xref: /aosp_15_r20/external/cronet/third_party/boringssl/src/pki/signature_algorithm.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2015 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef BSSL_PKI_SIGNATURE_ALGORITHM_H_
6 #define BSSL_PKI_SIGNATURE_ALGORITHM_H_
7 
8 #include <stdint.h>
9 
10 #include <optional>
11 
12 #include <openssl/base.h>
13 #include <openssl/evp.h>
14 
15 namespace bssl {
16 
17 namespace der {
18 class Input;
19 }  // namespace der
20 
21 // The digest algorithm used within a signature.
22 enum class DigestAlgorithm {
23   Md2,
24   Md4,
25   Md5,
26   Sha1,
27   Sha256,
28   Sha384,
29   Sha512,
30 };
31 
32 // The signature algorithm used within a certificate.
33 enum class SignatureAlgorithm {
34   kRsaPkcs1Sha1,
35   kRsaPkcs1Sha256,
36   kRsaPkcs1Sha384,
37   kRsaPkcs1Sha512,
38   kEcdsaSha1,
39   kEcdsaSha256,
40   kEcdsaSha384,
41   kEcdsaSha512,
42   // These RSA-PSS constants match RFC 8446 and refer to RSASSA-PSS with MGF-1,
43   // using the specified hash as both the signature and MGF-1 hash, and the hash
44   // length as the salt length.
45   kRsaPssSha256,
46   kRsaPssSha384,
47   kRsaPssSha512,
48   kMaxValue = kRsaPssSha512,
49 };
50 
51 // Parses AlgorithmIdentifier as defined by RFC 5280 section 4.1.1.2:
52 //
53 //     AlgorithmIdentifier  ::=  SEQUENCE  {
54 //          algorithm               OBJECT IDENTIFIER,
55 //          parameters              ANY DEFINED BY algorithm OPTIONAL  }
56 [[nodiscard]] OPENSSL_EXPORT bool ParseAlgorithmIdentifier(
57     der::Input input, der::Input *algorithm, der::Input *parameters);
58 
59 // Parses a HashAlgorithm as defined by RFC 5912:
60 //
61 //     HashAlgorithm  ::=  AlgorithmIdentifier{DIGEST-ALGORITHM,
62 //                             {HashAlgorithms}}
63 //
64 //     HashAlgorithms DIGEST-ALGORITHM ::=  {
65 //         { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent } |
66 //         { IDENTIFIER id-sha224 PARAMS TYPE NULL ARE preferredPresent } |
67 //         { IDENTIFIER id-sha256 PARAMS TYPE NULL ARE preferredPresent } |
68 //         { IDENTIFIER id-sha384 PARAMS TYPE NULL ARE preferredPresent } |
69 //         { IDENTIFIER id-sha512 PARAMS TYPE NULL ARE preferredPresent }
70 //     }
71 [[nodiscard]] bool ParseHashAlgorithm(der::Input input, DigestAlgorithm *out);
72 
73 // Parses an AlgorithmIdentifier into a signature algorithm and returns it, or
74 // returns `std::nullopt` if `algorithm_identifier` either cannot be parsed or
75 // is not a recognized signature algorithm.
76 OPENSSL_EXPORT std::optional<SignatureAlgorithm> ParseSignatureAlgorithm(
77     der::Input algorithm_identifier);
78 
79 // Returns the hash to be used with the tls-server-end-point channel binding
80 // (RFC 5929) or `std::nullopt`, if not supported for this signature algorithm.
81 OPENSSL_EXPORT std::optional<DigestAlgorithm>
82 GetTlsServerEndpointDigestAlgorithm(SignatureAlgorithm alg);
83 
84 }  // namespace bssl
85 
86 #endif  // BSSL_PKI_SIGNATURE_ALGORITHM_H_
87