tls_cache_t *cache;
/**
- * All handshake data concatentated
+ * All handshake data concatenated
*/
chunk_t handshake;
tls_hash_algorithm_t hash;
signature_scheme_t scheme;
} schemes[] = {
- { TLS_SIG_ECDSA, TLS_HASH_SHA256, SIGN_ECDSA_WITH_SHA256_DER },
- { TLS_SIG_ECDSA, TLS_HASH_SHA384, SIGN_ECDSA_WITH_SHA384_DER },
- { TLS_SIG_ECDSA, TLS_HASH_SHA512, SIGN_ECDSA_WITH_SHA512_DER },
- { TLS_SIG_ECDSA, TLS_HASH_SHA1, SIGN_ECDSA_WITH_SHA1_DER },
- { TLS_SIG_RSA, TLS_HASH_SHA256, SIGN_RSA_EMSA_PKCS1_SHA256 },
- { TLS_SIG_RSA, TLS_HASH_SHA384, SIGN_RSA_EMSA_PKCS1_SHA384 },
- { TLS_SIG_RSA, TLS_HASH_SHA512, SIGN_RSA_EMSA_PKCS1_SHA512 },
- { TLS_SIG_RSA, TLS_HASH_SHA224, SIGN_RSA_EMSA_PKCS1_SHA224 },
- { TLS_SIG_RSA, TLS_HASH_SHA1, SIGN_RSA_EMSA_PKCS1_SHA1 },
- { TLS_SIG_RSA, TLS_HASH_MD5, SIGN_RSA_EMSA_PKCS1_MD5 },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA256, SIGN_ECDSA_WITH_SHA256_DER },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA384, SIGN_ECDSA_WITH_SHA384_DER },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA512, SIGN_ECDSA_WITH_SHA512_DER },
+ { TLS_SIG_ECDSA, TLS_HASH_SHA1, SIGN_ECDSA_WITH_SHA1_DER },
+ { TLS_SIG_RSA, TLS_HASH_SHA256, SIGN_RSA_EMSA_PKCS1_SHA2_256 },
+ { TLS_SIG_RSA, TLS_HASH_SHA384, SIGN_RSA_EMSA_PKCS1_SHA2_384 },
+ { TLS_SIG_RSA, TLS_HASH_SHA512, SIGN_RSA_EMSA_PKCS1_SHA2_512 },
+ { TLS_SIG_RSA, TLS_HASH_SHA224, SIGN_RSA_EMSA_PKCS1_SHA2_224 },
+ { TLS_SIG_RSA, TLS_HASH_SHA1, SIGN_RSA_EMSA_PKCS1_SHA1 },
+ { TLS_SIG_RSA, TLS_HASH_MD5, SIGN_RSA_EMSA_PKCS1_MD5 },
};
METHOD(tls_crypto_t, get_signature_algorithms, void,
{ ECP_192_BIT, TLS_SECP192R1},
};
-/**
- * Filter EC groups, add TLS curve
- */
-static bool group_filter(void *null,
- diffie_hellman_group_t *in, diffie_hellman_group_t *out,
- void* dummy1, tls_named_curve_t *curve)
+CALLBACK(group_filter, bool,
+ void *null, enumerator_t *orig, va_list args)
{
+ diffie_hellman_group_t group, *out;
+ tls_named_curve_t *curve;
+ char *plugin;
int i;
- for (i = 0; i < countof(curves); i++)
+ VA_ARGS_VGET(args, out, curve);
+
+ while (orig->enumerate(orig, &group, &plugin))
{
- if (curves[i].group == *in)
+ for (i = 0; i < countof(curves); i++)
{
- if (out)
- {
- *out = curves[i].group;
- }
- if (curve)
+ if (curves[i].group == group)
{
- *curve = curves[i].curve;
+ if (out)
+ {
+ *out = curves[i].group;
+ }
+ if (curve)
+ {
+ *curve = curves[i].curve;
+ }
+ return TRUE;
}
- return TRUE;
}
}
return FALSE;
private_tls_crypto_t *this)
{
return enumerator_create_filter(
- lib->crypto->create_dh_enumerator(lib->crypto),
- (void*)group_filter, NULL, NULL);
+ lib->crypto->create_dh_enumerator(lib->crypto),
+ group_filter, NULL, NULL);
}
METHOD(tls_crypto_t, set_protection, void,
{
scheme = hashsig_to_scheme(key->get_type(key), hash, alg);
if (scheme != SIGN_UNKNOWN &&
- key->sign(key, scheme, data, &sig))
+ key->sign(key, scheme, NULL, data, &sig))
{
done = TRUE;
break;
{
return FALSE;
}
- done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, &sig);
+ done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
+ &sig);
free(hash.ptr);
if (!done)
{
DBG2(DBG_TLS, "created signature with MD5+SHA1/RSA");
break;
case KEY_ECDSA:
- if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, data, &sig))
+ if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data, &sig))
{
return FALSE;
}
tls_signature_algorithm_names, alg);
return FALSE;
}
- if (!key->verify(key, scheme, data, sig))
+ if (!key->verify(key, scheme, NULL, data, sig))
{
return FALSE;
}
{
return FALSE;
}
- done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, sig);
+ done = key->verify(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
+ sig);
free(hash.ptr);
if (!done)
{
DBG2(DBG_TLS, "verified signature data with MD5+SHA1/RSA");
break;
case KEY_ECDSA:
- if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, data, sig))
+ if (!key->verify(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data,
+ sig))
{
return FALSE;
}