x509_sign_verify.c
Go to the documentation of this file.
1 /**
2  * @file x509_sign_verify.c
3  * @brief RSA/DSA/ECDSA/EdDSA signature verification
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2026 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.6.4
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/x509_key_parse.h"
37 #include "pkix/x509_sign_verify.h"
38 #include "encoding/oid.h"
39 #include "debug.h"
40 
41 //Check crypto library configuration
42 #if (X509_SUPPORT == ENABLED)
43 
44 //Signature generation/verification callback functions
45 #if (X509_SIGN_CALLBACK_SUPPORT == ENABLED)
46  static X509SignVerifyCallback x509SignVerifyCallback = NULL;
47 #endif
48 
49 
50 /**
51  * @brief Register signature verification callback function
52  * @param[in] callback Signature verification callback function
53  * @return Error code
54  **/
55 
56 error_t x509RegisterSignVerifyCallback(X509SignVerifyCallback callback)
57 {
58 #if (X509_SIGN_CALLBACK_SUPPORT == ENABLED)
59  //Save callback function
60  x509SignVerifyCallback = callback;
61  //Successful processing
62  return NO_ERROR;
63 #else
64  //Not implemented
65  return ERROR_NOT_IMPLEMENTED;
66 #endif
67 }
68 
69 
70 /**
71  * @brief Signature verification
72  * @param[in] tbsData Data whose signature is to be verified
73  * @param[in] signAlgoId Signature algorithm identifier
74  * @param[in] publicKeyInfo Issuer's public key
75  * @param[in] signature Signature to be verified
76  * @return Error code
77  **/
78 
79 error_t x509VerifySignature(const X509OctetString *tbsData,
80  const X509SignAlgoId *signAlgoId,
81  const X509SubjectPublicKeyInfo *publicKeyInfo,
82  const X509OctetString *signature)
83 {
84  error_t error;
85  X509SignatureAlgo signAlgo;
86  const HashAlgo *hashAlgo;
87 
88 #if (X509_SIGN_CALLBACK_SUPPORT == ENABLED)
89  //Valid signature verification callback function?
90  if(x509SignVerifyCallback != NULL)
91  {
92  //Invoke user-defined callback
93  error = x509SignVerifyCallback(tbsData, signAlgoId, publicKeyInfo,
94  signature);
95  }
96  else
97 #endif
98  {
99  //No callback function registered
100  error = ERROR_UNSUPPORTED_SIGNATURE_ALGO;
101  }
102 
103  //Check status code
104  if(error == ERROR_UNSUPPORTED_SIGNATURE_ALGO)
105  {
106  //Retrieve the signature algorithm that was used to sign the certificate
107  error = x509GetSignHashAlgo(signAlgoId, &signAlgo, &hashAlgo);
108 
109  //Check status code
110  if(!error)
111  {
112 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
113  //RSA signature algorithm?
114  if(signAlgo == X509_SIGN_ALGO_RSA)
115  {
116  //Verify RSA signature (RSASSA-PKCS1-v1_5 signature scheme)
117  error = x509VerifyRsaSignature(tbsData, hashAlgo, publicKeyInfo,
118  signature);
119  }
120  else
121 #endif
122 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
123  //RSA-PSS signature algorithm?
124  if(signAlgo == X509_SIGN_ALGO_RSA_PSS)
125  {
126  //Verify RSA signature (RSASSA-PSS signature scheme)
127  error = x509VerifyRsaPssSignature(tbsData, hashAlgo,
128  signAlgoId->rsaPssParams.saltLen, publicKeyInfo, signature);
129  }
130  else
131 #endif
132 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
133  //DSA signature algorithm?
134  if(signAlgo == X509_SIGN_ALGO_DSA)
135  {
136  //Verify DSA signature
137  error = x509VerifyDsaSignature(tbsData, hashAlgo, publicKeyInfo,
138  signature);
139  }
140  else
141 #endif
142 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
143  //ECDSA signature algorithm?
144  if(signAlgo == X509_SIGN_ALGO_ECDSA)
145  {
146  //Verify ECDSA signature
147  error = x509VerifyEcdsaSignature(tbsData, hashAlgo, publicKeyInfo,
148  signature);
149  }
150  else
151 #endif
152 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED)
153  //SM2 signature algorithm?
154  if(signAlgo == X509_SIGN_ALGO_SM2)
155  {
156  //Verify SM2 signature
157  error = x509VerifySm2Signature(tbsData, hashAlgo, publicKeyInfo,
158  signature);
159  }
160  else
161 #endif
162 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
163  //Ed25519 signature algorithm?
164  if(signAlgo == X509_SIGN_ALGO_ED25519)
165  {
166  //Verify Ed25519 signature (PureEdDSA mode)
167  error = x509VerifyEd25519Signature(tbsData, publicKeyInfo,
168  signature);
169  }
170  else
171 #endif
172 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
173  //Ed448 signature algorithm?
174  if(signAlgo == X509_SIGN_ALGO_ED448)
175  {
176  //Verify Ed448 signature (PureEdDSA mode)
177  error = x509VerifyEd448Signature(tbsData, publicKeyInfo,
178  signature);
179  }
180  else
181 #endif
182 #if (X509_MLDSA44_SUPPORT == ENABLED && MLDSA44_SUPPORT == ENABLED)
183  //ML-DSA-44 signature algorithm?
184  if(signAlgo == X509_SIGN_ALGO_MLDSA44)
185  {
186  //Verify ML-DSA-44 signature
187  error = x509VerifyMldsa44Signature(tbsData, publicKeyInfo,
188  signature);
189  }
190  else
191 #endif
192 #if (X509_MLDSA65_SUPPORT == ENABLED && MLDSA65_SUPPORT == ENABLED)
193  //ML-DSA-65 signature algorithm?
194  if(signAlgo == X509_SIGN_ALGO_MLDSA65)
195  {
196  //Verify ML-DSA-65 signature
197  error = x509VerifyMldsa65Signature(tbsData, publicKeyInfo,
198  signature);
199  }
200  else
201 #endif
202 #if (X509_MLDSA87_SUPPORT == ENABLED && MLDSA87_SUPPORT == ENABLED)
203  //ML-DSA-87 signature algorithm?
204  if(signAlgo == X509_SIGN_ALGO_MLDSA87)
205  {
206  //Verify ML-DSA-87 signature
207  error = x509VerifyMldsa87Signature(tbsData, publicKeyInfo,
208  signature);
209  }
210  else
211 #endif
212  //Invalid signature algorithm?
213  {
214  //Report an error
215  error = ERROR_UNSUPPORTED_SIGNATURE_ALGO;
216  }
217  }
218  }
219 
220  //Return status code
221  return error;
222 }
223 
224 
225 /**
226  * @brief RSA signature verification
227  * @param[in] tbsData Data whose signature is to be verified
228  * @param[in] hashAlgo Underlying hash function
229  * @param[in] publicKeyInfo Issuer's public key
230  * @param[in] signature Signature to be verified
231  * @return Error code
232  **/
233 
234 error_t x509VerifyRsaSignature(const X509OctetString *tbsData,
235  const HashAlgo *hashAlgo, const X509SubjectPublicKeyInfo *publicKeyInfo,
236  const X509OctetString *signature)
237 {
238 #if (X509_RSA_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
239  error_t error;
240  uint_t k;
241  RsaPublicKey rsaPublicKey;
242  uint8_t digest[MAX_HASH_DIGEST_SIZE];
243 
244  //Initialize RSA public key
245  rsaInitPublicKey(&rsaPublicKey);
246 
247  //Check algorithm identifier
248  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
249  RSA_ENCRYPTION_OID) == 0)
250  {
251  //Digest the TBSCertificate structure using the specified hash algorithm
252  error = hashAlgo->compute(tbsData->value, tbsData->length, digest);
253 
254  //Check status code
255  if(!error)
256  {
257  //Import the RSA public key
258  error = x509ImportRsaPublicKey(&rsaPublicKey, publicKeyInfo);
259  }
260 
261  //Check status code
262  if(!error)
263  {
264  //Get the length of the modulus, in bits
265  k = mpiGetBitLength(&rsaPublicKey.n);
266 
267  //Make sure the modulus is acceptable
268  if(k < X509_MIN_RSA_MODULUS_SIZE || k > X509_MAX_RSA_MODULUS_SIZE)
269  {
270  //Report an error
271  error = ERROR_INVALID_KEY;
272  }
273  }
274 
275  //Check status code
276  if(!error)
277  {
278  //Verify RSA signature (RSASSA-PKCS1-v1_5 signature scheme)
279  error = rsassaPkcs1v15Verify(&rsaPublicKey, hashAlgo, digest,
280  signature->value, signature->length);
281  }
282  }
283  else
284  {
285  //Invalid algorithm identifier
286  error = ERROR_WRONG_IDENTIFIER;
287  }
288 
289  //Release previously allocated resources
290  rsaFreePublicKey(&rsaPublicKey);
291 
292  //Return status code
293  return error;
294 #else
295  //Not implemented
296  return ERROR_NOT_IMPLEMENTED;
297 #endif
298 }
299 
300 
301 /**
302  * @brief RSA-PSS signature verification
303  * @param[in] tbsData Data whose signature is to be verified
304  * @param[in] hashAlgo Underlying hash function
305  * @param[in] saltLen Length of the salt, in bytes
306  * @param[in] publicKeyInfo Issuer's public key
307  * @param[in] signature Signature to be verified
308  * @return Error code
309  **/
310 
311 error_t x509VerifyRsaPssSignature(const X509OctetString *tbsData,
312  const HashAlgo *hashAlgo, size_t saltLen,
313  const X509SubjectPublicKeyInfo *publicKeyInfo,
314  const X509OctetString *signature)
315 {
316 #if (X509_RSA_PSS_SUPPORT == ENABLED && RSA_SUPPORT == ENABLED)
317  error_t error;
318  uint_t k;
319  RsaPublicKey rsaPublicKey;
320  uint8_t digest[MAX_HASH_DIGEST_SIZE];
321 
322  //Initialize RSA public key
323  rsaInitPublicKey(&rsaPublicKey);
324 
325  //Check algorithm identifier
326  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
327  RSASSA_PSS_OID) == 0)
328  {
329  //Digest the TBSCertificate structure using the specified hash algorithm
330  error = hashAlgo->compute(tbsData->value, tbsData->length, digest);
331 
332  //Check status code
333  if(!error)
334  {
335  //Import the RSA public key
336  error = x509ImportRsaPublicKey(&rsaPublicKey, publicKeyInfo);
337  }
338 
339  //Check status code
340  if(!error)
341  {
342  //Get the length of the modulus, in bits
343  k = mpiGetBitLength(&rsaPublicKey.n);
344 
345  //Make sure the modulus is acceptable
346  if(k < X509_MIN_RSA_MODULUS_SIZE || k > X509_MAX_RSA_MODULUS_SIZE)
347  {
348  //Report an error
349  error = ERROR_INVALID_KEY;
350  }
351  }
352 
353  //Check status code
354  if(!error)
355  {
356  //Verify RSA signature (RSASSA-PSS signature scheme)
357  error = rsassaPssVerify(&rsaPublicKey, hashAlgo, saltLen, digest,
358  signature->value, signature->length);
359  }
360  }
361  else
362  {
363  //Invalid algorithm identifier
364  error = ERROR_WRONG_IDENTIFIER;
365  }
366 
367  //Release previously allocated resources
368  rsaFreePublicKey(&rsaPublicKey);
369 
370  //Return status code
371  return error;
372 #else
373  //Not implemented
374  return ERROR_NOT_IMPLEMENTED;
375 #endif
376 }
377 
378 
379 /**
380  * @brief DSA signature verification
381  * @param[in] tbsData Data whose signature is to be verified
382  * @param[in] hashAlgo Underlying hash function
383  * @param[in] publicKeyInfo Issuer's public key
384  * @param[in] signature Signature to be verified
385  * @return Error code
386  **/
387 
388 error_t x509VerifyDsaSignature(const X509OctetString *tbsData,
389  const HashAlgo *hashAlgo, const X509SubjectPublicKeyInfo *publicKeyInfo,
390  const X509OctetString *signature)
391 {
392 #if (X509_DSA_SUPPORT == ENABLED && DSA_SUPPORT == ENABLED)
393  error_t error;
394  uint_t k;
395  DsaPublicKey dsaPublicKey;
396  DsaSignature dsaSignature;
397  uint8_t digest[MAX_HASH_DIGEST_SIZE];
398 
399  //Initialize DSA public key
400  dsaInitPublicKey(&dsaPublicKey);
401  //Initialize DSA signature
402  dsaInitSignature(&dsaSignature);
403 
404  //Check algorithm identifier
405  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
406  DSA_OID) == 0)
407  {
408  //Digest the TBSCertificate structure using the specified hash algorithm
409  error = hashAlgo->compute(tbsData->value, tbsData->length, digest);
410 
411  //Check status code
412  if(!error)
413  {
414  //Import the DSA public key
415  error = x509ImportDsaPublicKey(&dsaPublicKey, publicKeyInfo);
416  }
417 
418  //Check status code
419  if(!error)
420  {
421  //Get the length of the prime modulus, in bits
422  k = mpiGetBitLength(&dsaPublicKey.params.p);
423 
424  //Make sure the prime modulus is acceptable
425  if(k < X509_MIN_DSA_MODULUS_SIZE || k > X509_MAX_DSA_MODULUS_SIZE)
426  {
427  //Report an error
428  error = ERROR_INVALID_KEY;
429  }
430  }
431 
432  //Check status code
433  if(!error)
434  {
435  //Read the ASN.1 encoded signature
436  error = dsaImportSignature(&dsaSignature, signature->value,
437  signature->length);
438  }
439 
440  //Check status code
441  if(!error)
442  {
443  //Verify DSA signature
444  error = dsaVerifySignature(&dsaPublicKey, digest, hashAlgo->digestSize,
445  &dsaSignature);
446  }
447  }
448  else
449  {
450  //Invalid algorithm identifier
451  error = ERROR_WRONG_IDENTIFIER;
452  }
453 
454  //Release previously allocated resources
455  dsaFreePublicKey(&dsaPublicKey);
456  dsaFreeSignature(&dsaSignature);
457 
458  //Return status code
459  return error;
460 #else
461  //Not implemented
462  return ERROR_NOT_IMPLEMENTED;
463 #endif
464 }
465 
466 
467 /**
468  * @brief ECDSA signature verification
469  * @param[in] tbsData Data whose signature is to be verified
470  * @param[in] hashAlgo Underlying hash function
471  * @param[in] publicKeyInfo Issuer's public key
472  * @param[in] signature Signature to be verified
473  * @return Error code
474  **/
475 
476 error_t x509VerifyEcdsaSignature(const X509OctetString *tbsData,
477  const HashAlgo *hashAlgo, const X509SubjectPublicKeyInfo *publicKeyInfo,
478  const X509OctetString *signature)
479 {
480 #if (X509_ECDSA_SUPPORT == ENABLED && ECDSA_SUPPORT == ENABLED)
481  error_t error;
482  const EcCurve *curve;
483  EcPublicKey ecPublicKey;
484  EcdsaSignature ecdsaSignature;
485  uint8_t digest[MAX_HASH_DIGEST_SIZE];
486 
487  //Initialize EC public key
488  ecInitPublicKey(&ecPublicKey);
489  //Initialize ECDSA signature
490  ecdsaInitSignature(&ecdsaSignature);
491 
492  //Check algorithm identifier
493  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
494  EC_PUBLIC_KEY_OID) == 0)
495  {
496  //Get the elliptic curve that matches the OID
497  curve = x509GetCurve(publicKeyInfo->ecParams.namedCurve.value,
498  publicKeyInfo->ecParams.namedCurve.length);
499 
500  //Make sure the specified elliptic curve is supported
501  if(curve != NULL)
502  {
503  //Digest the TBSCertificate structure using the specified hash algorithm
504  error = hashAlgo->compute(tbsData->value, tbsData->length, digest);
505 
506  //Check status code
507  if(!error)
508  {
509  //Import the EC public key
510  error = ecImportPublicKey(&ecPublicKey, curve,
511  publicKeyInfo->ecPublicKey.q.value,
512  publicKeyInfo->ecPublicKey.q.length, EC_PUBLIC_KEY_FORMAT_X963);
513  }
514 
515  //Check status code
516  if(!error)
517  {
518  //Read the ASN.1 encoded signature
519  error = ecdsaImportSignature(&ecdsaSignature, curve, signature->value,
520  signature->length, ECDSA_SIGNATURE_FORMAT_ASN1);
521  }
522 
523  //Check status code
524  if(!error)
525  {
526  //Verify ECDSA signature
527  error = ecdsaVerifySignature(&ecPublicKey, digest,
528  hashAlgo->digestSize, &ecdsaSignature);
529  }
530  }
531  else
532  {
533  //Invalid elliptic curve
534  error = ERROR_BAD_CERTIFICATE;
535  }
536  }
537  else
538  {
539  //Invalid algorithm identifier
540  error = ERROR_WRONG_IDENTIFIER;
541  }
542 
543  //Release previously allocated resources
544  ecFreePublicKey(&ecPublicKey);
545  ecdsaFreeSignature(&ecdsaSignature);
546 
547  //Return status code
548  return error;
549 #else
550  //Not implemented
551  return ERROR_NOT_IMPLEMENTED;
552 #endif
553 }
554 
555 
556 /**
557  * @brief SM2 signature verification
558  * @param[in] tbsData Data whose signature is to be verified
559  * @param[in] hashAlgo Underlying hash function
560  * @param[in] publicKeyInfo Issuer's public key
561  * @param[in] signature Signature to be verified
562  * @return Error code
563  **/
564 
565 error_t x509VerifySm2Signature(const X509OctetString *tbsData,
566  const HashAlgo *hashAlgo, const X509SubjectPublicKeyInfo *publicKeyInfo,
567  const X509OctetString *signature)
568 {
569 #if (X509_SM2_SUPPORT == ENABLED && SM2_SUPPORT == ENABLED)
570  error_t error;
571  EcPublicKey ecPublicKey;
572  EcdsaSignature sm2Signature;
573 
574  //Initialize EC public key
575  ecInitPublicKey(&ecPublicKey);
576  //Initialize SM2 signature
577  ecdsaInitSignature(&sm2Signature);
578 
579  //Check algorithm identifier
580  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
581  EC_PUBLIC_KEY_OID) == 0)
582  {
583  //SM2 elliptic curve?
584  if(OID_COMP(publicKeyInfo->ecParams.namedCurve.value,
585  publicKeyInfo->ecParams.namedCurve.length, SM2_OID) == 0)
586  {
587  //Import the EC public key
588  error = ecImportPublicKey(&ecPublicKey, SM2_CURVE,
589  publicKeyInfo->ecPublicKey.q.value,
590  publicKeyInfo->ecPublicKey.q.length, EC_PUBLIC_KEY_FORMAT_X963);
591 
592  //Check status code
593  if(!error)
594  {
595  //Read the ASN.1 encoded signature
596  error = ecdsaImportSignature(&sm2Signature, SM2_CURVE, signature->value,
597  signature->length, ECDSA_SIGNATURE_FORMAT_ASN1);
598  }
599 
600  //Check status code
601  if(!error)
602  {
603  //Verify SM2 signature
604  error = sm2VerifySignature(&ecPublicKey, hashAlgo, SM2_DEFAULT_ID,
605  osStrlen(SM2_DEFAULT_ID), tbsData->value, tbsData->length,
606  &sm2Signature);
607  }
608  }
609  else
610  {
611  //Invalid elliptic curve
612  error = ERROR_BAD_CERTIFICATE;
613  }
614  }
615  else
616  {
617  //Invalid algorithm identifier
618  error = ERROR_WRONG_IDENTIFIER;
619  }
620 
621  //Release previously allocated resources
622  ecFreePublicKey(&ecPublicKey);
623  ecdsaFreeSignature(&sm2Signature);
624 
625  //Return status code
626  return error;
627 #else
628  //Not implemented
629  return ERROR_NOT_IMPLEMENTED;
630 #endif
631 }
632 
633 
634 /**
635  * @brief Ed25519 signature verification
636  * @param[in] tbsData Data whose signature is to be verified
637  * @param[in] publicKeyInfo Issuer's public key
638  * @param[in] signature Signature to be verified
639  * @return Error code
640  **/
641 
642 error_t x509VerifyEd25519Signature(const X509OctetString *tbsData,
643  const X509SubjectPublicKeyInfo *publicKeyInfo,
644  const X509OctetString *signature)
645 {
646 #if (X509_ED25519_SUPPORT == ENABLED && ED25519_SUPPORT == ENABLED)
647  error_t error;
648 
649  //Check algorithm identifier
650  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
651  ED25519_OID) == 0)
652  {
653  //Check the length of the public key
654  if(publicKeyInfo->ecPublicKey.q.length == ED25519_PUBLIC_KEY_LEN)
655  {
656  //Check the length of the EdDSA signature
657  if(signature->length == ED25519_SIGNATURE_LEN)
658  {
659  //Verify Ed25519 signature (PureEdDSA mode)
660  error = ed25519VerifySignature(publicKeyInfo->ecPublicKey.q.value,
661  tbsData->value, tbsData->length, NULL, 0, 0, signature->value);
662  }
663  else
664  {
665  //The length of the EdDSA signature is not valid
666  error = ERROR_INVALID_SIGNATURE;
667  }
668  }
669  else
670  {
671  //The length of the Ed25519 public key is not valid
672  error = ERROR_ILLEGAL_PARAMETER;
673  }
674  }
675  else
676  {
677  //Invalid algorithm identifier
678  error = ERROR_WRONG_IDENTIFIER;
679  }
680 
681  //Return status code
682  return error;
683 #else
684  //Not implemented
685  return ERROR_NOT_IMPLEMENTED;
686 #endif
687 }
688 
689 
690 /**
691  * @brief Ed448 signature verification
692  * @param[in] tbsData Data whose signature is to be verified
693  * @param[in] publicKeyInfo Issuer's public key
694  * @param[in] signature Signature to be verified
695  * @return Error code
696  **/
697 
698 error_t x509VerifyEd448Signature(const X509OctetString *tbsData,
699  const X509SubjectPublicKeyInfo *publicKeyInfo,
700  const X509OctetString *signature)
701 {
702 #if (X509_ED448_SUPPORT == ENABLED && ED448_SUPPORT == ENABLED)
703  error_t error;
704 
705  //Check algorithm identifier
706  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
707  ED448_OID) == 0)
708  {
709  //Check the length of the public key
710  if(publicKeyInfo->ecPublicKey.q.length == ED448_PUBLIC_KEY_LEN)
711  {
712  //Check the length of the EdDSA signature
713  if(signature->length == ED448_SIGNATURE_LEN)
714  {
715  //Verify Ed448 signature (PureEdDSA mode)
716  error = ed448VerifySignature(publicKeyInfo->ecPublicKey.q.value,
717  tbsData->value, tbsData->length, NULL, 0, 0, signature->value);
718  }
719  else
720  {
721  //The length of the EdDSA signature is not valid
722  error = ERROR_INVALID_SIGNATURE;
723  }
724  }
725  else
726  {
727  //The length of the Ed448 public key is not valid
728  error = ERROR_ILLEGAL_PARAMETER;
729  }
730  }
731  else
732  {
733  //Invalid algorithm identifier
734  error = ERROR_WRONG_IDENTIFIER;
735  }
736 
737  //Return status code
738  return error;
739 #else
740  //Not implemented
741  return ERROR_NOT_IMPLEMENTED;
742 #endif
743 }
744 
745 
746 /**
747  * @brief ML-DSA-44 signature verification
748  * @param[in] tbsData Data whose signature is to be verified
749  * @param[in] publicKeyInfo Issuer's public key
750  * @param[in] signature Signature to be verified
751  * @return Error code
752  **/
753 
754 error_t x509VerifyMldsa44Signature(const X509OctetString *tbsData,
755  const X509SubjectPublicKeyInfo *publicKeyInfo,
756  const X509OctetString *signature)
757 {
758 #if (X509_MLDSA44_SUPPORT == ENABLED && MLDSA44_SUPPORT == ENABLED)
759  error_t error;
760 
761  //Check algorithm identifier
762  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
763  MLDSA44_OID) == 0)
764  {
765  //Check the length of the public key
766  if(publicKeyInfo->mldsaPublicKey.pk.length == MLDSA44_PUBLIC_KEY_LEN)
767  {
768  //Check the length of the ML-DSA-44 signature
769  if(signature->length == MLDSA44_SIGNATURE_LEN)
770  {
771  //Verify ML-DSA-44 signature
772  error = mldsa44VerifySignature(publicKeyInfo->mldsaPublicKey.pk.value,
773  tbsData->value, tbsData->length, NULL, 0, signature->value);
774  }
775  else
776  {
777  //The length of the ML-DSA-44 signature is not valid
778  error = ERROR_INVALID_SIGNATURE;
779  }
780  }
781  else
782  {
783  //The length of the ML-DSA-44 public key is not valid
784  error = ERROR_ILLEGAL_PARAMETER;
785  }
786  }
787  else
788  {
789  //Invalid algorithm identifier
790  error = ERROR_WRONG_IDENTIFIER;
791  }
792 
793  //Return status code
794  return error;
795 #else
796  //Not implemented
797  return ERROR_NOT_IMPLEMENTED;
798 #endif
799 }
800 
801 
802 /**
803  * @brief ML-DSA-65 signature verification
804  * @param[in] tbsData Data whose signature is to be verified
805  * @param[in] publicKeyInfo Issuer's public key
806  * @param[in] signature Signature to be verified
807  * @return Error code
808  **/
809 
810 error_t x509VerifyMldsa65Signature(const X509OctetString *tbsData,
811  const X509SubjectPublicKeyInfo *publicKeyInfo,
812  const X509OctetString *signature)
813 {
814 #if (X509_MLDSA65_SUPPORT == ENABLED && MLDSA65_SUPPORT == ENABLED)
815  error_t error;
816 
817  //Check algorithm identifier
818  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
819  MLDSA65_OID) == 0)
820  {
821  //Check the length of the public key
822  if(publicKeyInfo->mldsaPublicKey.pk.length == MLDSA65_PUBLIC_KEY_LEN)
823  {
824  //Check the length of the ML-DSA-65 signature
825  if(signature->length == MLDSA65_SIGNATURE_LEN)
826  {
827  //Verify ML-DSA-65 signature
828  error = mldsa65VerifySignature(publicKeyInfo->mldsaPublicKey.pk.value,
829  tbsData->value, tbsData->length, NULL, 0, signature->value);
830  }
831  else
832  {
833  //The length of the ML-DSA-65 signature is not valid
834  error = ERROR_INVALID_SIGNATURE;
835  }
836  }
837  else
838  {
839  //The length of the ML-DSA-65 public key is not valid
840  error = ERROR_ILLEGAL_PARAMETER;
841  }
842  }
843  else
844  {
845  //Invalid algorithm identifier
846  error = ERROR_WRONG_IDENTIFIER;
847  }
848 
849  //Return status code
850  return error;
851 #else
852  //Not implemented
853  return ERROR_NOT_IMPLEMENTED;
854 #endif
855 }
856 
857 
858 /**
859  * @brief ML-DSA-87 signature verification
860  * @param[in] tbsData Data whose signature is to be verified
861  * @param[in] publicKeyInfo Issuer's public key
862  * @param[in] signature Signature to be verified
863  * @return Error code
864  **/
865 
866 error_t x509VerifyMldsa87Signature(const X509OctetString *tbsData,
867  const X509SubjectPublicKeyInfo *publicKeyInfo,
868  const X509OctetString *signature)
869 {
870 #if (X509_MLDSA87_SUPPORT == ENABLED && MLDSA87_SUPPORT == ENABLED)
871  error_t error;
872 
873  //Check algorithm identifier
874  if(OID_COMP(publicKeyInfo->oid.value, publicKeyInfo->oid.length,
875  MLDSA87_OID) == 0)
876  {
877  //Check the length of the public key
878  if(publicKeyInfo->mldsaPublicKey.pk.length == MLDSA87_PUBLIC_KEY_LEN)
879  {
880  //Check the length of the ML-DSA-87 signature
881  if(signature->length == MLDSA87_SIGNATURE_LEN)
882  {
883  //Verify ML-DSA-87 signature
884  error = mldsa87VerifySignature(publicKeyInfo->mldsaPublicKey.pk.value,
885  tbsData->value, tbsData->length, NULL, 0, signature->value);
886  }
887  else
888  {
889  //The length of the ML-DSA-87 signature is not valid
890  error = ERROR_INVALID_SIGNATURE;
891  }
892  }
893  else
894  {
895  //The length of the ML-DSA-87 public key is not valid
896  error = ERROR_ILLEGAL_PARAMETER;
897  }
898  }
899  else
900  {
901  //Invalid algorithm identifier
902  error = ERROR_WRONG_IDENTIFIER;
903  }
904 
905  //Return status code
906  return error;
907 #else
908  //Not implemented
909  return ERROR_NOT_IMPLEMENTED;
910 #endif
911 }
912 
913 
914 #endif
ecdsaImportSignature
error_t ecdsaImportSignature(EcdsaSignature *signature, const EcCurve *curve, const uint8_t *input, size_t length, EcdsaSignatureFormat format)
Import an ECDSA signature.
Definition: ecdsa.c:107
MLDSA44_OID
const uint8_t MLDSA44_OID[9]
Definition: mldsa.c:47
EcdsaSignature
ECDSA signature.
Definition: ecdsa.h:63
mldsa87VerifySignature
error_t mldsa87VerifySignature(const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, const uint8_t *signature)
ML-DSA-87 signature verification.
Definition: mldsa.c:698
dsaImportSignature
error_t dsaImportSignature(DsaSignature *signature, const uint8_t *input, size_t length)
Import an ASN.1 encoded DSA signature.
Definition: dsa.c:197
rsaFreePublicKey
void rsaFreePublicKey(RsaPublicKey *key)
Release an RSA public key.
Definition: rsa.c:113
MLDSA65_SIGNATURE_LEN
#define MLDSA65_SIGNATURE_LEN
Definition: mldsa.h:58
X509_SIGN_ALGO_MLDSA65
@ X509_SIGN_ALGO_MLDSA65
Definition: x509_common.h:689
x509VerifyRsaPssSignature
error_t x509VerifyRsaPssSignature(const X509OctetString *tbsData, const HashAlgo *hashAlgo, size_t saltLen, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
RSA-PSS signature verification.
Definition: x509_sign_verify.c:311
sm2VerifySignature
error_t sm2VerifySignature(const EcPublicKey *publicKey, const HashAlgo *hashAlgo, const char_t *id, size_t idLen, const void *message, size_t messageLen, const EcdsaSignature *signature)
SM2 signature verification.
Definition: sm2.c:274
MLDSA65_OID
const uint8_t MLDSA65_OID[9]
Definition: mldsa.c:49
ERROR_NOT_IMPLEMENTED
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
ERROR_ILLEGAL_PARAMETER
@ ERROR_ILLEGAL_PARAMETER
Definition: error.h:244
ED25519_PUBLIC_KEY_LEN
#define ED25519_PUBLIC_KEY_LEN
Definition: ed25519.h:42
oid.h
OID (Object Identifier)
X509SubjectPublicKeyInfo::oid
X509OctetString oid
Definition: x509_common.h:880
ED448_PUBLIC_KEY_LEN
#define ED448_PUBLIC_KEY_LEN
Definition: ed448.h:42
HashAlgo::digestSize
size_t digestSize
Definition: crypto.h:1171
EC_PUBLIC_KEY_OID
const uint8_t EC_PUBLIC_KEY_OID[7]
Definition: ec.c:44
ecImportPublicKey
error_t ecImportPublicKey(EcPublicKey *key, const EcCurve *curve, const uint8_t *input, size_t length, EcPublicKeyFormat format)
Import an EC public key.
Definition: ec.c:263
X509SubjectPublicKeyInfo::ecParams
X509EcParameters ecParams
Definition: x509_common.h:891
ed448VerifySignature
error_t ed448VerifySignature(const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
EdDSA signature verification.
Definition: ed448.c:404
ED448_SIGNATURE_LEN
#define ED448_SIGNATURE_LEN
Definition: ed448.h:44
rsassaPssVerify
error_t rsassaPssVerify(const RsaPublicKey *key, const HashAlgo *hash, size_t saltLen, const uint8_t *digest, const uint8_t *signature, size_t signatureLen)
RSASSA-PSS signature verification operation.
Definition: mimxrt1180_crypto_pkc.c:1032
EC_PUBLIC_KEY_FORMAT_X963
@ EC_PUBLIC_KEY_FORMAT_X963
Definition: ec.h:386
ED25519_SIGNATURE_LEN
#define ED25519_SIGNATURE_LEN
Definition: ed25519.h:44
x509VerifyEd25519Signature
error_t x509VerifyEd25519Signature(const X509OctetString *tbsData, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
Ed25519 signature verification.
Definition: x509_sign_verify.c:642
DsaDomainParameters::p
Mpi p
Prime modulus.
Definition: dsa.h:50
osStrlen
#define osStrlen(s)
Definition: os_port.h:171
RSASSA_PSS_OID
const uint8_t RSASSA_PSS_OID[9]
Definition: rsa.c:85
x509ImportDsaPublicKey
error_t x509ImportDsaPublicKey(DsaPublicKey *publicKey, const X509SubjectPublicKeyInfo *publicKeyInfo)
Import a DSA public key.
Definition: x509_key_parse.c:730
mldsa65VerifySignature
error_t mldsa65VerifySignature(const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, const uint8_t *signature)
ML-DSA-65 signature verification.
Definition: mldsa.c:667
x509VerifySignature
error_t x509VerifySignature(const X509OctetString *tbsData, const X509SignAlgoId *signAlgoId, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
Signature verification.
Definition: x509_sign_verify.c:79
RsaPublicKey::n
Mpi n
Modulus.
Definition: rsa.h:58
X509_SIGN_ALGO_MLDSA44
@ X509_SIGN_ALGO_MLDSA44
Definition: x509_common.h:688
DSA_OID
const uint8_t DSA_OID[7]
Definition: dsa.c:51
ecdsaFreeSignature
void ecdsaFreeSignature(EcdsaSignature *signature)
Release an ECDSA signature.
Definition: ecdsa.c:90
MAX_HASH_DIGEST_SIZE
#define MAX_HASH_DIGEST_SIZE
Definition: hash_algorithms.h:238
X509SignatureAlgo
X509SignatureAlgo
Signature algorithms.
Definition: x509_common.h:679
DsaPublicKey
DSA public key.
Definition: dsa.h:61
x509VerifyEcdsaSignature
error_t x509VerifyEcdsaSignature(const X509OctetString *tbsData, const HashAlgo *hashAlgo, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
ECDSA signature verification.
Definition: x509_sign_verify.c:476
x509GetCurve
const EcCurve * x509GetCurve(const uint8_t *oid, size_t length)
Get the elliptic curve that matches the specified OID.
Definition: x509_common.c:989
error_t
error_t
Error codes.
Definition: error.h:43
dsaInitSignature
void dsaInitSignature(DsaSignature *signature)
Initialize a DSA signature.
Definition: dsa.c:168
rsassaPkcs1v15Verify
error_t rsassaPkcs1v15Verify(const RsaPublicKey *key, const HashAlgo *hash, const uint8_t *digest, const uint8_t *signature, size_t signatureLen)
RSASSA-PKCS1-v1_5 signature verification operation.
Definition: mimxrt1180_crypto_pkc.c:793
ecInitPublicKey
void ecInitPublicKey(EcPublicKey *key)
Initialize an EC public key.
Definition: ec.c:52
HashAlgo::compute
HashAlgoCompute compute
Definition: crypto.h:1174
X509_SIGN_ALGO_ECDSA
@ X509_SIGN_ALGO_ECDSA
Definition: x509_common.h:684
RsaPublicKey
RSA public key.
Definition: rsa.h:57
ecdsaInitSignature
void ecdsaInitSignature(EcdsaSignature *signature)
Initialize an ECDSA signature.
Definition: ecdsa.c:74
X509SubjectPublicKeyInfo::mldsaPublicKey
X509MldsaPublicKey mldsaPublicKey
Definition: x509_common.h:896
MLDSA44_SIGNATURE_LEN
#define MLDSA44_SIGNATURE_LEN
Definition: mldsa.h:47
X509_MAX_DSA_MODULUS_SIZE
#define X509_MAX_DSA_MODULUS_SIZE
Definition: x509_common.h:430
x509VerifyEd448Signature
error_t x509VerifyEd448Signature(const X509OctetString *tbsData, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
Ed448 signature verification.
Definition: x509_sign_verify.c:698
crypto.h
General definitions for cryptographic algorithms.
x509GetSignHashAlgo
error_t x509GetSignHashAlgo(const X509SignAlgoId *signAlgoId, X509SignatureAlgo *signAlgo, const HashAlgo **hashAlgo)
Get the signature and hash algorithms that match the specified identifier.
Definition: x509_common.c:433
ERROR_BAD_CERTIFICATE
@ ERROR_BAD_CERTIFICATE
Definition: error.h:236
DsaPublicKey::params
DsaDomainParameters params
DSA domain parameters.
Definition: dsa.h:62
MLDSA44_PUBLIC_KEY_LEN
#define MLDSA44_PUBLIC_KEY_LEN
Definition: mldsa.h:45
SM2_CURVE
#define SM2_CURVE
Definition: ec_curves.h:69
X509_SIGN_ALGO_MLDSA87
@ X509_SIGN_ALGO_MLDSA87
Definition: x509_common.h:690
x509VerifyRsaSignature
error_t x509VerifyRsaSignature(const X509OctetString *tbsData, const HashAlgo *hashAlgo, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
RSA signature verification.
Definition: x509_sign_verify.c:234
X509SignVerifyCallback
error_t(* X509SignVerifyCallback)(const X509OctetString *tbsData, const X509SignAlgoId *signAlgoId, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
Signature verification callback function.
Definition: x509_sign_verify.h:48
x509VerifyMldsa44Signature
error_t x509VerifyMldsa44Signature(const X509OctetString *tbsData, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
ML-DSA-44 signature verification.
Definition: x509_sign_verify.c:754
X509_SIGN_ALGO_RSA
@ X509_SIGN_ALGO_RSA
Definition: x509_common.h:681
x509VerifyMldsa65Signature
error_t x509VerifyMldsa65Signature(const X509OctetString *tbsData, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
ML-DSA-65 signature verification.
Definition: x509_sign_verify.c:810
X509EcParameters::namedCurve
X509OctetString namedCurve
Definition: x509_common.h:849
ED448_OID
const uint8_t ED448_OID[3]
Definition: ec_curves.c:114
mpiGetBitLength
uint_t mpiGetBitLength(const Mpi *a)
Get the actual length in bits.
Definition: mpi.c:255
ED25519_OID
const uint8_t ED25519_OID[3]
Definition: ec_curves.c:112
RSA_ENCRYPTION_OID
const uint8_t RSA_ENCRYPTION_OID[9]
Definition: rsa.c:54
EcPublicKey
EC public key.
Definition: ec.h:421
dsaVerifySignature
error_t dsaVerifySignature(const DsaPublicKey *key, const uint8_t *digest, size_t digestLen, const DsaSignature *signature)
DSA signature verification.
Definition: dsa.c:571
ECDSA_SIGNATURE_FORMAT_ASN1
@ ECDSA_SIGNATURE_FORMAT_ASN1
Definition: ecdsa.h:51
X509EcPublicKey::q
X509OctetString q
Definition: x509_common.h:859
X509_SIGN_ALGO_RSA_PSS
@ X509_SIGN_ALGO_RSA_PSS
Definition: x509_common.h:682
x509RegisterSignVerifyCallback
error_t x509RegisterSignVerifyCallback(X509SignVerifyCallback callback)
Register signature verification callback function.
Definition: x509_sign_verify.c:56
x509_sign_verify.h
RSA/DSA/ECDSA/EdDSA signature verification.
OID_COMP
#define OID_COMP(oid1, oidLen1, oid2)
Definition: oid.h:42
x509VerifySm2Signature
error_t x509VerifySm2Signature(const X509OctetString *tbsData, const HashAlgo *hashAlgo, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
SM2 signature verification.
Definition: x509_sign_verify.c:565
x509ImportRsaPublicKey
error_t x509ImportRsaPublicKey(RsaPublicKey *publicKey, const X509SubjectPublicKeyInfo *publicKeyInfo)
Import an RSA public key.
Definition: x509_key_parse.c:660
x509VerifyMldsa87Signature
error_t x509VerifyMldsa87Signature(const X509OctetString *tbsData, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
ML-DSA-87 signature verification.
Definition: x509_sign_verify.c:866
X509SubjectPublicKeyInfo
Subject Public Key Information extension.
Definition: x509_common.h:878
ecdsaVerifySignature
__weak_func error_t ecdsaVerifySignature(const EcPublicKey *publicKey, const uint8_t *digest, size_t digestLen, const EcdsaSignature *signature)
ECDSA signature verification.
Definition: ecdsa.c:951
dsaFreeSignature
void dsaFreeSignature(DsaSignature *signature)
Release a DSA signature.
Definition: dsa.c:181
ed25519VerifySignature
__weak_func error_t ed25519VerifySignature(const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, uint8_t flag, const uint8_t *signature)
EdDSA signature verification.
Definition: ed25519.c:427
MLDSA65_PUBLIC_KEY_LEN
#define MLDSA65_PUBLIC_KEY_LEN
Definition: mldsa.h:56
ERROR_WRONG_IDENTIFIER
@ ERROR_WRONG_IDENTIFIER
Definition: error.h:89
X509_MAX_RSA_MODULUS_SIZE
#define X509_MAX_RSA_MODULUS_SIZE
Definition: x509_common.h:416
X509OctetString::value
const uint8_t * value
Definition: x509_common.h:732
HashAlgo
Common interface for hash algorithms.
Definition: crypto.h:1165
mldsa44VerifySignature
error_t mldsa44VerifySignature(const uint8_t *publicKey, const void *message, size_t messageLen, const void *context, uint8_t contextLen, const uint8_t *signature)
ML-DSA-44 signature verification.
Definition: mldsa.c:636
DsaSignature
DSA signature.
Definition: dsa.h:85
EcCurve
#define EcCurve
Definition: ec.h:346
x509_key_parse.h
Parsing of ASN.1 encoded keys.
ERROR_UNSUPPORTED_SIGNATURE_ALGO
@ ERROR_UNSUPPORTED_SIGNATURE_ALGO
Definition: error.h:132
X509_SIGN_ALGO_SM2
@ X509_SIGN_ALGO_SM2
Definition: x509_common.h:685
X509OctetString
Octet string.
Definition: x509_common.h:731
SM2_DEFAULT_ID
#define SM2_DEFAULT_ID
Definition: sm2.h:40
X509_SIGN_ALGO_ED25519
@ X509_SIGN_ALGO_ED25519
Definition: x509_common.h:686
x509VerifyDsaSignature
error_t x509VerifyDsaSignature(const X509OctetString *tbsData, const HashAlgo *hashAlgo, const X509SubjectPublicKeyInfo *publicKeyInfo, const X509OctetString *signature)
DSA signature verification.
Definition: x509_sign_verify.c:388
uint_t
unsigned int uint_t
Definition: compiler_port.h:57
MLDSA87_OID
const uint8_t MLDSA87_OID[9]
Definition: mldsa.c:51
X509SubjectPublicKeyInfo::ecPublicKey
X509EcPublicKey ecPublicKey
Definition: x509_common.h:892
ERROR_INVALID_SIGNATURE
@ ERROR_INVALID_SIGNATURE
Definition: error.h:228
X509SignAlgoId::rsaPssParams
X509RsaPssParameters rsaPssParams
Definition: x509_common.h:1136
dsaFreePublicKey
void dsaFreePublicKey(DsaPublicKey *key)
Release a DSA public key.
Definition: dsa.c:119
MLDSA87_PUBLIC_KEY_LEN
#define MLDSA87_PUBLIC_KEY_LEN
Definition: mldsa.h:67
dsaInitPublicKey
void dsaInitPublicKey(DsaPublicKey *key)
Initialize a DSA public key.
Definition: dsa.c:105
X509SignAlgoId
Signature algorithm identifier.
Definition: x509_common.h:1133
ERROR_INVALID_KEY
@ ERROR_INVALID_KEY
Definition: error.h:106
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
debug.h
Debugging facilities.
rsaInitPublicKey
void rsaInitPublicKey(RsaPublicKey *key)
Initialize an RSA public key.
Definition: rsa.c:100
ecFreePublicKey
void ecFreePublicKey(EcPublicKey *key)
Release an EC public key.
Definition: ec.c:68
MLDSA87_SIGNATURE_LEN
#define MLDSA87_SIGNATURE_LEN
Definition: mldsa.h:69
X509_SIGN_ALGO_DSA
@ X509_SIGN_ALGO_DSA
Definition: x509_common.h:683
X509MldsaPublicKey::pk
X509OctetString pk
Definition: x509_common.h:869
X509_SIGN_ALGO_ED448
@ X509_SIGN_ALGO_ED448
Definition: x509_common.h:687
SM2_OID
const uint8_t SM2_OID[8]
Definition: ec_curves.c:106