gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] client-side TLS 1.2 support

From: Daiki Ueno
Subject: Re: [PATCH] client-side TLS 1.2 support
Date: Mon, 31 Aug 2009 21:45:19 +0900
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) 
> > Where does these "magic" values come from?  It was these values that I
> > would prefer to use symbolic names for.

Ah, sorry.  Perhaps the attached might be better (it uses separate
symbolic names for sign/hash algorithms).


diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 73179bb..577d272 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -1787,27 +1787,51 @@ struct gnutls_sign_entry
   gnutls_sign_algorithm_t id;
   gnutls_pk_algorithm_t pk;
   gnutls_mac_algorithm_t mac;
-  sign_algorithm_st aid;
+  sign_algorithm_st aid;       /* SignatureAndHashAlgorithm */
 };
 typedef struct gnutls_sign_entry gnutls_sign_entry;
 
-#define TLS_SIGN_AID_UNKNOWN {255, 255}
+#define TLS_SIGN_AID_HASH_UNKNOWN 255
+#define TLS_SIGN_AID_HASH_MD5 1
+#define TLS_SIGN_AID_HASH_SHA1 2
+#define TLS_SIGN_AID_HASH_SHA256 4
+#define TLS_SIGN_AID_HASH_SHA384 5
+#define TLS_SIGN_AID_HASH_SHA512 6
+
+#define TLS_SIGN_AID_SIGN_UNKNOWN 255
+#define TLS_SIGN_AID_SIGN_RSA 1
+#define TLS_SIGN_AID_SIGN_DSA 2
+
+#define TLS_SIGN_AID_UNKNOWN {TLS_SIGN_AID_HASH_UNKNOWN,\
+  TLS_SIGN_AID_SIGN_UNKNOWN}
+#define TLS_SIGN_AID_RSA_SHA1 {TLS_SIGN_AID_HASH_SHA1,\
+  TLS_SIGN_AID_SIGN_RSA}
+#define TLS_SIGN_AID_RSA_SHA256 {TLS_SIGN_AID_HASH_SHA256,\
+  TLS_SIGN_AID_SIGN_RSA}
+#define TLS_SIGN_AID_RSA_SHA384 {TLS_SIGN_AID_HASH_SHA384,\
+  TLS_SIGN_AID_SIGN_RSA}
+#define TLS_SIGN_AID_RSA_SHA512 {TLS_SIGN_AID_HASH_SHA512,\
+  TLS_SIGN_AID_SIGN_RSA}
+#define TLS_SIGN_AID_DSA_SHA1 {TLS_SIGN_AID_HASH_SHA1,\
+  TLS_SIGN_AID_SIGN_DSA}
+#define TLS_SIGN_AID_RSA_MD5 {TLS_SIGN_AID_HASH_MD5,\
+  TLS_SIGN_AID_SIGN_RSA}
 
 static const gnutls_sign_entry sign_algorithms[] = {
   {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
-   GNUTLS_MAC_SHA1, {2, 1}},
+   GNUTLS_MAC_SHA1, TLS_SIGN_AID_RSA_SHA1},
   {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA,
-   GNUTLS_MAC_SHA256, {4, 1}},
+   GNUTLS_MAC_SHA256, TLS_SIGN_AID_RSA_SHA256},
   {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA,
-   GNUTLS_MAC_SHA384, {5, 1}},
+   GNUTLS_MAC_SHA384, TLS_SIGN_AID_RSA_SHA384},
   {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA,
-   GNUTLS_MAC_SHA512, {6, 1}},
+   GNUTLS_MAC_SHA512, TLS_SIGN_AID_RSA_SHA512},
   {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA,
    GNUTLS_MAC_RMD160, TLS_SIGN_AID_UNKNOWN},
   {"DSA-SHA", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
-   GNUTLS_MAC_SHA1, {2, 2}},
+   GNUTLS_MAC_SHA1, TLS_SIGN_AID_DSA_SHA1},
   {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
-   GNUTLS_MAC_MD5, {1, 1}},
+   GNUTLS_MAC_MD5, TLS_SIGN_AID_RSA_MD5},
   {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
    GNUTLS_MAC_MD2, TLS_SIGN_AID_UNKNOWN},
   {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, 
TLS_SIGN_AID_UNKNOWN},

Regards,
-- 
Daiki Ueno
reply via email to
[Prev in Thread] Current Thread [Next in Thread]