 * The Elliptic Curve Digital Signature Algorithm (ECDSA) is defined in
\r
7 * <em>Standards for Efficient Cryptography Group (SECG):
\r
8 * SEC1 Elliptic Curve Cryptography</em>.
\r
9 * The use of ECDSA for TLS is defined in <em>RFC-4492: Elliptic Curve
\r
10 * Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)</em>.
\r
14 * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
\r
15 * SPDX-License-Identifier: Apache-2.0
\r
17 * Licensed under the Apache License, Version 2.0 (the "License"); you may
\r
18 * not use this file except in compliance with the License.
\r
19 * You may obtain a copy of the License at
\r
21 * http://www.apache.org/licenses/LICENSE-2.0
\r
23 * Unless required by applicable law or agreed to in writing, software
\r
24 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
\r
25 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
26 * See the License for the specific language governing permissions and
\r
27 * limitations under the License.
\r
29 * This file is part of Mbed TLS (https://tls.mbed.org)
\r
32 #ifndef MBEDTLS_ECDSA_H
\r
33 #define MBEDTLS_ECDSA_H
\r
35 #if !defined(MBEDTLS_CONFIG_FILE)
\r
38 #include MBEDTLS_CONFIG_FILE
\r
45 * \brief Maximum ECDSA signature size for a given curve bit size
\r
47 * \param bits Curve size in bits
\r
48 * \return Maximum signature size in bytes
\r
50 * \note This macro returns a compile-time constant if its argument
\r
51 * is one. It may evaluate its argument multiple times.
\r
54 * Ecdsa-Sig-Value ::= SEQUENCE {
\r
59 * For each of r and s, the value (V) may include an extra initial "0" bit.
\r
61 #define MBEDTLS_ECDSA_MAX_SIG_LEN( bits ) \
\r
62 ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) + \
\r
63 /*T,L of r,s*/ 2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) + \
\r
64 /*V of r,s*/ ( ( bits ) + 8 ) / 8 ) )
\r
66 /** The maximal size of an ECDSA signature in Bytes. */
\r
67 #define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
\r
74 * \brief The ECDSA context structure.
\r
76 * \warning Performing multiple operations concurrently on the same
\r
77 * ECDSA context is not supported; objects of this type
\r
78 * should not be shared between multiple threads.
\r
80 typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
\r
82 #if defined(MBEDTLS_ECP_RESTARTABLE)
\r
85 * \brief Internal restart context for ecdsa_verify()
\r
87 * \note Opaque struct, defined in ecdsa.c
\r
89 typedef struct mbedtls_ecdsa_restart_ver mbedtls_ecdsa_restart_ver_ctx;
\r
92 * \brief Internal restart context for ecdsa_sign()
\r
94 * \note Opaque struct, defined in ecdsa.c
\r
96 typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
\r
98 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
\r
100 * \brief Internal restart context for ecdsa_sign_det()
\r
102 * \note Opaque struct, defined in ecdsa.c
\r
104 typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
\r
108 * \brief General context for resuming ECDSA operations
\r
112 mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and
\r
113 shared administrative info */
\r
114 mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */
\r
115 mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */
\r
116 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
\r
117 mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */
\r
119 } mbedtls_ecdsa_restart_ctx;
\r
121 #else /* MBEDTLS_ECP_RESTARTABLE */
\r
123 /* Now we can declare functions that take a pointer to that */
\r
124 typedef void mbedtls_ecdsa_restart_ctx;
\r
126 #endif /* MBEDTLS_ECP_RESTARTABLE */
\r
129 * \brief This function computes the ECDSA signature of a
\r
130 * previously-hashed message.
\r
132 * \note The deterministic version implemented in
\r
133 * mbedtls_ecdsa_sign_det() is usually preferred.
\r
135 * \note If the bitlength of the message hash is larger than the
\r
136 * bitlength of the group order, then the hash is truncated
\r
137 * as defined in <em>Standards for Efficient Cryptography Group
\r
138 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
\r
143 * \param grp The context for the elliptic curve to use.
\r
144 * This must be initialized and have group parameters
\r
145 * set, for example through mbedtls_ecp_group_load().
\r
146 * \param r The MPI context in which to store the first part
\r
147 * the signature. This must be initialized.
\r
148 * \param s The MPI context in which to store the second part
\r
149 * the signature. This must be initialized.
\r
150 * \param d The private signing key. This must be initialized.
\r
151 * \param buf The content to be signed. This is usually the hash of
\r
152 * the original data to be signed. This must be a readable
\r
153 * buffer of length \p blen Bytes. It may be \c NULL if
\r
155 * \param blen The length of \p buf in Bytes.
\r
156 * \param f_rng The RNG function. This must not be \c NULL.
\r
157 * \param p_rng The RNG context to be passed to \p f_rng. This may be
\r
158 * \c NULL if \p f_rng doesn't need a context parameter.
\r
160 * \return \c 0 on success.
\r
161 * \return An \c MBEDTLS_ERR_ECP_XXX
\r
162 * or \c MBEDTLS_MPI_XXX error code on failure.
\r
164 int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
\r
165 const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
\r
166 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
\r
168 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
\r
170 * \brief This function computes the ECDSA signature of a
\r
171 * previously-hashed message, deterministic version.
\r
173 * For more information, see <em>RFC-6979: Deterministic
\r
174 * Usage of the Digital Signature Algorithm (DSA) and Elliptic
\r
175 * Curve Digital Signature Algorithm (ECDSA)</em>.
\r
177 * \note If the bitlength of the message hash is larger than the
\r
178 * bitlength of the group order, then the hash is truncated as
\r
179 * defined in <em>Standards for Efficient Cryptography Group
\r
180 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
\r
185 * \param grp The context for the elliptic curve to use.
\r
186 * This must be initialized and have group parameters
\r
187 * set, for example through mbedtls_ecp_group_load().
\r
188 * \param r The MPI context in which to store the first part
\r
189 * the signature. This must be initialized.
\r
190 * \param s The MPI context in which to store the second part
\r
191 * the signature. This must be initialized.
\r
192 * \param d The private signing key. This must be initialized
\r
193 * and setup, for example through mbedtls_ecp_gen_privkey().
\r
194 * \param buf The hashed content to be signed. This must be a readable
\r
195 * buffer of length \p blen Bytes. It may be \c NULL if
\r
197 * \param blen The length of \p buf in Bytes.
\r
198 * \param md_alg The hash algorithm used to hash the original data.
\r
200 * \return \c 0 on success.
\r
201 * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
\r
202 * error code on failure.
\r
204 int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
\r
205 mbedtls_mpi *s, const mbedtls_mpi *d,
\r
206 const unsigned char *buf, size_t blen,
\r
207 mbedtls_md_type_t md_alg );
\r
208 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
\r
211 * \brief This function verifies the ECDSA signature of a
\r
212 * previously-hashed message.
\r
214 * \note If the bitlength of the message hash is larger than the
\r
215 * bitlength of the group order, then the hash is truncated as
\r
216 * defined in <em>Standards for Efficient Cryptography Group
\r
217 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
\r
222 * \param grp The ECP group to use.
\r
223 * This must be initialized and have group parameters
\r
224 * set, for example through mbedtls_ecp_group_load().
\r
225 * \param buf The hashed content that was signed. This must be a readable
\r
226 * buffer of length \p blen Bytes. It may be \c NULL if
\r
228 * \param blen The length of \p buf in Bytes.
\r
229 * \param Q The public key to use for verification. This must be
\r
230 * initialized and setup.
\r
231 * \param r The first integer of the signature.
\r
232 * This must be initialized.
\r
233 * \param s The second integer of the signature.
\r
234 * This must be initialized.
\r
236 * \return \c 0 on success.
\r
237 * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the signature
\r
239 * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
\r
240 * error code on failure for any other reason.
\r
242 int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
\r
243 const unsigned char *buf, size_t blen,
\r
244 const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
\r
245 const mbedtls_mpi *s);
\r
248 * \brief This function computes the ECDSA signature and writes it
\r
249 * to a buffer, serialized as defined in <em>RFC-4492:
\r
250 * Elliptic Curve Cryptography (ECC) Cipher Suites for
\r
251 * Transport Layer Security (TLS)</em>.
\r
253 * \warning It is not thread-safe to use the same context in
\r
254 * multiple threads.
\r
256 * \note The deterministic version is used if
\r
257 * #MBEDTLS_ECDSA_DETERMINISTIC is defined. For more
\r
258 * information, see <em>RFC-6979: Deterministic Usage
\r
259 * of the Digital Signature Algorithm (DSA) and Elliptic
\r
260 * Curve Digital Signature Algorithm (ECDSA)</em>.
\r
262 * \note If the bitlength of the message hash is larger than the
\r
263 * bitlength of the group order, then the hash is truncated as
\r
264 * defined in <em>Standards for Efficient Cryptography Group
\r
265 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
\r
270 * \param ctx The ECDSA context to use. This must be initialized
\r
271 * and have a group and private key bound to it, for example
\r
272 * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
\r
273 * \param md_alg The message digest that was used to hash the message.
\r
274 * \param hash The message hash to be signed. This must be a readable
\r
275 * buffer of length \p blen Bytes.
\r
276 * \param hlen The length of the hash \p hash in Bytes.
\r
277 * \param sig The buffer to which to write the signature. This must be a
\r
278 * writable buffer of length at least twice as large as the
\r
279 * size of the curve used, plus 9. For example, 73 Bytes if
\r
280 * a 256-bit curve is used. A buffer length of
\r
281 * #MBEDTLS_ECDSA_MAX_LEN is always safe.
\r
282 * \param slen The address at which to store the actual length of
\r
283 * the signature written. Must not be \c NULL.
\r
284 * \param f_rng The RNG function. This must not be \c NULL if
\r
285 * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
\r
286 * it is unused and may be set to \c NULL.
\r
287 * \param p_rng The RNG context to be passed to \p f_rng. This may be
\r
288 * \c NULL if \p f_rng is \c NULL or doesn't use a context.
\r
290 * \return \c 0 on success.
\r
291 * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
\r
292 * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
\r
294 int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
\r
295 mbedtls_md_type_t md_alg,
\r
296 const unsigned char *hash, size_t hlen,
\r
297 unsigned char *sig, size_t *slen,
\r
298 int (*f_rng)(void *, unsigned char *, size_t),
\r
302 * \brief This function computes the ECDSA signature and writes it
\r
303 * to a buffer, in a restartable way.
\r
305 * \see \c mbedtls_ecdsa_write_signature()
\r
307 * \note This function is like \c mbedtls_ecdsa_write_signature()
\r
308 * but it can return early and restart according to the limit
\r
309 * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
\r
311 * \param ctx The ECDSA context to use. This must be initialized
\r
312 * and have a group and private key bound to it, for example
\r
313 * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
\r
314 * \param md_alg The message digest that was used to hash the message.
\r
315 * \param hash The message hash to be signed. This must be a readable
\r
316 * buffer of length \p blen Bytes.
\r
317 * \param hlen The length of the hash \p hash in Bytes.
\r
318 * \param sig The buffer to which to write the signature. This must be a
\r
319 * writable buffer of length at least twice as large as the
\r
320 * size of the curve used, plus 9. For example, 73 Bytes if
\r
321 * a 256-bit curve is used. A buffer length of
\r
322 * #MBEDTLS_ECDSA_MAX_LEN is always safe.
\r
323 * \param slen The address at which to store the actual length of
\r
324 * the signature written. Must not be \c NULL.
\r
325 * \param f_rng The RNG function. This must not be \c NULL if
\r
326 * #MBEDTLS_ECDSA_DETERMINISTIC is unset. Otherwise,
\r
327 * it is unused and may be set to \c NULL.
\r
328 * \param p_rng The RNG context to be passed to \p f_rng. This may be
\r
329 * \c NULL if \p f_rng is \c NULL or doesn't use a context.
\r
330 * \param rs_ctx The restart context to use. This may be \c NULL to disable
\r
331 * restarting. If it is not \c NULL, it must point to an
\r
332 * initialized restart context.
\r
334 * \return \c 0 on success.
\r
335 * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
\r
336 * operations was reached: see \c mbedtls_ecp_set_max_ops().
\r
337 * \return Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
\r
338 * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
\r
340 int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
\r
341 mbedtls_md_type_t md_alg,
\r
342 const unsigned char *hash, size_t hlen,
\r
343 unsigned char *sig, size_t *slen,
\r
344 int (*f_rng)(void *, unsigned char *, size_t),
\r
346 mbedtls_ecdsa_restart_ctx *rs_ctx );
\r
348 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
\r
349 #if ! defined(MBEDTLS_DEPRECATED_REMOVED)
\r
350 #if defined(MBEDTLS_DEPRECATED_WARNING)
\r
351 #define MBEDTLS_DEPRECATED __attribute__((deprecated))
\r
353 #define MBEDTLS_DEPRECATED
\r
356 * \brief This function computes an ECDSA signature and writes
\r
357 * it to a buffer, serialized as defined in <em>RFC-4492:
\r
358 * Elliptic Curve Cryptography (ECC) Cipher Suites for
\r
359 * Transport Layer Security (TLS)</em>.
\r
361 * The deterministic version is defined in <em>RFC-6979:
\r
362 * Deterministic Usage of the Digital Signature Algorithm (DSA)
\r
363 * and Elliptic Curve Digital Signature Algorithm (ECDSA)</em>.
\r
365 * \warning It is not thread-safe to use the same context in
\r
366 * multiple threads.
\r
368 * \note If the bitlength of the message hash is larger than the
\r
369 * bitlength of the group order, then the hash is truncated as
\r
370 * defined in <em>Standards for Efficient Cryptography Group
\r
371 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
\r
376 * \deprecated Superseded by mbedtls_ecdsa_write_signature() in
\r
377 * Mbed TLS version 2.0 and later.
\r
379 * \param ctx The ECDSA context to use. This must be initialized
\r
380 * and have a group and private key bound to it, for example
\r
381 * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
\r
382 * \param hash The message hash to be signed. This must be a readable
\r
383 * buffer of length \p blen Bytes.
\r
384 * \param hlen The length of the hash \p hash in Bytes.
\r
385 * \param sig The buffer to which to write the signature. This must be a
\r
386 * writable buffer of length at least twice as large as the
\r
387 * size of the curve used, plus 9. For example, 73 Bytes if
\r
388 * a 256-bit curve is used. A buffer length of
\r
389 * #MBEDTLS_ECDSA_MAX_LEN is always safe.
\r
390 * \param slen The address at which to store the actual length of
\r
391 * the signature written. Must not be \c NULL.
\r
392 * \param md_alg The message digest that was used to hash the message.
\r
394 * \return \c 0 on success.
\r
395 * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
\r
396 * \c MBEDTLS_ERR_ASN1_XXX error code on failure.
\r
398 int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
\r
399 const unsigned char *hash, size_t hlen,
\r
400 unsigned char *sig, size_t *slen,
\r
401 mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
\r
402 #undef MBEDTLS_DEPRECATED
\r
403 #endif /* MBEDTLS_DEPRECATED_REMOVED */
\r
404 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
\r
407 * \brief This function reads and verifies an ECDSA signature.
\r
409 * \note If the bitlength of the message hash is larger than the
\r
410 * bitlength of the group order, then the hash is truncated as
\r
411 * defined in <em>Standards for Efficient Cryptography Group
\r
412 * (SECG): SEC1 Elliptic Curve Cryptography</em>, section
\r
417 * \param ctx The ECDSA context to use. This must be initialized
\r
418 * and have a group and public key bound to it.
\r
419 * \param hash The message hash that was signed. This must be a readable
\r
420 * buffer of length \p size Bytes.
\r
421 * \param hlen The size of the hash \p hash.
\r
422 * \param sig The signature to read and verify. This must be a readable
\r
423 * buffer of length \p slen Bytes.
\r
424 * \param slen The size of \p sig in Bytes.
\r
426 * \return \c 0 on success.
\r
427 * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
\r
428 * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
\r
429 * signature in \p sig, but its length is less than \p siglen.
\r
430 * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
\r
431 * error code on failure for any other reason.
\r
433 int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
\r
434 const unsigned char *hash, size_t hlen,
\r
435 const unsigned char *sig, size_t slen );
\r
438 * \brief This function reads and verifies an ECDSA signature,
\r
439 * in a restartable way.
\r
441 * \see \c mbedtls_ecdsa_read_signature()
\r
443 * \note This function is like \c mbedtls_ecdsa_read_signature()
\r
444 * but it can return early and restart according to the limit
\r
445 * set with \c mbedtls_ecp_set_max_ops() to reduce blocking.
\r
447 * \param ctx The ECDSA context to use. This must be initialized
\r
448 * and have a group and public key bound to it.
\r
449 * \param hash The message hash that was signed. This must be a readable
\r
450 * buffer of length \p size Bytes.
\r
451 * \param hlen The size of the hash \p hash.
\r
452 * \param sig The signature to read and verify. This must be a readable
\r
453 * buffer of length \p slen Bytes.
\r
454 * \param slen The size of \p sig in Bytes.
\r
455 * \param rs_ctx The restart context to use. This may be \c NULL to disable
\r
456 * restarting. If it is not \c NULL, it must point to an
\r
457 * initialized restart context.
\r
459 * \return \c 0 on success.
\r
460 * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid.
\r
461 * \return #MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if there is a valid
\r
462 * signature in \p sig, but its length is less than \p siglen.
\r
463 * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
\r
464 * operations was reached: see \c mbedtls_ecp_set_max_ops().
\r
465 * \return Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
\r
466 * error code on failure for any other reason.
\r
468 int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
\r
469 const unsigned char *hash, size_t hlen,
\r
470 const unsigned char *sig, size_t slen,
\r
471 mbedtls_ecdsa_restart_ctx *rs_ctx );
\r
474 * \brief This function generates an ECDSA keypair on the given curve.
\r
478 * \param ctx The ECDSA context to store the keypair in.
\r
479 * This must be initialized.
\r
480 * \param gid The elliptic curve to use. One of the various
\r
481 * \c MBEDTLS_ECP_DP_XXX macros depending on configuration.
\r
482 * \param f_rng The RNG function to use. This must not be \c NULL.
\r
483 * \param p_rng The RNG context to be passed to \p f_rng. This may be
\r
484 * \c NULL if \p f_rng doesn't need a context argument.
\r
486 * \return \c 0 on success.
\r
487 * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
\r
489 int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
\r
490 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
\r
493 * \brief This function sets up an ECDSA context from an EC key pair.
\r
497 * \param ctx The ECDSA context to setup. This must be initialized.
\r
498 * \param key The EC key to use. This must be initialized and hold
\r
499 * a private-public key pair or a public key. In the former
\r
500 * case, the ECDSA context may be used for signature creation
\r
501 * and verification after this call. In the latter case, it
\r
502 * may be used for signature verification.
\r
504 * \return \c 0 on success.
\r
505 * \return An \c MBEDTLS_ERR_ECP_XXX code on failure.
\r
507 int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
\r
508 const mbedtls_ecp_keypair *key );
\r
511 * \brief This function initializes an ECDSA context.
\r
513 * \param ctx The ECDSA context to initialize.
\r
514 * This must not be \c NULL.
\r
516 void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
\r
519 * \brief This function frees an ECDSA context.
\r
521 * \param ctx The ECDSA context to free. This may be \c NULL,
\r
522 * in which case this function does nothing. If it
\r
523 * is not \c NULL, it must be initialized.
\r
525 void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
\r
527 #if defined(MBEDTLS_ECP_RESTARTABLE)
\r
529 * \brief Initialize a restart context.
\r
531 * \param ctx The restart context to initialize.
\r
532 * This must not be \c NULL.
\r
534 void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
\r
537 * \brief Free the components of a restart context.
\r
539 * \param ctx The restart context to free. This may be \c NULL,
\r
540 * in which case this function does nothing. If it
\r
541 * is not \c NULL, it must be initialized.
\r
543 void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
\r
544 #endif /* MBEDTLS_ECP_RESTARTABLE */
\r
550 #endif /* ecdsa.h */
\r