rust/rustls
rust
/
rustls
mirror of https://github.com/ctz/rustls
1
0
Fork 0
Code Issues Releases Wiki Activity

Make `SignatureScheme` enum names closer to IANA 

Having our naming close to the standard makes things a bit clearer.

- ECDSA_SHA1_Legacy -> ECDSA_SHA1.
- RSA_PSS_SHA* -> RSA_PSS_RSAE_*.
- add RSA_PSS_PSS_* enums (not implemented on our side, but could be).
- ECDSA_NISTP* -> ECDSA_SECP*.
- complete supported_in_tls13(), in case these are encountered via
  pluggable crypto.

This is a breaking API change.
This commit is contained in:
Joseph Birr-Pixton 2023-08-04 16:04:51 +01:00
parent 03e88637e5
commit 2658d88a99
8 changed files with 93 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rustls/examples/internal/bogo_shim.rs
View File

@ -343,11 +343,11 @@ fn lookup_scheme(scheme: u16) -> SignatureScheme {
0x0401 => SignatureScheme::RSA_PKCS1_SHA256,
0x0501 => SignatureScheme::RSA_PKCS1_SHA384,
0x0601 => SignatureScheme::RSA_PKCS1_SHA512,
0x0403 => SignatureScheme::ECDSA_NISTP256_SHA256,
0x0503 => SignatureScheme::ECDSA_NISTP384_SHA384,
0x0804 => SignatureScheme::RSA_PSS_SHA256,
0x0805 => SignatureScheme::RSA_PSS_SHA384,
0x0806 => SignatureScheme::RSA_PSS_SHA512,
0x0403 => SignatureScheme::ECDSA_SECP256R1_SHA256,
0x0503 => SignatureScheme::ECDSA_SECP384R1_SHA384,
0x0804 => SignatureScheme::RSA_PSS_RSAE_SHA256,
0x0805 => SignatureScheme::RSA_PSS_RSAE_SHA384,
0x0806 => SignatureScheme::RSA_PSS_RSAE_SHA512,
0x0807 => SignatureScheme::ED25519,
// TODO: add support for Ed448
// 0x0808 => SignatureScheme::ED448,

47
rustls/src/enums.rs
View File

@ -503,16 +503,19 @@ enum_builder! {
EnumName: SignatureScheme;
EnumVal{
RSA_PKCS1_SHA1 => 0x0201,
ECDSA_SHA1_Legacy => 0x0203,
RSA_PKCS1_SHA256 => 0x0401,
ECDSA_NISTP256_SHA256 => 0x0403,
RSA_PKCS1_SHA384 => 0x0501,
ECDSA_NISTP384_SHA384 => 0x0503,
RSA_PKCS1_SHA512 => 0x0601,
ECDSA_NISTP521_SHA512 => 0x0603,
RSA_PSS_SHA256 => 0x0804,
RSA_PSS_SHA384 => 0x0805,
RSA_PSS_SHA512 => 0x0806,
ECDSA_SHA1 => 0x0203,
ECDSA_SECP256R1_SHA256 => 0x0403,
ECDSA_SECP384R1_SHA384 => 0x0503,
ECDSA_SECP521R1_SHA512 => 0x0603,
RSA_PSS_RSAE_SHA256 => 0x0804,
RSA_PSS_RSAE_SHA384 => 0x0805,
RSA_PSS_RSAE_SHA512 => 0x0806,
RSA_PSS_PSS_SHA256 => 0x0809,
RSA_PSS_PSS_SHA384 => 0x080a,
RSA_PSS_PSS_SHA512 => 0x080b,
ED25519 => 0x0807,
ED448 => 0x0808
}
@ -525,12 +528,15 @@ impl SignatureScheme {
| Self::RSA_PKCS1_SHA256
| Self::RSA_PKCS1_SHA384
| Self::RSA_PKCS1_SHA512
| Self::RSA_PSS_SHA256
| Self::RSA_PSS_SHA384
| Self::RSA_PSS_SHA512 => SignatureAlgorithm::RSA,
Self::ECDSA_NISTP256_SHA256
| Self::ECDSA_NISTP384_SHA384
| Self::ECDSA_NISTP521_SHA512 => SignatureAlgorithm::ECDSA,
| Self::RSA_PSS_RSAE_SHA256
| Self::RSA_PSS_RSAE_SHA384
| Self::RSA_PSS_RSAE_SHA512
| Self::RSA_PSS_PSS_SHA256
| Self::RSA_PSS_PSS_SHA384
| Self::RSA_PSS_PSS_SHA512 => SignatureAlgorithm::RSA,
Self::ECDSA_SECP256R1_SHA256
| Self::ECDSA_SECP384R1_SHA384
| Self::ECDSA_SECP521R1_SHA512 => SignatureAlgorithm::ECDSA,
_ => SignatureAlgorithm::Unknown(0),
}
}
@ -545,12 +551,17 @@ impl SignatureScheme {
pub(crate) fn supported_in_tls13(&self) -> bool {
matches!(
*self,
Self::ECDSA_NISTP384_SHA384
| Self::ECDSA_NISTP256_SHA256
| Self::RSA_PSS_SHA512
| Self::RSA_PSS_SHA384
| Self::RSA_PSS_SHA256
Self::ECDSA_SECP256R1_SHA256
| Self::ECDSA_SECP384R1_SHA384
| Self::ECDSA_SECP521R1_SHA512
| Self::RSA_PSS_RSAE_SHA256
| Self::RSA_PSS_RSAE_SHA384
| Self::RSA_PSS_RSAE_SHA512
| Self::RSA_PSS_PSS_SHA256
| Self::RSA_PSS_PSS_SHA384
| Self::RSA_PSS_PSS_SHA512
| Self::ED25519
| Self::ED448
)
}
}

10
rustls/src/msgs/handshake_test.rs
View File

@ -364,7 +364,7 @@ fn get_sample_clienthellopayload() -> ClientHelloPayload {
extensions: vec![
ClientExtension::ECPointFormats(ECPointFormat::SUPPORTED.to_vec()),
ClientExtension::NamedGroups(vec![NamedGroup::X25519]),
ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]),
ClientExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_SECP256R1_SHA256]),
ClientExtension::make_sni(DnsNameRef::try_from("hello").unwrap()),
ClientExtension::SessionTicket(ClientSessionTicket::Request),
ClientExtension::SessionTicket(ClientSessionTicket::Offer(Payload(vec![]))),
@ -817,7 +817,7 @@ fn get_sample_serverkeyexchangepayload_ecdhe() -> ServerKeyExchangePayload {
},
public: PayloadU8(vec![1, 2, 3]),
},
dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_SHA256, vec![1, 2, 3]),
dss: DigitallySignedStruct::new(SignatureScheme::RSA_PSS_RSAE_SHA256, vec![1, 2, 3]),
})
}
@ -828,7 +828,7 @@ fn get_sample_serverkeyexchangepayload_unknown() -> ServerKeyExchangePayload {
fn get_sample_certificaterequestpayload() -> CertificateRequestPayload {
CertificateRequestPayload {
certtypes: vec![ClientCertificateType::RSASign],
sigschemes: vec![SignatureScheme::ECDSA_NISTP256_SHA256],
sigschemes: vec![SignatureScheme::ECDSA_SECP256R1_SHA256],
canames: vec![DistinguishedName::from(vec![1, 2, 3])],
}
}
@ -837,7 +837,7 @@ fn get_sample_certificaterequestpayloadtls13() -> CertificateRequestPayloadTLS13
CertificateRequestPayloadTLS13 {
context: PayloadU8(vec![1, 2, 3]),
extensions: vec![
CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_NISTP256_SHA256]),
CertReqExtension::SignatureAlgorithms(vec![SignatureScheme::ECDSA_SECP256R1_SHA256]),
CertReqExtension::AuthorityNames(vec![DistinguishedName::from(vec![1, 2, 3])]),
CertReqExtension::Unknown(UnknownExtension {
typ: ExtensionType::Unknown(12345),
@ -1048,7 +1048,7 @@ fn get_all_tls13_handshake_payloads() -> Vec<HandshakeMessagePayload> {
HandshakeMessagePayload {
typ: HandshakeType::CertificateVerify,
payload: HandshakePayload::CertificateVerify(DigitallySignedStruct::new(
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_SECP256R1_SHA256,
vec![1, 2, 3],
)),
},

20
rustls/src/sign.rs
View File

@ -86,7 +86,7 @@ pub fn any_supported_type(der: &key::PrivateKey) -> Result<Arc<dyn SigningKey>,
pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result<Arc<dyn SigningKey>, SignError> {
if let Ok(ecdsa_p256) = EcdsaSigningKey::new(
der,
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_SECP256R1_SHA256,
&signature::ECDSA_P256_SHA256_ASN1_SIGNING,
) {
return Ok(Arc::new(ecdsa_p256));
@ -94,7 +94,7 @@ pub fn any_ecdsa_type(der: &key::PrivateKey) -> Result<Arc<dyn SigningKey>, Sign
if let Ok(ecdsa_p384) = EcdsaSigningKey::new(
der,
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_SECP384R1_SHA384,
&signature::ECDSA_P384_SHA384_ASN1_SIGNING,
) {
return Ok(Arc::new(ecdsa_p384));
@ -124,9 +124,9 @@ pub struct RsaSigningKey {
}
static ALL_RSA_SCHEMES: &[SignatureScheme] = &[
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_RSAE_SHA512,
SignatureScheme::RSA_PSS_RSAE_SHA384,
SignatureScheme::RSA_PSS_RSAE_SHA256,
SignatureScheme::RSA_PKCS1_SHA512,
SignatureScheme::RSA_PKCS1_SHA384,
SignatureScheme::RSA_PKCS1_SHA256,
@ -168,9 +168,9 @@ impl RsaSigner {
SignatureScheme::RSA_PKCS1_SHA256 => &signature::RSA_PKCS1_SHA256,
SignatureScheme::RSA_PKCS1_SHA384 => &signature::RSA_PKCS1_SHA384,
SignatureScheme::RSA_PKCS1_SHA512 => &signature::RSA_PKCS1_SHA512,
SignatureScheme::RSA_PSS_SHA256 => &signature::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_SHA384 => &signature::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA512 => &signature::RSA_PSS_SHA512,
SignatureScheme::RSA_PSS_RSAE_SHA256 => &signature::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_RSAE_SHA384 => &signature::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_RSAE_SHA512 => &signature::RSA_PSS_SHA512,
_ => unreachable!(),
};
@ -241,8 +241,8 @@ impl EcdsaSigningKey {
maybe_sec1_der: &[u8],
) -> Result<EcdsaKeyPair, ()> {
let pkcs8_prefix = match scheme {
SignatureScheme::ECDSA_NISTP256_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256,
SignatureScheme::ECDSA_NISTP384_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384,
SignatureScheme::ECDSA_SECP256R1_SHA256 => &PKCS8_PREFIX_ECDSA_NISTP256,
SignatureScheme::ECDSA_SECP384R1_SHA384 => &PKCS8_PREFIX_ECDSA_NISTP384,
_ => unreachable!(), // all callers are in this file
};

13
rustls/src/tls12/mod.rs
View File

@ -118,15 +118,16 @@ pub static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SupportedCipherSuite =
static TLS12_ECDSA_SCHEMES: &[SignatureScheme] = &[
SignatureScheme::ED25519,
SignatureScheme::ECDSA_NISTP521_SHA512,
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ED448,
SignatureScheme::ECDSA_SECP521R1_SHA512,
SignatureScheme::ECDSA_SECP384R1_SHA384,
SignatureScheme::ECDSA_SECP256R1_SHA256,
];
static TLS12_RSA_SCHEMES: &[SignatureScheme] = &[
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_RSAE_SHA512,
SignatureScheme::RSA_PSS_RSAE_SHA384,
SignatureScheme::RSA_PSS_RSAE_SHA256,
SignatureScheme::RSA_PKCS1_SHA512,
SignatureScheme::RSA_PKCS1_SHA384,
SignatureScheme::RSA_PKCS1_SHA256,

8
rustls/src/verify.rs
View File

@ -105,7 +105,7 @@ pub trait ServerCertVerifier: Send + Sync {
/// connection.
///
/// This method is only called for TLS1.2 handshakes. Note that, in TLS1.2,
/// SignatureSchemes such as `SignatureScheme::ECDSA_NISTP256_SHA256` are not
/// SignatureSchemes such as `SignatureScheme::ECDSA_SECP256R1_SHA256` are not
/// in fact bound to the specific curve implied in their name.
fn verify_tls12_signature(
&self,
@ -119,7 +119,7 @@ pub trait ServerCertVerifier: Send + Sync {
/// This method is only called for TLS1.3 handshakes.
///
/// This method is very similar to `verify_tls12_signature`: but note the
/// tighter ECDSA SignatureScheme semantics -- e.g. `SignatureScheme::ECDSA_NISTP256_SHA256`
/// tighter ECDSA SignatureScheme semantics -- e.g. `SignatureScheme::ECDSA_SECP256R1_SHA256`
/// must only validate signatures using public keys on the right curve --
/// rustls does not enforce this requirement for you.
///
@ -213,7 +213,7 @@ pub trait ClientCertVerifier: Send + Sync {
/// connection.
///
/// This method is only called for TLS1.2 handshakes. Note that, in TLS1.2,
/// SignatureSchemes such as `SignatureScheme::ECDSA_NISTP256_SHA256` are not
/// SignatureSchemes such as `SignatureScheme::ECDSA_SECP256R1_SHA256` are not
/// in fact bound to the specific curve implied in their name.
fn verify_tls12_signature(
&self,
@ -228,7 +228,7 @@ pub trait ClientCertVerifier: Send + Sync {
///
/// This method is very similar to `verify_tls12_signature`, but note the
/// tighter ECDSA SignatureScheme semantics in TLS 1.3. For example,
/// `SignatureScheme::ECDSA_NISTP256_SHA256`
/// `SignatureScheme::ECDSA_SECP256R1_SHA256`
/// must only validate signatures using public keys on the right curve --
/// rustls does not enforce this requirement for you.
fn verify_tls13_signature(

36
rustls/src/webpki/verify.rs
View File

@ -162,12 +162,12 @@ impl WebPkiServerVerifier {
/// Which signature verification schemes the `webpki` crate supports.
pub fn default_supported_verify_schemes() -> Vec<SignatureScheme> {
vec![
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_SECP384R1_SHA384,
SignatureScheme::ECDSA_SECP256R1_SHA256,
SignatureScheme::ED25519,
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_RSAE_SHA512,
SignatureScheme::RSA_PSS_RSAE_SHA384,
SignatureScheme::RSA_PSS_RSAE_SHA256,
SignatureScheme::RSA_PKCS1_SHA512,
SignatureScheme::RSA_PKCS1_SHA384,
SignatureScheme::RSA_PKCS1_SHA256,
@ -474,15 +474,15 @@ static ED25519: SignatureAlgorithms = &[webpki::ED25519];
static RSA_SHA256: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA256];
static RSA_SHA384: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA384];
static RSA_SHA512: SignatureAlgorithms = &[webpki::RSA_PKCS1_2048_8192_SHA512];
static RSA_PSS_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY];
static RSA_PSS_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY];
static RSA_PSS_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY];
static RSA_PSS_RSAE_SHA256: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY];
static RSA_PSS_RSAE_SHA384: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY];
static RSA_PSS_RSAE_SHA512: SignatureAlgorithms = &[webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY];
fn convert_scheme(scheme: SignatureScheme) -> Result<SignatureAlgorithms, Error> {
match scheme {
// nb. for TLS1.2 the curve is not fixed by SignatureScheme.
SignatureScheme::ECDSA_NISTP256_SHA256 => Ok(ECDSA_SHA256),
SignatureScheme::ECDSA_NISTP384_SHA384 => Ok(ECDSA_SHA384),
SignatureScheme::ECDSA_SECP256R1_SHA256 => Ok(ECDSA_SHA256),
SignatureScheme::ECDSA_SECP384R1_SHA384 => Ok(ECDSA_SHA384),
SignatureScheme::ED25519 => Ok(ED25519),
@ -490,9 +490,9 @@ fn convert_scheme(scheme: SignatureScheme) -> Result<SignatureAlgorithms, Error>
SignatureScheme::RSA_PKCS1_SHA384 => Ok(RSA_SHA384),
SignatureScheme::RSA_PKCS1_SHA512 => Ok(RSA_SHA512),
SignatureScheme::RSA_PSS_SHA256 => Ok(RSA_PSS_SHA256),
SignatureScheme::RSA_PSS_SHA384 => Ok(RSA_PSS_SHA384),
SignatureScheme::RSA_PSS_SHA512 => Ok(RSA_PSS_SHA512),
SignatureScheme::RSA_PSS_RSAE_SHA256 => Ok(RSA_PSS_RSAE_SHA256),
SignatureScheme::RSA_PSS_RSAE_SHA384 => Ok(RSA_PSS_RSAE_SHA384),
SignatureScheme::RSA_PSS_RSAE_SHA512 => Ok(RSA_PSS_RSAE_SHA512),
_ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()),
}
@ -535,12 +535,12 @@ fn convert_alg_tls13(
use crate::enums::SignatureScheme::*;
match scheme {
ECDSA_NISTP256_SHA256 => Ok(webpki::ECDSA_P256_SHA256),
ECDSA_NISTP384_SHA384 => Ok(webpki::ECDSA_P384_SHA384),
ECDSA_SECP256R1_SHA256 => Ok(webpki::ECDSA_P256_SHA256),
ECDSA_SECP384R1_SHA384 => Ok(webpki::ECDSA_P384_SHA384),
ED25519 => Ok(webpki::ED25519),
RSA_PSS_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY),
RSA_PSS_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY),
RSA_PSS_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY),
RSA_PSS_RSAE_SHA256 => Ok(webpki::RSA_PSS_2048_8192_SHA256_LEGACY_KEY),
RSA_PSS_RSAE_SHA384 => Ok(webpki::RSA_PSS_2048_8192_SHA384_LEGACY_KEY),
RSA_PSS_RSAE_SHA512 => Ok(webpki::RSA_PSS_2048_8192_SHA512_LEGACY_KEY),
_ => Err(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme.into()),
}
}

30
rustls/tests/api.rs
View File

@ -841,9 +841,9 @@ fn server_cert_resolve_reduces_sigalgs_for_rsa_ciphersuite() {
KeyType::Rsa,
CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
vec![
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_RSAE_SHA512,
SignatureScheme::RSA_PSS_RSAE_SHA384,
SignatureScheme::RSA_PSS_RSAE_SHA256,
SignatureScheme::RSA_PKCS1_SHA512,
SignatureScheme::RSA_PKCS1_SHA384,
SignatureScheme::RSA_PKCS1_SHA256,
@ -858,8 +858,8 @@ fn server_cert_resolve_reduces_sigalgs_for_ecdsa_ciphersuite() {
KeyType::Ecdsa,
CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
vec![
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_SECP384R1_SHA384,
SignatureScheme::ECDSA_SECP256R1_SHA256,
SignatureScheme::ED25519,
],
);
@ -1053,23 +1053,23 @@ fn client_cert_resolve() {
for version in rustls::ALL_VERSIONS {
let expected_sigschemes = match version.version {
ProtocolVersion::TLSv1_2 => vec![
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_SECP384R1_SHA384,
SignatureScheme::ECDSA_SECP256R1_SHA256,
SignatureScheme::ED25519,
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_RSAE_SHA512,
SignatureScheme::RSA_PSS_RSAE_SHA384,
SignatureScheme::RSA_PSS_RSAE_SHA256,
SignatureScheme::RSA_PKCS1_SHA512,
SignatureScheme::RSA_PKCS1_SHA384,
SignatureScheme::RSA_PKCS1_SHA256,
],
ProtocolVersion::TLSv1_3 => vec![
SignatureScheme::ECDSA_NISTP384_SHA384,
SignatureScheme::ECDSA_NISTP256_SHA256,
SignatureScheme::ECDSA_SECP384R1_SHA384,
SignatureScheme::ECDSA_SECP256R1_SHA256,
SignatureScheme::ED25519,
SignatureScheme::RSA_PSS_SHA512,
SignatureScheme::RSA_PSS_SHA384,
SignatureScheme::RSA_PSS_SHA256,
SignatureScheme::RSA_PSS_RSAE_SHA512,
SignatureScheme::RSA_PSS_RSAE_SHA384,
SignatureScheme::RSA_PSS_RSAE_SHA256,
],
_ => unreachable!(),
};