legacyTypeAndHashFromPublicKey returns the fixed signature type and crypto.Hash for a given public key used with TLS 1.0 and 1.1, before the introduction of signature algorithm negotiation.
(pub crypto.PublicKey)
| 130 | // a given public key used with TLS 1.0 and 1.1, before the introduction of |
| 131 | // signature algorithm negotiation. |
| 132 | func legacyTypeAndHashFromPublicKey(pub crypto.PublicKey) (sigType uint8, hash crypto.Hash, err error) { |
| 133 | switch pub.(type) { |
| 134 | case *rsa.PublicKey: |
| 135 | return signaturePKCS1v15, crypto.MD5SHA1, nil |
| 136 | case *ecdsa.PublicKey: |
| 137 | return signatureECDSA, crypto.SHA1, nil |
| 138 | case ed25519.PublicKey: |
| 139 | // RFC 8422 specifies support for Ed25519 in TLS 1.0 and 1.1, |
| 140 | // but it requires holding on to a handshake transcript to do a |
| 141 | // full signature, and not even OpenSSL bothers with the |
| 142 | // complexity, so we can't even test it properly. |
| 143 | return 0, 0, fmt.Errorf("tls: Ed25519 public keys are not supported before TLS 1.2") |
| 144 | default: |
| 145 | return 0, 0, fmt.Errorf("tls: unsupported public key: %T", pub) |
| 146 | } |
| 147 | } |
| 148 | |
| 149 | var rsaSignatureSchemes = []struct { |
| 150 | scheme SignatureScheme |
no outgoing calls
no test coverage detected
searching dependent graphs…