1 /* $OpenBSD: obj_xref.c,v 1.13 2023/07/28 10:25:05 tb Exp $ */ 2 3 /* 4 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org> 5 * 6 * Permission to use, copy, modify, and distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 #include <openssl/objects.h> 20 21 /* 22 * Map between signature nids and pairs of (hash, pkey) nids. If the hash nid 23 * is NID_undef, this indicates to ASN1_item_{sign,verify}() that the pkey's 24 * ASN.1 method needs to handle algorithm identifiers and part of the message 25 * digest. 26 */ 27 28 static const struct { 29 int sign_nid; 30 int hash_nid; 31 int pkey_nid; 32 } nid_triple[] = { 33 { 34 .sign_nid = NID_md2WithRSAEncryption, 35 .hash_nid = NID_md2, 36 .pkey_nid = NID_rsaEncryption, 37 }, 38 { 39 .sign_nid = NID_md5WithRSAEncryption, 40 .hash_nid = NID_md5, 41 .pkey_nid = NID_rsaEncryption, 42 }, 43 { 44 .sign_nid = NID_shaWithRSAEncryption, 45 .hash_nid = NID_sha, 46 .pkey_nid = NID_rsaEncryption, 47 }, 48 { 49 .sign_nid = NID_sha1WithRSAEncryption, 50 .hash_nid = NID_sha1, 51 .pkey_nid = NID_rsaEncryption, 52 }, 53 { 54 .sign_nid = NID_dsaWithSHA, 55 .hash_nid = NID_sha, 56 .pkey_nid = NID_dsa, 57 }, 58 { 59 .sign_nid = NID_dsaWithSHA1_2, 60 .hash_nid = NID_sha1, 61 .pkey_nid = NID_dsa_2, 62 }, 63 { 64 .sign_nid = NID_mdc2WithRSA, 65 .hash_nid = NID_mdc2, 66 .pkey_nid = NID_rsaEncryption, 67 }, 68 { 69 .sign_nid = NID_md5WithRSA, 70 .hash_nid = NID_md5, 71 .pkey_nid = NID_rsa, 72 }, 73 { 74 .sign_nid = NID_dsaWithSHA1, 75 .hash_nid = NID_sha1, 76 .pkey_nid = NID_dsa, 77 }, 78 { 79 .sign_nid = NID_sha1WithRSA, 80 .hash_nid = NID_sha1, 81 .pkey_nid = NID_rsa, 82 }, 83 { 84 .sign_nid = NID_ripemd160WithRSA, 85 .hash_nid = NID_ripemd160, 86 .pkey_nid = NID_rsaEncryption, 87 }, 88 { 89 .sign_nid = NID_md4WithRSAEncryption, 90 .hash_nid = NID_md4, 91 .pkey_nid = NID_rsaEncryption, 92 }, 93 { 94 .sign_nid = NID_ecdsa_with_SHA1, 95 .hash_nid = NID_sha1, 96 .pkey_nid = NID_X9_62_id_ecPublicKey, 97 }, 98 { 99 .sign_nid = NID_sha256WithRSAEncryption, 100 .hash_nid = NID_sha256, 101 .pkey_nid = NID_rsaEncryption, 102 }, 103 { 104 .sign_nid = NID_sha384WithRSAEncryption, 105 .hash_nid = NID_sha384, 106 .pkey_nid = NID_rsaEncryption, 107 }, 108 { 109 .sign_nid = NID_sha512WithRSAEncryption, 110 .hash_nid = NID_sha512, 111 .pkey_nid = NID_rsaEncryption, 112 }, 113 { 114 .sign_nid = NID_sha224WithRSAEncryption, 115 .hash_nid = NID_sha224, 116 .pkey_nid = NID_rsaEncryption, 117 }, 118 { 119 .sign_nid = NID_ecdsa_with_Recommended, 120 .hash_nid = NID_undef, 121 .pkey_nid = NID_X9_62_id_ecPublicKey, 122 }, 123 { 124 .sign_nid = NID_ecdsa_with_Specified, 125 .hash_nid = NID_undef, 126 .pkey_nid = NID_X9_62_id_ecPublicKey, 127 }, 128 { 129 .sign_nid = NID_ecdsa_with_SHA224, 130 .hash_nid = NID_sha224, 131 .pkey_nid = NID_X9_62_id_ecPublicKey, 132 }, 133 { 134 .sign_nid = NID_ecdsa_with_SHA256, 135 .hash_nid = NID_sha256, 136 .pkey_nid = NID_X9_62_id_ecPublicKey, 137 }, 138 { 139 .sign_nid = NID_ecdsa_with_SHA384, 140 .hash_nid = NID_sha384, 141 .pkey_nid = NID_X9_62_id_ecPublicKey, 142 }, 143 { 144 .sign_nid = NID_ecdsa_with_SHA512, 145 .hash_nid = NID_sha512, 146 .pkey_nid = NID_X9_62_id_ecPublicKey, 147 }, 148 { 149 .sign_nid = NID_dsa_with_SHA224, 150 .hash_nid = NID_sha224, 151 .pkey_nid = NID_dsa, 152 }, 153 { 154 .sign_nid = NID_dsa_with_SHA256, 155 .hash_nid = NID_sha256, 156 .pkey_nid = NID_dsa, 157 }, 158 { 159 .sign_nid = NID_id_GostR3411_94_with_GostR3410_2001, 160 .hash_nid = NID_id_GostR3411_94, 161 .pkey_nid = NID_id_GostR3410_2001, 162 }, 163 { 164 .sign_nid = NID_id_GostR3411_94_with_GostR3410_94, 165 .hash_nid = NID_id_GostR3411_94, 166 .pkey_nid = NID_id_GostR3410_94, 167 }, 168 { 169 .sign_nid = NID_id_GostR3411_94_with_GostR3410_94_cc, 170 .hash_nid = NID_id_GostR3411_94, 171 .pkey_nid = NID_id_GostR3410_94_cc, 172 }, 173 { 174 .sign_nid = NID_id_GostR3411_94_with_GostR3410_2001_cc, 175 .hash_nid = NID_id_GostR3411_94, 176 .pkey_nid = NID_id_GostR3410_2001_cc, 177 }, 178 { 179 .sign_nid = NID_rsassaPss, 180 .hash_nid = NID_undef, 181 .pkey_nid = NID_rsaEncryption, 182 }, 183 { 184 .sign_nid = NID_id_tc26_signwithdigest_gost3410_2012_256, 185 .hash_nid = NID_id_tc26_gost3411_2012_256, 186 .pkey_nid = NID_id_GostR3410_2001, 187 }, 188 { 189 .sign_nid = NID_id_tc26_signwithdigest_gost3410_2012_512, 190 .hash_nid = NID_id_tc26_gost3411_2012_512, 191 .pkey_nid = NID_id_GostR3410_2001, 192 }, 193 { 194 .sign_nid = NID_Ed25519, 195 .hash_nid = NID_undef, 196 .pkey_nid = NID_Ed25519, 197 }, 198 { 199 .sign_nid = NID_dhSinglePass_stdDH_sha1kdf_scheme, 200 .hash_nid = NID_sha1, 201 .pkey_nid = NID_dh_std_kdf, 202 }, 203 { 204 .sign_nid = NID_dhSinglePass_stdDH_sha224kdf_scheme, 205 .hash_nid = NID_sha224, 206 .pkey_nid = NID_dh_std_kdf, 207 }, 208 { 209 .sign_nid = NID_dhSinglePass_stdDH_sha256kdf_scheme, 210 .hash_nid = NID_sha256, 211 .pkey_nid = NID_dh_std_kdf, 212 }, 213 { 214 .sign_nid = NID_dhSinglePass_stdDH_sha384kdf_scheme, 215 .hash_nid = NID_sha384, 216 .pkey_nid = NID_dh_std_kdf, 217 }, 218 { 219 .sign_nid = NID_dhSinglePass_stdDH_sha512kdf_scheme, 220 .hash_nid = NID_sha512, 221 .pkey_nid = NID_dh_std_kdf, 222 }, 223 { 224 .sign_nid = NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 225 .hash_nid = NID_sha1, 226 .pkey_nid = NID_dh_cofactor_kdf, 227 }, 228 { 229 .sign_nid = NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 230 .hash_nid = NID_sha224, 231 .pkey_nid = NID_dh_cofactor_kdf, 232 }, 233 { 234 .sign_nid = NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 235 .hash_nid = NID_sha256, 236 .pkey_nid = NID_dh_cofactor_kdf, 237 }, 238 { 239 .sign_nid = NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 240 .hash_nid = NID_sha384, 241 .pkey_nid = NID_dh_cofactor_kdf, 242 }, 243 { 244 .sign_nid = NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 245 .hash_nid = NID_sha512, 246 .pkey_nid = NID_dh_cofactor_kdf, 247 }, 248 { 249 .sign_nid = NID_RSA_SHA3_224, 250 .hash_nid = NID_sha3_224, 251 .pkey_nid = NID_rsaEncryption, 252 }, 253 { 254 .sign_nid = NID_RSA_SHA3_256, 255 .hash_nid = NID_sha3_256, 256 .pkey_nid = NID_rsaEncryption, 257 }, 258 { 259 .sign_nid = NID_RSA_SHA3_384, 260 .hash_nid = NID_sha3_384, 261 .pkey_nid = NID_rsaEncryption, 262 }, 263 { 264 .sign_nid = NID_RSA_SHA3_512, 265 .hash_nid = NID_sha3_512, 266 .pkey_nid = NID_rsaEncryption, 267 }, 268 }; 269 270 #define N_NID_TRIPLES (sizeof(nid_triple) / sizeof(nid_triple[0])) 271 272 int 273 OBJ_find_sigid_algs(int sign_nid, int *hash_nid, int *pkey_nid) 274 { 275 size_t i; 276 277 for (i = 0; i < N_NID_TRIPLES; i++) { 278 if (sign_nid != nid_triple[i].sign_nid) 279 continue; 280 281 if (hash_nid != NULL) 282 *hash_nid = nid_triple[i].hash_nid; 283 if (pkey_nid != NULL) 284 *pkey_nid = nid_triple[i].pkey_nid; 285 286 return 1; 287 } 288 289 return 0; 290 } 291 LCRYPTO_ALIAS(OBJ_find_sigid_algs); 292 293 int 294 OBJ_find_sigid_by_algs(int *sign_nid, int hash_nid, int pkey_nid) 295 { 296 size_t i; 297 298 for (i = 0; i < N_NID_TRIPLES; i++) { 299 if (hash_nid != nid_triple[i].hash_nid) 300 continue; 301 if (pkey_nid != nid_triple[i].pkey_nid) 302 continue; 303 304 if (sign_nid != NULL) 305 *sign_nid = nid_triple[i].sign_nid; 306 307 return 1; 308 } 309 310 return 0; 311 } 312 LCRYPTO_ALIAS(OBJ_find_sigid_by_algs); 313