tls_sign_misc.c File Reference

Helper functions for signature generation and verification. More...

#include "tls.h"
#include "tls_cipher_suites.h"
#include "tls_sign_misc.h"
#include "tls_misc.h"
#include "debug.h"

Go to the source code of this file.

Macros

#define TRACE_LEVEL   TLS_TRACE_LEVEL
 

Functions

error_t tlsSelectSignAlgo (TlsContext *context, const TlsCertDesc *cert, const TlsSignSchemeList *signAlgoList)
 Select the algorithm to be used when generating digital signatures. More...
 
error_t tlsFormatSignAlgosExtension (TlsContext *context, uint8_t *p, size_t *written)
 Format SignatureAlgorithms extension. More...
 
error_t tlsFormatSignAlgosCertExtension (TlsContext *context, uint8_t *p, size_t *written)
 Format SignatureAlgorithmsCert extension. More...
 
error_t tlsFormatSupportedSignAlgos (TlsContext *context, uint8_t *p, size_t *written)
 Format the list of supported signature algorithms. More...
 
bool_t tlsIsSignAlgoOffered (uint16_t signScheme, const TlsSignSchemeList *signSchemeList)
 Check whether a signature algorithm is offered in the SignatureAlgorithms extension. More...
 
bool_t tlsIsSignAlgoAcceptable (TlsContext *context, uint16_t signScheme, const TlsCertDesc *cert)
 Check whether a signature algorithm is compatible with the specified end-entity certificate. More...
 
bool_t tlsIsSignAlgoSupported (TlsContext *context, uint16_t signScheme)
 Check whether a signature algorithm can be used for digital signatures. More...
 
bool_t tlsIsCertSignAlgoSupported (uint16_t signScheme)
 Check whether a signature algorithm can be used for X.509 certificate validation. More...
 

Variables

const uint16_t tlsSupportedSignAlgos []
 

Detailed Description

Helper functions for signature generation and verification.

License

SPDX-License-Identifier: GPL-2.0-or-later

Copyright (C) 2022-2024 Oryx Embedded SARL. All rights reserved.

This file is part of CycloneIPSEC Open.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Author
Oryx Embedded SARL (www.oryx-embedded.com)
Version
2.4.4

Definition in file tls_sign_misc.c.

Macro Definition Documentation

◆ TRACE_LEVEL

#define TRACE_LEVEL   TLS_TRACE_LEVEL

Definition at line 32 of file tls_sign_misc.c.

Function Documentation

◆ tlsFormatSignAlgosCertExtension()

error_t tlsFormatSignAlgosCertExtension ( TlsContext context,
uint8_t *  p,
size_t *  written 
)

Format SignatureAlgorithmsCert extension.

Parameters
[in]contextPointer to the TLS context
[in]pOutput stream where to write the SignatureAlgorithmsCert extension
[out]writtenTotal number of bytes that have been written
Returns
Error code

Definition at line 292 of file tls_sign_misc.c.

◆ tlsFormatSignAlgosExtension()

error_t tlsFormatSignAlgosExtension ( TlsContext context,
uint8_t *  p,
size_t *  written 
)

Format SignatureAlgorithms extension.

Parameters
[in]contextPointer to the TLS context
[in]pOutput stream where to write the SignatureAlgorithms extension
[out]writtenTotal number of bytes that have been written
Returns
Error code

Definition at line 229 of file tls_sign_misc.c.

◆ tlsFormatSupportedSignAlgos()

error_t tlsFormatSupportedSignAlgos ( TlsContext context,
uint8_t *  p,
size_t *  written 
)

Format the list of supported signature algorithms.

Parameters
[in]contextPointer to the TLS context
[in]pOutput stream where to write the list of signature algorithms
[out]writtenTotal number of bytes that have been written
Returns
Error code

Definition at line 362 of file tls_sign_misc.c.

◆ tlsIsCertSignAlgoSupported()

bool_t tlsIsCertSignAlgoSupported ( uint16_t  signScheme)

Check whether a signature algorithm can be used for X.509 certificate validation.

Parameters
[in]signSchemeSignature scheme
Returns
TRUE if the signature algorithm is supported, else FALSE

Definition at line 1008 of file tls_sign_misc.c.

◆ tlsIsSignAlgoAcceptable()

bool_t tlsIsSignAlgoAcceptable ( TlsContext context,
uint16_t  signScheme,
const TlsCertDesc cert 
)

Check whether a signature algorithm is compatible with the specified end-entity certificate.

Parameters
[in]contextPointer to the TLS context
[in]signSchemeSignature scheme
[in]certEnd entity certificate
Returns
TRUE if the signature algorithm is compatible, else FALSE

Definition at line 474 of file tls_sign_misc.c.

◆ tlsIsSignAlgoOffered()

bool_t tlsIsSignAlgoOffered ( uint16_t  signScheme,
const TlsSignSchemeList signSchemeList 
)

Check whether a signature algorithm is offered in the SignatureAlgorithms extension.

Parameters
[in]signSchemeSignature scheme
[in]signSchemeListList of signature schemes
Returns
TRUE if the signature algorithm is offered in the SignatureAlgorithms extension, else FALSE

Definition at line 431 of file tls_sign_misc.c.

◆ tlsIsSignAlgoSupported()

bool_t tlsIsSignAlgoSupported ( TlsContext context,
uint16_t  signScheme 
)

Check whether a signature algorithm can be used for digital signatures.

Parameters
[in]contextPointer to the TLS context
[in]signSchemeSignature scheme
Returns
TRUE if the signature algorithm is supported, else FALSE

Definition at line 667 of file tls_sign_misc.c.

◆ tlsSelectSignAlgo()

error_t tlsSelectSignAlgo ( TlsContext context,
const TlsCertDesc cert,
const TlsSignSchemeList signAlgoList 
)

Select the algorithm to be used when generating digital signatures.

Parameters
[in]contextPointer to the TLS context
[in]certEnd entity certificate
[in]signAlgoListList of signature/hash algorithm pairs offered by the peer
Returns
Error code

Definition at line 85 of file tls_sign_misc.c.

Variable Documentation

◆ tlsSupportedSignAlgos

@ TLS_SIGN_ALGO_DSA
Definition: tls.h:1233
@ TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256
Definition: tls.h:1263
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256
Definition: tls.h:1253
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512
Definition: tls.h:1258
@ TLS_HASH_ALGO_SHA1
Definition: tls.h:1215
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512
Definition: tls.h:1255
@ TLS_SIGN_SCHEME_ED25519
Definition: tls.h:1267
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384
Definition: tls.h:1257
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384
Definition: tls.h:1254
@ TLS_HASH_ALGO_SHA224
Definition: tls.h:1216
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA1
Definition: tls.h:1249
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256
Definition: tls.h:1256
@ TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512
Definition: tls.h:1262
@ TLS_SIGN_SCHEME_ECDSA_SHA1
Definition: tls.h:1259
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA256
Definition: tls.h:1250
@ TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512
Definition: tls.h:1265
@ TLS_HASH_ALGO_SHA256
Definition: tls.h:1217
@ TLS_SIGN_SCHEME_SM2SIG_SM3
Definition: tls.h:1266
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA512
Definition: tls.h:1252
@ TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384
Definition: tls.h:1264
@ TLS_SIGN_SCHEME_ED448
Definition: tls.h:1268
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA384
Definition: tls.h:1251
@ TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384
Definition: tls.h:1261
@ TLS_SIGN_ALGO_RSA
Definition: tls.h:1232
@ TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256
Definition: tls.h:1260
@ TLS_SIGN_ALGO_ECDSA
Definition: tls.h:1234
#define TLS_SIGN_SCHEME(signAlgo, hashAlgo)
Definition: tls.h:941