diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-18 22:34:44 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2012-01-21 01:07:09 +0100 |
| commit | 83d00bb4a06e25deb948600ee17c57ee5ec079ae (patch) | |
| tree | 838adec5e291e554c940fe99a5d3e08cf38e95ac /lib | |
| parent | e6961e8222abb24ceda4d579cb3b5d7254016a00 (diff) | |
| download | gnutls-83d00bb4a06e25deb948600ee17c57ee5ec079ae.tar.gz | |
Added new security level "legacy" for 96-bit security.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/algorithms/secparams.c | 4 | ||||
| -rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 18 |
2 files changed, 12 insertions, 10 deletions
diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c index 48e90a01fa..5bfd646145 100644 --- a/lib/algorithms/secparams.c +++ b/lib/algorithms/secparams.c @@ -39,8 +39,8 @@ typedef struct } gnutls_sec_params_entry; static const gnutls_sec_params_entry sec_params[] = { - {"Weak", GNUTLS_SEC_PARAM_WEAK, 64, 816, 1024, 128, 128}, {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160}, + {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192}, {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224}, {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256}, {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512}, @@ -161,7 +161,7 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param) gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits) { - gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_WEAK; + gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_LOW; if (bits == 0) return GNUTLS_SEC_PARAM_UNKNOWN; diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index f3dfed064f..537b88a753 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -652,25 +652,27 @@ typedef enum GNUTLS_ECC_CURVE_SECP192R1, } gnutls_ecc_curve_t; +#define GNUTLS_SEC_PARAM_WEAK GNUTLS_SEC_PARAM_LOW + /** * gnutls_sec_param_t: * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known - * @GNUTLS_SEC_PARAM_WEAK: 50 or less bits of security - * @GNUTLS_SEC_PARAM_LOW: 80 bits of security + * @GNUTLS_SEC_PARAM_LOW: 80 or less bits of security + * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security * - * Enumeration of security parameters for passive attacks + * Enumeration of security parameters for passive attacks. */ typedef enum { GNUTLS_SEC_PARAM_UNKNOWN, - GNUTLS_SEC_PARAM_WEAK, - GNUTLS_SEC_PARAM_LOW, - GNUTLS_SEC_PARAM_NORMAL, - GNUTLS_SEC_PARAM_HIGH, - GNUTLS_SEC_PARAM_ULTRA + GNUTLS_SEC_PARAM_LOW = 1, + GNUTLS_SEC_PARAM_LEGACY = 2, + GNUTLS_SEC_PARAM_NORMAL = 3, + GNUTLS_SEC_PARAM_HIGH = 4, + GNUTLS_SEC_PARAM_ULTRA = 5, } gnutls_sec_param_t; /** |