pickSignatureAlgorithm selects a signature algorithm that is compatible with the given public key and the list of algorithms from the peer and this side. The lists of signature algorithms (peerSigAlgs and ourSigAlgs) are ignored for tlsVersion < VersionTLS12. The returned SignatureScheme codepoint
(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []SignatureScheme, tlsVersion uint16)
| 34 | // The returned SignatureScheme codepoint is only meaningful for TLS 1.2, |
| 35 | // previous TLS versions have a fixed hash function. |
| 36 | func pickSignatureAlgorithm(pubkey crypto.PublicKey, peerSigAlgs, ourSigAlgs []SignatureScheme, tlsVersion uint16) (sigAlg SignatureScheme, sigType uint8, hashFunc crypto.Hash, err error) { |
| 37 | if tlsVersion < VersionTLS12 || len(peerSigAlgs) == 0 { |
| 38 | // For TLS 1.1 and before, the signature algorithm could not be |
| 39 | // negotiated and the hash is fixed based on the signature type. |
| 40 | // For TLS 1.2, if the client didn't send signature_algorithms |
| 41 | // extension then we can assume that it supports SHA1. See |
| 42 | // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 |
| 43 | switch pubkey.(type) { |
| 44 | case *rsa.PublicKey: |
| 45 | if tlsVersion < VersionTLS12 { |
| 46 | return 0, signaturePKCS1v15, crypto.MD5SHA1, nil |
| 47 | } else { |
| 48 | return PKCS1WithSHA1, signaturePKCS1v15, crypto.SHA1, nil |
| 49 | } |
| 50 | case *ecdsa.PublicKey: |
| 51 | return ECDSAWithSHA1, signatureECDSA, crypto.SHA1, nil |
| 52 | case *sm2.PublicKey: |
| 53 | return SM2WITHSM3, signatureSM2, crypto.SHA1, nil |
| 54 | default: |
| 55 | return 0, 0, 0, fmt.Errorf("tls: unsupported public key: %T", pubkey) |
| 56 | } |
| 57 | } |
| 58 | for _, sigAlg := range peerSigAlgs { |
| 59 | if !isSupportedSignatureAlgorithm(sigAlg, ourSigAlgs) { |
| 60 | continue |
| 61 | } |
| 62 | hashAlg, err := lookupTLSHash(sigAlg) |
| 63 | if err != nil { |
| 64 | panic("tls: supported signature algorithm has an unknown hash function") |
| 65 | } |
| 66 | sigType := signatureFromSignatureScheme(sigAlg) |
| 67 | switch pubkey.(type) { |
| 68 | case *rsa.PublicKey: |
| 69 | if sigType == signaturePKCS1v15 || sigType == signatureRSAPSS { |
| 70 | return sigAlg, sigType, hashAlg, nil |
| 71 | } |
| 72 | case *ecdsa.PublicKey: |
| 73 | if sigType == signatureECDSA { |
| 74 | return sigAlg, sigType, hashAlg, nil |
| 75 | } |
| 76 | case *sm2.PublicKey: |
| 77 | if sigType == signatureECDSA { |
| 78 | return sigAlg, sigType, hashAlg, nil |
| 79 | } |
| 80 | default: |
| 81 | return 0, 0, 0, fmt.Errorf("tls: unsupported public key: %T", pubkey) |
| 82 | } |
| 83 | } |
| 84 | return 0, 0, 0, errors.New("tls: peer doesn't support any common signature algorithms") |
| 85 | } |
| 86 | |
| 87 | // verifyHandshakeSignature verifies a signature against pre-hashed handshake |
| 88 | // contents. |
no test coverage detected
searching dependent graphs…