tls13_sign_verify.c
Go to the documentation of this file.
1 /**
2  * @file tls13_sign_verify.c
3  * @brief RSA/DSA/ECDSA/SM2/EdDSA signature verification (TLS 1.3)
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneSSL Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
33 
34 //Dependencies
35 #include "tls.h"
36 #include "tls_sign_verify.h"
37 #include "tls_sign_misc.h"
38 #include "tls_transcript_hash.h"
39 #include "tls_misc.h"
40 #include "tls13_sign_verify.h"
41 #include "debug.h"
42 
43 //Check TLS library configuration
44 #if (TLS_SUPPORT == ENABLED && TLS_MAX_VERSION >= TLS_VERSION_1_3)
45 
46 
47 /**
48  * @brief Digital signature verification (TLS 1.3)
49  * @param[in] context Pointer to the TLS context
50  * @param[in] p Pointer to the digitally-signed element to be verified
51  * @param[in] length Length of the digitally-signed element
52  * @return Error code
53  **/
54 
55 error_t tls13VerifySignature(TlsContext *context, const uint8_t *p,
56  size_t length)
57 {
58  error_t error;
59  size_t n;
60  uint8_t *buffer;
61  TlsSignatureScheme signScheme;
62  const Tls13DigitalSignature *signature;
63  const HashAlgo *hashAlgo;
64 
65  //Point to the digitally-signed element
66  signature = (Tls13DigitalSignature *) p;
67 
68  //Malformed CertificateVerify message?
69  if(length < sizeof(Tls13DigitalSignature))
70  return ERROR_DECODING_FAILED;
71  if(length != (sizeof(Tls13DigitalSignature) + ntohs(signature->length)))
72  return ERROR_DECODING_FAILED;
73 
74  //The signature algorithm must be one of those offered in the
75  //SignatureAlgorithms extension (refer to RFC 8446, section 4.4.3)
76  if(!tlsIsSignAlgoSupported(context, ntohs(signature->algorithm)))
77  return ERROR_ILLEGAL_PARAMETER;
78 
79  //The hash function used by HKDF is the cipher suite hash algorithm
80  hashAlgo = context->cipherSuite.prfHashAlgo;
81  //Make sure the hash algorithm is valid
82  if(hashAlgo == NULL)
83  return ERROR_FAILURE;
84 
85  //Calculate the length of the content covered by the digital signature
86  n = hashAlgo->digestSize + 98;
87 
88  //Allocate a memory buffer
89  buffer = tlsAllocMem(n);
90 
91  //Successful memory allocation?
92  if(buffer != NULL)
93  {
94  //Form a string that consists of octet 32 (0x20) repeated 64 times
95  osMemset(buffer, ' ', 64);
96 
97  //Append the context string. It is used to provide separation between
98  //signatures made in different contexts, helping against potential
99  //cross-protocol attacks
100  if(context->entity == TLS_CONNECTION_END_CLIENT)
101  {
102  osMemcpy(buffer + 64, "TLS 1.3, server CertificateVerify", 33);
103  }
104  else
105  {
106  osMemcpy(buffer + 64, "TLS 1.3, client CertificateVerify", 33);
107  }
108 
109  //Append a single 0 byte which serves as the separator
110  buffer[97] = 0x00;
111 
112  //Compute the transcript hash
113  error = tlsFinalizeTranscriptHash(context, hashAlgo,
114  context->transcriptHashContext, "", buffer + 98);
115 
116  //Check status code
117  if(!error)
118  {
119  //The algorithm field specifies the signature scheme
120  signScheme = (TlsSignatureScheme) ntohs(signature->algorithm);
121 
122 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED)
123  //RSASSA-PSS signature scheme?
124  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256 ||
125  signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384 ||
126  signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512 ||
127  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256 ||
128  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384 ||
129  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512)
130  {
131  //Verify RSA-PSS signature
132  error = tls13VerifyRsaPssSignature(context, buffer, n, signature);
133  }
134  else
135 #endif
136 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED)
137  //ECDSA signature scheme?
138  if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256 ||
139  signScheme == TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384 ||
140  signScheme == TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512 ||
141  signScheme == TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256 ||
142  signScheme == TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384 ||
143  signScheme == TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512)
144  {
145  //Verify ECDSA signature
146  error = tls13VerifyEcdsaSignature(context, buffer, n, signature);
147  }
148  else
149 #endif
150 #if (TLS_SM2_SIGN_SUPPORT == ENABLED)
151  //SM2 signature scheme?
152  if(signScheme == TLS_SIGN_SCHEME_SM2SIG_SM3)
153  {
154  //Verify SM2 signature
155  error = tls13VerifySm2Signature(context, buffer, n, signature);
156  }
157  else
158 #endif
159 #if (TLS_ED25519_SIGN_SUPPORT == ENABLED)
160  //Ed25519 signature scheme?
161  if(signScheme == TLS_SIGN_SCHEME_ED25519)
162  {
163  //Verify Ed25519 signature
164  error = tls13VerifyEd25519Signature(context, buffer, n, signature);
165  }
166  else
167 #endif
168 #if (TLS_ED448_SIGN_SUPPORT == ENABLED)
169  //Ed448 signature scheme?
170  if(signScheme == TLS_SIGN_SCHEME_ED448)
171  {
172  //Verify Ed448 signature
173  error = tls13VerifyEd448Signature(context, buffer, n, signature);
174  }
175  else
176 #endif
177  //Unknown signature scheme?
178  {
179  //Report an error
180  error = ERROR_ILLEGAL_PARAMETER;
181  }
182  }
183 
184  //Release memory buffer
185  tlsFreeMem(buffer);
186  }
187  else
188  {
189  //Failed to allocate memory
190  error = ERROR_OUT_OF_MEMORY;
191  }
192 
193  //Return status code
194  return error;
195 }
196 
197 
198 /**
199  * @brief RSA-PSS signature verification (TLS 1.3)
200  * @param[in] context Pointer to the TLS context
201  * @param[in] message Message whose signature is to be verified
202  * @param[in] length Length of the message, in bytes
203  * @param[in] signature Pointer to the digital signature to be verified
204  * @return Error code
205  **/
206 
207 error_t tls13VerifyRsaPssSignature(TlsContext *context, const uint8_t *message,
208  size_t length, const Tls13DigitalSignature *signature)
209 {
210 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED)
211  error_t error;
212  TlsSignatureScheme signScheme;
213  const HashAlgo *hashAlgo;
214 
215  //The algorithm field specifies the signature scheme
216  signScheme = (TlsSignatureScheme) ntohs(signature->algorithm);
217 
218  //The signature algorithm must be compatible with the key in the sender's
219  //end-entity certificate (refer to RFC 8446, section 4.4.3)
220  if(context->peerCertType == TLS_CERT_RSA_SIGN)
221  {
222  //Retrieve the hash algorithm used for signing
223  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256)
224  {
225  //Select SHA-256 hash algorithm
226  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA256);
227  }
228  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384)
229  {
230  //Select SHA-384 hash algorithm
231  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA384);
232  }
233  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512)
234  {
235  //Select SHA-512 hash algorithm
236  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA512);
237  }
238  else
239  {
240  //Invalid signature scheme
241  hashAlgo = NULL;
242  }
243  }
244  else if(context->peerCertType == TLS_CERT_RSA_PSS_SIGN)
245  {
246  //Retrieve the hash algorithm used for signing
247  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256)
248  {
249  //Select SHA-256 hash algorithm
250  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA256);
251  }
252  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384)
253  {
254  //Select SHA-384 hash algorithm
255  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA384);
256  }
257  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512)
258  {
259  //Select SHA-512 hash algorithm
260  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA512);
261  }
262  else
263  {
264  //Invalid signature scheme
265  hashAlgo = NULL;
266  }
267  }
268  else
269  {
270  //Invalid certificate
271  hashAlgo = NULL;
272  }
273 
274  //Pre-hash the content covered by the digital signature
275  if(hashAlgo != NULL)
276  {
277  error = hashAlgo->compute(message, length, context->clientVerifyData);
278  }
279  else
280  {
281  error = ERROR_ILLEGAL_PARAMETER;
282  }
283 
284  //Check status code
285  if(!error)
286  {
287  //Verify RSASSA-PSS signature
288  error = rsassaPssVerify(&context->peerRsaPublicKey, hashAlgo,
289  hashAlgo->digestSize, context->clientVerifyData, signature->value,
290  ntohs(signature->length));
291  }
292 
293  //Return status code
294  return error;
295 #else
296  //RSA-PSS signature algorithm not implemented
297  return ERROR_NOT_IMPLEMENTED;
298 #endif
299 }
300 
301 
302 /**
303  * @brief ECDSA signature verification (TLS 1.3)
304  * @param[in] context Pointer to the TLS context
305  * @param[in] message Message whose signature is to be verified
306  * @param[in] length Length of the message, in bytes
307  * @param[in] signature Pointer to the digital signature to be verified
308  * @return Error code
309  **/
310 
311 error_t tls13VerifyEcdsaSignature(TlsContext *context, const uint8_t *message,
312  size_t length, const Tls13DigitalSignature *signature)
313 {
314 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED)
315  error_t error;
316  TlsSignatureScheme signScheme;
317  const HashAlgo *hashAlgo;
318  const EcCurve *curve;
319 
320  //The algorithm field specifies the signature scheme
321  signScheme = (TlsSignatureScheme) ntohs(signature->algorithm);
322 
323  //The signature algorithm must be compatible with the key in the sender's
324  //end-entity certificate (refer to RFC 8446, section 4.4.3)
325  if(context->peerCertType == TLS_CERT_ECDSA_SIGN)
326  {
327  //Get elliptic curve parameters
328  curve = context->peerEcPublicKey.curve;
329 
330  //Retrieve the hash algorithm used for signing
331  if(curve == NULL)
332  {
333  //Invalid signature scheme
334  hashAlgo = NULL;
335  }
336  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256 &&
337  osStrcmp(curve->name, "secp256r1") == 0)
338  {
339  //Select SHA-256 hash algorithm
340  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA256);
341  }
342  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384 &&
343  osStrcmp(curve->name, "secp384r1") == 0)
344  {
345  //Select SHA-384 hash algorithm
346  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA384);
347  }
348  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512 &&
349  osStrcmp(curve->name, "secp521r1") == 0)
350  {
351  //Select SHA-512 hash algorithm
352  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA512);
353  }
354  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256 &&
355  osStrcmp(curve->name, "brainpoolP256r1") == 0)
356  {
357  //Select SHA-256 hash algorithm
358  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA256);
359  }
360  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384 &&
361  osStrcmp(curve->name, "brainpoolP384r1") == 0)
362  {
363  //Select SHA-384 hash algorithm
364  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA384);
365  }
366  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512 &&
367  osStrcmp(curve->name, "brainpoolP512r1") == 0)
368  {
369  //Select SHA-512 hash algorithm
370  hashAlgo = tlsGetHashAlgo(TLS_HASH_ALGO_SHA512);
371  }
372  else
373  {
374  //Invalid signature scheme
375  hashAlgo = NULL;
376  }
377  }
378  else
379  {
380  //Invalid certificate
381  hashAlgo = NULL;
382  }
383 
384  //Pre-hash the content covered by the digital signature
385  if(hashAlgo != NULL)
386  {
387  error = hashAlgo->compute(message, length, context->clientVerifyData);
388  }
389  else
390  {
391  error = ERROR_ILLEGAL_PARAMETER;
392  }
393 
394  //Check status code
395  if(!error)
396  {
397  //Verify ECDSA signature
398  error = tlsVerifyEcdsaSignature(context, context->clientVerifyData,
399  hashAlgo->digestSize, signature->value, ntohs(signature->length));
400  }
401 
402  //Return status code
403  return error;
404 #else
405  //ECDSA signature algorithm not implemented
406  return ERROR_NOT_IMPLEMENTED;
407 #endif
408 }
409 
410 
411 /**
412  * @brief SM2 signature verification (TLS 1.3)
413  * @param[in] context Pointer to the TLS context
414  * @param[in] message Message whose signature is to be verified
415  * @param[in] length Length of the message, in bytes
416  * @param[in] signature Pointer to the digital signature to be verified
417  * @return Error code
418  **/
419 
420 error_t tls13VerifySm2Signature(TlsContext *context, const uint8_t *message,
421  size_t length, const Tls13DigitalSignature *signature)
422 {
423 #if (TLS_SM2_SIGN_SUPPORT == ENABLED)
424  error_t error;
425  EcdsaSignature sm2Signature;
426 
427  //The signature algorithm must be compatible with the key in the sender's
428  //end-entity certificate (refer to RFC 8446, section 4.4.3)
429  if(context->peerCertType == TLS_CERT_SM2_SIGN)
430  {
431  //Initialize SM2 signature
432  ecdsaInitSignature(&sm2Signature);
433 
434  //Read the ASN.1 encoded SM2 signature
435  error = ecdsaImportSignature(&sm2Signature,
436  context->peerEcPublicKey.curve, signature->value,
437  ntohs(signature->length), ECDSA_SIGNATURE_FORMAT_ASN1);
438 
439  //Check status code
440  if(!error)
441  {
442  //Verify SM2 signature
443  error = sm2VerifySignature(&context->peerEcPublicKey, SM3_HASH_ALGO,
444  SM2_TLS13_ID, osStrlen(SM2_TLS13_ID), message, length,
445  &sm2Signature);
446  }
447 
448  //Free previously allocated resources
449  ecdsaFreeSignature(&sm2Signature);
450  }
451  else
452  {
453  //Invalid certificate
454  error = ERROR_ILLEGAL_PARAMETER;
455  }
456 
457  //Return status code
458  return error;
459 #else
460  //SM2 signature algorithm not implemented
461  return ERROR_NOT_IMPLEMENTED;
462 #endif
463 }
464 
465 
466 /**
467  * @brief Ed25519 signature verification (TLS 1.3)
468  * @param[in] context Pointer to the TLS context
469  * @param[in] message Message whose signature is to be verified
470  * @param[in] length Length of the message, in bytes
471  * @param[in] signature Pointer to the digital signature to be verified
472  * @return Error code
473  **/
474 
475 error_t tls13VerifyEd25519Signature(TlsContext *context, const uint8_t *message,
476  size_t length, const Tls13DigitalSignature *signature)
477 {
478 #if (TLS_ED25519_SIGN_SUPPORT == ENABLED)
479  error_t error;
480  DataChunk messageChunks[1];
481 
482  //The signature algorithm must be compatible with the key in the sender's
483  //end-entity certificate (refer to RFC 8446, section 4.4.3)
484  if(context->peerCertType == TLS_CERT_ED25519_SIGN)
485  {
486  //Data to be verified is run through the EdDSA algorithm without pre-hashing
487  messageChunks[0].buffer = message;
488  messageChunks[0].length = length;
489 
490  //Verify Ed25519 signature (PureEdDSA mode)
491  error = tlsVerifyEd25519Signature(context, messageChunks,
492  arraysize(messageChunks), signature->value, ntohs(signature->length));
493  }
494  else
495  {
496  //Invalid certificate
497  error = ERROR_ILLEGAL_PARAMETER;
498  }
499 
500  //Return status code
501  return error;
502 #else
503  //Ed25519 signature algorithm not implemented
504  return ERROR_NOT_IMPLEMENTED;
505 #endif
506 }
507 
508 
509 /**
510  * @brief Ed448 signature verification (TLS 1.3)
511  * @param[in] context Pointer to the TLS context
512  * @param[in] message Message whose signature is to be verified
513  * @param[in] length Length of the message, in bytes
514  * @param[in] signature Pointer to the digital signature to be verified
515  * @return Error code
516  **/
517 
518 error_t tls13VerifyEd448Signature(TlsContext *context, const uint8_t *message,
519  size_t length, const Tls13DigitalSignature *signature)
520 {
521 #if (TLS_ED448_SIGN_SUPPORT == ENABLED)
522  error_t error;
523  DataChunk messageChunks[1];
524 
525  //The signature algorithm must be compatible with the key in the sender's
526  //end-entity certificate (refer to RFC 8446, section 4.4.3)
527  if(context->peerCertType == TLS_CERT_ED448_SIGN)
528  {
529  //Data to be verified is run through the EdDSA algorithm without pre-hashing
530  messageChunks[0].buffer = message;
531  messageChunks[0].length = length;
532 
533  //Verify Ed448 signature (PureEdDSA mode)
534  error = tlsVerifyEd448Signature(context, messageChunks,
535  arraysize(messageChunks), signature->value, ntohs(signature->length));
536  }
537  else
538  {
539  //Invalid certificate
540  error = ERROR_ILLEGAL_PARAMETER;
541  }
542 
543  //Return status code
544  return error;
545 #else
546  //Ed448 signature algorithm not implemented
547  return ERROR_NOT_IMPLEMENTED;
548 #endif
549 }
550 
551 #endif
tlsAllocMem
#define tlsAllocMem(size)
Definition: tls.h:867
EcdsaSignature
ECDSA signature.
Definition: ecdsa.h:63
tls_misc.h
TLS helper functions.
TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256
@ TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256
Definition: tls.h:1287
tls13VerifyEd25519Signature
error_t tls13VerifyEd25519Signature(TlsContext *context, const uint8_t *message, size_t length, const Tls13DigitalSignature *signature)
Ed25519 signature verification (TLS 1.3)
Definition: tls13_sign_verify.c:475
tls13_sign_verify.h
RSA/DSA/ECDSA/SM2/EdDSA signature verification (TLS 1.3)
tlsVerifyEd448Signature
error_t tlsVerifyEd448Signature(TlsContext *context, const DataChunk *message, uint_t messageLen, const uint8_t *signature, size_t signatureLen)
Verify Ed448 signature.
Definition: tls_sign_verify.c:671
tlsGetHashAlgo
const HashAlgo * tlsGetHashAlgo(TlsHashAlgo hashAlgoId)
Get the hash algorithm that matches the specified identifier.
Definition: tls_misc.c:1184
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256
Definition: tls.h:1277
sm2VerifySignature
error_t sm2VerifySignature(const EcPublicKey *publicKey, const HashAlgo *hashAlgo, const char_t *id, size_t idLen, const void *message, size_t messageLen, const EcdsaSignature *signature)
SM2 signature verification.
Definition: sm2.c:274
ERROR_NOT_IMPLEMENTED
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
ERROR_ILLEGAL_PARAMETER
@ ERROR_ILLEGAL_PARAMETER
Definition: error.h:244
tls13VerifySignature
error_t tls13VerifySignature(TlsContext *context, const uint8_t *p, size_t length)
Digital signature verification (TLS 1.3)
Definition: tls13_sign_verify.c:55
tlsFinalizeTranscriptHash
error_t tlsFinalizeTranscriptHash(TlsContext *context, const HashAlgo *hash, const void *hashContext, const char_t *label, uint8_t *output)
Finalize hash calculation from previous handshake messages.
Definition: tls_transcript_hash.c:252
p
uint8_t p
Definition: ndp.h:300
EcdsaSignature::curve
const EcCurve * curve
Elliptic curve parameters.
Definition: ecdsa.h:64
message
uint8_t message[]
Definition: chap.h:154
HashAlgo::digestSize
size_t digestSize
Definition: crypto.h:1088
DataChunk::buffer
const void * buffer
Definition: crypto.h:1018
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512
Definition: tls.h:1282
ERROR_OUT_OF_MEMORY
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
SM3_HASH_ALGO
#define SM3_HASH_ALGO
Definition: sm3.h:49
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512
Definition: tls.h:1279
osStrcmp
#define osStrcmp(s1, s2)
Definition: os_port.h:174
TLS_SIGN_SCHEME_ED25519
@ TLS_SIGN_SCHEME_ED25519
Definition: tls.h:1291
osStrlen
#define osStrlen(s)
Definition: os_port.h:168
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384
Definition: tls.h:1281
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384
Definition: tls.h:1278
ecdsaFreeSignature
void ecdsaFreeSignature(EcdsaSignature *signature)
Release an ECDSA signature.
Definition: ecdsa.c:86
TLS_HASH_ALGO_SHA512
@ TLS_HASH_ALGO_SHA512
Definition: tls.h:1243
tlsIsSignAlgoSupported
bool_t tlsIsSignAlgoSupported(TlsContext *context, uint16_t signScheme)
Check whether a signature algorithm can be used for digital signatures.
Definition: tls_sign_misc.c:680
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:144
TlsContext
#define TlsContext
Definition: tls.h:36
error_t
error_t
Error codes.
Definition: error.h:43
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256
Definition: tls.h:1280
TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512
@ TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512
Definition: tls.h:1286
ecdsaImportSignature
error_t ecdsaImportSignature(EcdsaSignature *signature, const EcCurve *curve, const uint8_t *data, size_t length, EcdsaSignatureFormat format)
Import an ECDSA signature.
Definition: ecdsa.c:104
TLS_CERT_ED25519_SIGN
@ TLS_CERT_ED25519_SIGN
Definition: tls.h:1226
HashAlgo::compute
HashAlgoCompute compute
Definition: crypto.h:1091
tlsVerifyEd25519Signature
error_t tlsVerifyEd25519Signature(TlsContext *context, const DataChunk *message, uint_t messageLen, const uint8_t *signature, size_t signatureLen)
Verify Ed25519 signature.
Definition: tls_sign_verify.c:622
ERROR_FAILURE
@ ERROR_FAILURE
Generic error code.
Definition: error.h:45
tls13VerifyEd448Signature
error_t tls13VerifyEd448Signature(TlsContext *context, const uint8_t *message, size_t length, const Tls13DigitalSignature *signature)
Ed448 signature verification (TLS 1.3)
Definition: tls13_sign_verify.c:518
ecdsaInitSignature
void ecdsaInitSignature(EcdsaSignature *signature)
Initialize an ECDSA signature.
Definition: ecdsa.c:73
TLS_HASH_ALGO_SHA384
@ TLS_HASH_ALGO_SHA384
Definition: tls.h:1242
TLS_CERT_RSA_PSS_SIGN
@ TLS_CERT_RSA_PSS_SIGN
Definition: tls.h:1224
TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512
@ TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512
Definition: tls.h:1289
TLS_HASH_ALGO_SHA256
@ TLS_HASH_ALGO_SHA256
Definition: tls.h:1241
TLS_CERT_ED448_SIGN
@ TLS_CERT_ED448_SIGN
Definition: tls.h:1227
TLS_CERT_RSA_SIGN
@ TLS_CERT_RSA_SIGN
Definition: tls.h:1212
length
uint8_t length
Definition: tcp.h:375
TLS_CERT_SM2_SIGN
@ TLS_CERT_SM2_SIGN
Definition: tls.h:1225
tls_sign_verify.h
RSA/DSA/ECDSA/EdDSA signature verification.
tls_transcript_hash.h
Transcript hash calculation.
DataChunk
Data chunk descriptor.
Definition: crypto.h:1017
ntohs
#define ntohs(value)
Definition: cpu_endian.h:421
tlsVerifyEcdsaSignature
error_t tlsVerifyEcdsaSignature(TlsContext *context, const uint8_t *digest, size_t digestLen, const uint8_t *signature, size_t signatureLen)
Verify ECDSA signature.
Definition: tls_sign_verify.c:551
SM2_TLS13_ID
#define SM2_TLS13_ID
Definition: sm2.h:41
ECDSA_SIGNATURE_FORMAT_ASN1
@ ECDSA_SIGNATURE_FORMAT_ASN1
Definition: ecdsa.h:51
tls13VerifyEcdsaSignature
error_t tls13VerifyEcdsaSignature(TlsContext *context, const uint8_t *message, size_t length, const Tls13DigitalSignature *signature)
ECDSA signature verification (TLS 1.3)
Definition: tls13_sign_verify.c:311
tls13VerifyRsaPssSignature
error_t tls13VerifyRsaPssSignature(TlsContext *context, const uint8_t *message, size_t length, const Tls13DigitalSignature *signature)
RSA-PSS signature verification (TLS 1.3)
Definition: tls13_sign_verify.c:207
n
uint8_t n
Definition: dhcpv6_common.h:416
TLS_SIGN_SCHEME_SM2SIG_SM3
@ TLS_SIGN_SCHEME_SM2SIG_SM3
Definition: tls.h:1290
rsassaPssVerify
error_t rsassaPssVerify(const RsaPublicKey *key, const HashAlgo *hash, size_t saltLen, const uint8_t *digest, const uint8_t *signature, size_t signatureLen)
RSASSA-PSS signature verification operation.
Definition: rsa.c:1309
TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384
@ TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384
Definition: tls.h:1288
TLS_SIGN_SCHEME_ED448
@ TLS_SIGN_SCHEME_ED448
Definition: tls.h:1292
TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384
@ TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384
Definition: tls.h:1285
Tls13DigitalSignature
Tls13DigitalSignature
Definition: tls13_misc.h:298
TLS_CONNECTION_END_CLIENT
@ TLS_CONNECTION_END_CLIENT
Definition: tls.h:990
tls13VerifySm2Signature
error_t tls13VerifySm2Signature(TlsContext *context, const uint8_t *message, size_t length, const Tls13DigitalSignature *signature)
SM2 signature verification (TLS 1.3)
Definition: tls13_sign_verify.c:420
tls_sign_misc.h
Helper functions for signature generation and verification.
tls.h
TLS (Transport Layer Security)
TLS_CERT_ECDSA_SIGN
@ TLS_CERT_ECDSA_SIGN
Definition: tls.h:1219
DataChunk::length
size_t length
Definition: crypto.h:1019
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1082
EcCurve
#define EcCurve
Definition: ec.h:346
TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256
@ TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256
Definition: tls.h:1284
TlsSignatureScheme
TlsSignatureScheme
Signature schemes.
Definition: tls.h:1271
ERROR_DECODING_FAILED
@ ERROR_DECODING_FAILED
Definition: error.h:242
osMemset
#define osMemset(p, value, length)
Definition: os_port.h:138
tlsFreeMem
#define tlsFreeMem(p)
Definition: tls.h:872
debug.h
Debugging facilities.
arraysize
#define arraysize(a)
Definition: os_port.h:71