diff options
Diffstat (limited to 'lib/algorithms/sign.c')
-rw-r--r-- | lib/algorithms/sign.c | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 9c95e388ae..2728a54478 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -134,7 +134,8 @@ gnutls_sign_entry_st sign_algorithms[] = { .pk = GNUTLS_PK_EDDSA_ED448, .hash = GNUTLS_DIG_SHAKE_256, .flags = GNUTLS_SIGN_FLAG_TLS13_OK, - .aid = {{8, 8}, SIG_SEM_DEFAULT}}, + .aid = {{8, 8}, SIG_SEM_DEFAULT}, + .hash_output_size = 114}, /* ECDSA */ /* The following three signature algorithms @@ -785,3 +786,30 @@ _gnutls13_sign_get_compatible_with_privkey(gnutls_privkey_t privkey) return NULL; } + +unsigned +_gnutls_sign_get_hash_strength(gnutls_sign_algorithm_t sign) +{ + const gnutls_sign_entry_st *se = _gnutls_sign_to_entry(sign); + const mac_entry_st *me; + unsigned hash_output_size; + + if (unlikely(se == NULL)) + return 0; + + me = hash_to_entry(se->hash); + if (unlikely(me == NULL)) + return 0; + + if (se->hash_output_size > 0) + hash_output_size = se->hash_output_size; + else + hash_output_size = _gnutls_mac_get_algo_len(me); + + if (me->id == GNUTLS_MAC_SHAKE_128) + return MIN(hash_output_size*8/2, 128); + else if (me->id == GNUTLS_MAC_SHAKE_256) + return MIN(hash_output_size*8/2, 256); + + return hash_output_size*8/2; +} |