tls_sign_misc.c
Go to the documentation of this file.
1 /**
2  * @file tls_sign_misc.c
3  * @brief Helper functions for signature generation and verification
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneIPSEC Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.5.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
33 
34 //Dependencies
35 #include "tls.h"
36 #include "tls_cipher_suites.h"
37 #include "tls_sign_misc.h"
38 #include "tls_misc.h"
39 #include "debug.h"
40 
41 //Check TLS library configuration
42 #if (TLS_SUPPORT == ENABLED)
43 
44 //List of supported signature algorithms
45 const uint16_t tlsSupportedSignAlgos[] =
46 {
47  TLS_SIGN_SCHEME_ED25519,
48  TLS_SIGN_SCHEME_ED448,
49  TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256,
50  TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384,
51  TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512,
52  TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256,
53  TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384,
54  TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512,
55  TLS_SIGN_SCHEME_SM2SIG_SM3,
56  TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256,
57  TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384,
58  TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512,
59  TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256,
60  TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384,
61  TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512,
62  TLS_SIGN_SCHEME_RSA_PKCS1_SHA256,
63  TLS_SIGN_SCHEME_RSA_PKCS1_SHA384,
64  TLS_SIGN_SCHEME_RSA_PKCS1_SHA512,
65  TLS_SIGN_SCHEME(TLS_SIGN_ALGO_DSA, TLS_HASH_ALGO_SHA256),
66  TLS_SIGN_SCHEME(TLS_SIGN_ALGO_ECDSA, TLS_HASH_ALGO_SHA224),
67  TLS_SIGN_SCHEME(TLS_SIGN_ALGO_RSA, TLS_HASH_ALGO_SHA224),
68  TLS_SIGN_SCHEME(TLS_SIGN_ALGO_DSA, TLS_HASH_ALGO_SHA224),
69  TLS_SIGN_SCHEME_ECDSA_SHA1,
70  TLS_SIGN_SCHEME_RSA_PKCS1_SHA1,
71  TLS_SIGN_SCHEME(TLS_SIGN_ALGO_DSA, TLS_HASH_ALGO_SHA1),
72  TLS_SIGN_SCHEME(TLS_SIGN_ALGO_RSA, TLS_HASH_ALGO_MD5)
73 };
74 
75 
76 /**
77  * @brief Select the algorithm to be used when generating digital signatures
78  * @param[in] context Pointer to the TLS context
79  * @param[in] cert End entity certificate
80  * @param[in] signAlgoList List of signature/hash algorithm pairs offered by
81  * the peer
82  * @return Error code
83  **/
84 
85 error_t tlsSelectSignAlgo(TlsContext *context, const TlsCertDesc *cert,
86  const TlsSignSchemeList *signAlgoList)
87 {
88  error_t error;
89 
90  //Initialize status code
91  error = NO_ERROR;
92  //Default signature algorithm
93  context->signScheme = TLS_SIGN_SCHEME_NONE;
94 
95 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
96  //TLS 1.0 or TLS 1.1 currently selected?
97  if(context->version <= TLS_VERSION_1_1)
98  {
99  //Check certificate type
100  if(cert->type != TLS_CERT_RSA_SIGN &&
101  cert->type != TLS_CERT_DSS_SIGN &&
102  cert->type != TLS_CERT_ECDSA_SIGN)
103  {
104  error = ERROR_HANDSHAKE_FAILED;
105  }
106  }
107  else
108 #endif
109 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
110  //TLS 1.2 or TLS 1.3 currently selected?
111  if(context->version >= TLS_VERSION_1_2)
112  {
113  uint_t i;
114  uint_t n;
115  uint16_t signScheme;
116 
117  //Check whether the peer has provided a list of supported signature
118  //algorithms
119  if(signAlgoList != NULL)
120  {
121  //Any preferred preferred signature algorithms?
122  if(context->numSupportedSignAlgos > 0)
123  {
124  //Loop through the list of allowed signature algorithms (most
125  //preferred first)
126  for(i = 0; i < context->numSupportedSignAlgos; i++)
127  {
128  //Get current signature algorithm
129  signScheme = context->supportedSignAlgos[i];
130 
131  //Check whether the signature algorithm is offered by the peer
132  if(tlsIsSignAlgoOffered(signScheme, signAlgoList))
133  {
134  //The signature algorithm must be compatible with the key in
135  //the end-entity certificate (refer to RFC 5246, section 7.4.3)
136  if(tlsIsSignAlgoAcceptable(context, signScheme, cert))
137  {
138  //Check whether the signature algorithm is supported
139  if(tlsIsSignAlgoSupported(context, signScheme))
140  {
141  context->signScheme = (TlsSignatureScheme) signScheme;
142  break;
143  }
144  }
145  }
146  }
147  }
148  else
149  {
150  //Retrieve the number of items in the list
151  n = ntohs(signAlgoList->length) / sizeof(uint16_t);
152 
153  //Loop through the list of signature algorithms offered by the peer
154  for(i = 0; i < n; i++)
155  {
156  //Each SignatureScheme value lists a single signature algorithm
157  signScheme = ntohs(signAlgoList->value[i]);
158 
159  //The signature algorithm must be compatible with the key in the
160  //end-entity certificate (refer to RFC 5246, section 7.4.3)
161  if(tlsIsSignAlgoAcceptable(context, signScheme, cert))
162  {
163  //Check whether the signature algorithm is supported
164  if(tlsIsSignAlgoSupported(context, signScheme))
165  {
166  context->signScheme = (TlsSignatureScheme) signScheme;
167  break;
168  }
169  }
170  }
171  }
172  }
173  else
174  {
175  //TLS 1.2 clients may omit the SignatureAlgorithms extension
176  if(context->version == TLS_VERSION_1_2)
177  {
178  //Check certificate type
179  if(cert->type == TLS_CERT_RSA_SIGN)
180  {
181  //If the negotiated key exchange algorithm is one of RSA,
182  //DHE_RSA, DH_RSA, RSA_PSK, ECDH_RSA, ECDHE_RSA, behave as if
183  //client had sent the value {sha1,rsa}
184  signScheme = TLS_SIGN_SCHEME(TLS_SIGN_ALGO_RSA,
185  TLS_HASH_ALGO_SHA1);
186  }
187  else if(cert->type == TLS_CERT_DSS_SIGN)
188  {
189  //If the negotiated key exchange algorithm is one of DHE_DSS,
190  //DH_DSS, behave as if the client had sent the value {sha1,dsa}
191  signScheme = TLS_SIGN_SCHEME(TLS_SIGN_ALGO_DSA,
192  TLS_HASH_ALGO_SHA1);
193  }
194  else if(cert->type == TLS_CERT_ECDSA_SIGN)
195  {
196  //If the negotiated key exchange algorithm is one of ECDH_ECDSA,
197  //ECDHE_ECDSA, behave as if the client had sent value {sha1,ecdsa}
198  signScheme = TLS_SIGN_SCHEME(TLS_SIGN_ALGO_ECDSA,
199  TLS_HASH_ALGO_SHA1);
200  }
201  else
202  {
203  //Unknown certificate type
204  signScheme = TLS_SIGN_SCHEME_NONE;
205  }
206 
207  //Check whether the signature algorithm is supported
208  if(tlsIsSignAlgoSupported(context, signScheme))
209  {
210  context->signScheme = (TlsSignatureScheme) signScheme;
211  }
212  }
213  }
214 
215  //If no acceptable choices are presented, return an error
216  if(context->signScheme == TLS_SIGN_SCHEME_NONE)
217  {
218  error = ERROR_HANDSHAKE_FAILED;
219  }
220  }
221  else
222 #endif
223  //Invalid TLS version?
224  {
225  //Report an error
226  error = ERROR_INVALID_VERSION;
227  }
228 
229  //Return status code
230  return error;
231 }
232 
233 
234 /**
235  * @brief Format SignatureAlgorithms extension
236  * @param[in] context Pointer to the TLS context
237  * @param[in] p Output stream where to write the SignatureAlgorithms extension
238  * @param[out] written Total number of bytes that have been written
239  * @return Error code
240  **/
241 
242 error_t tlsFormatSignAlgosExtension(TlsContext *context, uint8_t *p,
243  size_t *written)
244 {
245  error_t error;
246  size_t n;
247 
248  //Initialize status code
249  error = NO_ERROR;
250 
251 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
252  //Check whether TLS 1.2 or TLS 1.3 is supported
253  if(context->versionMax >= TLS_VERSION_1_2)
254  {
255  TlsExtension *extension;
256 
257  //Add the SignatureAlgorithms extension
258  extension = (TlsExtension *) p;
259  //Type of the extension
260  extension->type = HTONS(TLS_EXT_SIGNATURE_ALGORITHMS);
261 
262  //The SignatureAlgorithms extension indicates which signature/hash
263  //algorithm pairs may be used in digital signatures
264  error = tlsFormatSupportedSignAlgos(context, extension->value, &n);
265 
266  //Check status code
267  if(!error)
268  {
269  //Fix the length of the extension
270  extension->length = htons(n);
271 
272  //Compute the length, in bytes, of the SignatureAlgorithms extension
273  n += sizeof(TlsExtension);
274  }
275  }
276  else
277 #endif
278  {
279  //This extension is not meaningful for TLS versions prior to 1.2.
280  //Clients must not offer it if they are offering prior versions (refer
281  //to RFC 5246, section 7.4.1.4.1)
282  n = 0;
283  }
284 
285  //Check status code
286  if(!error)
287  {
288  //Total number of bytes that have been written
289  *written = n;
290  }
291 
292  //Return status code
293  return error;
294 }
295 
296 
297 /**
298  * @brief Format SignatureAlgorithmsCert extension
299  * @param[in] context Pointer to the TLS context
300  * @param[in] p Output stream where to write the SignatureAlgorithmsCert extension
301  * @param[out] written Total number of bytes that have been written
302  * @return Error code
303  **/
304 
305 error_t tlsFormatSignAlgosCertExtension(TlsContext *context,
306  uint8_t *p, size_t *written)
307 {
308  size_t n = 0;
309 
310 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
311  //TLS 1.2 implementations should also process this extension
312  if(context->versionMax >= TLS_VERSION_1_2)
313  {
314  uint_t i;
315  TlsExtension *extension;
316  TlsSignSchemeList *signAlgoList;
317 
318  //Add the SignatureAlgorithmsCert extension
319  extension = (TlsExtension *) p;
320  //Type of the extension
321  extension->type = HTONS(TLS_EXT_SIGNATURE_ALGORITHMS_CERT);
322 
323  //The SignatureAlgorithmsCert extension allows an implementation to
324  //indicate which signature algorithms it can validate in X.509
325  //certificates
326  signAlgoList = (TlsSignSchemeList *) extension->value;
327 
328  //Enumerate the hash/signature algorithm pairs in descending order
329  //of preference
330  n = 0;
331 
332  //Loop through the list of supported signature algorithms
333  for(i = 0; i < arraysize(tlsSupportedSignAlgos); i++)
334  {
335  //Check whether the signature algorithm can be used for X.509
336  //certificate validation
337  if(tlsIsCertSignAlgoSupported(tlsSupportedSignAlgos[i]))
338  {
339  //Add the current signature algorithm to the list
340  signAlgoList->value[n++] = htons(tlsSupportedSignAlgos[i]);
341  }
342  }
343 
344  //Compute the length, in bytes, of the list
345  n *= sizeof(uint16_t);
346  //Fix the length of the list
347  signAlgoList->length = htons(n);
348 
349  //Consider the 2-byte length field that precedes the list
350  n += sizeof(TlsSignSchemeList);
351  //Fix the length of the extension
352  extension->length = htons(n);
353 
354  //Compute the length, in bytes, of the SignatureAlgorithmsCert extension
355  n += sizeof(TlsExtension);
356  }
357 #endif
358 
359  //Total number of bytes that have been written
360  *written = n;
361 
362  //Successful processing
363  return NO_ERROR;
364 }
365 
366 
367 /**
368  * @brief Format the list of supported signature algorithms
369  * @param[in] context Pointer to the TLS context
370  * @param[in] p Output stream where to write the list of signature algorithms
371  * @param[out] written Total number of bytes that have been written
372  * @return Error code
373  **/
374 
375 error_t tlsFormatSupportedSignAlgos(TlsContext *context, uint8_t *p,
376  size_t *written)
377 {
378 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
379  uint_t i;
380  size_t n;
381  uint_t numSupportedSignAlgos;
382  const uint16_t *supportedSignAlgos;
383  TlsSignSchemeList *signAlgoList;
384 
385  //The list contains the hash/signature algorithm pairs that the
386  //implementation is able to verify
387  signAlgoList = (TlsSignSchemeList *) p;
388 
389  //Any preferred preferred signature algorithms?
390  if(context->numSupportedSignAlgos > 0)
391  {
392  //Point to the list of preferred signature algorithms
393  supportedSignAlgos = context->supportedSignAlgos;
394  numSupportedSignAlgos = context->numSupportedSignAlgos;
395  }
396  else
397  {
398  //Point to the list of default signature algorithms
399  supportedSignAlgos = tlsSupportedSignAlgos;
400  numSupportedSignAlgos = arraysize(tlsSupportedSignAlgos);
401  }
402 
403  //Enumerate the hash/signature algorithm pairs in descending order of
404  //preference
405  n = 0;
406 
407  //Loop through the list of signature algorithms
408  for(i = 0; i < numSupportedSignAlgos; i++)
409  {
410  //Check whether the signature algorithm can be used in digital signature
411  if(tlsIsSignAlgoSupported(context, supportedSignAlgos[i]))
412  {
413  //Add the current signature algorithm to the list
414  signAlgoList->value[n++] = htons(supportedSignAlgos[i]);
415  }
416  }
417 
418  //Compute the length, in bytes, of the list
419  n *= sizeof(uint16_t);
420  //Fix the length of the list
421  signAlgoList->length = htons(n);
422 
423  //Total number of bytes that have been written
424  *written = n + sizeof(TlsSignSchemeList);
425 
426  //Successful processing
427  return NO_ERROR;
428 #else
429  //Not implemented
430  return FALSE;
431 #endif
432 }
433 
434 
435 /**
436  * @brief Check whether a signature algorithm is offered in the
437  * SignatureAlgorithms extension
438  * @param[in] signScheme Signature scheme
439  * @param[in] signSchemeList List of signature schemes
440  * @return TRUE if the signature algorithm is offered in the
441  * SignatureAlgorithms extension, else FALSE
442  **/
443 
444 bool_t tlsIsSignAlgoOffered(uint16_t signScheme,
445  const TlsSignSchemeList *signSchemeList)
446 {
447  uint_t i;
448  uint_t n;
449  bool_t found;
450 
451  //Initialize flag
452  found = FALSE;
453 
454  //Valid SignatureAlgorithms extension?
455  if(signSchemeList != NULL)
456  {
457  //Get the number of signature algorithms present in the list
458  n = ntohs(signSchemeList->length) / sizeof(uint16_t);
459 
460  //Loop through the list of signature algorithms offered in the
461  //SignatureAlgorithms extension
462  for(i = 0; i < n && !found; i++)
463  {
464  //Matching signature algorithm?
465  if(ntohs(signSchemeList->value[i]) == signScheme)
466  {
467  found = TRUE;
468  }
469  }
470  }
471 
472  //Return TRUE if the signature algorithm is offered in the
473  //SignatureAlgorithms extension
474  return found;
475 }
476 
477 
478 /**
479  * @brief Check whether a signature algorithm is compatible with the specified
480  * end-entity certificate
481  * @param[in] context Pointer to the TLS context
482  * @param[in] signScheme Signature scheme
483  * @param[in] cert End entity certificate
484  * @return TRUE if the signature algorithm is compatible, else FALSE
485  **/
486 
487 bool_t tlsIsSignAlgoAcceptable(TlsContext *context, uint16_t signScheme,
488  const TlsCertDesc *cert)
489 {
490  bool_t acceptable;
491 
492  //Initialize flag
493  acceptable = FALSE;
494 
495 #if (TLS_RSA_SIGN_SUPPORT == ENABLED)
496  //RSA certificate?
497  if(cert->type == TLS_CERT_RSA_SIGN)
498  {
499  //Check signature scheme
500  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_RSA)
501  {
502  //In TLS 1.3, RSASSA-PKCS1-v1_5 signature algorithms refer solely to
503  //signatures which appear in certificates and are not defined for use
504  //in signed TLS handshake messages
505  if(context->version <= TLS_VERSION_1_2)
506  {
507  acceptable = TRUE;
508  }
509  }
510  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256 ||
511  signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384 ||
512  signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512)
513  {
514  //TLS 1.2 or TLS 1.3 currently selected?
515  if(context->version >= TLS_VERSION_1_2)
516  {
517  acceptable = TRUE;
518  }
519  }
520  else
521  {
522  //Just for sanity
523  }
524  }
525  else
526 #endif
527 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED)
528  //RSA-PSS certificate?
529  if(cert->type == TLS_CERT_RSA_PSS_SIGN)
530  {
531  //TLS 1.2 or TLS 1.3 currently selected?
532  if(context->version >= TLS_VERSION_1_2)
533  {
534  //Check signature scheme
535  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256 ||
536  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384 ||
537  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512)
538  {
539  acceptable = TRUE;
540  }
541  }
542  }
543  else
544 #endif
545 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
546  //DSA certificate?
547  if(cert->type == TLS_CERT_DSS_SIGN)
548  {
549  //TLS 1.3 removes support for DSA certificates
550  if(context->version <= TLS_VERSION_1_2)
551  {
552  //Check signature scheme
553  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_DSA)
554  {
555  acceptable = TRUE;
556  }
557  }
558  }
559  else
560 #endif
561 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED)
562  //ECDSA certificate?
563  if(cert->type == TLS_CERT_ECDSA_SIGN)
564  {
565  //Version of TLS prior to TLS 1.3?
566  if(context->version <= TLS_VERSION_1_2)
567  {
568  //Check signature scheme
569  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_ECDSA)
570  {
571  acceptable = TRUE;
572  }
573  }
574  else
575  {
576  //Check signature scheme against elliptic curve
577  if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256 &&
578  cert->namedCurve == TLS_GROUP_SECP256R1)
579  {
580  acceptable = TRUE;
581  }
582  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384 &&
583  cert->namedCurve == TLS_GROUP_SECP384R1)
584  {
585  acceptable = TRUE;
586  }
587  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512 &&
588  cert->namedCurve == TLS_GROUP_SECP521R1)
589  {
590  acceptable = TRUE;
591  }
592  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256 &&
593  cert->namedCurve == TLS_GROUP_BRAINPOOLP256R1)
594  {
595  acceptable = TRUE;
596  }
597  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384 &&
598  cert->namedCurve == TLS_GROUP_BRAINPOOLP384R1)
599  {
600  acceptable = TRUE;
601  }
602  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512 &&
603  cert->namedCurve == TLS_GROUP_BRAINPOOLP512R1)
604  {
605  acceptable = TRUE;
606  }
607  else
608  {
609  }
610  }
611  }
612  else
613 #endif
614 #if (TLS_SM2_SIGN_SUPPORT == ENABLED)
615  //SM2 certificate?
616  if(cert->type == TLS_CERT_SM2_SIGN)
617  {
618  //TLS 1.3 currently selected?
619  if(context->version >= TLS_VERSION_1_3)
620  {
621  //Check signature scheme
622  if(signScheme == TLS_SIGN_SCHEME_SM2SIG_SM3)
623  {
624  acceptable = TRUE;
625  }
626  }
627  }
628  else
629 #endif
630 #if (TLS_ED25519_SIGN_SUPPORT == ENABLED)
631  //Ed25519 certificate?
632  if(cert->type == TLS_CERT_ED25519_SIGN)
633  {
634  //TLS 1.2 or TLS 1.3 currently selected?
635  if(context->version >= TLS_VERSION_1_2)
636  {
637  //Check signature scheme
638  if(signScheme == TLS_SIGN_SCHEME_ED25519)
639  {
640  acceptable = TRUE;
641  }
642  }
643  }
644  else
645 #endif
646 #if (TLS_ED448_SIGN_SUPPORT == ENABLED)
647  //Ed448 certificate?
648  if(cert->type == TLS_CERT_ED448_SIGN)
649  {
650  //TLS 1.2 or TLS 1.3 currently selected?
651  if(context->version >= TLS_VERSION_1_2)
652  {
653  //Check signature scheme
654  if(signScheme == TLS_SIGN_SCHEME_ED448)
655  {
656  acceptable = TRUE;
657  }
658  }
659  }
660  else
661 #endif
662  //Unsupported certificate type?
663  {
664  //Just for sanity
665  }
666 
667  //Return TRUE is the signature algorithm is compatible with the key in the
668  //end-entity certificate
669  return acceptable;
670 }
671 
672 
673 /**
674  * @brief Check whether a signature algorithm can be used for digital signatures
675  * @param[in] context Pointer to the TLS context
676  * @param[in] signScheme Signature scheme
677  * @return TRUE if the signature algorithm is supported, else FALSE
678  **/
679 
680 bool_t tlsIsSignAlgoSupported(TlsContext *context, uint16_t signScheme)
681 {
682 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
683  uint_t i;
684  uint_t cipherSuiteTypes;
685  TlsHashAlgo hashAlgoId;
686  const HashAlgo *hashAlgo;
687 
688  //Hash algorithm used by the signature scheme
689  hashAlgoId = TLS_HASH_ALGO_NONE;
690 
691  //Check TLS version
692  if(context->version <= TLS_VERSION_1_2)
693  {
694  //Check current state
695  if(context->state == TLS_STATE_CERTIFICATE_REQUEST ||
696  context->state == TLS_STATE_CLIENT_CERTIFICATE_VERIFY)
697  {
698  cipherSuiteTypes = TLS_CIPHER_SUITE_TYPE_RSA |
699  TLS_CIPHER_SUITE_TYPE_DSA | TLS_CIPHER_SUITE_TYPE_ECDSA;
700  }
701  else
702  {
703  cipherSuiteTypes = context->cipherSuiteTypes;
704  }
705  }
706  else
707  {
708  cipherSuiteTypes = context->cipherSuiteTypes;
709  }
710 
711 #if (TLS_RSA_SIGN_SUPPORT == ENABLED)
712  //RSASSA-PKCS1-v1_5 signature algorithm?
713  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_RSA)
714  {
715  //Any RSA cipher suite proposed by the client?
716  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
717  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
718  {
719  //Filter out hash algorithm
720  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_MD5 ||
721  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1 ||
722  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224 ||
723  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256 ||
724  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA384 ||
725  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA512)
726  {
727  //Check whether the hash algorithm is supported
728  if(tlsGetHashAlgo(TLS_HASH_ALGO(signScheme)) != NULL)
729  {
730  hashAlgoId = TLS_HASH_ALGO(signScheme);
731  }
732  }
733  }
734  }
735  else
736 #endif
737 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
738  //DSA signature algorithm?
739  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_DSA)
740  {
741  //Any DSA cipher suite proposed by the client?
742  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_DSA) != 0 ||
743  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
744  {
745  //Filter out hash algorithm
746  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1 ||
747  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224 ||
748  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256)
749  {
750  //Check whether the hash algorithm is supported
751  if(tlsGetHashAlgo(TLS_HASH_ALGO(signScheme)) != NULL)
752  {
753  hashAlgoId = TLS_HASH_ALGO(signScheme);
754  }
755  }
756  }
757  }
758  else
759 #endif
760 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED)
761  //ECDSA signature algorithm?
762  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_ECDSA)
763  {
764  //Any ECC cipher suite proposed by the client?
765  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECDSA) != 0 ||
766  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
767  {
768  //Filter out hash algorithm
769  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1 ||
770  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224 ||
771  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256 ||
772  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA384 ||
773  TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA512)
774  {
775  //Check whether the hash algorithm is supported
776  if(tlsGetHashAlgo(TLS_HASH_ALGO(signScheme)) != NULL)
777  {
778  hashAlgoId = TLS_HASH_ALGO(signScheme);
779  }
780  }
781  }
782  }
783  else
784 #endif
785 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA256_SUPPORT == ENABLED)
786  //RSASSA-PSS RSAE signature algorithm with SHA-256?
787  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256)
788  {
789  //Any RSA cipher suite proposed by the client?
790  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
791  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
792  {
793  hashAlgoId = TLS_HASH_ALGO_SHA256;
794  }
795  }
796  else
797 #endif
798 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA384_SUPPORT == ENABLED)
799  //RSASSA-PSS RSAE signature algorithm with SHA-384?
800  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384)
801  {
802  //Any RSA cipher suite proposed by the client?
803  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
804  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
805  {
806  hashAlgoId = TLS_HASH_ALGO_SHA384;
807  }
808  }
809  else
810 #endif
811 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA512_SUPPORT == ENABLED)
812  //RSASSA-PSS RSAE signature algorithm with SHA-512?
813  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512)
814  {
815  //Any RSA cipher suite proposed by the client?
816  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
817  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
818  {
819  hashAlgoId = TLS_HASH_ALGO_SHA512;
820  }
821  }
822  else
823 #endif
824 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA256_SUPPORT == ENABLED)
825  //RSASSA-PSS PSS signature algorithm with SHA-256?
826  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256)
827  {
828  //Any RSA cipher suite proposed by the client?
829  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
830  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
831  {
832  //Check whether the X.509 library can parse RSA-PSS certificates
833  if(x509IsSignAlgoSupported(X509_SIGN_ALGO_RSA_PSS))
834  {
835  hashAlgoId = TLS_HASH_ALGO_SHA256;
836  }
837  }
838  }
839  else
840 #endif
841 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA384_SUPPORT == ENABLED)
842  //RSASSA-PSS PSS signature algorithm with SHA-384?
843  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384)
844  {
845  //Any RSA cipher suite proposed by the client?
846  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
847  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
848  {
849  //Check whether the X.509 library can parse RSA-PSS certificates
850  if(x509IsSignAlgoSupported(X509_SIGN_ALGO_RSA_PSS))
851  {
852  hashAlgoId = TLS_HASH_ALGO_SHA384;
853  }
854  }
855  }
856  else
857 #endif
858 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA512_SUPPORT == ENABLED)
859  //RSASSA-PSS PSS signature algorithm with SHA-512?
860  if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512)
861  {
862  //Any RSA cipher suite proposed by the client?
863  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_RSA) != 0 ||
864  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
865  {
866  //Check whether the X.509 library can parse RSA-PSS certificates
867  if(x509IsSignAlgoSupported(X509_SIGN_ALGO_RSA_PSS))
868  {
869  hashAlgoId = TLS_HASH_ALGO_SHA512;
870  }
871  }
872  }
873  else
874 #endif
875 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED && TLS_SHA256_SUPPORT == ENABLED && \
876  TLS_BRAINPOOLP256R1_SUPPORT == ENABLED)
877  //ECDSA signature algorithm with brainpoolP256 curve and SHA-256?
878  if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256)
879  {
880  //Any TLS 1.3 cipher suite proposed by the client?
881  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
882  {
883  hashAlgoId = TLS_HASH_ALGO_SHA256;
884  }
885  }
886  else
887 #endif
888 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED && TLS_SHA384_SUPPORT == ENABLED && \
889  TLS_BRAINPOOLP384R1_SUPPORT == ENABLED)
890  //ECDSA signature algorithm with brainpoolP384 curve and SHA-384?
891  if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384)
892  {
893  //Any TLS 1.3 cipher suite proposed by the client?
894  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
895  {
896  hashAlgoId = TLS_HASH_ALGO_SHA384;
897  }
898  }
899  else
900 #endif
901 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED && TLS_SHA512_SUPPORT == ENABLED && \
902  TLS_BRAINPOOLP512R1_SUPPORT == ENABLED)
903  //ECDSA signature algorithm with brainpoolP512 curve and SHA-512?
904  if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512)
905  {
906  //Any TLS 1.3 cipher suite proposed by the client?
907  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
908  {
909  hashAlgoId = TLS_HASH_ALGO_SHA512;
910  }
911  }
912  else
913 #endif
914 #if (TLS_SM2_SIGN_SUPPORT == ENABLED)
915  //SM2 signature algorithm?
916  if(signScheme == TLS_SIGN_SCHEME_SM2SIG_SM3)
917  {
918  //Any ShangMi cipher suite proposed by the client?
919  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_SM) != 0)
920  {
921  hashAlgoId = TLS_HASH_ALGO_INTRINSIC;
922  }
923  }
924  else
925 #endif
926 #if (TLS_ED25519_SIGN_SUPPORT == ENABLED)
927  //Ed25519 signature algorithm?
928  if(signScheme == TLS_SIGN_SCHEME_ED25519)
929  {
930  //Any ECC cipher suite proposed by the client?
931  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECDSA) != 0 ||
932  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
933  {
934  hashAlgoId = TLS_HASH_ALGO_INTRINSIC;
935  }
936  }
937  else
938 #endif
939 #if (TLS_ED448_SIGN_SUPPORT == ENABLED)
940  //Ed448 signature algorithm?
941  if(signScheme == TLS_SIGN_SCHEME_ED448)
942  {
943  //Any ECC cipher suite proposed by the client?
944  if((cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_ECDSA) != 0 ||
945  (cipherSuiteTypes & TLS_CIPHER_SUITE_TYPE_TLS13) != 0)
946  {
947  hashAlgoId = TLS_HASH_ALGO_INTRINSIC;
948  }
949  }
950  else
951 #endif
952  {
953  //Unknown signature algorithm
954  }
955 
956  //Check TLS version
957  if(context->version <= TLS_VERSION_1_2)
958  {
959  //Check current state
960  if(context->state == TLS_STATE_CERTIFICATE_REQUEST ||
961  context->state == TLS_STATE_CLIENT_CERTIFICATE_VERIFY)
962  {
963  //Get the hash algorithm that matches the specified identifier
964  hashAlgo = tlsGetHashAlgo(hashAlgoId);
965 
966  //Check whether the hash algorithm is supported
967  if(hashAlgo != NULL)
968  {
969  //In TLS versions prior to 1.3, the client implementation can only
970  //generate a CertificateVerify using SHA-1 or the hash used by
971  //the PRF. Supporting all hash algorithms would require the client
972  //to maintain hashes for every possible signature algorithm that
973  //the server may request...
974  if(hashAlgoId != TLS_HASH_ALGO_SHA1 &&
975  hashAlgo != context->cipherSuite.prfHashAlgo)
976  {
977  hashAlgoId = TLS_HASH_ALGO_NONE;
978  }
979  }
980  else
981  {
982  hashAlgoId = TLS_HASH_ALGO_NONE;
983  }
984  }
985  }
986 
987  //Restrict the use of certain signature algorithms
988  if(context->numSupportedSignAlgos > 0)
989  {
990  //Loop through the list of allowed signature algorithms
991  for(i = 0; i < context->numSupportedSignAlgos; i++)
992  {
993  //Compare signature schemes
994  if(context->supportedSignAlgos[i] == signScheme)
995  break;
996  }
997 
998  //Check whether the use of the signature algorithm is restricted
999  if(i >= context->numSupportedSignAlgos)
1000  {
1001  hashAlgoId = TLS_HASH_ALGO_NONE;
1002  }
1003  }
1004 
1005  //Return TRUE is the signature algorithm is supported
1006  return (hashAlgoId != TLS_HASH_ALGO_NONE) ? TRUE : FALSE;
1007 #else
1008  //Not implemented
1009  return FALSE;
1010 #endif
1011 }
1012 
1013 
1014 /**
1015  * @brief Check whether a signature algorithm can be used for X.509
1016  * certificate validation
1017  * @param[in] signScheme Signature scheme
1018  * @return TRUE if the signature algorithm is supported, else FALSE
1019  **/
1020 
1021 bool_t tlsIsCertSignAlgoSupported(uint16_t signScheme)
1022 {
1023  bool_t acceptable;
1024 
1025  //Check signature scheme
1026  if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_RSA)
1027  {
1028  //Check whether RSA signature algorithm is supported
1029  if(x509IsSignAlgoSupported(X509_SIGN_ALGO_RSA))
1030  {
1031  //Check hash algorithm
1032  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_MD5)
1033  {
1034  //RSASSA-PKCS1-v1_5 signature algorithm with MD5
1035  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_MD5);
1036  }
1037  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1)
1038  {
1039  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-1
1040  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA1);
1041  }
1042  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224)
1043  {
1044  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-224
1045  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA224);
1046  }
1047  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256)
1048  {
1049  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-256
1050  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA256);
1051  }
1052  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA384)
1053  {
1054  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-384
1055  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA384);
1056  }
1057  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA512)
1058  {
1059  //RSASSA-PKCS1-v1_5 signature algorithm with SHA-512
1060  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA512);
1061  }
1062  else
1063  {
1064  //Unknown hash algorithm
1065  acceptable = FALSE;
1066  }
1067  }
1068  else
1069  {
1070  //RSASSA-PKCS1-v1_5 signature algorithm is not supported
1071  acceptable = FALSE;
1072  }
1073  }
1074  else if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_DSA)
1075  {
1076  //Check whether DSA signature algorithm is supported
1077  if(x509IsSignAlgoSupported(X509_SIGN_ALGO_DSA))
1078  {
1079  //Check hash algorithm
1080  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1)
1081  {
1082  //DSA signature algorithm with SHA-1
1083  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA1);
1084  }
1085  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224)
1086  {
1087  //DSA signature algorithm with SHA-224
1088  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA224);
1089  }
1090  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256)
1091  {
1092  //DSA signature algorithm with SHA-256
1093  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA256);
1094  }
1095  else
1096  {
1097  //Unknown hash algorithm
1098  acceptable = FALSE;
1099  }
1100  }
1101  else
1102  {
1103  //DSA signature algorithm is not supported
1104  acceptable = FALSE;
1105  }
1106  }
1107  else if(TLS_SIGN_ALGO(signScheme) == TLS_SIGN_ALGO_ECDSA)
1108  {
1109  //Check whether ECDSA signature algorithm is supported
1110  if(x509IsSignAlgoSupported(X509_SIGN_ALGO_ECDSA))
1111  {
1112  //Check hash algorithm
1113  if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA1)
1114  {
1115  //ECDSA signature algorithm with SHA-1
1116  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA1);
1117  }
1118  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA224)
1119  {
1120  //ECDSA signature algorithm with SHA-224
1121  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA224);
1122  }
1123  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA256)
1124  {
1125  //ECDSA signature algorithm with SHA-256
1126  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA256);
1127  }
1128  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA384)
1129  {
1130  //ECDSA signature algorithm with SHA-384
1131  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA384);
1132  }
1133  else if(TLS_HASH_ALGO(signScheme) == TLS_HASH_ALGO_SHA512)
1134  {
1135  //ECDSA signature algorithm with SHA-512
1136  acceptable = x509IsHashAlgoSupported(X509_HASH_ALGO_SHA512);
1137  }
1138  else
1139  {
1140  //Unknown hash algorithm
1141  acceptable = FALSE;
1142  }
1143  }
1144  else
1145  {
1146  //ECDSA signature algorithm is not supported
1147  acceptable = FALSE;
1148  }
1149  }
1150  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256 ||
1151  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256)
1152  {
1153  //RSASSA-PSS signature algorithm with SHA-256
1154  acceptable = x509IsSignAlgoSupported(X509_SIGN_ALGO_RSA_PSS) &&
1155  x509IsHashAlgoSupported(X509_HASH_ALGO_SHA256);
1156  }
1157  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384 ||
1158  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384)
1159  {
1160  //RSASSA-PSS signature algorithm with SHA-384
1161  acceptable = x509IsSignAlgoSupported(X509_SIGN_ALGO_RSA_PSS) &&
1162  x509IsHashAlgoSupported(X509_HASH_ALGO_SHA384);
1163  }
1164  else if(signScheme == TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512 ||
1165  signScheme == TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512)
1166  {
1167  //RSASSA-PSS signature algorithm with SHA-512
1168  acceptable = x509IsSignAlgoSupported(X509_SIGN_ALGO_RSA_PSS) &&
1169  x509IsHashAlgoSupported(X509_HASH_ALGO_SHA512);
1170  }
1171 #if (EC_SUPPORT == ENABLED)
1172  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256)
1173  {
1174  //ECDSA signature algorithm with brainpoolP256 curve and SHA-256
1175  acceptable = x509IsSignAlgoSupported(X509_SIGN_ALGO_ECDSA) &&
1176  x509IsHashAlgoSupported(X509_HASH_ALGO_SHA256) &&
1177  x509IsCurveSupported(BRAINPOOLP256R1_OID, sizeof(BRAINPOOLP256R1_OID));
1178  }
1179  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384)
1180  {
1181  //ECDSA signature algorithm with brainpoolP384 curve and SHA-384
1182  acceptable = x509IsSignAlgoSupported(X509_SIGN_ALGO_ECDSA) &&
1183  x509IsHashAlgoSupported(X509_HASH_ALGO_SHA384) &&
1184  x509IsCurveSupported(BRAINPOOLP384R1_OID, sizeof(BRAINPOOLP384R1_OID));
1185  }
1186  else if(signScheme == TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512)
1187  {
1188  //ECDSA signature algorithm with brainpoolP512 curve and SHA-512
1189  acceptable = x509IsSignAlgoSupported(X509_SIGN_ALGO_ECDSA) &&
1190  x509IsHashAlgoSupported(X509_HASH_ALGO_SHA512) &&
1191  x509IsCurveSupported(BRAINPOOLP512R1_OID, sizeof(BRAINPOOLP512R1_OID));
1192  }
1193 #endif
1194  else if(signScheme == TLS_SIGN_SCHEME_SM2SIG_SM3)
1195  {
1196  //SM2 signature algorithm
1197  acceptable = x509IsSignAlgoSupported(X509_SIGN_ALGO_SM2);
1198  }
1199  else if(signScheme == TLS_SIGN_SCHEME_ED25519)
1200  {
1201  //Ed25519 signature algorithm (PureEdDSA mode)
1202  acceptable = x509IsSignAlgoSupported(X509_SIGN_ALGO_ED25519);
1203  }
1204  else if(signScheme == TLS_SIGN_SCHEME_ED448)
1205  {
1206  //Ed448 signature algorithm (PureEdDSA mode)
1207  acceptable = x509IsSignAlgoSupported(X509_SIGN_ALGO_ED448);
1208  }
1209  else
1210  {
1211  //Unknown signature algorithm
1212  acceptable = FALSE;
1213  }
1214 
1215  //Return TRUE is the signature algorithm is supported
1216  return acceptable;
1217 }
1218 
1219 #endif
x509IsCurveSupported
bool_t x509IsCurveSupported(const uint8_t *oid, size_t length)
Check whether a given elliptic curve is supported.
Definition: x509_common.c:354
htons
#define htons(value)
Definition: cpu_endian.h:413
TLS_SIGN_ALGO_DSA
@ TLS_SIGN_ALGO_DSA
Definition: tls.h:1257
TLS_CIPHER_SUITE_TYPE_RSA
@ TLS_CIPHER_SUITE_TYPE_RSA
Definition: tls_cipher_suites.h:441
tls_misc.h
TLS helper functions.
TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256
@ TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256
Definition: tls.h:1287
bool_t
int bool_t
Definition: compiler_port.h:61
tls_cipher_suites.h
TLS cipher suites.
x509IsSignAlgoSupported
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
Definition: x509_common.c:175
tlsGetHashAlgo
const HashAlgo * tlsGetHashAlgo(TlsHashAlgo hashAlgoId)
Get the hash algorithm that matches the specified identifier.
Definition: tls_misc.c:1184
x509IsHashAlgoSupported
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
Definition: x509_common.c:250
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256
Definition: tls.h:1277
tlsIsCertSignAlgoSupported
bool_t tlsIsCertSignAlgoSupported(uint16_t signScheme)
Check whether a signature algorithm can be used for X.509 certificate validation.
Definition: tls_sign_misc.c:1021
p
uint8_t p
Definition: ndp.h:300
TRUE
#define TRUE
Definition: os_port.h:50
TLS_STATE_CERTIFICATE_REQUEST
@ TLS_STATE_CERTIFICATE_REQUEST
Definition: tls.h:1507
TLS_GROUP_SECP256R1
@ TLS_GROUP_SECP256R1
Definition: tls.h:1427
TlsCertDesc::type
TlsCertificateType type
End entity certificate type.
Definition: tls.h:2125
BRAINPOOLP512R1_OID
const uint8_t BRAINPOOLP512R1_OID[9]
Definition: ec_curves.c:100
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512
Definition: tls.h:1282
tlsFormatSignAlgosExtension
error_t tlsFormatSignAlgosExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SignatureAlgorithms extension.
Definition: tls_sign_misc.c:242
tlsIsSignAlgoAcceptable
bool_t tlsIsSignAlgoAcceptable(TlsContext *context, uint16_t signScheme, const TlsCertDesc *cert)
Check whether a signature algorithm is compatible with the specified end-entity certificate.
Definition: tls_sign_misc.c:487
TLS_HASH_ALGO_SHA1
@ TLS_HASH_ALGO_SHA1
Definition: tls.h:1239
TlsHashAlgo
TlsHashAlgo
Hash algorithms.
Definition: tls.h:1236
ERROR_HANDSHAKE_FAILED
@ ERROR_HANDSHAKE_FAILED
Definition: error.h:234
BRAINPOOLP384R1_OID
const uint8_t BRAINPOOLP384R1_OID[9]
Definition: ec_curves.c:96
TLS_CERT_DSS_SIGN
@ TLS_CERT_DSS_SIGN
Definition: tls.h:1213
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512
Definition: tls.h:1279
TLS_SIGN_SCHEME_NONE
@ TLS_SIGN_SCHEME_NONE
Definition: tls.h:1272
TLS_SIGN_SCHEME_ED25519
@ TLS_SIGN_SCHEME_ED25519
Definition: tls.h:1291
TlsExtension
TlsExtension
Definition: tls.h:1611
ERROR_INVALID_VERSION
@ ERROR_INVALID_VERSION
Definition: error.h:118
TLS_GROUP_BRAINPOOLP256R1
@ TLS_GROUP_BRAINPOOLP256R1
Definition: tls.h:1430
TLS_HASH_ALGO
#define TLS_HASH_ALGO(signScheme)
Definition: tls_sign_misc.h:41
TLS_CIPHER_SUITE_TYPE_TLS13
@ TLS_CIPHER_SUITE_TYPE_TLS13
Definition: tls_cipher_suites.h:445
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384
Definition: tls.h:1281
TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384
Definition: tls.h:1278
TLS_HASH_ALGO_NONE
@ TLS_HASH_ALGO_NONE
Definition: tls.h:1237
TLS_CIPHER_SUITE_TYPE_SM
@ TLS_CIPHER_SUITE_TYPE_SM
Definition: tls_cipher_suites.h:446
tlsFormatSupportedSignAlgos
error_t tlsFormatSupportedSignAlgos(TlsContext *context, uint8_t *p, size_t *written)
Format the list of supported signature algorithms.
Definition: tls_sign_misc.c:375
TLS_EXT_SIGNATURE_ALGORITHMS_CERT
@ TLS_EXT_SIGNATURE_ALGORITHMS_CERT
Definition: tls.h:1362
TLS_HASH_ALGO_SHA224
@ TLS_HASH_ALGO_SHA224
Definition: tls.h:1240
TLS_CIPHER_SUITE_TYPE_ECDSA
@ TLS_CIPHER_SUITE_TYPE_ECDSA
Definition: tls_cipher_suites.h:443
TLS_HASH_ALGO_SHA512
@ TLS_HASH_ALGO_SHA512
Definition: tls.h:1243
TLS_SIGN_SCHEME_RSA_PKCS1_SHA1
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA1
Definition: tls.h:1273
FALSE
#define FALSE
Definition: os_port.h:46
tlsIsSignAlgoSupported
bool_t tlsIsSignAlgoSupported(TlsContext *context, uint16_t signScheme)
Check whether a signature algorithm can be used for digital signatures.
Definition: tls_sign_misc.c:680
tlsSupportedSignAlgos
const uint16_t tlsSupportedSignAlgos[]
Definition: tls_sign_misc.c:45
TlsContext
#define TlsContext
Definition: tls.h:36
error_t
error_t
Error codes.
Definition: error.h:43
TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256
Definition: tls.h:1280
TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512
@ TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512
Definition: tls.h:1286
TLS_CERT_ED25519_SIGN
@ TLS_CERT_ED25519_SIGN
Definition: tls.h:1226
TLS_VERSION_1_2
#define TLS_VERSION_1_2
Definition: tls.h:96
TLS_HASH_ALGO_INTRINSIC
@ TLS_HASH_ALGO_INTRINSIC
Definition: tls.h:1244
X509_SIGN_ALGO_ECDSA
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:657
TLS_VERSION_1_3
#define TLS_VERSION_1_3
Definition: tls.h:97
TLS_HASH_ALGO_SHA384
@ TLS_HASH_ALGO_SHA384
Definition: tls.h:1242
TLS_CERT_RSA_PSS_SIGN
@ TLS_CERT_RSA_PSS_SIGN
Definition: tls.h:1224
tlsSelectSignAlgo
error_t tlsSelectSignAlgo(TlsContext *context, const TlsCertDesc *cert, const TlsSignSchemeList *signAlgoList)
Select the algorithm to be used when generating digital signatures.
Definition: tls_sign_misc.c:85
TLS_SIGN_SCHEME_ECDSA_SHA1
@ TLS_SIGN_SCHEME_ECDSA_SHA1
Definition: tls.h:1283
X509_HASH_ALGO_SHA1
@ X509_HASH_ALGO_SHA1
Definition: x509_common.h:672
TLS_SIGN_SCHEME_RSA_PKCS1_SHA256
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA256
Definition: tls.h:1274
TLS_GROUP_SECP384R1
@ TLS_GROUP_SECP384R1
Definition: tls.h:1428
TLS_STATE_CLIENT_CERTIFICATE_VERIFY
@ TLS_STATE_CLIENT_CERTIFICATE_VERIFY
Definition: tls.h:1511
TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512
@ TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512
Definition: tls.h:1289
TlsSignSchemeList
TlsSignSchemeList
Definition: tls.h:1577
TLS_HASH_ALGO_SHA256
@ TLS_HASH_ALGO_SHA256
Definition: tls.h:1241
TLS_CERT_ED448_SIGN
@ TLS_CERT_ED448_SIGN
Definition: tls.h:1227
TLS_CERT_RSA_SIGN
@ TLS_CERT_RSA_SIGN
Definition: tls.h:1212
X509_HASH_ALGO_SHA224
@ X509_HASH_ALGO_SHA224
Definition: x509_common.h:673
TLS_GROUP_BRAINPOOLP512R1
@ TLS_GROUP_BRAINPOOLP512R1
Definition: tls.h:1432
TLS_CERT_SM2_SIGN
@ TLS_CERT_SM2_SIGN
Definition: tls.h:1225
X509_SIGN_ALGO_RSA
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:654
TLS_GROUP_SECP521R1
@ TLS_GROUP_SECP521R1
Definition: tls.h:1429
TLS_HASH_ALGO_MD5
@ TLS_HASH_ALGO_MD5
Definition: tls.h:1238
TlsCertDesc
Certificate descriptor.
Definition: tls.h:2119
ntohs
#define ntohs(value)
Definition: cpu_endian.h:421
X509_HASH_ALGO_MD5
@ X509_HASH_ALGO_MD5
Definition: x509_common.h:671
TLS_VERSION_1_1
#define TLS_VERSION_1_1
Definition: tls.h:95
tlsIsSignAlgoOffered
bool_t tlsIsSignAlgoOffered(uint16_t signScheme, const TlsSignSchemeList *signSchemeList)
Check whether a signature algorithm is offered in the SignatureAlgorithms extension.
Definition: tls_sign_misc.c:444
X509_SIGN_ALGO_RSA_PSS
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:655
HTONS
#define HTONS(value)
Definition: cpu_endian.h:410
n
uint8_t n
Definition: dhcpv6_common.h:416
X509_HASH_ALGO_SHA512
@ X509_HASH_ALGO_SHA512
Definition: x509_common.h:676
TLS_SIGN_SCHEME_SM2SIG_SM3
@ TLS_SIGN_SCHEME_SM2SIG_SM3
Definition: tls.h:1290
TLS_SIGN_SCHEME_RSA_PKCS1_SHA512
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA512
Definition: tls.h:1276
TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384
@ TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384
Definition: tls.h:1288
TLS_SIGN_SCHEME_ED448
@ TLS_SIGN_SCHEME_ED448
Definition: tls.h:1292
TLS_SIGN_SCHEME_RSA_PKCS1_SHA384
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA384
Definition: tls.h:1275
TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384
@ TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384
Definition: tls.h:1285
tls_sign_misc.h
Helper functions for signature generation and verification.
X509_HASH_ALGO_SHA384
@ X509_HASH_ALGO_SHA384
Definition: x509_common.h:675
X509_HASH_ALGO_SHA256
@ X509_HASH_ALGO_SHA256
Definition: x509_common.h:674
tls.h
TLS (Transport Layer Security)
TLS_SIGN_ALGO_RSA
@ TLS_SIGN_ALGO_RSA
Definition: tls.h:1256
TLS_CERT_ECDSA_SIGN
@ TLS_CERT_ECDSA_SIGN
Definition: tls.h:1219
TLS_EXT_SIGNATURE_ALGORITHMS
@ TLS_EXT_SIGNATURE_ALGORITHMS
Definition: tls.h:1332
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1082
TLS_SIGN_ALGO
#define TLS_SIGN_ALGO(signScheme)
Definition: tls_sign_misc.h:38
TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256
@ TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256
Definition: tls.h:1284
tlsFormatSignAlgosCertExtension
error_t tlsFormatSignAlgosCertExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SignatureAlgorithmsCert extension.
Definition: tls_sign_misc.c:305
X509_SIGN_ALGO_SM2
@ X509_SIGN_ALGO_SM2
Definition: x509_common.h:658
TlsSignatureScheme
TlsSignatureScheme
Signature schemes.
Definition: tls.h:1271
X509_SIGN_ALGO_ED25519
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:659
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
TLS_CIPHER_SUITE_TYPE_DSA
@ TLS_CIPHER_SUITE_TYPE_DSA
Definition: tls_cipher_suites.h:442
TLS_SIGN_ALGO_ECDSA
@ TLS_SIGN_ALGO_ECDSA
Definition: tls.h:1258
TLS_SIGN_SCHEME
#define TLS_SIGN_SCHEME(signAlgo, hashAlgo)
Definition: tls.h:963
TlsCertDesc::namedCurve
TlsNamedGroup namedCurve
Named curve used to generate the EC public key.
Definition: tls.h:2127
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
debug.h
Debugging facilities.
TLS_GROUP_BRAINPOOLP384R1
@ TLS_GROUP_BRAINPOOLP384R1
Definition: tls.h:1431
X509_SIGN_ALGO_DSA
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:656
arraysize
#define arraysize(a)
Definition: os_port.h:71
X509_SIGN_ALGO_ED448
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:660
BRAINPOOLP256R1_OID
const uint8_t BRAINPOOLP256R1_OID[9]
Definition: ec_curves.c:88