SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472
							/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://aws.amazon.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

#include "tls/s2n_signature_scheme.h"

#include "api/s2n.h"
#include "crypto/s2n_ecc_evp.h"
#include "crypto/s2n_hash.h"
#include "crypto/s2n_signature.h"
#include "tls/s2n_connection.h"
#include "utils/s2n_safety.h"

const struct s2n_signature_scheme s2n_null_sig_scheme = {
    .iana_value = 0,
    .hash_alg = S2N_HASH_NONE,
    .sig_alg = S2N_SIGNATURE_ANONYMOUS,
    .libcrypto_nid = 0,
    .signature_curve = NULL,
    .maximum_protocol_version = 0,
};

/* RSA PKCS1 */
const struct s2n_signature_scheme s2n_rsa_pkcs1_md5_sha1 = {
    .iana_value = TLS_SIGNATURE_SCHEME_PRIVATE_INTERNAL_RSA_PKCS1_MD5_SHA1,
    .hash_alg = S2N_HASH_MD5_SHA1,
    .sig_alg = S2N_SIGNATURE_RSA,
    .libcrypto_nid = NID_md5_sha1,
    .signature_curve = NULL,               /* Elliptic Curve not needed for RSA */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 or sha1 */
};

const struct s2n_signature_scheme s2n_rsa_pkcs1_sha1 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA1,
    .hash_alg = S2N_HASH_SHA1,
    .sig_alg = S2N_SIGNATURE_RSA,
    .libcrypto_nid = NID_sha1WithRSAEncryption,
    .signature_curve = NULL,               /* Elliptic Curve not needed for RSA */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 or sha1 */
};

const struct s2n_signature_scheme s2n_rsa_pkcs1_sha224 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA224,
    .hash_alg = S2N_HASH_SHA224,
    .sig_alg = S2N_SIGNATURE_RSA,
    .libcrypto_nid = NID_sha224WithRSAEncryption,
    .signature_curve = NULL,               /* Elliptic Curve not needed for RSA */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */
};

const struct s2n_signature_scheme s2n_rsa_pkcs1_sha256 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA256,
    .hash_alg = S2N_HASH_SHA256,
    .sig_alg = S2N_SIGNATURE_RSA,
    .libcrypto_nid = NID_sha256WithRSAEncryption,
    .signature_curve = NULL,               /* Elliptic Curve not needed for RSA */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */
};

const struct s2n_signature_scheme s2n_rsa_pkcs1_sha384 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA384,
    .hash_alg = S2N_HASH_SHA384,
    .sig_alg = S2N_SIGNATURE_RSA,
    .libcrypto_nid = NID_sha384WithRSAEncryption,
    .signature_curve = NULL,               /* Elliptic Curve not needed for RSA */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */
};

const struct s2n_signature_scheme s2n_rsa_pkcs1_sha512 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA512,
    .hash_alg = S2N_HASH_SHA512,
    .sig_alg = S2N_SIGNATURE_RSA,
    .libcrypto_nid = NID_sha512WithRSAEncryption,
    .signature_curve = NULL,               /* Elliptic Curve not needed for RSA */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support pkcs1 */
};

/* TLS 1.2 Compatible ECDSA Signature Schemes */
const struct s2n_signature_scheme s2n_ecdsa_sha1 = {
    .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA1,
    .hash_alg = S2N_HASH_SHA1,
    .sig_alg = S2N_SIGNATURE_ECDSA,
    .libcrypto_nid = NID_ecdsa_with_SHA1,
    .signature_curve = NULL,               /* Decided by supported_groups Extension in TLS 1.2 and before */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 does not support sha1 and requires a signature curve */
};

const struct s2n_signature_scheme s2n_ecdsa_sha224 = {
    .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA224,
    .hash_alg = S2N_HASH_SHA224,
    .sig_alg = S2N_SIGNATURE_ECDSA,
    .libcrypto_nid = NID_ecdsa_with_SHA224,
    .signature_curve = NULL,               /* Decided by supported_groups Extension in TLS 1.2 and before */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */
};

const struct s2n_signature_scheme s2n_ecdsa_sha256 = {
    .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA256,
    .hash_alg = S2N_HASH_SHA256,
    .sig_alg = S2N_SIGNATURE_ECDSA,
    .libcrypto_nid = NID_ecdsa_with_SHA256,
    .signature_curve = NULL,               /* Decided by supported_groups Extension in TLS 1.2 and before */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */
};

const struct s2n_signature_scheme s2n_ecdsa_sha384 = {
    .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA384,
    .hash_alg = S2N_HASH_SHA384,
    .sig_alg = S2N_SIGNATURE_ECDSA,
    .libcrypto_nid = NID_ecdsa_with_SHA384,
    .signature_curve = NULL,               /* Decided by supported_groups Extension in TLS 1.2 and before */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */
};

const struct s2n_signature_scheme s2n_ecdsa_sha512 = {
    .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SHA512,
    .hash_alg = S2N_HASH_SHA512,
    .sig_alg = S2N_SIGNATURE_ECDSA,
    .libcrypto_nid = NID_ecdsa_with_SHA512,
    .signature_curve = NULL,               /* Decided by supported_groups Extension in TLS 1.2 and before */
    .maximum_protocol_version = S2N_TLS12, /* TLS1.3 requires a signature curve */
};

/* TLS 1.3 Compatible ECDSA Schemes */
/* In TLS 1.3 the two byte IANA value also defines the Curve to use for signing */

const struct s2n_signature_scheme s2n_ecdsa_secp256r1_sha256 = {
    .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
    .hash_alg = S2N_HASH_SHA256,
    .sig_alg = S2N_SIGNATURE_ECDSA,
    .libcrypto_nid = NID_ecdsa_with_SHA256,
    .signature_curve = &s2n_ecc_curve_secp256r1, /* Hardcoded as of TLS 1.3 */
    .minimum_protocol_version = S2N_TLS13,
};

const struct s2n_signature_scheme s2n_ecdsa_secp384r1_sha384 = {
    .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP384R1_SHA384,
    .hash_alg = S2N_HASH_SHA384,
    .sig_alg = S2N_SIGNATURE_ECDSA,
    .libcrypto_nid = NID_ecdsa_with_SHA384,
    .signature_curve = &s2n_ecc_curve_secp384r1, /* Hardcoded as of TLS 1.3 */
    .minimum_protocol_version = S2N_TLS13,
};

const struct s2n_signature_scheme s2n_ecdsa_secp521r1_sha512 = {
    .iana_value = TLS_SIGNATURE_SCHEME_ECDSA_SECP521R1_SHA512,
    .hash_alg = S2N_HASH_SHA512,
    .sig_alg = S2N_SIGNATURE_ECDSA,
    .libcrypto_nid = NID_ecdsa_with_SHA512,
    .signature_curve = &s2n_ecc_curve_secp521r1, /* Hardcoded as of TLS 1.3 */
    .minimum_protocol_version = S2N_TLS13,
};

/**
 * RSA-PSS-RSAE
 */
const struct s2n_signature_scheme s2n_rsa_pss_rsae_sha256 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256,
    .hash_alg = S2N_HASH_SHA256,
    .sig_alg = S2N_SIGNATURE_RSA_PSS_RSAE,
    .libcrypto_nid = NID_rsassaPss,
    .signature_curve = NULL, /* Elliptic Curve not needed for RSA */
};

const struct s2n_signature_scheme s2n_rsa_pss_rsae_sha384 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA384,
    .hash_alg = S2N_HASH_SHA384,
    .sig_alg = S2N_SIGNATURE_RSA_PSS_RSAE,
    .libcrypto_nid = NID_rsassaPss,
    .signature_curve = NULL, /* Elliptic Curve not needed for RSA */
};

const struct s2n_signature_scheme s2n_rsa_pss_rsae_sha512 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA512,
    .hash_alg = S2N_HASH_SHA512,
    .sig_alg = S2N_SIGNATURE_RSA_PSS_RSAE,
    .libcrypto_nid = NID_rsassaPss,
    .signature_curve = NULL, /* Elliptic Curve not needed for RSA */
};

/**
 * RSA-PSS-PSS
 */
const struct s2n_signature_scheme s2n_rsa_pss_pss_sha256 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA256,
    .hash_alg = S2N_HASH_SHA256,
    .sig_alg = S2N_SIGNATURE_RSA_PSS_PSS,
    .libcrypto_nid = NID_rsassaPss,
    .signature_curve = NULL, /* Elliptic Curve not needed for RSA */
    .minimum_protocol_version = S2N_TLS13,
};

const struct s2n_signature_scheme s2n_rsa_pss_pss_sha384 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA384,
    .hash_alg = S2N_HASH_SHA384,
    .sig_alg = S2N_SIGNATURE_RSA_PSS_PSS,
    .libcrypto_nid = NID_rsassaPss,
    .signature_curve = NULL, /* Elliptic Curve not needed for RSA */
    .minimum_protocol_version = S2N_TLS13,
};

const struct s2n_signature_scheme s2n_rsa_pss_pss_sha512 = {
    .iana_value = TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA512,
    .hash_alg = S2N_HASH_SHA512,
    .sig_alg = S2N_SIGNATURE_RSA_PSS_PSS,
    .libcrypto_nid = NID_rsassaPss,
    .signature_curve = NULL, /* Elliptic Curve not needed for RSA */
    .minimum_protocol_version = S2N_TLS13,
};

/* All Supported SignatureSchemes. */
/* No MD5 to avoid SLOTH Vulnerability */
const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20140601[] = {
    /* RSA PKCS1 */
    &s2n_rsa_pkcs1_sha256,
    &s2n_rsa_pkcs1_sha384,
    &s2n_rsa_pkcs1_sha512,
    &s2n_rsa_pkcs1_sha224,

    /* ECDSA - TLS 1.2 */
    &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */
    &s2n_ecdsa_secp256r1_sha256,
    &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */
    &s2n_ecdsa_secp384r1_sha384,
    &s2n_ecdsa_sha512,
    &s2n_ecdsa_sha224,

    /* SHA-1 Legacy */
    &s2n_rsa_pkcs1_sha1,
    &s2n_ecdsa_sha1,
};

/* The original preference list, but with rsa_pss supported. */
const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20200207[] = {
    /* RSA PSS */
    &s2n_rsa_pss_pss_sha256,
    &s2n_rsa_pss_pss_sha384,
    &s2n_rsa_pss_pss_sha512,
    &s2n_rsa_pss_rsae_sha256,
    &s2n_rsa_pss_rsae_sha384,
    &s2n_rsa_pss_rsae_sha512,

    /* RSA PKCS1 */
    &s2n_rsa_pkcs1_sha256,
    &s2n_rsa_pkcs1_sha384,
    &s2n_rsa_pkcs1_sha512,
    &s2n_rsa_pkcs1_sha224,

    /* ECDSA - TLS 1.2 */
    &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */
    &s2n_ecdsa_secp256r1_sha256,
    &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */
    &s2n_ecdsa_secp384r1_sha384,
    &s2n_ecdsa_sha512,
    &s2n_ecdsa_sha224,

    /* SHA-1 Legacy */
    &s2n_rsa_pkcs1_sha1,
    &s2n_ecdsa_sha1,
};

/*
 * These signature schemes were chosen based on the following specification:
 * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf
 */
const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_default_fips[] = {
    /* RSA PKCS1 - TLS1.2 */
    &s2n_rsa_pkcs1_sha256,
    &s2n_rsa_pkcs1_sha384,
    &s2n_rsa_pkcs1_sha512,

    /* ECDSA - TLS 1.2 */
    &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */
    &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */
    &s2n_ecdsa_sha512,
    &s2n_ecdsa_sha224,
};

const struct s2n_signature_preferences s2n_signature_preferences_default_fips = {
    .count = s2n_array_len(s2n_sig_scheme_pref_list_default_fips),
    .signature_schemes = s2n_sig_scheme_pref_list_default_fips,
};

/*
 * FIPS compliant.
 * Supports TLS1.3.
 * Prefers PSS over PKCS1.
 */
const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20230317[] = {
    /* RSA */
    &s2n_rsa_pss_rsae_sha256,
    &s2n_rsa_pss_rsae_sha384,
    &s2n_rsa_pss_rsae_sha512,
    &s2n_rsa_pkcs1_sha256,
    &s2n_rsa_pkcs1_sha384,
    &s2n_rsa_pkcs1_sha512,

    /* TLS1.2 with ECDSA */
    &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */
    &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */
    &s2n_ecdsa_sha512,

    /* TLS1.3 with ECDSA */
    &s2n_ecdsa_secp256r1_sha256,
    &s2n_ecdsa_secp384r1_sha384,
    &s2n_ecdsa_secp521r1_sha512,

    /* TLS1.3 with RSA-PSS */
    &s2n_rsa_pss_pss_sha256,
    &s2n_rsa_pss_pss_sha384,
    &s2n_rsa_pss_pss_sha512,
};

const struct s2n_signature_preferences s2n_signature_preferences_20230317 = {
    .count = s2n_array_len(s2n_sig_scheme_pref_list_20230317),
    .signature_schemes = s2n_sig_scheme_pref_list_20230317,
};

/* Add s2n_ecdsa_secp521r1_sha512 */
const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20201021[] = {
    /* RSA PSS */
    &s2n_rsa_pss_pss_sha256,
    &s2n_rsa_pss_pss_sha384,
    &s2n_rsa_pss_pss_sha512,
    &s2n_rsa_pss_rsae_sha256,
    &s2n_rsa_pss_rsae_sha384,
    &s2n_rsa_pss_rsae_sha512,

    /* RSA PKCS1 */
    &s2n_rsa_pkcs1_sha256,
    &s2n_rsa_pkcs1_sha384,
    &s2n_rsa_pkcs1_sha512,
    &s2n_rsa_pkcs1_sha224,

    /* ECDSA - TLS 1.2 */
    &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */
    &s2n_ecdsa_secp256r1_sha256,
    &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */
    &s2n_ecdsa_secp384r1_sha384,
    &s2n_ecdsa_sha512, /* same iana value as TLS 1.3 s2n_ecdsa_secp521r1_sha512 */
    &s2n_ecdsa_secp521r1_sha512,
    &s2n_ecdsa_sha224,

    /* SHA-1 Legacy */
    &s2n_rsa_pkcs1_sha1,
    &s2n_ecdsa_sha1,
};

const struct s2n_signature_preferences s2n_signature_preferences_20140601 = {
    .count = s2n_array_len(s2n_sig_scheme_pref_list_20140601),
    .signature_schemes = s2n_sig_scheme_pref_list_20140601,
};

const struct s2n_signature_preferences s2n_signature_preferences_20200207 = {
    .count = s2n_array_len(s2n_sig_scheme_pref_list_20200207),
    .signature_schemes = s2n_sig_scheme_pref_list_20200207,
};

const struct s2n_signature_preferences s2n_signature_preferences_20201021 = {
    .count = s2n_array_len(s2n_sig_scheme_pref_list_20201021),
    .signature_schemes = s2n_sig_scheme_pref_list_20201021,
};

const struct s2n_signature_preferences s2n_signature_preferences_null = {
    .count = 0,
    .signature_schemes = NULL,
};

/* TLS1.3 supported signature schemes, without SHA-1 legacy algorithms */
const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20201110[] = {
    /* RSA PSS */
    &s2n_rsa_pss_pss_sha256,
    &s2n_rsa_pss_pss_sha384,
    &s2n_rsa_pss_pss_sha512,
    &s2n_rsa_pss_rsae_sha256,
    &s2n_rsa_pss_rsae_sha384,
    &s2n_rsa_pss_rsae_sha512,

    /* RSA PKCS1 */
    &s2n_rsa_pkcs1_sha256,
    &s2n_rsa_pkcs1_sha384,
    &s2n_rsa_pkcs1_sha512,
    &s2n_rsa_pkcs1_sha224,

    /* ECDSA - TLS 1.2 */
    &s2n_ecdsa_sha256, /* same iana value as TLS 1.3 s2n_ecdsa_secp256r1_sha256 */
    &s2n_ecdsa_secp256r1_sha256,
    &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */
    &s2n_ecdsa_secp384r1_sha384,
    &s2n_ecdsa_sha512,
    &s2n_ecdsa_sha224,
};

const struct s2n_signature_preferences s2n_certificate_signature_preferences_20201110 = {
    .count = s2n_array_len(s2n_sig_scheme_pref_list_20201110),
    .signature_schemes = s2n_sig_scheme_pref_list_20201110,
};

/* Based on s2n_sig_scheme_pref_list_20140601 but with all hashes < SHA-384 removed */
const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_20210816[] = {
    /* RSA PKCS1 */
    &s2n_rsa_pkcs1_sha384,
    &s2n_rsa_pkcs1_sha512,

    /* ECDSA - TLS 1.2 */
    &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */
    &s2n_ecdsa_sha512,
};

const struct s2n_signature_preferences s2n_signature_preferences_20210816 = {
    .count = s2n_array_len(s2n_sig_scheme_pref_list_20210816),
    .signature_schemes = s2n_sig_scheme_pref_list_20210816
};

const struct s2n_signature_scheme* const s2n_sig_scheme_pref_list_rfc9151[] = {
    /* ECDSA - TLS 1.3 */
    &s2n_ecdsa_secp384r1_sha384,

    /* RSA PSS - TLS 1.3 */
    &s2n_rsa_pss_pss_sha384,

    /* ECDSA - TLS 1.2 */
    &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */

    /* RSA */
    &s2n_rsa_pss_rsae_sha384,

    &s2n_rsa_pkcs1_sha384,
};

const struct s2n_signature_scheme* const s2n_cert_sig_scheme_pref_list_rfc9151[] = {
    /* ECDSA - TLS 1.3 */
    &s2n_ecdsa_secp384r1_sha384,

    /* RSA PSS
     * https://github.com/aws/s2n-tls/issues/3435
     *
     * The Openssl function used to parse signatures off certificates does not differentiate
     * between any rsa pss signature schemes. Therefore a security policy with a certificate
     * signatures preference list must include all rsa_pss signature schemes.
     *
     * Since only sha384 is allowed by rfc9151, this certificate signing policy does not
     * support rsa_pss.
     */

    /* ECDSA - TLS 1.2 */
    &s2n_ecdsa_sha384, /* same iana value as TLS 1.3 s2n_ecdsa_secp384r1_sha384 */

    /* RSA */
    &s2n_rsa_pkcs1_sha384,
};

const struct s2n_signature_preferences s2n_signature_preferences_rfc9151 = {
    .count = s2n_array_len(s2n_sig_scheme_pref_list_rfc9151),
    .signature_schemes = s2n_sig_scheme_pref_list_rfc9151
};

const struct s2n_signature_preferences s2n_certificate_signature_preferences_rfc9151 = {
    .count = s2n_array_len(s2n_cert_sig_scheme_pref_list_rfc9151),
    .signature_schemes = s2n_cert_sig_scheme_pref_list_rfc9151
};