ECDSA P-521 with SHA1, SHA224, SHA256, SHA384

aws · Jul 17, 2024 · c2838b4 · c2838b4
1 parent eeac93b
commit c2838b4
Show file tree

Hide file tree

Showing 6 changed files with 1,857 additions and 1 deletion.
diff --git a/aws-lc-rs/src/signature.rs b/aws-lc-rs/src/signature.rs
@@ -553,6 +553,38 @@ pub static ECDSA_P384_SHA3_384_FIXED: EcdsaVerificationAlgorithm = EcdsaVerifica
  sig_format: EcdsaSignatureFormat::Fixed,
 };
 
+/// Verification of fixed-length (PKCS#11 style) ECDSA signatures using the P-521 curve and SHA-1.
+pub static ECDSA_P521_SHA1_FIXED: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
+ id: &ec::AlgorithmID::ECDSA_P521,
+ digest: &digest::SHA1_FOR_LEGACY_USE_ONLY,
+ bits: 521,
+ sig_format: EcdsaSignatureFormat::Fixed,
+};
+
+/// Verification of fixed-length (PKCS#11 style) ECDSA signatures using the P-521 curve and SHA-224.
+pub static ECDSA_P521_SHA224_FIXED: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
+ id: &ec::AlgorithmID::ECDSA_P521,
+ digest: &digest::SHA224,
+ bits: 521,
+ sig_format: EcdsaSignatureFormat::Fixed,
+};
+
+/// Verification of fixed-length (PKCS#11 style) ECDSA signatures using the P-521 curve and SHA-256.
+pub static ECDSA_P521_SHA256_FIXED: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
+ id: &ec::AlgorithmID::ECDSA_P521,
+ digest: &digest::SHA256,
+ bits: 521,
+ sig_format: EcdsaSignatureFormat::Fixed,
+};
+
+/// Verification of fixed-length (PKCS#11 style) ECDSA signatures using the P-521 curve and SHA-384.
+pub static ECDSA_P521_SHA384_FIXED: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
+ id: &ec::AlgorithmID::ECDSA_P521,
+ digest: &digest::SHA384,
+ bits: 521,
+ sig_format: EcdsaSignatureFormat::Fixed,
+};
+
 /// Verification of fixed-length (PKCS#11 style) ECDSA signatures using the P-521 curve and SHA-512.
 pub static ECDSA_P521_SHA512_FIXED: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
  id: &ec::AlgorithmID::ECDSA_P521,
@@ -625,6 +657,38 @@ pub static ECDSA_P384_SHA3_384_ASN1: EcdsaVerificationAlgorithm = EcdsaVerificat
  sig_format: EcdsaSignatureFormat::ASN1,
 };
 
+/// Verification of ASN.1 DER-encoded ECDSA signatures using the P-521 curve and SHA-1.
+pub static ECDSA_P521_SHA1_ASN1: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
+ id: &ec::AlgorithmID::ECDSA_P521,
+ digest: &digest::SHA1_FOR_LEGACY_USE_ONLY,
+ bits: 521,
+ sig_format: EcdsaSignatureFormat::ASN1,
+};
+
+/// Verification of ASN.1 DER-encoded ECDSA signatures using the P-521 curve and SHA-224.
+pub static ECDSA_P521_SHA224_ASN1: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
+ id: &ec::AlgorithmID::ECDSA_P521,
+ digest: &digest::SHA224,
+ bits: 521,
+ sig_format: EcdsaSignatureFormat::ASN1,
+};
+
+/// Verification of ASN.1 DER-encoded ECDSA signatures using the P-521 curve and SHA-256.
+pub static ECDSA_P521_SHA256_ASN1: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
+ id: &ec::AlgorithmID::ECDSA_P521,
+ digest: &digest::SHA256,
+ bits: 521,
+ sig_format: EcdsaSignatureFormat::ASN1,
+};
+
+/// Verification of ASN.1 DER-encoded ECDSA signatures using the P-521 curve and SHA-384.
+pub static ECDSA_P521_SHA384_ASN1: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
+ id: &ec::AlgorithmID::ECDSA_P521,
+ digest: &digest::SHA384,
+ bits: 521,
+ sig_format: EcdsaSignatureFormat::ASN1,
+};
+
 /// Verification of ASN.1 DER-encoded ECDSA signatures using the P-521 curve and SHA-512.
 pub static ECDSA_P521_SHA512_ASN1: EcdsaVerificationAlgorithm = EcdsaVerificationAlgorithm {
  id: &ec::AlgorithmID::ECDSA_P521,
@@ -669,6 +733,27 @@ pub static ECDSA_P384_SHA384_FIXED_SIGNING: EcdsaSigningAlgorithm =
 pub static ECDSA_P384_SHA3_384_FIXED_SIGNING: EcdsaSigningAlgorithm =
  EcdsaSigningAlgorithm(&ECDSA_P384_SHA3_384_FIXED);
 
+/// Signing of fixed-length (PKCS#11 style) ECDSA signatures using the P-521 curve and SHA-224.
+/// # ⚠️ Warning
+/// The security design strength of SHA-224 digests is less then security strength of P-521.
+/// This scheme should only be used for backwards compatibility purposes.
+pub static ECDSA_P521_SHA224_FIXED_SIGNING: EcdsaSigningAlgorithm =
+ EcdsaSigningAlgorithm(&ECDSA_P521_SHA224_FIXED);
+
+/// Signing of fixed-length (PKCS#11 style) ECDSA signatures using the P-521 curve and SHA-256.
+/// # ⚠️ Warning
+/// The security design strength of SHA-256 digests is less then security strength of P-521.
+/// This scheme should only be used for backwards compatibility purposes.
+pub static ECDSA_P521_SHA256_FIXED_SIGNING: EcdsaSigningAlgorithm =
+ EcdsaSigningAlgorithm(&ECDSA_P521_SHA256_FIXED);
+
+/// Signing of fixed-length (PKCS#11 style) ECDSA signatures using the P-521 curve and SHA-384.
+/// # ⚠️ Warning
+/// The security design strength of SHA-384 digests is less then security strength of P-521.
+/// This scheme should only be used for backwards compatibility purposes.
+pub static ECDSA_P521_SHA384_FIXED_SIGNING: EcdsaSigningAlgorithm =
+ EcdsaSigningAlgorithm(&ECDSA_P521_SHA384_FIXED);
+
 /// Signing of fixed-length (PKCS#11 style) ECDSA signatures using the P-521 curve and SHA-512.
 pub static ECDSA_P521_SHA512_FIXED_SIGNING: EcdsaSigningAlgorithm =
  EcdsaSigningAlgorithm(&ECDSA_P521_SHA512_FIXED);
@@ -697,6 +782,27 @@ pub static ECDSA_P384_SHA384_ASN1_SIGNING: EcdsaSigningAlgorithm =
 pub static ECDSA_P384_SHA3_384_ASN1_SIGNING: EcdsaSigningAlgorithm =
  EcdsaSigningAlgorithm(&ECDSA_P384_SHA3_384_ASN1);
 
+/// Signing of ASN.1 DER-encoded ECDSA signatures using the P-521 curve and SHA-224.
+/// # ⚠️ Warning
+/// The security design strength of SHA-224 digests is less then security strength of P-521.
+/// This scheme should only be used for backwards compatibility purposes.
+pub static ECDSA_P521_SHA224_ASN1_SIGNING: EcdsaSigningAlgorithm =
+ EcdsaSigningAlgorithm(&ECDSA_P521_SHA224_ASN1);
+
+/// Signing of ASN.1 DER-encoded ECDSA signatures using the P-521 curve and SHA-256.
+/// # ⚠️ Warning
+/// The security design strength of SHA-256 digests is less then security strength of P-521.
+/// This scheme should only be used for backwards compatibility purposes.
+pub static ECDSA_P521_SHA256_ASN1_SIGNING: EcdsaSigningAlgorithm =
+ EcdsaSigningAlgorithm(&ECDSA_P521_SHA256_ASN1);
+
+/// Signing of ASN.1 DER-encoded ECDSA signatures using the P-521 curve and SHA-384.
+/// # ⚠️ Warning
+/// The security design strength of SHA-384 digests is less then security strength of P-521.
+/// This scheme should only be used for backwards compatibility purposes.
+pub static ECDSA_P521_SHA384_ASN1_SIGNING: EcdsaSigningAlgorithm =
+ EcdsaSigningAlgorithm(&ECDSA_P521_SHA384_ASN1);
+
 /// Signing of ASN.1 DER-encoded ECDSA signatures using the P-521 curve and SHA-512.
 pub static ECDSA_P521_SHA512_ASN1_SIGNING: EcdsaSigningAlgorithm =
  EcdsaSigningAlgorithm(&ECDSA_P521_SHA512_ASN1);