diff options
| author | Martin Willi <martin@revosec.ch> | 2010-09-03 17:05:39 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2010-09-03 17:24:23 +0200 |
| commit | 3f7bb88ba3ef1476ad70549488390e43b44025bf (patch) | |
| tree | 572f4d66dde50123bacb861c6f55adac1846cf65 /src/libtls/tls_crypto.c | |
| parent | f4c98ae664ed226b1dd7c0eaac17626b2df9e4ef (diff) | |
| download | strongswan-3f7bb88ba3ef1476ad70549488390e43b44025bf.tar.bz2 strongswan-3f7bb88ba3ef1476ad70549488390e43b44025bf.tar.xz | |
Use a dynamic curve enumerator to list/convert TLS named curves
Diffstat (limited to 'src/libtls/tls_crypto.c')
| -rw-r--r-- | src/libtls/tls_crypto.c | 58 |
1 files changed, 47 insertions, 11 deletions
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 89cf1a54c..46e177cdc 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -839,17 +839,53 @@ METHOD(tls_crypto_t, get_signature_algorithms, void, supported->destroy(supported); } -METHOD(tls_crypto_t, get_curves, void, - private_tls_crypto_t *this, tls_writer_t *writer) +/** + * Mapping groups to TLS named curves + */ +static struct { + diffie_hellman_group_t group; + tls_named_curve_t curve; +} curves[] = { + { ECP_256_BIT, TLS_SECP256R1}, + { ECP_384_BIT, TLS_SECP384R1}, + { ECP_521_BIT, TLS_SECP521R1}, + { ECP_224_BIT, TLS_SECP224R1}, + { ECP_192_BIT, TLS_SECP192R1}, +}; + +/** + * Filter EC groups, add TLS curve + */ +static bool group_filter(void *null, + diffie_hellman_group_t *in, diffie_hellman_group_t *out, + void* dummy1, tls_named_curve_t *curve) +{ + int i; + + for (i = 0; i < countof(curves); i++) + { + if (curves[i].group == *in) + { + if (out) + { + *out = curves[i].group; + } + if (curve) + { + *curve = curves[i].curve; + } + return TRUE; + } + } + return FALSE; +} + +METHOD(tls_crypto_t, create_ec_enumerator, enumerator_t*, + private_tls_crypto_t *this) { - u_int16_t curves[] = { - htons(TLS_SECP256R1), - htons(TLS_SECP384R1), - htons(TLS_SECP521R1), - htons(TLS_SECP192R1), - htons(TLS_SECP224R1), - }; - writer->write_data16(writer, chunk_from_thing(curves)); + return enumerator_create_filter( + lib->crypto->create_dh_enumerator(lib->crypto), + (void*)group_filter, NULL, NULL); } METHOD(tls_crypto_t, set_protection, void, @@ -1310,7 +1346,7 @@ tls_crypto_t *tls_crypto_create(tls_t *tls) .select_cipher_suite = _select_cipher_suite, .get_dh_group = _get_dh_group, .get_signature_algorithms = _get_signature_algorithms, - .get_curves = _get_curves, + .create_ec_enumerator = _create_ec_enumerator, .set_protection = _set_protection, .append_handshake = _append_handshake, .sign = _sign, |