_gnutls_digest_is_secure_for_certs: introduced

This is a macro to allow checking the security of a hash algorithm
with respect to signing certificates.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

4 files changed, 37 insertions, 28 deletions

diff --git a/lib/algorithms.h b/lib/algorithms.h
index b5de6a8a5b..d8e4df92c6 100644
--- a/lib/algorithms.h
+++ b/lib/algorithms.h
@@ -152,12 +152,22 @@ inline static int _gnutls_mac_get_key_size(const mac_entry_st * e)
 #define _gnutls_digest_get_name _gnutls_mac_get_name
 #define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len
 
+/* Check generic-purpose security */
 inline static int _gnutls_digest_is_secure(const mac_entry_st * e)
 {
 	if (unlikely(e == NULL))
 		return 0;
 	else
-		return e->secure;
+		return (e->slevel==_SECURE || e->slevel == _INSECURE_FOR_CERTS)?1:0;
+}
+
+/* Check certificate use security */
+inline static int _gnutls_digest_is_secure_for_certs(const mac_entry_st * e)
+{
+	if (unlikely(e == NULL))
+		return 0;
+	else
+		return (e->slevel==_SECURE)?1:0;
 }
 
 /* Functions for cipher suites. */
diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c
index 07c5112164..427593fdd4 100644
--- a/lib/algorithms/mac.c
+++ b/lib/algorithms/mac.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) 2011-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2017 Red Hat, Inc.
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -32,9 +33,9 @@
 #define MAC_OID_SHA512 "1.2.840.113549.2.11"
 
 #ifdef ALLOW_SHA1
-# define SHA1_SECURE_VAL 1
+# define SHA1_SECURE_VAL _SECURE
 #else
-# define SHA1_SECURE_VAL 0
+# define SHA1_SECURE_VAL _INSECURE_FOR_CERTS
 #endif
 
 static const mac_entry_st hash_algorithms[] = {
@@ -44,18 +45,13 @@ static const mac_entry_st hash_algorithms[] = {
 	 .id = GNUTLS_MAC_SHA1,
 	 .output_size = 20,
 	 .key_size = 20,
-	 .secure = SHA1_SECURE_VAL,
-	 .block_size = 64},
-	{.name = "MD5",
-	 .oid = HASH_OID_MD5,
-	 .id = GNUTLS_MAC_MD5,
-	 .output_size = 16,
-	 .key_size = 16,
+	 .slevel = SHA1_SECURE_VAL,
 	 .block_size = 64},
 	{.name = "MD5+SHA1",
 	 .id = GNUTLS_MAC_MD5_SHA1,
 	 .output_size = 36,
 	 .key_size = 36,
+	 .slevel = _INSECURE,
 	 .block_size = 64},
 	{.name = "SHA256",
 	 .oid = HASH_OID_SHA256,
@@ -63,7 +59,6 @@ static const mac_entry_st hash_algorithms[] = {
 	 .id = GNUTLS_MAC_SHA256,
 	 .output_size = 32,
 	 .key_size = 32,
-	 .secure = 1,
 	 .block_size = 64},
 	{.name = "SHA384",
 	 .oid = HASH_OID_SHA384,
@@ -71,7 +66,6 @@ static const mac_entry_st hash_algorithms[] = {
 	 .id = GNUTLS_MAC_SHA384,
 	 .output_size = 48,
 	 .key_size = 48,
-	 .secure = 1,
 	 .block_size = 64},
 	{.name = "SHA512",
 	 .oid = HASH_OID_SHA512,
@@ -79,7 +73,6 @@ static const mac_entry_st hash_algorithms[] = {
 	 .id = GNUTLS_MAC_SHA512,
 	 .output_size = 64,
 	 .key_size = 64,
-	 .secure = 1,
 	 .block_size = 64},
 	{.name = "SHA224",
 	 .oid = HASH_OID_SHA224,
@@ -87,61 +80,60 @@ static const mac_entry_st hash_algorithms[] = {
 	 .id = GNUTLS_MAC_SHA224,
 	 .output_size = 28,
 	 .key_size = 28,
-	 .secure = 1,
 	 .block_size = 64},
 	{.name = "SHA3-256",
 	 .oid = HASH_OID_SHA3_256,
 	 .id = GNUTLS_MAC_SHA3_256,
 	 .output_size = 32,
 	 .key_size = 32,
-	 .secure = 1,
 	 .block_size = 136},
 	{.name = "SHA3-384",
 	 .oid = HASH_OID_SHA3_384,
 	 .id = GNUTLS_MAC_SHA3_384,
 	 .output_size = 48,
 	 .key_size = 48,
-	 .secure = 1,
 	 .block_size = 104},
 	{.name = "SHA3-512",
 	 .oid = HASH_OID_SHA3_512,
 	 .id = GNUTLS_MAC_SHA3_512,
 	 .output_size = 64,
 	 .key_size = 64,
-	 .secure = 1,
 	 .block_size = 72},
 	{.name = "SHA3-224",
 	 .oid = HASH_OID_SHA3_224,
 	 .id = GNUTLS_MAC_SHA3_224,
 	 .output_size = 28,
 	 .key_size = 28,
-	 .secure = 1,
 	 .block_size = 144},
 	{.name = "UMAC-96",
 	 .id = GNUTLS_MAC_UMAC_96,
 	 .output_size = 12,
 	 .key_size = 16,
-	 .nonce_size = 8,
-	 .secure = 1},
+	 .nonce_size = 8},
 	{.name = "UMAC-128",
 	 .id = GNUTLS_MAC_UMAC_128,
 	 .output_size = 16,
 	 .key_size = 16,
-	 .nonce_size = 8,
-	 .secure = 1},
+	 .nonce_size = 8},
 	{.name = "AEAD",
 	 .id = GNUTLS_MAC_AEAD,
-	 .placeholder = 1,
-	 .secure = 1},
+	 .placeholder = 1},
+	{.name = "MD5",
+	 .oid = HASH_OID_MD5,
+	 .id = GNUTLS_MAC_MD5,
+	 .output_size = 16,
+	 .key_size = 16,
+	 .slevel = _INSECURE,
+	 .block_size = 64},
 	{.name = "MD2",
 	 .oid = HASH_OID_MD2,
+	 .slevel = _INSECURE,
 	 .id = GNUTLS_MAC_MD2},
 	{.name = "RIPEMD160",
 	 .oid = HASH_OID_RMD160,
 	 .id = GNUTLS_MAC_RMD160,
 	 .output_size = 20,
 	 .key_size = 20,
-	 .secure = 1,
 	 .block_size = 64},
 	{.name = "MAC-NULL",
 	 .id = GNUTLS_MAC_NULL},
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index e620647963..aad07979d6 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -471,6 +471,13 @@ typedef struct gnutls_cipher_suite_entry_st {
 	gnutls_mac_algorithm_t prf;
 } gnutls_cipher_suite_entry_st;
 
+
+typedef enum hash_security_level_t {
+	_SECURE,
+	_INSECURE_FOR_CERTS,
+	_INSECURE
+} hash_security_level_t;
+
 /* This structure is used both for MACs and digests
  */
 typedef struct mac_entry_st {
@@ -482,7 +489,7 @@ typedef struct mac_entry_st {
 	unsigned key_size;
 	unsigned nonce_size;
 	unsigned placeholder;	/* if set, then not a real MAC */
-	unsigned secure;	/* must be set to zero if this hash is known to be broken */
+	hash_security_level_t slevel;	/* contains values of hash_security_level_t */
 	unsigned block_size;	/* internal block size for HMAC */
 } mac_entry_st;
 
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index a695665e06..c549ea16d2 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -143,10 +143,10 @@ LIBTASN1_MINIMUM=4.9
   ])
 
   ac_allow_sha1=no
-  AC_MSG_CHECKING([whether to allow SHA1 as an acceptable hash for digital signatures])
+  AC_MSG_CHECKING([whether to allow SHA1 as an acceptable hash for cert digital signatures])
   AC_ARG_ENABLE(sha1-support,
     AS_HELP_STRING([--enable-sha1-support],
-                   [allow SHA1 as an acceptable hash for digital signatures]),
+                   [allow SHA1 as an acceptable hash for cert digital signatures]),
     ac_allow_sha1=$enableval)
   if test x$ac_allow_sha1 != xno; then
    AC_MSG_RESULT(no)