Add composite signature interface for RSA and ECDSA signatures

ScosslCommon/src/scossl_rsa.c

@@ -266,11 +266,9 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt,
     case RSA_PSS_SALTLEN_MAX:
         cbSalt = cbSaltMax;
         break;
-#ifdef RSA_PSS_SALTLEN_AUTO_DIGEST_MAX
     // Added in 3.1, smaller of digest length or maximized salt length
     case RSA_PSS_SALTLEN_AUTO_DIGEST_MAX:
         cbSalt = cbSaltMax < (int)cbHashValue ? cbSaltMax : (int)cbHashValue;
-#endif
     }
 
     if (cbSalt < 0 || cbSalt > cbSaltMax)
@@ -370,10 +368,8 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt,
         cbSalt = cbSaltMax;
         break;
     case RSA_PSS_SALTLEN_AUTO:
-#ifdef RSA_PSS_SALTLEN_AUTO_DIGEST_MAX
     // Added in 3.1; auto salt len for verify
     case RSA_PSS_SALTLEN_AUTO_DIGEST_MAX:
-#endif
         scFlags = SYMCRYPT_FLAG_RSA_PSS_VERIFY_WITH_MINIMUM_SALT;
         cbSalt = 0;
     }

SymCryptProvider/CMakeLists.txt

@@ -51,7 +51,9 @@ set(SCOSSL_SOURCES
     ./src/mac/p_scossl_hmac.c
     ./src/mac/p_scossl_kmac.c
     ./src/signature/p_scossl_ecdsa_signature.c
+    ./src/signature/p_scossl_ecdsa_sigalg_signature.c
     ./src/signature/p_scossl_rsa_signature.c
+    ./src/signature/p_scossl_rsa_sigalg_signature.c
     ./src/skeymgmt/p_scossl_aes_skeymgmt.c
     ./src/skeymgmt/p_scossl_generic_skeymgmt.c
     ./src/p_scossl_bio.c

SymCryptProvider/src/p_scossl_base.c

@@ -465,12 +465,52 @@ static const OSSL_ALGORITHM p_scossl_keyexch[] = {
     ALG_TABLE_END};
 
 // Signature
-extern const OSSL_DISPATCH p_scossl_ecdsa_signature_functions[];
 extern const OSSL_DISPATCH p_scossl_rsa_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha1_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha224_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha256_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha384_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha512_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha512_224_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha512_256_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha3_224_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha3_256_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha3_384_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_rsa_sha3_512_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_sha1_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_sha224_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_sha256_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_sha384_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_sha512_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_sha3_224_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_sha3_256_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_sha3_384_signature_functions[];
+extern const OSSL_DISPATCH p_scossl_ecdsa_sha3_512_signature_functions[];
 
 static const OSSL_ALGORITHM p_scossl_signature[] = {
-    ALG(SCOSSL_ALG_NAME_ECDSA, p_scossl_ecdsa_signature_functions),
     ALG(SCOSSL_ALG_NAME_RSA, p_scossl_rsa_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA1, p_scossl_rsa_sha1_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA256, p_scossl_rsa_sha256_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA384, p_scossl_rsa_sha384_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA512, p_scossl_rsa_sha512_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA224, p_scossl_rsa_sha224_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA512_224, p_scossl_rsa_sha512_224_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA512_256, p_scossl_rsa_sha512_256_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA3_224, p_scossl_rsa_sha3_224_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA3_256, p_scossl_rsa_sha3_256_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA3_384, p_scossl_rsa_sha3_384_signature_functions),
+    ALG(SCOSSL_ALG_NAME_RSA_SHA3_512, p_scossl_rsa_sha3_512_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA, p_scossl_ecdsa_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA_SHA1, p_scossl_ecdsa_sha1_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA_SHA224, p_scossl_ecdsa_sha224_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA_SHA256, p_scossl_ecdsa_sha256_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA_SHA384, p_scossl_ecdsa_sha384_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA_SHA512, p_scossl_ecdsa_sha512_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA_SHA3_224, p_scossl_ecdsa_sha3_224_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA_SHA3_256, p_scossl_ecdsa_sha3_256_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA_SHA3_384, p_scossl_ecdsa_sha3_384_signature_functions),
+    ALG(SCOSSL_ALG_NAME_ECDSA_SHA3_512, p_scossl_ecdsa_sha3_512_signature_functions),
     ALG_TABLE_END};
 
 // Asymmetric Cipher

SymCryptProvider/src/p_scossl_names.h

@@ -85,6 +85,30 @@ extern "C" {
 #define SCOSSL_ALG_NAME_RSA     SN_rsa":"LN_rsaEncryption":1.2.840.113549.1.1.1"
 #define SCOSSL_ALG_NAME_ECDSA   "ECDSA"
 
+// Composite RSA signature algorithms (sigalgs)
+#define SCOSSL_ALG_NAME_RSA_SHA1        "RSA-SHA1:RSA-SHA-1:sha1WithRSAEncryption:1.2.840.113549.1.1.5"
+#define SCOSSL_ALG_NAME_RSA_SHA256      "RSA-SHA2-256:RSA-SHA256:sha256WithRSAEncryption:1.2.840.113549.1.1.11"
+#define SCOSSL_ALG_NAME_RSA_SHA384      "RSA-SHA2-384:RSA-SHA384:sha384WithRSAEncryption:1.2.840.113549.1.1.12"
+#define SCOSSL_ALG_NAME_RSA_SHA512      "RSA-SHA2-512:RSA-SHA512:sha512WithRSAEncryption:1.2.840.113549.1.1.13"
+#define SCOSSL_ALG_NAME_RSA_SHA224      "RSA-SHA2-224:RSA-SHA224:sha224WithRSAEncryption:1.2.840.113549.1.1.14"
+#define SCOSSL_ALG_NAME_RSA_SHA512_224  "RSA-SHA2-512/224:RSA-SHA512-224:sha512-224WithRSAEncryption:1.2.840.113549.1.1.15"
+#define SCOSSL_ALG_NAME_RSA_SHA512_256  "RSA-SHA2-512/256:RSA-SHA512-256:sha512-256WithRSAEncryption:1.2.840.113549.1.1.16"
+#define SCOSSL_ALG_NAME_RSA_SHA3_224    "RSA-SHA3-224:id-rsassa-pkcs1-v1_5-with-sha3-224:2.16.840.1.101.3.4.3.13"
+#define SCOSSL_ALG_NAME_RSA_SHA3_256    "RSA-SHA3-256:id-rsassa-pkcs1-v1_5-with-sha3-256:2.16.840.1.101.3.4.3.14"
+#define SCOSSL_ALG_NAME_RSA_SHA3_384    "RSA-SHA3-384:id-rsassa-pkcs1-v1_5-with-sha3-384:2.16.840.1.101.3.4.3.15"
+#define SCOSSL_ALG_NAME_RSA_SHA3_512    "RSA-SHA3-512:id-rsassa-pkcs1-v1_5-with-sha3-512:2.16.840.1.101.3.4.3.16"
+
+// Composite ECDSA signature algorithms (sigalgs)
+#define SCOSSL_ALG_NAME_ECDSA_SHA1      "ECDSA-SHA1:ECDSA-SHA-1:ecdsa-with-SHA1:1.2.840.10045.4.1"
+#define SCOSSL_ALG_NAME_ECDSA_SHA224    "ECDSA-SHA2-224:ECDSA-SHA224:ecdsa-with-SHA224:1.2.840.10045.4.3.1"
+#define SCOSSL_ALG_NAME_ECDSA_SHA256    "ECDSA-SHA2-256:ECDSA-SHA256:ecdsa-with-SHA256:1.2.840.10045.4.3.2"
+#define SCOSSL_ALG_NAME_ECDSA_SHA384    "ECDSA-SHA2-384:ECDSA-SHA384:ecdsa-with-SHA384:1.2.840.10045.4.3.3"
+#define SCOSSL_ALG_NAME_ECDSA_SHA512    "ECDSA-SHA2-512:ECDSA-SHA512:ecdsa-with-SHA512:1.2.840.10045.4.3.4"
+#define SCOSSL_ALG_NAME_ECDSA_SHA3_224  "ECDSA-SHA3-224:ecdsa_with_SHA3-224:id-ecdsa-with-sha3-224:2.16.840.1.101.3.4.3.9"
+#define SCOSSL_ALG_NAME_ECDSA_SHA3_256  "ECDSA-SHA3-256:ecdsa_with_SHA3-256:id-ecdsa-with-sha3-256:2.16.840.1.101.3.4.3.10"
+#define SCOSSL_ALG_NAME_ECDSA_SHA3_384  "ECDSA-SHA3-384:ecdsa_with_SHA3-384:id-ecdsa-with-sha3-384:2.16.840.1.101.3.4.3.11"
+#define SCOSSL_ALG_NAME_ECDSA_SHA3_512  "ECDSA-SHA3-512:ecdsa_with_SHA3-512:id-ecdsa-with-sha3-512:2.16.840.1.101.3.4.3.12"
+
 // Key encapsulation
 #define SCOSSL_ALG_NAME_MLKEM512    SCOSSL_LN_MLKEM512":MLKEM512:"SCOSSL_SN_MLKEM512":"SCOSSL_OID_MLKEM512
 #define SCOSSL_ALG_NAME_MLKEM768    SCOSSL_LN_MLKEM768":MLKEM768:"SCOSSL_SN_MLKEM768":"SCOSSL_OID_MLKEM768