mirror of https://github.com/ctz/rustls
Make `SignatureScheme` enum names closer to IANA
Having our naming close to the standard makes things a bit clearer. - ECDSA_SHA1_Legacy -> ECDSA_SHA1. - RSA_PSS_SHA* -> RSA_PSS_RSAE_*. - add RSA_PSS_PSS_* enums (not implemented on our side, but could be). - ECDSA_NISTP* -> ECDSA_SECP*. - complete supported_in_tls13(), in case these are encountered via pluggable crypto. This is a breaking API change.
This commit is contained in:
parent
03e88637e5
commit
2658d88a99
|
@ -343,11 +343,11 @@ fn lookup_scheme(scheme: u16) -> SignatureScheme {
|
|||
0x0401 => SignatureScheme::RSA_PKCS1_SHA256,
|
||||
0x0501 => SignatureScheme::RSA_PKCS1_SHA384,
|
||||
0x0601 => SignatureScheme::RSA_PKCS1_SHA512,
|
||||
0x0403 => SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
0x0503 => SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
0x0804 => SignatureScheme::RSA_PSS_SHA256,
|
||||
0x0805 => SignatureScheme::RSA_PSS_SHA384,
|
||||
0x0806 => SignatureScheme::RSA_PSS_SHA512,
|
||||
0x0403 => SignatureScheme::ECDSA_SECP256R1_SHA256,
|
||||
0x0503 => SignatureScheme::ECDSA_SECP384R1_SHA384,
|
||||
0x0804 => SignatureScheme::RSA_PSS_RSAE_SHA256,
|
||||
0x0805 => SignatureScheme::RSA_PSS_RSAE_SHA384,
|
||||
0x0806 => SignatureScheme::RSA_PSS_RSAE_SHA512,
|
||||
0x0807 => SignatureScheme::ED25519,
|
||||
// TODO: add support for Ed448
|
||||
// 0x0808 => SignatureScheme::ED448,
|
||||
|
|
|
@ -503,16 +503,19 @@ enum_builder! {
|
|||
EnumName: SignatureScheme;
|
||||
EnumVal{
|
||||
RSA_PKCS1_SHA1 => 0x0201,
|
||||
ECDSA_SHA1_Legacy => 0x0203,
|
||||
RSA_PKCS1_SHA256 => 0x0401,
|
||||
ECDSA_NISTP256_SHA256 => 0x0403,
|
||||
RSA_PKCS1_SHA384 => 0x0501,
|
||||
ECDSA_NISTP384_SHA384 => 0x0503,
|
||||
RSA_PKCS1_SHA512 => 0x0601,
|
||||
ECDSA_NISTP521_SHA512 => 0x0603,
|
||||
RSA_PSS_SHA256 => 0x0804,
|
||||
RSA_PSS_SHA384 => 0x0805,
|
||||
RSA_PSS_SHA512 => 0x0806,
|
||||
ECDSA_SHA1 => 0x0203,
|
||||
ECDSA_SECP256R1_SHA256 => 0x0403,
|
||||
ECDSA_SECP384R1_SHA384 => 0x0503,
|
||||
ECDSA_SECP521R1_SHA512 => 0x0603,
|
||||
RSA_PSS_RSAE_SHA256 => 0x0804,
|
||||
RSA_PSS_RSAE_SHA384 => 0x0805,
|
||||
RSA_PSS_RSAE_SHA512 => 0x0806,
|
||||
RSA_PSS_PSS_SHA256 => 0x0809,
|
||||
RSA_PSS_PSS_SHA384 => 0x080a,
|
||||
RSA_PSS_PSS_SHA512 => 0x080b,
|
||||
ED25519 => 0x0807,
|
||||
ED448 => 0x0808
|
||||
}
|
||||
|
@ -525,12 +528,15 @@ impl SignatureScheme {
|
|||
| Self::RSA_PKCS1_SHA256
|
||||
| Self::RSA_PKCS1_SHA384
|
||||
| Self::RSA_PKCS1_SHA512
|
||||
| Self::RSA_PSS_SHA256
|
||||
| Self::RSA_PSS_SHA384
|
||||
| Self::RSA_PSS_SHA512 => SignatureAlgorithm::RSA,
|
||||
Self::ECDSA_NISTP256_SHA256
|
||||
| Self::ECDSA_NISTP384_SHA384
|
||||
| Self::ECDSA_NISTP521_SHA512 => SignatureAlgorithm::ECDSA,
|
||||
| Self::RSA_PSS_RSAE_SHA256
|
||||
| Self::RSA_PSS_RSAE_SHA384
|
||||
| Self::RSA_PSS_RSAE_SHA512
|
||||
| Self::RSA_PSS_PSS_SHA256
|
||||
| Self::RSA_PSS_PSS_SHA384
|
||||
| Self::RSA_PSS_PSS_SHA512 => SignatureAlgorithm::RSA,
|
||||
Self::ECDSA_SECP256R1_SHA256
|
||||
| Self::ECDSA_SECP384R1_SHA384
|
||||
| Self::ECDSA_SECP521R1_SHA512 => SignatureAlgorithm::ECDSA,
|
||||
_ => SignatureAlgorithm::Unknown(0),
|
||||
}
|
||||
}
|
||||
|
@ -545,12 +551,17 @@ impl SignatureScheme {
|
|||
pub(crate) fn supported_in_tls13(&self) -> bool {
|
||||
matches!(
|
||||
*self,
|
||||
Self::ECDSA_NISTP384_SHA384
|
||||
| Self::ECDSA_NISTP256_SHA256
|
||||
| Self::RSA_PSS_SHA512
|
||||
| Self::RSA_PSS_SHA384
|
||||
| Self::RSA_PSS_SHA256
|
||||
Self::ECDSA_SECP256R1_SHA256
|
||||
| Self::ECDSA_SECP384R1_SHA384
|
||||
| Self::ECDSA_SECP521R1_SHA512
|
||||
| Self::RSA_PSS_RSAE_SHA256
|
||||
| Self::RSA_PSS_RSAE_SHA384
|
||||
| Self::RSA_PSS_RSAE_SHA512
|
||||
| Self::RSA_PSS_PSS_SHA256
|
||||
| Self::RSA_PSS_PSS_SHA384
|
||||
| Self::RSA_PSS_PSS_SHA512
|
||||
| Self::ED25519
|
||||
| Self::ED448
|
||||
)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -364,7 +364,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload {
|
|||
extensions: vec![
|
||||
ClientExtension::ECPointFormats(ECPointFormat::SUPPORTED.to_vec()),
|
||||
ClientExtension::NamedGroups(vec![NamedGroup::X25519]),
|
||||
ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]),
|
||||
ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_SECP256R1_SHA256]),
|
||||
ClientExtension::make_sni(DnsNameRef::try_from("hello").unwrap()),
|
||||
ClientExtension::SessionTicket(ClientSessionTicket::Request),
|
||||
ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload(vec![]))),
|
||||
|
@ -817,7 +817,7 @@ fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload {
|
|||
},
|
||||
public: PayloadU8(vec![1, 2, 3]),
|
||||
},
|
||||
dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_SHA256, vec![1, 2, 3]),
|
||||
dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_RSAE_SHA256, vec![1, 2, 3]),
|
||||
})
|
||||
}
|
||||
|
||||
|
@ -828,7 +828,7 @@ fn get_sample_serverkeyexchangepayload_unknown() -> ServerKeyExchangePayload {
|
|||
fn get_sample_certificaterequestpayload() -> CertificateRequestPayload {
|
||||
CertificateRequestPayload {
|
||||
certtypes: vec![ClientCertificateType::RSASign],
|
||||
sigschemes: vec![SignatureScheme::ECDSA_NISTP256_SHA256],
|
||||
sigschemes: vec![SignatureScheme::ECDSA_SECP256R1_SHA256],
|
||||
canames: vec![DistinguishedName::from(vec![1, 2, 3])],
|
||||
}
|
||||
}
|
||||
|
@ -837,7 +837,7 @@ fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTLS13
|
|||
CertificateRequestPayloadTLS13 {
|
||||
context: PayloadU8(vec![1, 2, 3]),
|
||||
extensions: vec![
|
||||
CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]),
|
||||
CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_SECP256R1_SHA256]),
|
||||
CertReqExtension::AuthorityNames(vec![DistinguishedName::from(vec![1, 2, 3])]),
|
||||
CertReqExtension::Unknown(UnknownExtension {
|
||||
typ: ExtensionType::Unknown(12345),
|
||||
|
@ -1048,7 +1048,7 @@ fn get_all_tls13_handshake_payloads() -> Vec<HandshakeMessagePayload> {
|
|||
HandshakeMessagePayload {
|
||||
typ: HandshakeType::CertificateVerify,
|
||||
payload: HandshakePayload::CertificateVerify(DigitallySignedStruct::new(
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_SECP256R1_SHA256,
|
||||
vec![1, 2, 3],
|
||||
)),
|
||||
},
|
||||
|
|
|
@ -86,7 +86,7 @@ pub fn any_supported_type(der: &key::PrivateKey) -> Result<Arc<dyn SigningKey>,
|
|||
pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result<Arc<dyn SigningKey>, SignError> {
|
||||
if let Ok(ecdsa_p256) = EcdsaSigningKey::new(
|
||||
der,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_SECP256R1_SHA256,
|
||||
&signature::ECDSA_P256_SHA256_ASN1_SIGNING,
|
||||
) {
|
||||
return Ok(Arc::new(ecdsa_p256));
|
||||
|
@ -94,7 +94,7 @@ pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result<Arc<dyn SigningKey>, Sign
|
|||
|
||||
if let Ok(ecdsa_p384) = EcdsaSigningKey::new(
|
||||
der,
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_SECP384R1_SHA384,
|
||||
&signature::ECDSA_P384_SHA384_ASN1_SIGNING,
|
||||
) {
|
||||
return Ok(Arc::new(ecdsa_p384));
|
||||
|
@ -124,9 +124,9 @@ pub struct RsaSigningKey {
|
|||
}
|
||||
|
||||
static ALL_RSA_SCHEMES: &[SignatureScheme] = &[
|
||||
SignatureScheme::RSA_PSS_SHA512,
|
||||
SignatureScheme::RSA_PSS_SHA384,
|
||||
SignatureScheme::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA512,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA384,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA256,
|
||||
SignatureScheme::RSA_PKCS1_SHA512,
|
||||
SignatureScheme::RSA_PKCS1_SHA384,
|
||||
SignatureScheme::RSA_PKCS1_SHA256,
|
||||
|
@ -168,9 +168,9 @@ impl RsaSigner {
|
|||
SignatureScheme::RSA_PKCS1_SHA256 => &signature::RSA_PKCS1_SHA256,
|
||||
SignatureScheme::RSA_PKCS1_SHA384 => &signature::RSA_PKCS1_SHA384,
|
||||
SignatureScheme::RSA_PKCS1_SHA512 => &signature::RSA_PKCS1_SHA512,
|
||||
SignatureScheme::RSA_PSS_SHA256 => &signature::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PSS_SHA384 => &signature::RSA_PSS_SHA384,
|
||||
SignatureScheme::RSA_PSS_SHA512 => &signature::RSA_PSS_SHA512,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA256 => &signature::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA384 => &signature::RSA_PSS_SHA384,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA512 => &signature::RSA_PSS_SHA512,
|
||||
_ => unreachable!(),
|
||||
};
|
||||
|
||||
|
@ -241,8 +241,8 @@ impl EcdsaSigningKey {
|
|||
maybe_sec1_der: &[u8],
|
||||
) -> Result<EcdsaKeyPair, ()> {
|
||||
let pkcs8_prefix = match scheme {
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256,
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384,
|
||||
SignatureScheme::ECDSA_SECP256R1_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256,
|
||||
SignatureScheme::ECDSA_SECP384R1_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384,
|
||||
_ => unreachable!(), // all callers are in this file
|
||||
};
|
||||
|
||||
|
|
|
@ -118,15 +118,16 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite =
|
|||
|
||||
static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[
|
||||
SignatureScheme::ED25519,
|
||||
SignatureScheme::ECDSA_NISTP521_SHA512,
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ED448,
|
||||
SignatureScheme::ECDSA_SECP521R1_SHA512,
|
||||
SignatureScheme::ECDSA_SECP384R1_SHA384,
|
||||
SignatureScheme::ECDSA_SECP256R1_SHA256,
|
||||
];
|
||||
|
||||
static TLS12_RSA_SCHEMES: &[SignatureScheme] = &[
|
||||
SignatureScheme::RSA_PSS_SHA512,
|
||||
SignatureScheme::RSA_PSS_SHA384,
|
||||
SignatureScheme::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA512,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA384,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA256,
|
||||
SignatureScheme::RSA_PKCS1_SHA512,
|
||||
SignatureScheme::RSA_PKCS1_SHA384,
|
||||
SignatureScheme::RSA_PKCS1_SHA256,
|
||||
|
|
|
@ -105,7 +105,7 @@ pub trait ServerCertVerifier: Send + Sync {
|
|||
/// connection.
|
||||
///
|
||||
/// This method is only called for TLS1.2 handshakes. Note that, in TLS1.2,
|
||||
/// SignatureSchemes such as `SignatureScheme::ECDSA_NISTP256_SHA256` are not
|
||||
/// SignatureSchemes such as `SignatureScheme::ECDSA_SECP256R1_SHA256` are not
|
||||
/// in fact bound to the specific curve implied in their name.
|
||||
fn verify_tls12_signature(
|
||||
&self,
|
||||
|
@ -119,7 +119,7 @@ pub trait ServerCertVerifier: Send + Sync {
|
|||
/// This method is only called for TLS1.3 handshakes.
|
||||
///
|
||||
/// This method is very similar to `verify_tls12_signature`: but note the
|
||||
/// tighter ECDSA SignatureScheme semantics -- e.g. `SignatureScheme::ECDSA_NISTP256_SHA256`
|
||||
/// tighter ECDSA SignatureScheme semantics -- e.g. `SignatureScheme::ECDSA_SECP256R1_SHA256`
|
||||
/// must only validate signatures using public keys on the right curve --
|
||||
/// rustls does not enforce this requirement for you.
|
||||
///
|
||||
|
@ -213,7 +213,7 @@ pub trait ClientCertVerifier: Send + Sync {
|
|||
/// connection.
|
||||
///
|
||||
/// This method is only called for TLS1.2 handshakes. Note that, in TLS1.2,
|
||||
/// SignatureSchemes such as `SignatureScheme::ECDSA_NISTP256_SHA256` are not
|
||||
/// SignatureSchemes such as `SignatureScheme::ECDSA_SECP256R1_SHA256` are not
|
||||
/// in fact bound to the specific curve implied in their name.
|
||||
fn verify_tls12_signature(
|
||||
&self,
|
||||
|
@ -228,7 +228,7 @@ pub trait ClientCertVerifier: Send + Sync {
|
|||
///
|
||||
/// This method is very similar to `verify_tls12_signature`, but note the
|
||||
/// tighter ECDSA SignatureScheme semantics in TLS 1.3. For example,
|
||||
/// `SignatureScheme::ECDSA_NISTP256_SHA256`
|
||||
/// `SignatureScheme::ECDSA_SECP256R1_SHA256`
|
||||
/// must only validate signatures using public keys on the right curve --
|
||||
/// rustls does not enforce this requirement for you.
|
||||
fn verify_tls13_signature(
|
||||
|
|
|
@ -162,12 +162,12 @@ impl WebPkiServerVerifier {
|
|||
/// Which signature verification schemes the `webpki` crate supports.
|
||||
pub fn default_supported_verify_schemes() -> Vec<SignatureScheme> {
|
||||
vec![
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_SECP384R1_SHA384,
|
||||
SignatureScheme::ECDSA_SECP256R1_SHA256,
|
||||
SignatureScheme::ED25519,
|
||||
SignatureScheme::RSA_PSS_SHA512,
|
||||
SignatureScheme::RSA_PSS_SHA384,
|
||||
SignatureScheme::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA512,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA384,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA256,
|
||||
SignatureScheme::RSA_PKCS1_SHA512,
|
||||
SignatureScheme::RSA_PKCS1_SHA384,
|
||||
SignatureScheme::RSA_PKCS1_SHA256,
|
||||
|
@ -474,15 +474,15 @@ static ED25519: SignatureAlgorithms = &[webpki::ED25519];
|
|||
static RSA_SHA256: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA256];
|
||||
static RSA_SHA384: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA384];
|
||||
static RSA_SHA512: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA512];
|
||||
static RSA_PSS_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY];
|
||||
static RSA_PSS_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY];
|
||||
static RSA_PSS_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY];
|
||||
static RSA_PSS_RSAE_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY];
|
||||
static RSA_PSS_RSAE_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY];
|
||||
static RSA_PSS_RSAE_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY];
|
||||
|
||||
fn convert_scheme(scheme: SignatureScheme) -> Result<SignatureAlgorithms, Error> {
|
||||
match scheme {
|
||||
// nb. for TLS1.2 the curve is not fixed by SignatureScheme.
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256 => Ok(ECDSA_SHA256),
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384 => Ok(ECDSA_SHA384),
|
||||
SignatureScheme::ECDSA_SECP256R1_SHA256 => Ok(ECDSA_SHA256),
|
||||
SignatureScheme::ECDSA_SECP384R1_SHA384 => Ok(ECDSA_SHA384),
|
||||
|
||||
SignatureScheme::ED25519 => Ok(ED25519),
|
||||
|
||||
|
@ -490,9 +490,9 @@ fn convert_scheme(scheme: SignatureScheme) -> Result<SignatureAlgorithms, Error>
|
|||
SignatureScheme::RSA_PKCS1_SHA384 => Ok(RSA_SHA384),
|
||||
SignatureScheme::RSA_PKCS1_SHA512 => Ok(RSA_SHA512),
|
||||
|
||||
SignatureScheme::RSA_PSS_SHA256 => Ok(RSA_PSS_SHA256),
|
||||
SignatureScheme::RSA_PSS_SHA384 => Ok(RSA_PSS_SHA384),
|
||||
SignatureScheme::RSA_PSS_SHA512 => Ok(RSA_PSS_SHA512),
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA256 => Ok(RSA_PSS_RSAE_SHA256),
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA384 => Ok(RSA_PSS_RSAE_SHA384),
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA512 => Ok(RSA_PSS_RSAE_SHA512),
|
||||
|
||||
_ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()),
|
||||
}
|
||||
|
@ -535,12 +535,12 @@ fn convert_alg_tls13(
|
|||
use crate::enums::SignatureScheme::*;
|
||||
|
||||
match scheme {
|
||||
ECDSA_NISTP256_SHA256 => Ok(webpki::ECDSA_P256_SHA256),
|
||||
ECDSA_NISTP384_SHA384 => Ok(webpki::ECDSA_P384_SHA384),
|
||||
ECDSA_SECP256R1_SHA256 => Ok(webpki::ECDSA_P256_SHA256),
|
||||
ECDSA_SECP384R1_SHA384 => Ok(webpki::ECDSA_P384_SHA384),
|
||||
ED25519 => Ok(webpki::ED25519),
|
||||
RSA_PSS_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY),
|
||||
RSA_PSS_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY),
|
||||
RSA_PSS_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY),
|
||||
RSA_PSS_RSAE_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY),
|
||||
RSA_PSS_RSAE_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY),
|
||||
RSA_PSS_RSAE_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY),
|
||||
_ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()),
|
||||
}
|
||||
}
|
||||
|
|
|
@ -841,9 +841,9 @@ fn server_cert_resolve_reduces_sigalgs_for_rsa_ciphersuite() {
|
|||
KeyType::Rsa,
|
||||
CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
vec![
|
||||
SignatureScheme::RSA_PSS_SHA512,
|
||||
SignatureScheme::RSA_PSS_SHA384,
|
||||
SignatureScheme::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA512,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA384,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA256,
|
||||
SignatureScheme::RSA_PKCS1_SHA512,
|
||||
SignatureScheme::RSA_PKCS1_SHA384,
|
||||
SignatureScheme::RSA_PKCS1_SHA256,
|
||||
|
@ -858,8 +858,8 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() {
|
|||
KeyType::Ecdsa,
|
||||
CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
vec![
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_SECP384R1_SHA384,
|
||||
SignatureScheme::ECDSA_SECP256R1_SHA256,
|
||||
SignatureScheme::ED25519,
|
||||
],
|
||||
);
|
||||
|
@ -1053,23 +1053,23 @@ fn client_cert_resolve() {
|
|||
for version in rustls::ALL_VERSIONS {
|
||||
let expected_sigschemes = match version.version {
|
||||
ProtocolVersion::TLSv1_2 => vec![
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_SECP384R1_SHA384,
|
||||
SignatureScheme::ECDSA_SECP256R1_SHA256,
|
||||
SignatureScheme::ED25519,
|
||||
SignatureScheme::RSA_PSS_SHA512,
|
||||
SignatureScheme::RSA_PSS_SHA384,
|
||||
SignatureScheme::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA512,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA384,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA256,
|
||||
SignatureScheme::RSA_PKCS1_SHA512,
|
||||
SignatureScheme::RSA_PKCS1_SHA384,
|
||||
SignatureScheme::RSA_PKCS1_SHA256,
|
||||
],
|
||||
ProtocolVersion::TLSv1_3 => vec![
|
||||
SignatureScheme::ECDSA_NISTP384_SHA384,
|
||||
SignatureScheme::ECDSA_NISTP256_SHA256,
|
||||
SignatureScheme::ECDSA_SECP384R1_SHA384,
|
||||
SignatureScheme::ECDSA_SECP256R1_SHA256,
|
||||
SignatureScheme::ED25519,
|
||||
SignatureScheme::RSA_PSS_SHA512,
|
||||
SignatureScheme::RSA_PSS_SHA384,
|
||||
SignatureScheme::RSA_PSS_SHA256,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA512,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA384,
|
||||
SignatureScheme::RSA_PSS_RSAE_SHA256,
|
||||
],
|
||||
_ => unreachable!(),
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue