x509_sign_generate.c
Go to the documentation of this file.
1 /**
2  * @file x509_sign_generate.c
3  * @brief RSA/DSA/ECDSA/EdDSA signature generation
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/x509_sign_generate.h"
37 #include "debug.h"
38 
39 //Check crypto library configuration
40 #if (X509_SUPPORT == ENABLED)
41 
42 //Signature generation/verification callback functions
43 #if (X509_SIGN_CALLBACK_SUPPORT == ENABLED)
44  static X509SignGenCallback x509SignGenCallback = NULL;
45 #endif
46 
47 
48 /**
49  * @brief Register signature generation callback function
50  * @param[in] callback Signature generation callback function
51  * @return Error code
52  **/
53 
54 error_t x509RegisterSignGenCallback(X509SignGenCallback callback)
55 {
56 #if (X509_SIGN_CALLBACK_SUPPORT == ENABLED)
57  //Save callback function
58  x509SignGenCallback = callback;
59  //Successful processing
60  return NO_ERROR;
61 #else
62  //Not implemented
63  return ERROR_NOT_IMPLEMENTED;
64 #endif
65 }
66 
67 
68 /**
69  * @brief Certificate signature generation
70  * @param[in] prngAlgo PRNG algorithm
71  * @param[in] prngContext Pointer to the PRNG context
72  * @param[in] tbsData Pointer to the data to be signed
73  * @param[in] signAlgoId Signature algorithm identifier
74  * @param[in] publicKeyInfo Signer's public key information
75  * @param[in] privateKey Signer's private key
76  * @param[out] output Resulting signature
77  * @param[out] written Length of the resulting signature
78  * @return Error code
79  **/
80 
81 error_t x509GenerateSignature(const PrngAlgo *prngAlgo, void *prngContext,
82  const X509OctetString *tbsData, const X509SignAlgoId *signAlgoId,
83  const X509SubjectPublicKeyInfo *publicKeyInfo, const void *privateKey,
84  uint8_t *output, size_t *written)
85 {
86  error_t error;
87  X509SignatureAlgo signAlgo;
88  const HashAlgo *hashAlgo;
89 
90 #if (X509_SIGN_CALLBACK_SUPPORT == ENABLED)
91  //Valid signature generation callback function?
92  if(x509SignGenCallback != NULL)
93  {
94  //Invoke user-defined callback
95  error = x509SignGenCallback(prngAlgo, prngContext, tbsData,
96  signAlgoId, publicKeyInfo, privateKey, output, written);
97  }
98  else
99 #endif
100  {
101  //No callback function registered
102  error = ERROR_UNSUPPORTED_SIGNATURE_ALGO;
103  }
104 
105  //Check status code
106  if(error == ERROR_UNSUPPORTED_SIGNATURE_ALGO ||
107  error == ERROR_UNKOWN_KEY)
108  {
109  //Retrieve the signature algorithm that will be used to sign the
110  //certificate
111  error = x509GetSignHashAlgo(signAlgoId, &signAlgo, &hashAlgo);
112 
113  //Check status code
114  if(!error)
115  {
116 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
117  //RSA signature algorithm?
118  if(signAlgo == X509_SIGN_ALGO_RSA)
119  {
120  //Generate RSA signature (RSASSA-PKCS1-v1_5 signature scheme)
121  error = x509GenerateRsaSignature(tbsData, hashAlgo, privateKey,
122  output, written);
123  }
124  else
125 #endif
126 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
127  //RSA-PSS signature algorithm?
128  if(signAlgo == X509_SIGN_ALGO_RSA_PSS)
129  {
130  //Generate RSA signature (RSASSA-PSS signature scheme)
131  error = x509GenerateRsaPssSignature(prngAlgo, prngContext, tbsData,
132  hashAlgo, signAlgoId->rsaPssParams.saltLen, privateKey, output,
133  written);
134  }
135  else
136 #endif
137 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
138  //DSA signature algorithm?
139  if(signAlgo == X509_SIGN_ALGO_DSA)
140  {
141  //Generate DSA signature
142  error = x509GenerateDsaSignature(prngAlgo, prngContext, tbsData,
143  hashAlgo, privateKey, output, written);
144  }
145  else
146 #endif
147 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
148  //ECDSA signature algorithm?
149  if(signAlgo == X509_SIGN_ALGO_ECDSA)
150  {
151  //Generate ECDSA signature
152  error = x509GenerateEcdsaSignature(prngAlgo, prngContext, tbsData,
153  hashAlgo, publicKeyInfo, privateKey, output, written);
154  }
155  else
156 #endif
157 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED)
158  //SM2 signature algorithm?
159  if(signAlgo == X509_SIGN_ALGO_SM2)
160  {
161  //Generate SM2 signature
162  error = x509GenerateSm2Signature(prngAlgo, prngContext, tbsData,
163  hashAlgo, privateKey, output, written);
164  }
165  else
166 #endif
167 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
168  //Ed25519 signature algorithm?
169  if(signAlgo == X509_SIGN_ALGO_ED25519)
170  {
171  //Generate Ed25519 signature (PureEdDSA mode)
172  error = x509GenerateEd25519Signature(tbsData, privateKey, output,
173  written);
174  }
175  else
176 #endif
177 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
178  //Ed448 signature algorithm?
179  if(signAlgo == X509_SIGN_ALGO_ED448)
180  {
181  //Generate Ed448 signature (PureEdDSA mode)
182  error = x509GenerateEd448Signature(tbsData, privateKey, output,
183  written);
184  }
185  else
186 #endif
187  //Invalid signature algorithm?
188  {
189  //Report an error
190  error = ERROR_UNSUPPORTED_SIGNATURE_ALGO;
191  }
192  }
193  }
194 
195  //Return status code
196  return error;
197 }
198 
199 
200 /**
201  * @brief RSA signature generation
202  * @param[in] tbsData Pointer to the data to be signed
203  * @param[in] hashAlgo Underlying hash function
204  * @param[in] privateKey Signer's private key
205  * @param[out] output Resulting signature
206  * @param[out] written Length of the resulting signature
207  * @return Error code
208  **/
209 
210 error_t x509GenerateRsaSignature(const X509OctetString *tbsData,
211  const HashAlgo *hashAlgo, const RsaPrivateKey *privateKey, uint8_t *output,
212  size_t *written)
213 {
214 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
215  error_t error;
216  uint8_t digest[MAX_HASH_DIGEST_SIZE];
217 
218  //Digest the TBSCertificate structure using the specified hash algorithm
219  error = hashAlgo->compute(tbsData->value, tbsData->length, digest);
220 
221  //Check status code
222  if(!error)
223  {
224  //Generate RSA signature
225  error = rsassaPkcs1v15Sign(privateKey, hashAlgo, digest, output,
226  written);
227  }
228 
229  //Return status code
230  return error;
231 #else
232  //Not implemented
233  return ERROR_NOT_IMPLEMENTED;
234 #endif
235 }
236 
237 
238 /**
239  * @brief RSA-PSS signature generation
240  * @param[in] prngAlgo PRNG algorithm
241  * @param[in] prngContext Pointer to the PRNG context
242  * @param[in] tbsData Pointer to the data to be signed
243  * @param[in] hashAlgo Underlying hash function
244  * @param[in] saltLen Length of the salt, in bytes
245  * @param[in] privateKey Signer's private key
246  * @param[out] output Resulting signature
247  * @param[out] written Length of the resulting signature
248  * @return Error code
249  **/
250 
251 error_t x509GenerateRsaPssSignature(const PrngAlgo *prngAlgo, void *prngContext,
252  const X509OctetString *tbsData, const HashAlgo *hashAlgo, size_t saltLen,
253  const RsaPrivateKey *privateKey, uint8_t *output, size_t *written)
254 {
255 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
256  error_t error;
257  uint8_t digest[MAX_HASH_DIGEST_SIZE];
258 
259  //Digest the TBSCertificate structure using the specified hash algorithm
260  error = hashAlgo->compute(tbsData->value, tbsData->length, digest);
261 
262  //Check status code
263  if(!error)
264  {
265  //Generate RSA-PSS signature
266  error = rsassaPssSign(prngAlgo, prngContext, privateKey, hashAlgo,
267  saltLen, digest, output, written);
268  }
269 
270  //Return status code
271  return error;
272 #else
273  //Not implemented
274  return ERROR_NOT_IMPLEMENTED;
275 #endif
276 }
277 
278 
279 /**
280  * @brief DSA signature generation
281  * @param[in] prngAlgo PRNG algorithm
282  * @param[in] prngContext Pointer to the PRNG context
283  * @param[in] tbsData Pointer to the data to be signed
284  * @param[in] hashAlgo Underlying hash function
285  * @param[in] privateKey Signer's private key
286  * @param[out] output Resulting signature
287  * @param[out] written Length of the resulting signature
288  * @return Error code
289  **/
290 
291 error_t x509GenerateDsaSignature(const PrngAlgo *prngAlgo, void *prngContext,
292  const X509OctetString *tbsData, const HashAlgo *hashAlgo,
293  const DsaPrivateKey *privateKey, uint8_t *output, size_t *written)
294 {
295 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
296  error_t error;
297  DsaSignature dsaSignature;
298  uint8_t digest[MAX_HASH_DIGEST_SIZE];
299 
300  //Initialize DSA signature
301  dsaInitSignature(&dsaSignature);
302 
303  //Digest the TBSCertificate structure using the specified hash algorithm
304  error = hashAlgo->compute(tbsData->value, tbsData->length, digest);
305 
306  //Check status code
307  if(!error)
308  {
309  //Generate DSA signature
310  error = dsaGenerateSignature(prngAlgo, prngContext, privateKey, digest,
311  hashAlgo->digestSize, &dsaSignature);
312  }
313 
314  //Check status code
315  if(!error)
316  {
317  //Encode DSA signature using ASN.1
318  error = dsaWriteSignature(&dsaSignature, output, written);
319  }
320 
321  //Release previously allocated resources
322  dsaFreeSignature(&dsaSignature);
323 
324  //Return status code
325  return error;
326 #else
327  //Not implemented
328  return ERROR_NOT_IMPLEMENTED;
329 #endif
330 }
331 
332 
333 /**
334  * @brief ECDSA signature generation
335  * @param[in] prngAlgo PRNG algorithm
336  * @param[in] prngContext Pointer to the PRNG context
337  * @param[in] tbsData Pointer to the data to be signed
338  * @param[in] hashAlgo Underlying hash function
339  * @param[in] publicKeyInfo Signer's public key information
340  * @param[in] privateKey Signer's private key
341  * @param[out] output Resulting signature
342  * @param[out] written Length of the resulting signature
343  * @return Error code
344  **/
345 
346 error_t x509GenerateEcdsaSignature(const PrngAlgo *prngAlgo, void *prngContext,
347  const X509OctetString *tbsData, const HashAlgo *hashAlgo,
348  const X509SubjectPublicKeyInfo *publicKeyInfo,
349  const EcPrivateKey *privateKey, uint8_t *output, size_t *written)
350 {
351 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
352  error_t error;
353  const EcCurveInfo *curveInfo;
354  EcDomainParameters ecParams;
355  EcdsaSignature ecdsaSignature;
356  uint8_t digest[MAX_HASH_DIGEST_SIZE];
357 
358  //Initialize EC domain parameters
359  ecInitDomainParameters(&ecParams);
360  //Initialize ECDSA signature
361  ecdsaInitSignature(&ecdsaSignature);
362 
363  //Retrieve EC domain parameters
364  curveInfo = x509GetCurveInfo(publicKeyInfo->ecParams.namedCurve.value,
365  publicKeyInfo->ecParams.namedCurve.length);
366 
367  //Make sure the specified elliptic curve is supported
368  if(curveInfo != NULL)
369  {
370  //Load EC domain parameters
371  error = ecLoadDomainParameters(&ecParams, curveInfo);
372  }
373  else
374  {
375  //Invalid EC domain parameters
376  error = ERROR_BAD_CERTIFICATE;
377  }
378 
379  //Check status code
380  if(!error)
381  {
382  //Digest the TBSCertificate structure using the specified hash algorithm
383  error = hashAlgo->compute(tbsData->value, tbsData->length, digest);
384  }
385 
386  //Check status code
387  if(!error)
388  {
389  //Generate ECDSA signature
390  error = ecdsaGenerateSignature(prngAlgo, prngContext, &ecParams,
391  privateKey, digest, hashAlgo->digestSize, &ecdsaSignature);
392  }
393 
394  //Check status code
395  if(!error)
396  {
397  //Encode ECDSA signature using ASN.1
398  error = ecdsaWriteSignature(&ecdsaSignature, output, written);
399  }
400 
401  //Release previously allocated resources
402  ecFreeDomainParameters(&ecParams);
403  ecdsaFreeSignature(&ecdsaSignature);
404 
405  //Return status code
406  return error;
407 #else
408  //Not implemented
409  return ERROR_NOT_IMPLEMENTED;
410 #endif
411 }
412 
413 
414 /**
415  * @brief SM2 signature generation
416  * @param[in] prngAlgo PRNG algorithm
417  * @param[in] prngContext Pointer to the PRNG context
418  * @param[in] tbsData Pointer to the data to be signed
419  * @param[in] hashAlgo Underlying hash function
420  * @param[in] privateKey Signer's private key
421  * @param[out] output Resulting signature
422  * @param[out] written Length of the resulting signature
423  * @return Error code
424  **/
425 
426 error_t x509GenerateSm2Signature(const PrngAlgo *prngAlgo, void *prngContext,
427  const X509OctetString *tbsData, const HashAlgo *hashAlgo,
428  const EcPrivateKey *privateKey, uint8_t *output, size_t *written)
429 {
430 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED)
431  error_t error;
432  EcDomainParameters ecParams;
433  EcdsaSignature sm2Signature;
434 
435  //Initialize EC domain parameters
436  ecInitDomainParameters(&ecParams);
437  //Initialize SM2 signature
438  ecdsaInitSignature(&sm2Signature);
439 
440  //Load EC domain parameters
441  error = ecLoadDomainParameters(&ecParams, SM2_CURVE);
442 
443  //Check status code
444  if(!error)
445  {
446  //Generate SM2 signature
447  error = sm2GenerateSignature(prngAlgo, prngContext, &ecParams,
448  privateKey, hashAlgo, SM2_DEFAULT_ID, osStrlen(SM2_DEFAULT_ID),
449  tbsData->value, tbsData->length, &sm2Signature);
450  }
451 
452  //Check status code
453  if(!error)
454  {
455  //Encode SM2 signature using ASN.1
456  error = ecdsaWriteSignature(&sm2Signature, output, written);
457  }
458 
459  //Release previously allocated resources
460  ecFreeDomainParameters(&ecParams);
461  ecdsaFreeSignature(&sm2Signature);
462 
463  //Return status code
464  return error;
465 #else
466  //Not implemented
467  return ERROR_NOT_IMPLEMENTED;
468 #endif
469 }
470 
471 
472 /**
473  * @brief Ed25519 signature generation
474  * @param[in] tbsData Pointer to the data to be signed
475  * @param[in] privateKey Signer's private key
476  * @param[out] output Resulting signature
477  * @param[out] written Length of the resulting signature
478  * @return Error code
479  **/
480 
481 error_t x509GenerateEd25519Signature(const X509OctetString *tbsData,
482  const EddsaPrivateKey *privateKey, uint8_t *output, size_t *written)
483 {
484 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
485  error_t error;
486 
487  //Check the length of the EdDSA private key
488  if(mpiGetByteLength(&privateKey->d) == ED25519_PRIVATE_KEY_LEN)
489  {
490  uint8_t d[ED25519_PRIVATE_KEY_LEN];
491 
492  //Retrieve private key
493  error = mpiExport(&privateKey->d, d, ED25519_PRIVATE_KEY_LEN,
494  MPI_FORMAT_LITTLE_ENDIAN);
495 
496  //Check status code
497  if(!error)
498  {
499  //Generate Ed25519 signature (PureEdDSA mode)
500  error = ed25519GenerateSignature(d, NULL, tbsData->value,
501  tbsData->length, NULL, 0, 0, output);
502  }
503 
504  //Length of the resulting EdDSA signature
505  *written = ED25519_SIGNATURE_LEN;
506  }
507  else
508  {
509  //The length of the EdDSA private key is not valid
510  error = ERROR_INVALID_KEY;
511  }
512 
513  //Return status code
514  return error;
515 #else
516  //Not implemented
517  return ERROR_NOT_IMPLEMENTED;
518 #endif
519 }
520 
521 
522 /**
523  * @brief Ed448 signature generation
524  * @param[in] tbsData Pointer to the data to be signed
525  * @param[in] privateKey Signer's private key
526  * @param[out] output Resulting signature
527  * @param[out] written Length of the resulting signature
528  * @return Error code
529  **/
530 
531 error_t x509GenerateEd448Signature(const X509OctetString *tbsData,
532  const EddsaPrivateKey *privateKey, uint8_t *output, size_t *written)
533 {
534 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
535  error_t error;
536 
537  //Check the length of the EdDSA private key
538  if(mpiGetByteLength(&privateKey->d) == ED448_PRIVATE_KEY_LEN)
539  {
540  uint8_t d[ED448_PRIVATE_KEY_LEN];
541 
542  //Retrieve private key
543  error = mpiExport(&privateKey->d, d, ED448_PRIVATE_KEY_LEN,
544  MPI_FORMAT_LITTLE_ENDIAN);
545 
546  //Check status code
547  if(!error)
548  {
549  //Generate Ed448 signature (PureEdDSA mode)
550  error = ed448GenerateSignature(d, NULL, tbsData->value,
551  tbsData->length, NULL, 0, 0, output);
552  }
553 
554  //Length of the resulting EdDSA signature
555  *written = ED448_SIGNATURE_LEN;
556  }
557  else
558  {
559  //The length of the EdDSA private key is not valid
560  error = ERROR_INVALID_KEY;
561  }
562 
563  //Return status code
564  return error;
565 #else
566  //Not implemented
567  return ERROR_NOT_IMPLEMENTED;
568 #endif
569 }
570 
571 #endif
EcdsaSignature
ECDSA signature.
Definition: ecdsa.h:49
x509GetCurveInfo
const EcCurveInfo * x509GetCurveInfo(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:910
X509SignGenCallback
error_t(* X509SignGenCallback)(const PrngAlgo *prngAlgo, void *prngContext, const X509OctetString *tbsData, const X509SignAlgoId *signAlgoId, const X509SubjectPublicKeyInfo *publicKeyInfo, const void *privateKey, uint8_t *output, size_t *written)
Signature generation callback function.
Definition: x509_sign_generate.h:48
PrngAlgo
#define PrngAlgo
Definition: crypto.h:938
ERROR_NOT_IMPLEMENTED
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
ecInitDomainParameters
void ecInitDomainParameters(EcDomainParameters *params)
Initialize EC domain parameters.
Definition: ec.c:51
x509GenerateSignature
error_t x509GenerateSignature(const PrngAlgo *prngAlgo, void *prngContext, const X509OctetString *tbsData, const X509SignAlgoId *signAlgoId, const X509SubjectPublicKeyInfo *publicKeyInfo, const void *privateKey, uint8_t *output, size_t *written)
Certificate signature generation.
Definition: x509_sign_generate.c:81
x509RegisterSignGenCallback
error_t x509RegisterSignGenCallback(X509SignGenCallback callback)
Register signature generation callback function.
Definition: x509_sign_generate.c:54
HashAlgo::digestSize
size_t digestSize
Definition: crypto.h:1052
X509SubjectPublicKeyInfo::ecParams
X509EcParameters ecParams
Definition: x509_common.h:802
sm2GenerateSignature
error_t sm2GenerateSignature(const PrngAlgo *prngAlgo, void *prngContext, const EcDomainParameters *params, const EcPrivateKey *privateKey, const HashAlgo *hashAlgo, const char_t *id, size_t idLen, const void *message, size_t messageLen, EcdsaSignature *signature)
SM2 signature generation.
Definition: sm2.c:62
ED448_SIGNATURE_LEN
#define ED448_SIGNATURE_LEN
Definition: ed448.h:44
ED25519_SIGNATURE_LEN
#define ED25519_SIGNATURE_LEN
Definition: ed25519.h:44
osStrlen
#define osStrlen(s)
Definition: os_port.h:165
EcDomainParameters
EC domain parameters.
Definition: ec.h:76
ecFreeDomainParameters
void ecFreeDomainParameters(EcDomainParameters *params)
Release EC domain parameters.
Definition: ec.c:72
ED25519_PRIVATE_KEY_LEN
#define ED25519_PRIVATE_KEY_LEN
Definition: ed25519.h:40
ecdsaFreeSignature
void ecdsaFreeSignature(EcdsaSignature *signature)
Release an ECDSA signature.
Definition: ecdsa.c:82
MAX_HASH_DIGEST_SIZE
#define MAX_HASH_DIGEST_SIZE
Definition: hash_algorithms.h:231
ecLoadDomainParameters
error_t ecLoadDomainParameters(EcDomainParameters *params, const EcCurveInfo *curveInfo)
Load EC domain parameters.
Definition: ec.c:90
X509SignatureAlgo
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:604
EcCurveInfo
Elliptic curve parameters.
Definition: ec_curves.h:302
ed25519GenerateSignature
error_t ed25519GenerateSignature(const uint8_t *privateKey, const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
EdDSA signature generation.
Definition: ed25519.c:236
x509GenerateRsaPssSignature
error_t x509GenerateRsaPssSignature(const PrngAlgo *prngAlgo, void *prngContext, const X509OctetString *tbsData, const HashAlgo *hashAlgo, size_t saltLen, const RsaPrivateKey *privateKey, uint8_t *output, size_t *written)
RSA-PSS signature generation.
Definition: x509_sign_generate.c:251
mpiExport
error_t mpiExport(const Mpi *a, uint8_t *data, uint_t length, MpiFormat format)
Integer to octet string conversion.
Definition: mpi.c:709
ecdsaGenerateSignature
__weak_func error_t ecdsaGenerateSignature(const PrngAlgo *prngAlgo, void *prngContext, const EcDomainParameters *params, const EcPrivateKey *privateKey, const uint8_t *digest, size_t digestLen, EcdsaSignature *signature)
ECDSA signature generation.
Definition: ecdsa.c:397
MPI_FORMAT_LITTLE_ENDIAN
@ MPI_FORMAT_LITTLE_ENDIAN
Definition: mpi.h:70
error_t
error_t
Error codes.
Definition: error.h:43
dsaInitSignature
void dsaInitSignature(DsaSignature *signature)
Initialize a DSA signature.
Definition: dsa.c:164
HashAlgo::compute
HashAlgoCompute compute
Definition: crypto.h:1055
X509_SIGN_ALGO_ECDSA
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:609
rsassaPssSign
error_t rsassaPssSign(const PrngAlgo *prngAlgo, void *prngContext, const RsaPrivateKey *key, const HashAlgo *hash, size_t saltLen, const uint8_t *digest, uint8_t *signature, size_t *signatureLen)
RSASSA-PSS signature generation operation.
Definition: rsa.c:959
ecdsaInitSignature
void ecdsaInitSignature(EcdsaSignature *signature)
Initialize an ECDSA signature.
Definition: ecdsa.c:69
dsaGenerateSignature
error_t dsaGenerateSignature(const PrngAlgo *prngAlgo, void *prngContext, const DsaPrivateKey *key, const uint8_t *digest, size_t digestLen, DsaSignature *signature)
DSA signature generation.
Definition: dsa.c:484
crypto.h
General definitions for cryptographic algorithms.
x509GetSignHashAlgo
error_t x509GetSignHashAlgo(const X509SignAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:377
ERROR_BAD_CERTIFICATE
@ ERROR_BAD_CERTIFICATE
Definition: error.h:235
EcPrivateKey
EC private key.
Definition: ec.h:104
DsaPrivateKey
DSA private key.
Definition: dsa.h:72
SM2_CURVE
#define SM2_CURVE
Definition: ec_curves.h:257
x509GenerateSm2Signature
error_t x509GenerateSm2Signature(const PrngAlgo *prngAlgo, void *prngContext, const X509OctetString *tbsData, const HashAlgo *hashAlgo, const EcPrivateKey *privateKey, uint8_t *output, size_t *written)
SM2 signature generation.
Definition: x509_sign_generate.c:426
X509_SIGN_ALGO_RSA
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:606
x509GenerateRsaSignature
error_t x509GenerateRsaSignature(const X509OctetString *tbsData, const HashAlgo *hashAlgo, const RsaPrivateKey *privateKey, uint8_t *output, size_t *written)
RSA signature generation.
Definition: x509_sign_generate.c:210
dsaWriteSignature
error_t dsaWriteSignature(const DsaSignature *signature, uint8_t *data, size_t *length)
Encode DSA signature using ASN.1.
Definition: dsa.c:193
X509EcParameters::namedCurve
X509OctetString namedCurve
Definition: x509_common.h:771
EddsaPrivateKey
EdDSA private key.
Definition: eddsa.h:59
ED448_PRIVATE_KEY_LEN
#define ED448_PRIVATE_KEY_LEN
Definition: ed448.h:40
ecdsaWriteSignature
error_t ecdsaWriteSignature(const EcdsaSignature *signature, uint8_t *data, size_t *length)
Encode ECDSA signature using ASN.1.
Definition: ecdsa.c:98
EddsaPrivateKey::d
Mpi d
Private key.
Definition: eddsa.h:60
x509_sign_generate.h
RSA/DSA/ECDSA/EdDSA signature generation.
X509_SIGN_ALGO_RSA_PSS
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:607
x509GenerateEd25519Signature
error_t x509GenerateEd25519Signature(const X509OctetString *tbsData, const EddsaPrivateKey *privateKey, uint8_t *output, size_t *written)
Ed25519 signature generation.
Definition: x509_sign_generate.c:481
RsaPrivateKey
RSA private key.
Definition: rsa.h:68
X509SubjectPublicKeyInfo
Subject Public Key Information extension.
Definition: x509_common.h:790
ERROR_UNKOWN_KEY
@ ERROR_UNKOWN_KEY
Definition: error.h:294
dsaFreeSignature
void dsaFreeSignature(DsaSignature *signature)
Release a DSA signature.
Definition: dsa.c:177
x509GenerateDsaSignature
error_t x509GenerateDsaSignature(const PrngAlgo *prngAlgo, void *prngContext, const X509OctetString *tbsData, const HashAlgo *hashAlgo, const DsaPrivateKey *privateKey, uint8_t *output, size_t *written)
DSA signature generation.
Definition: x509_sign_generate.c:291
x509GenerateEd448Signature
error_t x509GenerateEd448Signature(const X509OctetString *tbsData, const EddsaPrivateKey *privateKey, uint8_t *output, size_t *written)
Ed448 signature generation.
Definition: x509_sign_generate.c:531
X509OctetString::value
const uint8_t * value
Definition: x509_common.h:654
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1046
rsassaPkcs1v15Sign
error_t rsassaPkcs1v15Sign(const RsaPrivateKey *key, const HashAlgo *hash, const uint8_t *digest, uint8_t *signature, size_t *signatureLen)
RSASSA-PKCS1-v1_5 signature generation operation.
Definition: rsa.c:705
DsaSignature
DSA signature.
Definition: dsa.h:84
ERROR_UNSUPPORTED_SIGNATURE_ALGO
@ ERROR_UNSUPPORTED_SIGNATURE_ALGO
Definition: error.h:132
X509_SIGN_ALGO_SM2
@ X509_SIGN_ALGO_SM2
Definition: x509_common.h:610
X509OctetString
Octet string.
Definition: x509_common.h:653
SM2_DEFAULT_ID
#define SM2_DEFAULT_ID
Definition: sm2.h:39
X509_SIGN_ALGO_ED25519
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:611
X509SignAlgoId::rsaPssParams
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:1043
ed448GenerateSignature
error_t ed448GenerateSignature(const uint8_t *privateKey, const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, uint8_t *signature)
EdDSA signature generation.
Definition: ed448.c:223
X509SignAlgoId
Signature algorithm identifier.
Definition: x509_common.h:1040
ERROR_INVALID_KEY
@ ERROR_INVALID_KEY
Definition: error.h:106
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
debug.h
Debugging facilities.
x509GenerateEcdsaSignature
error_t x509GenerateEcdsaSignature(const PrngAlgo *prngAlgo, void *prngContext, const X509OctetString *tbsData, const HashAlgo *hashAlgo, const X509SubjectPublicKeyInfo *publicKeyInfo, const EcPrivateKey *privateKey, uint8_t *output, size_t *written)
ECDSA signature generation.
Definition: x509_sign_generate.c:346
X509_SIGN_ALGO_DSA
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:608
X509_SIGN_ALGO_ED448
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:612
mpiGetByteLength
uint_t mpiGetByteLength(const Mpi *a)
Get the actual length in bytes.
Definition: mpi.c:195