diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-09-14 12:13:09 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:33 +0100 |
commit | a118b7bc55e2ed0bae8d013f4dbcabe30301f8fb (patch) | |
tree | ef3c6dd4c5655405dd685db8bd77ec46f9429d07 /lib/algorithms | |
parent | bfed35761541fdf734ef5a0cce82d41314271ba5 (diff) | |
download | gnutls-a118b7bc55e2ed0bae8d013f4dbcabe30301f8fb.tar.gz |
ext/signature: improved TLS 1.3 signature algorithm negotiation
That is, we introduce a simpler way to handle multiple versions
of a single signature algorithm.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/algorithms')
-rw-r--r-- | lib/algorithms/protocols.c | 11 | ||||
-rw-r--r-- | lib/algorithms/sign.c | 44 |
2 files changed, 31 insertions, 24 deletions
diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index ef753aa877..36e1717703 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -40,6 +40,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 1, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "TLS1.0", @@ -55,6 +56,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "TLS1.1", @@ -70,6 +72,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "TLS1.2", @@ -85,6 +88,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 1, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 1 }, #ifdef TLS13_FINAL_VERSION @@ -105,7 +109,7 @@ static const version_entry_st sup_versions[] = { .post_handshake_auth = 1, .key_shares = 1, .false_start = 0, /* doesn't make sense */ - .tls_sig_sem = 1 + .tls_sig_sem = SIG_SEM_TLS13 }, #else {.name = "TLS1.3", @@ -125,7 +129,7 @@ static const version_entry_st sup_versions[] = { .post_handshake_auth = 1, .key_shares = 1, .false_start = 0, /* doesn't make sense */ - .tls_sig_sem = 1 + .tls_sig_sem = SIG_SEM_TLS13 }, #endif {.name = "DTLS0.9", /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */ @@ -141,6 +145,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "DTLS1.0", @@ -156,6 +161,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 0, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 0 }, {.name = "DTLS1.2", @@ -171,6 +177,7 @@ static const version_entry_st sup_versions[] = { .selectable_prf = 1, .obsolete = 0, .only_extension = 0, + .tls_sig_sem = SIG_SEM_PRE_TLS12, .false_start = 1 }, {0, 0, 0, 0, 0} diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 7a3c41d6ad..0b012d4639 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -48,19 +48,19 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_RSA_SHA256, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA256, - .aid = {{4, 1}, 0}}, + .aid = {{4, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA384", .oid = SIG_RSA_SHA384_OID, .id = GNUTLS_SIGN_RSA_SHA384, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA384, - .aid = {{5, 1}, 0}}, + .aid = {{5, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA512", .oid = SIG_RSA_SHA512_OID, .id = GNUTLS_SIGN_RSA_SHA512, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA512, - .aid = {{6, 1}, 0}}, + .aid = {{6, 1}, SIG_SEM_DEFAULT}}, /* RSA-PSS */ {.name = "RSA-PSS-SHA256", @@ -68,37 +68,37 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_RSA_PSS_SHA256, .pk = GNUTLS_PK_RSA_PSS, .hash = GNUTLS_DIG_SHA256, - .aid = {{8, 4}, 0}}, + .aid = {{8, 4}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA256", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA256, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA256, - .aid = {{8, 4}, 0}}, + .aid = {{8, 4}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA384", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA384, .pk = GNUTLS_PK_RSA_PSS, .hash = GNUTLS_DIG_SHA384, - .aid = {{8, 5}, 0}}, + .aid = {{8, 5}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA384", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA384, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA384, - .aid = {{8, 5}, 0}}, + .aid = {{8, 5}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA512", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA512, .pk = GNUTLS_PK_RSA_PSS, .hash = GNUTLS_DIG_SHA512, - .aid = {{8, 6}, 0}}, + .aid = {{8, 6}, SIG_SEM_DEFAULT}}, {.name = "RSA-PSS-SHA512", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_SIGN_RSA_PSS_SHA512, .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA512, - .aid = {{8, 6}, 0}}, + .aid = {{8, 6}, SIG_SEM_DEFAULT}}, /* Ed25519: The hash algorithm here is set to be SHA512, although that is * an internal detail of Ed25519; we set it, because CMS/PKCS#7 requires @@ -108,7 +108,7 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_EDDSA_ED25519, .pk = GNUTLS_PK_EDDSA_ED25519, .hash = GNUTLS_DIG_SHA512, - .aid = {{8, 7}, 0}}, + .aid = {{8, 7}, SIG_SEM_DEFAULT}}, /* ECDSA */ /* The following three signature algorithms @@ -125,38 +125,38 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .id = GNUTLS_SIGN_ECDSA_SHA256, .pk = GNUTLS_PK_ECDSA, .hash = GNUTLS_DIG_SHA256, - .aid = {{4, 3}, 0}}, + .aid = {{4, 3}, SIG_SEM_PRE_TLS12}}, {.name = "ECDSA-SHA384", .oid = "1.2.840.10045.4.3.3", .id = GNUTLS_SIGN_ECDSA_SHA384, .pk = GNUTLS_PK_ECDSA, .hash = GNUTLS_DIG_SHA384, - .aid = {{5, 3}, 0}}, + .aid = {{5, 3}, SIG_SEM_PRE_TLS12}}, {.name = "ECDSA-SHA512", .oid = "1.2.840.10045.4.3.4", .id = GNUTLS_SIGN_ECDSA_SHA512, .pk = GNUTLS_PK_ECDSA, .hash = GNUTLS_DIG_SHA512, - .aid = {{6, 3}, 0}}, + .aid = {{6, 3}, SIG_SEM_PRE_TLS12}}, {.name = "ECDSA-SECP256R1-SHA256", .id = GNUTLS_SIGN_ECDSA_SECP256R1_SHA256, .pk = GNUTLS_PK_ECDSA, .curve = GNUTLS_ECC_CURVE_SECP256R1, .hash = GNUTLS_DIG_SHA256, - .aid = {{4, 3}, 1}}, + .aid = {{4, 3}, SIG_SEM_TLS13}}, {.name = "ECDSA-SECP384R1-SHA384", .id = GNUTLS_SIGN_ECDSA_SECP384R1_SHA384, .pk = GNUTLS_PK_ECDSA, .curve = GNUTLS_ECC_CURVE_SECP384R1, .hash = GNUTLS_DIG_SHA384, - .aid = {{5, 3}, 1}}, + .aid = {{5, 3}, SIG_SEM_TLS13}}, {.name = "ECDSA-SECP521R1-SHA512", .id = GNUTLS_SIGN_ECDSA_SECP521R1_SHA512, .pk = GNUTLS_PK_ECDSA, .curve = GNUTLS_ECC_CURVE_SECP521R1, .hash = GNUTLS_DIG_SHA512, - .aid = {{6, 3}, 1}}, + .aid = {{6, 3}, SIG_SEM_TLS13}}, /* ECDSA-SHA3 */ {.name = "ECDSA-SHA3-224", @@ -248,14 +248,14 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_RSA, .hash = GNUTLS_DIG_SHA1, .slevel = SHA1_SECURE_VAL, - .aid = {{2, 1}, 0}}, + .aid = {{2, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA1", .oid = ISO_SIG_RSA_SHA1_OID, .id = GNUTLS_SIGN_RSA_SHA1, .pk = GNUTLS_PK_RSA, .slevel = SHA1_SECURE_VAL, .hash = GNUTLS_DIG_SHA1, - .aid = {{2, 1}, 0}}, + .aid = {{2, 1}, SIG_SEM_DEFAULT}}, {.name = "RSA-SHA224", .oid = SIG_RSA_SHA224_OID, .id = GNUTLS_SIGN_RSA_SHA224, @@ -275,14 +275,14 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_DSA, .slevel = SHA1_SECURE_VAL, .hash = GNUTLS_DIG_SHA1, - .aid = {{2, 2}}}, + .aid = {{2, 2}, SIG_SEM_PRE_TLS12}}, {.name = "DSA-SHA1", .oid = "1.3.14.3.2.27", .id = GNUTLS_SIGN_DSA_SHA1, .pk = GNUTLS_PK_DSA, .hash = GNUTLS_DIG_SHA1, .slevel = SHA1_SECURE_VAL, - .aid = {{2, 2}}}, + .aid = {{2, 2}, SIG_SEM_PRE_TLS12}}, {.name = "DSA-SHA224", .oid = SIG_DSA_SHA224_OID, .id = GNUTLS_SIGN_DSA_SHA224, @@ -322,7 +322,7 @@ static const gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_EC, .slevel = SHA1_SECURE_VAL, .hash = GNUTLS_DIG_SHA1, - .aid = {{2, 3}, 0}}, + .aid = {{2, 3}, SIG_SEM_DEFAULT}}, {.name = "ECDSA-SHA224", .oid = "1.2.840.10045.4.3.1", .id = GNUTLS_SIGN_ECDSA_SHA224, @@ -641,7 +641,7 @@ _gnutls_tls_aid_to_sign(uint8_t id0, uint8_t id1, const version_entry_st *ver) GNUTLS_SIGN_LOOP( if (p->aid.id[0] == id0 && p->aid.id[1] == id1 && - p->aid.tls_sem == ver->tls_sig_sem) { + ((p->aid.tls_sem & ver->tls_sig_sem) != 0)) { ret = p->id; break; |