crypto/src/tls/SignatureAlgorithm.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

using System;

namespace Org.BouncyCastle.Tls
{
    /**
     * RFC 5246 7.4.1.4.1 (in RFC 2246, there were no specific values assigned)
     */
    public class SignatureAlgorithm
    {
        public const short anonymous = 0;
        public const short rsa = 1;
        public const short dsa = 2;
        public const short ecdsa = 3;

        /*
         * RFC 8422
         */
        public const short ed25519 = 7;
        public const short ed448 = 8;

        /*
         * RFC 8446 (implied from SignatureScheme values)
         * RFC 8447 reserved these values without allocating the implied names
         */
        public const short rsa_pss_rsae_sha256 = 4;
        public const short rsa_pss_rsae_sha384 = 5;
        public const short rsa_pss_rsae_sha512 = 6;
        public const short rsa_pss_pss_sha256 = 9;
        public const short rsa_pss_pss_sha384 = 10;
        public const short rsa_pss_pss_sha512 = 11;

        /*
         * RFC 8734 (implied from SignatureScheme values)
         */
        public const short ecdsa_brainpoolP256r1tls13_sha256 = 26;
        public const short ecdsa_brainpoolP384r1tls13_sha384 = 27;
        public const short ecdsa_brainpoolP512r1tls13_sha512 = 28;

        /*
         * RFC 9189
         */
        public const short gostr34102012_256 = 64;
        public const short gostr34102012_512 = 65;

        public static short GetClientCertificateType(short signatureAlgorithm)
        {
            switch (signatureAlgorithm)
            {
            case SignatureAlgorithm.rsa:
            case SignatureAlgorithm.rsa_pss_rsae_sha256:
            case SignatureAlgorithm.rsa_pss_rsae_sha384:
            case SignatureAlgorithm.rsa_pss_rsae_sha512:
            case SignatureAlgorithm.rsa_pss_pss_sha256:
            case SignatureAlgorithm.rsa_pss_pss_sha384:
            case SignatureAlgorithm.rsa_pss_pss_sha512:
                return ClientCertificateType.rsa_sign;

            case SignatureAlgorithm.dsa:
                return ClientCertificateType.dss_sign;

            case SignatureAlgorithm.ecdsa:
            case SignatureAlgorithm.ed25519:
            case SignatureAlgorithm.ed448:
                return ClientCertificateType.ecdsa_sign;

            case SignatureAlgorithm.gostr34102012_256:
                return ClientCertificateType.gost_sign256;

            case SignatureAlgorithm.gostr34102012_512:
                return ClientCertificateType.gost_sign512;

            default:
                return -1;
            }
        }

        public static string GetName(short signatureAlgorithm)
        {
            switch (signatureAlgorithm)
            {
            case anonymous:
                return "anonymous";
            case rsa:
                return "rsa";
            case dsa:
                return "dsa";
            case ecdsa:
                return "ecdsa";
            case rsa_pss_rsae_sha256:
                return "rsa_pss_rsae_sha256";
            case rsa_pss_rsae_sha384:
                return "rsa_pss_rsae_sha384";
            case rsa_pss_rsae_sha512:
                return "rsa_pss_rsae_sha512";
            case ed25519:
                return "ed25519";
            case ed448:
                return "ed448";
            case rsa_pss_pss_sha256:
                return "rsa_pss_pss_sha256";
            case rsa_pss_pss_sha384:
                return "rsa_pss_pss_sha384";
            case rsa_pss_pss_sha512:
                return "rsa_pss_pss_sha512";
            case ecdsa_brainpoolP256r1tls13_sha256:
                return "ecdsa_brainpoolP256r1tls13_sha256";
            case ecdsa_brainpoolP384r1tls13_sha384:
                return "ecdsa_brainpoolP384r1tls13_sha384";
            case ecdsa_brainpoolP512r1tls13_sha512:
                return "ecdsa_brainpoolP512r1tls13_sha512";
            case gostr34102012_256:
                return "gostr34102012_256";
            case gostr34102012_512:
                return "gostr34102012_512";
            default:
                return "UNKNOWN";
            }
        }

        public static string GetText(short signatureAlgorithm)
        {
            return GetName(signatureAlgorithm) + "(" + signatureAlgorithm + ")";
        }

        public static bool IsRecognized(short signatureAlgorithm)
        {
            switch (signatureAlgorithm)
            {
            case anonymous:
            case rsa:
            case dsa:
            case ecdsa:
            case rsa_pss_rsae_sha256:
            case rsa_pss_rsae_sha384:
            case rsa_pss_rsae_sha512:
            case ed25519:
            case ed448:
            case rsa_pss_pss_sha256:
            case rsa_pss_pss_sha384:
            case rsa_pss_pss_sha512:
            case ecdsa_brainpoolP256r1tls13_sha256:
            case ecdsa_brainpoolP384r1tls13_sha384:
            case ecdsa_brainpoolP512r1tls13_sha512:
            case gostr34102012_256:
            case gostr34102012_512:
                return true;
            default:
                return false;
            }
        }
    }
}