diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-11-01 17:33:19 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2009-11-01 17:33:19 +0200 |
| commit | 869caab02c60af38d20e6db0c34a8e40d8e2050e (patch) | |
| tree | c68c19e25566782ffdffab51a83b641e571baefc | |
| parent | b51199993e0c33447dac4b4aa83ef9b67a806724 (diff) | |
| download | gnutls-869caab02c60af38d20e6db0c34a8e40d8e2050e.tar.gz | |
Avoid code duplication by using all the functions defined in gnutls_algorithms
to map from TLS 1.2 signature algorithm numbers to gnutls signature algorithms.
Added minimal documentation for SIGN-* in gnutls-cli priority strings.
Corrected bug in signature algorithm extension generation.
| -rw-r--r-- | lib/auth_cert.c | 14 | ||||
| -rw-r--r-- | lib/auth_dhe.c | 4 | ||||
| -rw-r--r-- | lib/ext_signature.c | 120 | ||||
| -rw-r--r-- | lib/ext_signature.h | 3 | ||||
| -rw-r--r-- | lib/gnutls_algorithms.c | 6 | ||||
| -rw-r--r-- | lib/gnutls_algorithms.h | 2 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 2 | ||||
| -rw-r--r-- | lib/gnutls_sig.c | 2 |
8 files changed, 30 insertions, 123 deletions
diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 15168c183c..a3756336e9 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -43,7 +43,6 @@ #include <gnutls_state.h> #include <gnutls_pk.h> #include <gnutls_x509.h> -#include <ext_signature.h> #include "debug.h" #ifdef ENABLE_OPENPGP @@ -1470,9 +1469,11 @@ _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data) p = *data; if (_gnutls_version_has_selectable_sighash(ver)) { + sign_algorithm_st aid; /* error checking is not needed here since we have used those algorithms */ - p[0] = _gnutls_sign_algorithm_hash2num(_gnutls_sign_get_hash_algorithm(sign_algo)); - p[1] = _gnutls_sign_algorithm_pk2num(_gnutls_sign_get_pk_algorithm(sign_algo)); + aid = _gnutls_sign_to_tls_aid(sign_algo); + p[0] = aid.hash_algorithm; + p[1] = aid.sign_algorithm; p+=2; } @@ -1509,8 +1510,13 @@ _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session, if (_gnutls_version_has_selectable_sighash(ver)) { + sign_algorithm_st aid; + DECR_LEN (dsize, 2); - sign_algo = _gnutls_sign_algorithm_num2sig (pdata[0], pdata[1]); + aid.hash_algorithm = pdata[0]; + aid.sign_algorithm = pdata[1]; + + sign_algo = _gnutls_tls_aid_to_sign(&aid); if (sign_algo == GNUTLS_PK_UNKNOWN) { gnutls_assert(); diff --git a/lib/auth_dhe.c b/lib/auth_dhe.c index 9ce38a6f06..7026026f83 100644 --- a/lib/auth_dhe.c +++ b/lib/auth_dhe.c @@ -237,11 +237,11 @@ proc_dhe_server_kx (gnutls_session_t session, opaque * data, aid.hash_algorithm = *sigdata++; DECR_LEN(data_size, 1); aid.sign_algorithm = *sigdata++; - sign_algo = _gnutls_tls_aid_to_sign (aid); + sign_algo = _gnutls_tls_aid_to_sign (&aid); if (sign_algo == GNUTLS_SIGN_UNKNOWN) { gnutls_assert (); - return GNUTLS_E_UNKNOWN_PK_ALGORITHM; + return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM; } } DECR_LEN (data_size, 2); diff --git a/lib/ext_signature.c b/lib/ext_signature.c index fec09df710..cd12fc71de 100644 --- a/lib/ext_signature.c +++ b/lib/ext_signature.c @@ -34,78 +34,6 @@ #include <gnutls_num.h> #include <gnutls_algorithms.h> -int _gnutls_sign_algorithm_pk2num (gnutls_pk_algorithm_t pk) -{ - switch (pk) - { - case GNUTLS_PK_RSA: - return 1; - case GNUTLS_PK_DSA: - return 2; - default: - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } -} - -int _gnutls_sign_algorithm_hash2num (gnutls_digest_algorithm_t hash) -{ - switch (hash) - { - case GNUTLS_DIG_MD5: - return 1; - case GNUTLS_DIG_SHA1: - return 2; - case GNUTLS_DIG_SHA224: - return 3; - case GNUTLS_DIG_SHA256: - return 4; - case GNUTLS_DIG_SHA384: - return 5; - case GNUTLS_DIG_SHA512: - return 6; - default: - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } -} - -gnutls_sign_algorithm_t -_gnutls_sign_algorithm_num2sig (int hash, int sig) -{ - if (sig == 1) /* rsa */ - { - switch (hash) - { - case 2: /* sha1 */ - return GNUTLS_SIGN_RSA_SHA1; - case 3: - return GNUTLS_SIGN_RSA_SHA224; - case 4: - return GNUTLS_SIGN_RSA_SHA256; - case 5: - return GNUTLS_SIGN_RSA_SHA384; - case 6: - return GNUTLS_SIGN_RSA_SHA512; - default: - return GNUTLS_SIGN_UNKNOWN; - } - } - - if (sig == 2) /* DSA */ - { - switch (hash) - { - case 2: /* sha1 */ - return GNUTLS_SIGN_DSA_SHA1; - default: - return GNUTLS_SIGN_UNKNOWN; - } - } - - return GNUTLS_SIGN_UNKNOWN; -} - /* generates a SignatureAndHashAlgorithm structure with length as prefix * by using the setup priorities. */ @@ -113,7 +41,8 @@ int _gnutls_sign_algorithm_write_params(gnutls_session_t session, opaque *data, { opaque* p = data; int len, i ,j; -int ret, hash, pk; +int ret; +sign_algorithm_st aid; len = session->internals.priorities.sign_algo.algorithms * 2; if (max_data_size < len + 2) @@ -127,40 +56,10 @@ int ret, hash, pk; for (i = j = 0; i < len; i += 2, j++) { - hash = - _gnutls_sign_get_hash_algorithm (session-> - internals.priorities. - sign_algo.priority[j]); - if (hash == GNUTLS_DIG_UNKNOWN) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - pk = - _gnutls_sign_get_pk_algorithm (session->internals.priorities. - sign_algo.priority[j]); - if (pk == GNUTLS_PK_UNKNOWN) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - ret = _gnutls_sign_algorithm_hash2num (hash); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - *p = ret; + aid = _gnutls_sign_to_tls_aid(session->internals.priorities.sign_algo.priority[j]); + *p = aid.hash_algorithm; p++; - - ret = _gnutls_sign_algorithm_pk2num (pk); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - *p = ret; + *p = aid.sign_algorithm; p++; } @@ -180,7 +79,12 @@ _gnutls_sign_algorithm_parse_data (gnutls_session_t session, const opaque * data for (i = 0; i < data_size; i += 2) { - sig = _gnutls_sign_algorithm_num2sig (data[i], data[i + 1]); + sign_algorithm_st aid; + + aid.hash_algorithm = data[i]; + aid.sign_algorithm = data[i+1]; + + sig = _gnutls_tls_aid_to_sign(&aid); if (sig != GNUTLS_SIGN_UNKNOWN) { session->security_parameters.extensions.sign_algorithms[session-> @@ -260,7 +164,6 @@ _gnutls_signature_algorithm_send_params (gnutls_session_t session, if (session->security_parameters.entity == GNUTLS_CLIENT && _gnutls_version_has_selectable_sighash (ver)) { - if (session->internals.priorities.sign_algo.algorithms > 0) { ret = _gnutls_sign_algorithm_write_params(session, data, data_size); @@ -269,6 +172,7 @@ _gnutls_signature_algorithm_send_params (gnutls_session_t session, gnutls_assert(); return ret; } + return ret; } } diff --git a/lib/ext_signature.h b/lib/ext_signature.h index f3fb53fc03..3255960b36 100644 --- a/lib/ext_signature.h +++ b/lib/ext_signature.h @@ -33,8 +33,5 @@ int _gnutls_session_sign_algo_requested (gnutls_session_t session, gnutls_sign_algorithm_t _gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t *hash); int _gnutls_sign_algorithm_parse_data(gnutls_session_t session, const opaque* data, size_t data_size); int _gnutls_sign_algorithm_write_params(gnutls_session_t session, opaque *data, size_t max_data_size); -int _gnutls_sign_algorithm_pk2num (gnutls_pk_algorithm_t pk); -int _gnutls_sign_algorithm_hash2num (gnutls_digest_algorithm_t hash); -gnutls_sign_algorithm_t _gnutls_sign_algorithm_num2sig (int hash, int sig); int _gnutls_session_sign_algo_enabled (gnutls_session_t session, gnutls_sign_algorithm_t sig); diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index 873648e54c..8b04524942 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -2021,12 +2021,12 @@ _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign) } gnutls_sign_algorithm_t -_gnutls_tls_aid_to_sign (sign_algorithm_st aid) +_gnutls_tls_aid_to_sign (const sign_algorithm_st *aid) { gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; - GNUTLS_SIGN_LOOP ( if (p->aid.hash_algorithm == aid.hash_algorithm - && p->aid.sign_algorithm == aid.sign_algorithm) + GNUTLS_SIGN_LOOP ( if (p->aid.hash_algorithm == aid->hash_algorithm + && p->aid.sign_algorithm == aid->sign_algorithm) { ret = p->id; break; diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h index 8736dc8afc..a64e5927f2 100644 --- a/lib/gnutls_algorithms.h +++ b/lib/gnutls_algorithms.h @@ -106,7 +106,7 @@ gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign); const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t, gnutls_mac_algorithm_t mac); -gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (sign_algorithm_st aid); +gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st* aid); sign_algorithm_st _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign); gnutls_mac_algorithm_t _gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t); gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 5f07164aac..a097bea1c8 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -282,7 +282,7 @@ typedef struct typedef struct { uint8_t hash_algorithm; - uint8_t sign_algorithm; + uint8_t sign_algorithm; /* pk algorithm actually */ } sign_algorithm_st; /* This structure holds parameters got from TLS extension diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 115bf17ebe..5e88241457 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -643,7 +643,7 @@ static int _gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session, } } - _gnutls_x509_log("sign hash data: picked %s with %s\n", gnutls_sign_algorithm_get_name(sign_algo), gnutls_mac_get_name(hash_algo)); + _gnutls_x509_log("sign handshake cert vrfy: picked %s with %s\n", gnutls_sign_algorithm_get_name(sign_algo), gnutls_mac_get_name(hash_algo)); ret = _gnutls_hash_copy (&td, handshake_td); |