1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
ash / components / kcer / kcer_utils.cc [blame]
// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "ash/components/kcer/kcer_utils.h"
#include "ash/components/kcer/kcer.h"
namespace kcer {
std::vector<SigningScheme> GetSupportedSigningSchemes(bool supports_pss,
KeyType key_type) {
std::vector<SigningScheme> result;
switch (key_type) {
// Supported signing schemes for RSA also depend on the key length, but
// NSS doesn't seem to provide a convenient interface to read it. 2048 bit
// keys are big enough for all RSA signatures, smaller keys are not really
// used in practice nowadays and the TLS stack is expected to also double
// check and shrink the list.
case KeyType::kRsa:
result.insert(result.end(), {
SigningScheme::kRsaPkcs1Sha1,
SigningScheme::kRsaPkcs1Sha256,
SigningScheme::kRsaPkcs1Sha384,
SigningScheme::kRsaPkcs1Sha512,
});
if (supports_pss) {
result.insert(result.end(), {
SigningScheme::kRsaPssRsaeSha256,
SigningScheme::kRsaPssRsaeSha384,
SigningScheme::kRsaPssRsaeSha512,
});
}
break;
case KeyType::kEcc:
result.insert(result.end(), {
SigningScheme::kEcdsaSecp256r1Sha256,
SigningScheme::kEcdsaSecp384r1Sha384,
SigningScheme::kEcdsaSecp521r1Sha512,
});
}
return result;
}
} // namespace kcer