|
Packit |
aea12f |
/*
|
|
Packit |
aea12f |
* Copyright (C) 2011-2012 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
* Copyright (C) 2017 Red Hat, Inc.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This file is part of GnuTLS.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit |
aea12f |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
aea12f |
* the License, or (at your option) any later version.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This library is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
* Lesser General Public License for more details.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include "gnutls_int.h"
|
|
Packit |
aea12f |
#include <algorithms.h>
|
|
Packit |
aea12f |
#include "errors.h"
|
|
Packit |
aea12f |
#include <x509/common.h>
|
|
Packit |
aea12f |
#include <assert.h>
|
|
Packit |
aea12f |
#include "c-strcase.h"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* signature algorithms;
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifdef ALLOW_SHA1
|
|
Packit |
aea12f |
# define SHA1_SECURE_VAL _SECURE
|
|
Packit |
aea12f |
#else
|
|
Packit |
aea12f |
# define SHA1_SECURE_VAL _INSECURE_FOR_CERTS
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
static const gnutls_sign_entry_st sign_algorithms[] = {
|
|
Packit |
aea12f |
/* RSA-PKCS#1 1.5: must be before PSS,
|
|
Packit |
aea12f |
* so that gnutls_pk_to_sign() will return
|
|
Packit |
aea12f |
* these first for backwards compatibility. */
|
|
Packit |
aea12f |
{.name = "RSA-SHA256",
|
|
Packit |
aea12f |
.oid = SIG_RSA_SHA256_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA256,
|
|
Packit |
aea12f |
.aid = {{4, 1}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "RSA-SHA384",
|
|
Packit |
aea12f |
.oid = SIG_RSA_SHA384_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA384,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA384,
|
|
Packit |
aea12f |
.aid = {{5, 1}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "RSA-SHA512",
|
|
Packit |
aea12f |
.oid = SIG_RSA_SHA512_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA512,
|
|
Packit |
aea12f |
.aid = {{6, 1}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* RSA-PSS */
|
|
Packit |
aea12f |
{.name = "RSA-PSS-SHA256",
|
|
Packit |
aea12f |
.oid = PK_PKIX1_RSA_PSS_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_PSS_SHA256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA_PSS,
|
|
Packit |
aea12f |
.priv_pk = GNUTLS_PK_RSA, /* PKCS#11 doesn't separate RSA from RSA-PSS privkeys */
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA256,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{8, 9}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "RSA-PSS-RSAE-SHA256",
|
|
Packit |
aea12f |
.oid = PK_PKIX1_RSA_PSS_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_PSS_RSAE_SHA256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA_PSS,
|
|
Packit |
aea12f |
.cert_pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.priv_pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA256,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{8, 4}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "RSA-PSS-SHA384",
|
|
Packit |
aea12f |
.oid = PK_PKIX1_RSA_PSS_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_PSS_SHA384,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA_PSS,
|
|
Packit |
aea12f |
.priv_pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA384,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{8, 0x0A}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "RSA-PSS-RSAE-SHA384",
|
|
Packit |
aea12f |
.oid = PK_PKIX1_RSA_PSS_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_PSS_RSAE_SHA384,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA_PSS,
|
|
Packit |
aea12f |
.cert_pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.priv_pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA384,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{8, 5}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "RSA-PSS-SHA512",
|
|
Packit |
aea12f |
.oid = PK_PKIX1_RSA_PSS_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_PSS_SHA512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA_PSS,
|
|
Packit |
aea12f |
.priv_pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA512,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{8, 0x0B}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "RSA-PSS-RSAE-SHA512",
|
|
Packit |
aea12f |
.oid = PK_PKIX1_RSA_PSS_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_PSS_RSAE_SHA512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA_PSS,
|
|
Packit |
aea12f |
.cert_pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.priv_pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA512,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{8, 6}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Ed25519: The hash algorithm here is set to be SHA512, although that is
|
|
Packit |
aea12f |
* an internal detail of Ed25519; we set it, because CMS/PKCS#7 requires
|
|
Packit |
aea12f |
* that mapping. */
|
|
Packit |
aea12f |
{.name = "EdDSA-Ed25519",
|
|
Packit |
aea12f |
.oid = SIG_EDDSA_SHA512_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_EDDSA_ED25519,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_EDDSA_ED25519,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA512,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{8, 7}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* ECDSA */
|
|
Packit |
aea12f |
/* The following three signature algorithms
|
|
Packit |
aea12f |
* have different semantics when used under TLS 1.2
|
|
Packit |
aea12f |
* or TLS 1.3. Under the former they behave as the
|
|
Packit |
aea12f |
* as ECDSA signed by SHAXXX by any curve, but under the
|
|
Packit |
aea12f |
* latter they are restricted to a single curve.
|
|
Packit |
aea12f |
* For this reason the ECDSA-SHAXXX algorithms act
|
|
Packit |
aea12f |
* as an alias to them. */
|
|
Packit |
aea12f |
/* we have intentionally the ECDSA-SHAXXX algorithms first
|
|
Packit |
aea12f |
* so that gnutls_pk_to_sign() will return these. */
|
|
Packit |
aea12f |
{.name = "ECDSA-SHA256",
|
|
Packit |
aea12f |
.oid = "1.2.840.10045.4.3.2",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SHA256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA256,
|
|
Packit |
aea12f |
.aid = {{4, 3}, SIG_SEM_PRE_TLS12}},
|
|
Packit |
aea12f |
{.name = "ECDSA-SHA384",
|
|
Packit |
aea12f |
.oid = "1.2.840.10045.4.3.3",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SHA384,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA384,
|
|
Packit |
aea12f |
.aid = {{5, 3}, SIG_SEM_PRE_TLS12}},
|
|
Packit |
aea12f |
{.name = "ECDSA-SHA512",
|
|
Packit |
aea12f |
.oid = "1.2.840.10045.4.3.4",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SHA512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA512,
|
|
Packit |
aea12f |
.aid = {{6, 3}, SIG_SEM_PRE_TLS12}},
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{.name = "ECDSA-SECP256R1-SHA256",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SECP256R1_SHA256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
aea12f |
.curve = GNUTLS_ECC_CURVE_SECP256R1,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA256,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{4, 3}, SIG_SEM_TLS13}},
|
|
Packit |
aea12f |
{.name = "ECDSA-SECP384R1-SHA384",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SECP384R1_SHA384,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
aea12f |
.curve = GNUTLS_ECC_CURVE_SECP384R1,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA384,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{5, 3}, SIG_SEM_TLS13}},
|
|
Packit |
aea12f |
{.name = "ECDSA-SECP521R1-SHA512",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SECP521R1_SHA512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
aea12f |
.curve = GNUTLS_ECC_CURVE_SECP521R1,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA512,
|
|
Packit |
aea12f |
.tls13_ok = 1,
|
|
Packit |
aea12f |
.aid = {{6, 3}, SIG_SEM_TLS13}},
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* ECDSA-SHA3 */
|
|
Packit |
aea12f |
{.name = "ECDSA-SHA3-224",
|
|
Packit |
aea12f |
.oid = SIG_ECDSA_SHA3_224_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SHA3_224,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_EC,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_224,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "ECDSA-SHA3-256",
|
|
Packit |
aea12f |
.oid = SIG_ECDSA_SHA3_256_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SHA3_256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_EC,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_256,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "ECDSA-SHA3-384",
|
|
Packit |
aea12f |
.oid = SIG_ECDSA_SHA3_384_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SHA3_384,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_EC,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_384,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "ECDSA-SHA3-512",
|
|
Packit |
aea12f |
.oid = SIG_ECDSA_SHA3_512_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SHA3_512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_EC,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_512,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "RSA-SHA3-224",
|
|
Packit |
aea12f |
.oid = SIG_RSA_SHA3_224_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA3_224,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_224,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "RSA-SHA3-256",
|
|
Packit |
aea12f |
.oid = SIG_RSA_SHA3_256_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA3_256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_256,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "RSA-SHA3-384",
|
|
Packit |
aea12f |
.oid = SIG_RSA_SHA3_384_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA3_384,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_384,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "RSA-SHA3-512",
|
|
Packit |
aea12f |
.oid = SIG_RSA_SHA3_512_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA3_512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_512,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* DSA-SHA3 */
|
|
Packit |
aea12f |
{.name = "DSA-SHA3-224",
|
|
Packit |
aea12f |
.oid = SIG_DSA_SHA3_224_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA3_224,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_224,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "DSA-SHA3-256",
|
|
Packit |
aea12f |
.oid = SIG_DSA_SHA3_256_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA3_256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_256,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "DSA-SHA3-384",
|
|
Packit |
aea12f |
.oid = SIG_DSA_SHA3_384_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA3_384,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_384,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "DSA-SHA3-512",
|
|
Packit |
aea12f |
.oid = SIG_DSA_SHA3_512_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA3_512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA3_512,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* legacy */
|
|
Packit |
aea12f |
{.name = "RSA-RAW",
|
|
Packit |
aea12f |
.oid = NULL,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_RAW,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_UNKNOWN,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN
|
|
Packit |
aea12f |
},
|
|
Packit |
aea12f |
{.name = "RSA-SHA1",
|
|
Packit |
aea12f |
.oid = SIG_RSA_SHA1_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA1,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA1,
|
|
Packit |
aea12f |
.slevel = SHA1_SECURE_VAL,
|
|
Packit |
aea12f |
.aid = {{2, 1}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "RSA-SHA1",
|
|
Packit |
aea12f |
.oid = ISO_SIG_RSA_SHA1_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA1,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.slevel = SHA1_SECURE_VAL,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA1,
|
|
Packit |
aea12f |
.aid = {{2, 1}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "RSA-SHA224",
|
|
Packit |
aea12f |
.oid = SIG_RSA_SHA224_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_SHA224,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA224,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "RSA-RMD160",
|
|
Packit |
aea12f |
.oid = SIG_RSA_RMD160_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_RMD160,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_RMD160,
|
|
Packit |
aea12f |
.slevel = _INSECURE_FOR_CERTS,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "DSA-SHA1",
|
|
Packit |
aea12f |
.oid = SIG_DSA_SHA1_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA1,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.slevel = SHA1_SECURE_VAL,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA1,
|
|
Packit |
aea12f |
.aid = {{2, 2}, SIG_SEM_PRE_TLS12}},
|
|
Packit |
aea12f |
{.name = "DSA-SHA1",
|
|
Packit |
aea12f |
.oid = "1.3.14.3.2.27",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA1,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA1,
|
|
Packit |
aea12f |
.slevel = SHA1_SECURE_VAL,
|
|
Packit |
aea12f |
.aid = {{2, 2}, SIG_SEM_PRE_TLS12}},
|
|
Packit |
aea12f |
{.name = "DSA-SHA224",
|
|
Packit |
aea12f |
.oid = SIG_DSA_SHA224_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA224,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA224,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "DSA-SHA256",
|
|
Packit |
aea12f |
.oid = SIG_DSA_SHA256_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA256,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "RSA-MD5",
|
|
Packit |
aea12f |
.oid = SIG_RSA_MD5_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_MD5,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_MD5,
|
|
Packit |
aea12f |
.slevel = _INSECURE,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "RSA-MD5",
|
|
Packit |
aea12f |
.oid = "1.3.14.3.2.25",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_MD5,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_MD5,
|
|
Packit |
aea12f |
.slevel = _INSECURE,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "RSA-MD2",
|
|
Packit |
aea12f |
.oid = SIG_RSA_MD2_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_RSA_MD2,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_RSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_MD2,
|
|
Packit |
aea12f |
.slevel = _INSECURE,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "ECDSA-SHA1",
|
|
Packit |
aea12f |
.oid = "1.2.840.10045.4.1",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SHA1,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_EC,
|
|
Packit |
aea12f |
.slevel = SHA1_SECURE_VAL,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA1,
|
|
Packit |
aea12f |
.aid = {{2, 3}, SIG_SEM_DEFAULT}},
|
|
Packit |
aea12f |
{.name = "ECDSA-SHA224",
|
|
Packit |
aea12f |
.oid = "1.2.840.10045.4.3.1",
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_ECDSA_SHA224,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_EC,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA224,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
/* GOST R 34.10-2012-512 */
|
|
Packit |
aea12f |
{.name = "GOSTR341012-512",
|
|
Packit |
aea12f |
.oid = SIG_GOST_R3410_2012_512_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_GOST_512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_GOST_12_512,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_STREEBOG_512,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
/* GOST R 34.10-2012-256 */
|
|
Packit |
aea12f |
{.name = "GOSTR341012-256",
|
|
Packit |
aea12f |
.oid = SIG_GOST_R3410_2012_256_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_GOST_256,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_GOST_12_256,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_STREEBOG_256,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
/* GOST R 34.10-2001 */
|
|
Packit |
aea12f |
{.name = "GOSTR341001",
|
|
Packit |
aea12f |
.oid = SIG_GOST_R3410_2001_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_GOST_94,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_GOST_01,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_GOSTR_94,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
/* GOST R 34.10-94 */
|
|
Packit |
aea12f |
{.name = "GOSTR341094",
|
|
Packit |
aea12f |
.oid = SIG_GOST_R3410_94_OID,
|
|
Packit |
aea12f |
.id = 0,
|
|
Packit |
aea12f |
.pk = 0,
|
|
Packit |
aea12f |
.hash = 0,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "DSA-SHA384",
|
|
Packit |
aea12f |
.oid = SIG_DSA_SHA384_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA384,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA384,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
{.name = "DSA-SHA512",
|
|
Packit |
aea12f |
.oid = SIG_DSA_SHA512_OID,
|
|
Packit |
aea12f |
.id = GNUTLS_SIGN_DSA_SHA512,
|
|
Packit |
aea12f |
.pk = GNUTLS_PK_DSA,
|
|
Packit |
aea12f |
.hash = GNUTLS_DIG_SHA512,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN},
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
{.name = 0,
|
|
Packit |
aea12f |
.oid = 0,
|
|
Packit |
aea12f |
.id = 0,
|
|
Packit |
aea12f |
.pk = 0,
|
|
Packit |
aea12f |
.hash = 0,
|
|
Packit |
aea12f |
.aid = TLS_SIGN_AID_UNKNOWN}
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define GNUTLS_SIGN_LOOP(b) \
|
|
Packit |
aea12f |
do { \
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *p; \
|
|
Packit |
aea12f |
for(p = sign_algorithms; p->name != NULL; p++) { b ; } \
|
|
Packit |
aea12f |
} while (0)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define GNUTLS_SIGN_ALG_LOOP(a) \
|
|
Packit |
aea12f |
GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_sign_get_name:
|
|
Packit |
aea12f |
* @algorithm: is a sign algorithm
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Convert a #gnutls_sign_algorithm_t value to a string.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: a string that contains the name of the specified sign
|
|
Packit |
aea12f |
* algorithm, or %NULL.
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
const char *gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gnutls_sign_algorithm_t sign = algorithm;
|
|
Packit |
aea12f |
const char *ret = NULL;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* avoid prefix */
|
|
Packit |
aea12f |
GNUTLS_SIGN_ALG_LOOP(ret = p->name);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_sign_is_secure:
|
|
Packit |
aea12f |
* @algorithm: is a sign algorithm
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: Non-zero if the provided signature algorithm is considered to be secure.
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
unsigned gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
return gnutls_sign_is_secure2(algorithm, 0);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
bool _gnutls_sign_is_secure2(const gnutls_sign_entry_st *se, unsigned int flags)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
if (flags & GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS)
|
|
Packit |
aea12f |
return (se->slevel==_SECURE)?1:0;
|
|
Packit |
aea12f |
else
|
|
Packit |
aea12f |
return (se->slevel==_SECURE || se->slevel == _INSECURE_FOR_CERTS)?1:0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_sign_is_secure2:
|
|
Packit |
aea12f |
* @algorithm: is a sign algorithm
|
|
Packit |
aea12f |
* @flags: zero or %GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: Non-zero if the provided signature algorithm is considered to be secure.
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
unsigned gnutls_sign_is_secure2(gnutls_sign_algorithm_t algorithm, unsigned int flags)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *se;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
se = _gnutls_sign_to_entry(algorithm);
|
|
Packit |
aea12f |
if (se == NULL)
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return _gnutls_sign_is_secure2(se, flags);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_sign_list:
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Get a list of supported public key signature algorithms.
|
|
Packit |
aea12f |
* This function is not thread safe.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: a (0)-terminated list of #gnutls_sign_algorithm_t
|
|
Packit |
aea12f |
* integers indicating the available ciphers.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
const gnutls_sign_algorithm_t *gnutls_sign_list(void)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS+1] = { 0 };
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (supported_sign[0] == 0) {
|
|
Packit |
aea12f |
int i = 0;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNUTLS_SIGN_LOOP(
|
|
Packit |
aea12f |
/* list all algorithms, but not duplicates */
|
|
Packit |
aea12f |
if (supported_sign[i] != p->id) {
|
|
Packit |
aea12f |
assert(i+1 < MAX_ALGOS);
|
|
Packit |
aea12f |
supported_sign[i++] = p->id;
|
|
Packit |
aea12f |
supported_sign[i+1] = 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return supported_sign;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_sign_get_id:
|
|
Packit |
aea12f |
* @name: is a sign algorithm name
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* The names are compared in a case insensitive way.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: return a #gnutls_sign_algorithm_t value corresponding to
|
|
Packit |
aea12f |
* the specified algorithm, or %GNUTLS_SIGN_UNKNOWN on error.
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
gnutls_sign_algorithm_t gnutls_sign_get_id(const char *name)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNUTLS_SIGN_LOOP(
|
|
Packit |
aea12f |
if (c_strcasecmp(p->name, name) == 0) {
|
|
Packit |
aea12f |
ret = p->id;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *_gnutls_oid_to_sign_entry(const char *oid)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
GNUTLS_SIGN_LOOP(
|
|
Packit |
aea12f |
if (p->oid && strcmp(oid, p->oid) == 0) {
|
|
Packit |
aea12f |
return p;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
);
|
|
Packit |
aea12f |
return NULL;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_oid_to_sign:
|
|
Packit |
aea12f |
* @oid: is an object identifier
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Converts a textual object identifier to a #gnutls_sign_algorithm_t value.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: a #gnutls_sign_algorithm_t id of the specified digest
|
|
Packit |
aea12f |
* algorithm, or %GNUTLS_SIGN_UNKNOWN on failure.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Since: 3.4.3
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
gnutls_sign_algorithm_t gnutls_oid_to_sign(const char *oid)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *se;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
se = _gnutls_oid_to_sign_entry(oid);
|
|
Packit |
aea12f |
if (se == NULL) {
|
|
Packit |
aea12f |
_gnutls_debug_log("Unknown SIGN OID: '%s'\n", oid);
|
|
Packit |
aea12f |
return GNUTLS_SIGN_UNKNOWN;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
return se->id;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *_gnutls_pk_to_sign_entry(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
GNUTLS_SIGN_LOOP(
|
|
Packit |
aea12f |
if (pk == p->pk && hash == p->hash) {
|
|
Packit |
aea12f |
return p;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return NULL;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_pk_to_sign:
|
|
Packit |
aea12f |
* @pk: is a public key algorithm
|
|
Packit |
aea12f |
* @hash: a hash algorithm
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This function maps public key and hash algorithms combinations
|
|
Packit |
aea12f |
* to signature algorithms.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: return a #gnutls_sign_algorithm_t value, or %GNUTLS_SIGN_UNKNOWN on error.
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
gnutls_sign_algorithm_t
|
|
Packit |
aea12f |
gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *e;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
e = _gnutls_pk_to_sign_entry(pk, hash);
|
|
Packit |
aea12f |
if (e == NULL)
|
|
Packit |
aea12f |
return GNUTLS_SIGN_UNKNOWN;
|
|
Packit |
aea12f |
return e->id;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_sign_get_oid:
|
|
Packit |
aea12f |
* @sign: is a sign algorithm
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Convert a #gnutls_sign_algorithm_t value to its object identifier.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: a string that contains the object identifier of the specified sign
|
|
Packit |
aea12f |
* algorithm, or %NULL.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Since: 3.4.3
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
const char *gnutls_sign_get_oid(gnutls_sign_algorithm_t sign)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const char *ret = NULL;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNUTLS_SIGN_ALG_LOOP(ret = p->oid);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_sign_get_hash_algorithm:
|
|
Packit |
aea12f |
* @sign: is a signature algorithm
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This function returns the digest algorithm corresponding to
|
|
Packit |
aea12f |
* the given signature algorithms.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Since: 3.1.1
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: return a #gnutls_digest_algorithm_t value, or %GNUTLS_DIG_UNKNOWN on error.
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
gnutls_digest_algorithm_t
|
|
Packit |
aea12f |
gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNUTLS_SIGN_ALG_LOOP(ret = p->hash);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_sign_get_pk_algorithm:
|
|
Packit |
aea12f |
* @sign: is a signature algorithm
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This function returns the public key algorithm corresponding to
|
|
Packit |
aea12f |
* the given signature algorithms. Note that there may be multiple
|
|
Packit |
aea12f |
* public key algorithms supporting a particular signature type;
|
|
Packit |
aea12f |
* when dealing with such algorithms use instead gnutls_sign_supports_pk_algorithm().
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Since: 3.1.1
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: return a #gnutls_pk_algorithm_t value, or %GNUTLS_PK_UNKNOWN on error.
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
gnutls_pk_algorithm_t
|
|
Packit |
aea12f |
gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNUTLS_SIGN_ALG_LOOP(ret = p->pk);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/**
|
|
Packit |
aea12f |
* gnutls_sign_supports_pk_algorithm:
|
|
Packit |
aea12f |
* @sign: is a signature algorithm
|
|
Packit |
aea12f |
* @pk: is a public key algorithm
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This function returns non-zero if the public key algorithm corresponds to
|
|
Packit |
aea12f |
* the given signature algorithm. That is, if that signature can be generated
|
|
Packit |
aea12f |
* from the given private key algorithm.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Since: 3.6.0
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Returns: return non-zero when the provided algorithms are compatible.
|
|
Packit |
aea12f |
**/
|
|
Packit |
aea12f |
unsigned
|
|
Packit |
aea12f |
gnutls_sign_supports_pk_algorithm(gnutls_sign_algorithm_t sign, gnutls_pk_algorithm_t pk)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *p;
|
|
Packit |
aea12f |
unsigned r;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
for(p = sign_algorithms; p->name != NULL; p++) {
|
|
Packit |
aea12f |
if (p->id && p->id == sign) {
|
|
Packit |
aea12f |
r = sign_supports_priv_pk_algorithm(p, pk);
|
|
Packit |
aea12f |
if (r != 0)
|
|
Packit |
aea12f |
return r;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return 0;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_sign_algorithm_t
|
|
Packit |
aea12f |
_gnutls_tls_aid_to_sign(uint8_t id0, uint8_t id1, const version_entry_st *ver)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (id0 == 255 && id1 == 255)
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNUTLS_SIGN_LOOP(
|
|
Packit |
aea12f |
if (p->aid.id[0] == id0 &&
|
|
Packit |
aea12f |
p->aid.id[1] == id1 &&
|
|
Packit |
aea12f |
((p->aid.tls_sem & ver->tls_sig_sem) != 0)) {
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ret = p->id;
|
|
Packit |
aea12f |
break;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Returns NULL if a valid AID is not found
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t
|
|
Packit |
aea12f |
sign)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const sign_algorithm_st *ret = NULL;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNUTLS_SIGN_ALG_LOOP(ret = &p->aid);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (ret != NULL && HAVE_UNKNOWN_SIGAID(ret))
|
|
Packit |
aea12f |
return NULL;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *_gnutls_sign_to_entry(gnutls_sign_algorithm_t sign)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *ret = NULL;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNUTLS_SIGN_ALG_LOOP(ret = p);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return ret;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *
|
|
Packit |
aea12f |
_gnutls_tls_aid_to_sign_entry(uint8_t id0, uint8_t id1, const version_entry_st *ver)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
if (id0 == 255 && id1 == 255)
|
|
Packit |
aea12f |
return NULL;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNUTLS_SIGN_LOOP(
|
|
Packit |
aea12f |
if (p->aid.id[0] == id0 &&
|
|
Packit |
aea12f |
p->aid.id[1] == id1 &&
|
|
Packit |
aea12f |
((p->aid.tls_sem & ver->tls_sig_sem) != 0)) {
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return p;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return NULL;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *
|
|
Packit |
aea12f |
_gnutls13_sign_get_compatible_with_privkey(gnutls_privkey_t privkey)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
GNUTLS_SIGN_LOOP(
|
|
Packit |
aea12f |
if (p->tls13_ok &&
|
|
Packit |
aea12f |
_gnutls_privkey_compatible_with_sig(privkey, p->id)) {
|
|
Packit |
aea12f |
return p;
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
return NULL;
|
|
Packit |
aea12f |
}
|