diff options
author | Martin Willi <martin@revosec.ch> | 2010-09-02 19:15:16 +0200 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2010-09-02 19:33:08 +0200 |
commit | d29a82a9d4b517fada07d220c730d4d9b5fd210e (patch) | |
tree | aa0e78ffb35069dd754822f0a77dd11e810ed622 /src/libtls/tls_server.c | |
parent | 60c4b3b545079cb96dd28746ca40051bb7aaefef (diff) | |
download | strongswan-d29a82a9d4b517fada07d220c730d4d9b5fd210e.tar.bz2 strongswan-d29a82a9d4b517fada07d220c730d4d9b5fd210e.tar.xz |
Added generic TLS data sign/verify, hash/sig algorithm construction
Diffstat (limited to 'src/libtls/tls_server.c')
-rw-r--r-- | src/libtls/tls_server.c | 72 |
1 files changed, 9 insertions, 63 deletions
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index 493b07e69..9b38c7f7d 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -532,12 +532,16 @@ static status_t send_certificate(private_tls_server_t *this, } /** - * Create a list of supported certificate types and hash/sig algorithms + * Send Certificate Request */ -static void get_supported_algorithms(private_tls_server_t *this, - tls_writer_t *writer) +static status_t send_certificate_request(private_tls_server_t *this, + tls_handshake_type_t *type, tls_writer_t *writer) { - tls_writer_t *supported; + tls_writer_t *authorities, *supported; + enumerator_t *enumerator; + certificate_t *cert; + x509_t *x509; + identification_t *id; supported = tls_writer_create(4); /* we propose both RSA and ECDSA */ @@ -545,68 +549,10 @@ static void get_supported_algorithms(private_tls_server_t *this, supported->write_uint8(supported, TLS_ECDSA_SIGN); writer->write_data8(writer, supported->get_buf(supported)); supported->destroy(supported); - if (this->tls->get_version(this->tls) >= TLS_1_2) { - enumerator_t *enumerator; - hash_algorithm_t alg; - tls_hash_algorithm_t hash; - - supported = tls_writer_create(32); - enumerator = lib->crypto->create_hasher_enumerator(lib->crypto); - while (enumerator->enumerate(enumerator, &alg)) - { - switch (alg) - { - case HASH_MD5: - hash = TLS_HASH_MD5; - break; - case HASH_SHA1: - hash = TLS_HASH_SHA1; - break; - case HASH_SHA224: - hash = TLS_HASH_SHA224; - break; - case HASH_SHA256: - hash = TLS_HASH_SHA256; - break; - case HASH_SHA384: - hash = TLS_HASH_SHA384; - break; - case HASH_SHA512: - hash = TLS_HASH_SHA512; - break; - default: - continue; - } - supported->write_uint8(supported, hash); - supported->write_uint8(supported, TLS_SIG_RSA); - if (alg != HASH_MD5 && alg != HASH_SHA224) - { - supported->write_uint8(supported, hash); - supported->write_uint8(supported, TLS_SIG_ECDSA); - } - } - enumerator->destroy(enumerator); - - writer->write_data16(writer, supported->get_buf(supported)); - supported->destroy(supported); + this->crypto->get_signature_algorithms(this->crypto, writer); } -} - -/** - * Send Certificate Request - */ -static status_t send_certificate_request(private_tls_server_t *this, - tls_handshake_type_t *type, tls_writer_t *writer) -{ - tls_writer_t *authorities; - enumerator_t *enumerator; - certificate_t *cert; - x509_t *x509; - identification_t *id; - - get_supported_algorithms(this, writer); authorities = tls_writer_create(64); enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, |