1 /* $OpenBSD: ssl_sigalgs.h,v 1.26 2022/07/02 16:00:12 tb Exp $ */ 2 /* 3 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org> 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18 #ifndef HEADER_SSL_SIGALGS_H 19 #define HEADER_SSL_SIGALGS_H 20 21 __BEGIN_HIDDEN_DECLS 22 23 #define SIGALG_NONE 0x0000 24 25 /* 26 * RFC 8446 Section 4.2.3 27 * RFC 5246 Section 7.4.1.4.1 28 */ 29 #define SIGALG_RSA_PKCS1_SHA224 0x0301 30 #define SIGALG_RSA_PKCS1_SHA256 0x0401 31 #define SIGALG_RSA_PKCS1_SHA384 0x0501 32 #define SIGALG_RSA_PKCS1_SHA512 0x0601 33 #define SIGALG_ECDSA_SECP224R1_SHA224 0x0303 34 #define SIGALG_ECDSA_SECP256R1_SHA256 0x0403 35 #define SIGALG_ECDSA_SECP384R1_SHA384 0x0503 36 #define SIGALG_ECDSA_SECP521R1_SHA512 0x0603 37 #define SIGALG_RSA_PSS_RSAE_SHA256 0x0804 38 #define SIGALG_RSA_PSS_RSAE_SHA384 0x0805 39 #define SIGALG_RSA_PSS_RSAE_SHA512 0x0806 40 #define SIGALG_ED25519 0x0807 41 #define SIGALG_ED448 0x0808 42 #define SIGALG_RSA_PSS_PSS_SHA256 0x0809 43 #define SIGALG_RSA_PSS_PSS_SHA384 0x080a 44 #define SIGALG_RSA_PSS_PSS_SHA512 0x080b 45 #define SIGALG_RSA_PKCS1_SHA1 0x0201 46 #define SIGALG_ECDSA_SHA1 0x0203 47 #define SIGALG_PRIVATE_START 0xFE00 48 #define SIGALG_PRIVATE_END 0xFFFF 49 50 /* 51 * If Russia can elect the US President, surely 52 * IANA could fix this problem. 53 */ 54 #define SIGALG_GOSTR12_512_STREEBOG_512 0xEFEF 55 #define SIGALG_GOSTR12_256_STREEBOG_256 0xEEEE 56 #define SIGALG_GOSTR01_GOST94 0xEDED 57 58 /* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */ 59 #define SIGALG_RSA_PKCS1_MD5_SHA1 0xFF01 60 61 #define SIGALG_FLAG_RSA_PSS 0x00000001 62 63 struct ssl_sigalg { 64 uint16_t value; 65 int key_type; 66 const EVP_MD *(*md)(void); 67 int security_level; 68 int group_nid; 69 int flags; 70 }; 71 72 int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb, int security_level); 73 const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey); 74 const struct ssl_sigalg *ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, 75 uint16_t sigalg_value); 76 77 __END_HIDDEN_DECLS 78 79 #endif 80