Helper functions for signature generation and verification. More...
#include "ike/ike.h"Go to the source code of this file.
Enumerations | |
| enum | IkeSignFormat { IKE_SIGN_FORMAT_RAW = 1, IKE_SIGN_FORMAT_ASN1 = 2 } |
| Signature format. More... | |
| enum | IkeSignAlgo { IKE_SIGN_ALGO_NONE = 0, IKE_SIGN_ALGO_RSA = 1, IKE_SIGN_ALGO_RSA_PSS = 2, IKE_SIGN_ALGO_DSA = 3, IKE_SIGN_ALGO_ECDSA = 4, IKE_SIGN_ALGO_ED25519 = 5, IKE_SIGN_ALGO_ED448 = 6 } |
| Signature algorithms. More... | |
Functions | |
| error_t | ikeFormatDsaSignature (const DsaSignature *signature, uint8_t *data, size_t *length, IkeSignFormat format) |
| DSA signature formatting. More... | |
| error_t | ikeFormatEcdsaSignature (const EcdsaSignature *signature, uint8_t *data, size_t *length, IkeSignFormat format) |
| ECDSA signature formatting. More... | |
| error_t | ikeParseDsaSignature (const uint8_t *data, size_t length, DsaSignature *signature, IkeSignFormat format) |
| DSA signature parsing. More... | |
| error_t | ikeParseEcdsaSignature (const EcCurve *curve, const uint8_t *data, size_t length, EcdsaSignature *signature, IkeSignFormat format) |
| ECDSA signature parsing. More... | |
| error_t | ikeSelectSignAlgoId (IkeCertType certType, const HashAlgo *hashAlgo, X509SignAlgoId *signAlgoId) |
| Select the algorithm identifier that matches the specified certificate type and hash algorithms. More... | |
| error_t | ikeSelectSignAlgo (const X509SignAlgoId *signAlgoId, IkeSignAlgo *signAlgo, const HashAlgo **hashAlgo) |
| Select the signature and hash algorithms that match the specified identifier. More... | |
| const HashAlgo * | ikeSelectSignHashAlgo (IkeSaEntry *sa, uint16_t preferredHashAlgoId) |
| Select the hash algorithm to be used for signing. More... | |
| error_t | ikeGetSignedOctets (IkeSaEntry *sa, const uint8_t *id, size_t idLen, uint8_t *macId, DataChunk *messageChunks, bool_t initiator) |
| Retrieve the octets to be signed using EdDSA. More... | |
| error_t | ikeDigestSignedOctets (IkeSaEntry *sa, const HashAlgo *hashAlgo, const uint8_t *id, size_t idLen, uint8_t *digest, bool_t initiator) |
| Digest signed octets. More... | |
Detailed Description
Helper functions for signature generation and verification.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2022-2025 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneIPSEC Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.5.4
Definition in file ike_sign_misc.h.
Enumeration Type Documentation
◆ IkeSignAlgo
| enum IkeSignAlgo |
Signature algorithms.
| Enumerator | |
|---|---|
| IKE_SIGN_ALGO_NONE | |
| IKE_SIGN_ALGO_RSA | |
| IKE_SIGN_ALGO_RSA_PSS | |
| IKE_SIGN_ALGO_DSA | |
| IKE_SIGN_ALGO_ECDSA | |
| IKE_SIGN_ALGO_ED25519 | |
| IKE_SIGN_ALGO_ED448 | |
Definition at line 58 of file ike_sign_misc.h.
◆ IkeSignFormat
| enum IkeSignFormat |
Signature format.
| Enumerator | |
|---|---|
| IKE_SIGN_FORMAT_RAW | |
| IKE_SIGN_FORMAT_ASN1 | |
Definition at line 47 of file ike_sign_misc.h.
Function Documentation
◆ ikeDigestSignedOctets()
| error_t ikeDigestSignedOctets | ( | IkeSaEntry * | sa, |
| const HashAlgo * | hashAlgo, | ||
| const uint8_t * | id, | ||
| size_t | idLen, | ||
| uint8_t * | digest, | ||
| bool_t | initiator | ||
| ) |
Digest signed octets.
- Parameters
-
[in] sa Pointer to the IKE SA [in] hashAlgo Underlying hash function [in] id MAC authentication data [in] idLen MAC authentication data [out] digest Calculated digest [in] initiator Specifies whether the digest is performed at initiator or responder side
- Returns
- Error code
Definition at line 882 of file ike_sign_misc.c.
◆ ikeFormatDsaSignature()
| error_t ikeFormatDsaSignature | ( | const DsaSignature * | signature, |
| uint8_t * | data, | ||
| size_t * | length, | ||
| IkeSignFormat | format | ||
| ) |
DSA signature formatting.
- Parameters
-
[in] signature (R, S) integer pair [out] data Pointer to the buffer where to store the encoded signature [out] length Length of the encoded signature, in bytes [in] format Signature format (raw or ASN.1)
- Returns
- Error code
Definition at line 55 of file ike_sign_misc.c.
◆ ikeFormatEcdsaSignature()
| error_t ikeFormatEcdsaSignature | ( | const EcdsaSignature * | signature, |
| uint8_t * | data, | ||
| size_t * | length, | ||
| IkeSignFormat | format | ||
| ) |
ECDSA signature formatting.
- Parameters
-
[in] signature (R, S) integer pair [out] data Pointer to the buffer where to store the encoded signature [out] length Length of the encoded signature, in bytes [in] format Signature format (raw or ASN.1)
- Returns
- Error code
Definition at line 112 of file ike_sign_misc.c.
◆ ikeGetSignedOctets()
| error_t ikeGetSignedOctets | ( | IkeSaEntry * | sa, |
| const uint8_t * | id, | ||
| size_t | idLen, | ||
| uint8_t * | macId, | ||
| DataChunk * | messageChunks, | ||
| bool_t | initiator | ||
| ) |
Retrieve the octets to be signed using EdDSA.
- Parameters
-
[in] sa Pointer to the IKE SA [in] id MAC authentication data [in] idLen MAC authentication data [out] macId Temporary buffer needed to calculate MACedID [out] messageChunks Array of data chunks representing the message to be signed [in] initiator Specifies whether the digest is performed at initiator or responder side
- Returns
- Error code
Definition at line 812 of file ike_sign_misc.c.
◆ ikeParseDsaSignature()
| error_t ikeParseDsaSignature | ( | const uint8_t * | data, |
| size_t | length, | ||
| DsaSignature * | signature, | ||
| IkeSignFormat | format | ||
| ) |
DSA signature parsing.
- Parameters
-
[in] data Pointer to the encoded signature [in] length Length of the encoded signature, in bytes [out] signature (R, S) integer pair [in] format Signature format (raw or ASN.1)
- Returns
- Error code
Definition at line 157 of file ike_sign_misc.c.
◆ ikeParseEcdsaSignature()
| error_t ikeParseEcdsaSignature | ( | const EcCurve * | curve, |
| const uint8_t * | data, | ||
| size_t | length, | ||
| EcdsaSignature * | signature, | ||
| IkeSignFormat | format | ||
| ) |
ECDSA signature parsing.
- Parameters
-
[in] curve Elliptic curve parameters [in] data Pointer to the encoded signature [in] length Length of the encoded signature, in bytes [out] signature (R, S) integer pair [in] format Signature format (raw or ASN.1)
- Returns
- Error code
Definition at line 217 of file ike_sign_misc.c.
◆ ikeSelectSignAlgo()
| error_t ikeSelectSignAlgo | ( | const X509SignAlgoId * | signAlgoId, |
| IkeSignAlgo * | signAlgo, | ||
| const HashAlgo ** | hashAlgo | ||
| ) |
Select the signature and hash algorithms that match the specified identifier.
- Parameters
-
[in] signAlgoId Signature algorithm identifier [out] signAlgo Signature algorithm [out] hashAlgo Hash algorithm
- Returns
- Error code
Definition at line 501 of file ike_sign_misc.c.
◆ ikeSelectSignAlgoId()
| error_t ikeSelectSignAlgoId | ( | IkeCertType | certType, |
| const HashAlgo * | hashAlgo, | ||
| X509SignAlgoId * | signAlgoId | ||
| ) |
Select the algorithm identifier that matches the specified certificate type and hash algorithms.
- Parameters
-
[in] certType Certificate type [in] hashAlgo Hash algorithm [out] signAlgoId Signature algorithm identifier
- Returns
- Error code
Definition at line 262 of file ike_sign_misc.c.
◆ ikeSelectSignHashAlgo()
| const HashAlgo* ikeSelectSignHashAlgo | ( | IkeSaEntry * | sa, |
| uint16_t | preferredHashAlgoId | ||
| ) |
Select the hash algorithm to be used for signing.
- Parameters
-
[in] sa Pointer to the IKE SA [in] preferredHashAlgoId Preferred hash algorithm (provided as a hint)
- Returns
- Signature hash algorithm
Definition at line 714 of file ike_sign_misc.c.