diff options
Diffstat (limited to 'lib/algorithms.h')
-rw-r--r-- | lib/algorithms.h | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/lib/algorithms.h b/lib/algorithms.h index 556bc33901..495b20d439 100644 --- a/lib/algorithms.h +++ b/lib/algorithms.h @@ -327,6 +327,18 @@ struct gnutls_sign_entry_st { gnutls_pk_algorithm_t pk; gnutls_digest_algorithm_t hash; + /* if non-zero it must be the algorithm of the + * private key used or certificate. This is for algorithms + * which can have a different public key type than the + * private key (e.g., RSA PKCS#1 1.5 certificate, but + * an RSA-PSS private key, or an RSA private key and + * an RSA-PSS certificate). */ + gnutls_pk_algorithm_t priv_pk; + gnutls_pk_algorithm_t cert_pk; + + /* non-zero if it is ok to use under TLS1.3 */ + unsigned tls13_ok; + /* if this signature algorithm is restricted to a curve * under TLS 1.3. */ gnutls_ecc_curve_t curve; @@ -342,6 +354,28 @@ const gnutls_sign_entry_st *_gnutls_sign_to_entry(gnutls_sign_algorithm_t sign); const gnutls_sign_entry_st *_gnutls_pk_to_sign_entry(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash); const gnutls_sign_entry_st *_gnutls_oid_to_sign_entry(const char *oid); +/* returns true if that signature can be generated + * from the given private key algorithm. */ +inline static unsigned +sign_supports_priv_pk_algorithm(const gnutls_sign_entry_st *se, gnutls_pk_algorithm_t pk) +{ + if (pk == se->pk || (se->priv_pk && se->priv_pk == pk)) + return 1; + + return 0; +} + +/* returns true if that signature can be verified with + * the given public key algorithm. */ +inline static unsigned +sign_supports_cert_pk_algorithm(const gnutls_sign_entry_st *se, gnutls_pk_algorithm_t pk) +{ + if (pk == se->pk || (se->cert_pk && se->cert_pk == pk)) + return 1; + + return 0; +} + bool _gnutls_sign_is_secure2(const gnutls_sign_entry_st *se, unsigned int flags); gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk(gnutls_sign_algorithm_t |