diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-11-19 12:01:54 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-11-19 12:01:54 +0000 |
| commit | fe1b1d18fa42e2162cc58da5bcc262d07dfb9b9b (patch) | |
| tree | f920ac4c29af6e4536d6423a3fb19cddb498a3c7 /lib/gnutls_algorithms.c | |
| parent | 568387cb1dc0f79a7e0bb6106e0ad60cd8071453 (diff) | |
| download | gnutls-fe1b1d18fa42e2162cc58da5bcc262d07dfb9b9b.tar.gz | |
Added certificate authenticated SRP cipher suites.
Diffstat (limited to 'lib/gnutls_algorithms.c')
| -rw-r--r-- | lib/gnutls_algorithms.c | 47 |
1 files changed, 33 insertions, 14 deletions
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c index ca05423d02..f05a3cb4c2 100644 --- a/lib/gnutls_algorithms.c +++ b/lib/gnutls_algorithms.c @@ -28,25 +28,31 @@ /* Cred type mappings to KX algorithms */ typedef struct { gnutls_kx_algorithm algorithm; - gnutls_credentials_type type; + gnutls_credentials_type client_type; + gnutls_credentials_type server_type; /* The type of credentials a server + * needs to set */ } gnutls_cred_map; static const gnutls_cred_map cred_mappings[] = { - { GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON }, - { GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE }, - { GNUTLS_KX_RSA_EXPORT, GNUTLS_CRD_CERTIFICATE }, - { GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE }, - { GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE }, - { GNUTLS_KX_SRP, GNUTLS_CRD_SRP }, + { GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON }, + { GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE }, + { GNUTLS_KX_RSA_EXPORT, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE }, + { GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE }, + { GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE }, + { GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP }, + { GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE }, { 0 } }; #define GNUTLS_KX_MAP_LOOP(b) \ const gnutls_cred_map *p; \ - for(p = cred_mappings; p->type != 0; p++) { b ; } + for(p = cred_mappings; p->algorithm != 0; p++) { b ; } -#define GNUTLS_KX_MAP_ALG_LOOP(a) \ - GNUTLS_KX_MAP_LOOP( if(p->type == type) { a; break; }) +#define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \ + GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; }) + +#define GNUTLS_KX_MAP_ALG_LOOP_CLIENT(a) \ + GNUTLS_KX_MAP_LOOP( if(p->client_type == type) { a; break; }) /* TLS Versions */ @@ -234,6 +240,7 @@ typedef struct { #define GNUTLS_SRP_SHA_RIJNDAEL_128_CBC_SHA { 0x00, 0x53 } #define GNUTLS_SRP_SHA_RIJNDAEL_256_CBC_SHA { 0x00, 0x56 } +#define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA { 0x00, 0x51 } /** RSA **/ @@ -316,6 +323,10 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_CIPHER_RIJNDAEL_256_CBC, GNUTLS_KX_SRP, GNUTLS_MAC_SHA, GNUTLS_TLS1), + GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA, GNUTLS_TLS1), + /* DHE_DSS */ GNUTLS_CIPHER_SUITE_ENTRY(GNUTLS_DHE_DSS_ARCFOUR_SHA, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, @@ -805,18 +816,26 @@ int ret=0; } /* Type to KX mappings */ -gnutls_kx_algorithm _gnutls_map_kx_get_kx(gnutls_credentials_type type) +gnutls_kx_algorithm _gnutls_map_kx_get_kx(gnutls_credentials_type type, int server) { gnutls_kx_algorithm ret = -1; - GNUTLS_KX_MAP_ALG_LOOP(ret = p->algorithm); + if (server) { + GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm); + } else { + GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm); + } return ret; } -gnutls_credentials_type _gnutls_map_kx_get_cred(gnutls_kx_algorithm algorithm) +gnutls_credentials_type _gnutls_map_kx_get_cred(gnutls_kx_algorithm algorithm, int server) { gnutls_credentials_type ret = -1; - GNUTLS_KX_MAP_LOOP(if (p->algorithm==algorithm) ret = p->type); + if (server) { + GNUTLS_KX_MAP_LOOP(if (p->algorithm==algorithm) ret = p->server_type); + } else { + GNUTLS_KX_MAP_LOOP(if (p->algorithm==algorithm) ret = p->client_type); + } return ret; } |