xref: /dragonfly/crypto/libressl/ssl/ssl_sigalgs.h (revision de0e0e4d)
1 /* $OpenBSD: ssl_sigalgs.h,v 1.26 2022/07/02 16:00:12 tb Exp $ */
2 /*
3  * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
4  *
5  * Permission to use, copy, modify, and/or distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #ifndef HEADER_SSL_SIGALGS_H
19 #define HEADER_SSL_SIGALGS_H
20 
21 __BEGIN_HIDDEN_DECLS
22 
23 #define SIGALG_NONE			0x0000
24 
25 /*
26  * RFC 8446 Section 4.2.3
27  * RFC 5246 Section 7.4.1.4.1
28  */
29 #define SIGALG_RSA_PKCS1_SHA224		0x0301
30 #define SIGALG_RSA_PKCS1_SHA256		0x0401
31 #define SIGALG_RSA_PKCS1_SHA384		0x0501
32 #define SIGALG_RSA_PKCS1_SHA512		0x0601
33 #define SIGALG_ECDSA_SECP224R1_SHA224	0x0303
34 #define SIGALG_ECDSA_SECP256R1_SHA256	0x0403
35 #define SIGALG_ECDSA_SECP384R1_SHA384	0x0503
36 #define SIGALG_ECDSA_SECP521R1_SHA512	0x0603
37 #define SIGALG_RSA_PSS_RSAE_SHA256	0x0804
38 #define SIGALG_RSA_PSS_RSAE_SHA384	0x0805
39 #define SIGALG_RSA_PSS_RSAE_SHA512	0x0806
40 #define SIGALG_ED25519			0x0807
41 #define SIGALG_ED448			0x0808
42 #define SIGALG_RSA_PSS_PSS_SHA256	0x0809
43 #define SIGALG_RSA_PSS_PSS_SHA384	0x080a
44 #define SIGALG_RSA_PSS_PSS_SHA512	0x080b
45 #define SIGALG_RSA_PKCS1_SHA1		0x0201
46 #define SIGALG_ECDSA_SHA1		0x0203
47 #define SIGALG_PRIVATE_START		0xFE00
48 #define SIGALG_PRIVATE_END		0xFFFF
49 
50 /*
51  * If Russia can elect the US President, surely
52  * IANA could fix this problem.
53  */
54 #define SIGALG_GOSTR12_512_STREEBOG_512	0xEFEF
55 #define SIGALG_GOSTR12_256_STREEBOG_256	0xEEEE
56 #define SIGALG_GOSTR01_GOST94		0xEDED
57 
58 /* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */
59 #define SIGALG_RSA_PKCS1_MD5_SHA1	0xFF01
60 
61 #define SIGALG_FLAG_RSA_PSS	0x00000001
62 
63 struct ssl_sigalg {
64 	uint16_t value;
65 	int key_type;
66 	const EVP_MD *(*md)(void);
67 	int security_level;
68 	int group_nid;
69 	int flags;
70 };
71 
72 int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb, int security_level);
73 const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey);
74 const struct ssl_sigalg *ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey,
75     uint16_t sigalg_value);
76 
77 __END_HIDDEN_DECLS
78 
79 #endif
80