From: Pascal Knecht <pascal.knecht@hsr.ch>
Date: Sat, 10 Oct 2020 15:10:37 +0000 (+0200)
Subject: tls-crypto: Add missing signature scheme constants
X-Git-Tag: 5.9.2rc1~23^2~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=91c9e4d576e5c4e6154d1d41eeca5acaf925dc14;p=thirdparty%2Fstrongswan.git

tls-crypto: Add missing signature scheme constants

Some peers, e.g. Firefox, send a wide range of signature algorithms. To
prevent numeric identifiers in the log these algorithms are added here.
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 7c43a570c6..86fafb4dd4 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -277,22 +277,24 @@ ENUM_NEXT(tls_signature_scheme_names,
 		  TLS_SIG_ECDSA_SHA1, TLS_SIG_ECDSA_SHA1, TLS_SIG_RSA_PKCS1_SHA1,
 	"ECDSA_SHA1");
 ENUM_NEXT(tls_signature_scheme_names,
-		  TLS_SIG_RSA_PKCS1_SHA256, TLS_SIG_RSA_PKCS1_SHA256, TLS_SIG_ECDSA_SHA1,
-	"RSA_PKCS1_SHA256");
+		  TLS_SIG_RSA_PKCS1_SHA224, TLS_SIG_ECDSA_SHA224, TLS_SIG_ECDSA_SHA1,
+	"RSA_PKCS1_SHA224",
+	"DSA_SHA224",
+	"ECDSA_SHA224");
 ENUM_NEXT(tls_signature_scheme_names,
-		  TLS_SIG_ECDSA_SHA256, TLS_SIG_ECDSA_SHA256, TLS_SIG_RSA_PKCS1_SHA256,
+		  TLS_SIG_RSA_PKCS1_SHA256, TLS_SIG_ECDSA_SHA256, TLS_SIG_ECDSA_SHA224,
+	"RSA_PKCS1_SHA256",
+	"DSA_SHA256",
 	"ECDSA_SHA256");
 ENUM_NEXT(tls_signature_scheme_names,
-		  TLS_SIG_RSA_PKCS1_SHA384, TLS_SIG_RSA_PKCS1_SHA384, TLS_SIG_ECDSA_SHA256,
-	"RSA_PKCS1_SHA384");
-ENUM_NEXT(tls_signature_scheme_names,
-		  TLS_SIG_ECDSA_SHA384, TLS_SIG_ECDSA_SHA384, TLS_SIG_RSA_PKCS1_SHA384,
+		  TLS_SIG_RSA_PKCS1_SHA384, TLS_SIG_ECDSA_SHA384, TLS_SIG_ECDSA_SHA256,
+	"RSA_PKCS1_SHA384",
+	"DSA_SHA384",
 	"ECDSA_SHA384");
 ENUM_NEXT(tls_signature_scheme_names,
-		  TLS_SIG_RSA_PKCS1_SHA512, TLS_SIG_RSA_PKCS1_SHA512, TLS_SIG_ECDSA_SHA384,
-	"RSA_PKCS1_SHA512");
-ENUM_NEXT(tls_signature_scheme_names,
-		  TLS_SIG_ECDSA_SHA512, TLS_SIG_ECDSA_SHA512, TLS_SIG_RSA_PKCS1_SHA512,
+		  TLS_SIG_RSA_PKCS1_SHA512, TLS_SIG_ECDSA_SHA512, TLS_SIG_ECDSA_SHA384,
+	"RSA_PKCS1_SHA512",
+	"DSA_SHA512",
 	"ECDSA_SHA512");
 ENUM_NEXT(tls_signature_scheme_names,
 		  TLS_SIG_RSA_PSS_RSAE_SHA256, TLS_SIG_RSA_PSS_PSS_SHA512, TLS_SIG_ECDSA_SHA512,
diff --git a/src/libtls/tls_crypto.h b/src/libtls/tls_crypto.h
index 3d230e9192..9da07ce750 100644
--- a/src/libtls/tls_crypto.h
+++ b/src/libtls/tls_crypto.h
@@ -297,11 +297,17 @@ enum tls_signature_scheme_t {
 	 * second the key type) */
 	TLS_SIG_RSA_PKCS1_SHA1 =		0x0201,
 	TLS_SIG_ECDSA_SHA1 =			0x0203,
+	TLS_SIG_RSA_PKCS1_SHA224 =		0x0301,
+	TLS_SIG_DSA_SHA224 =			0x0302,
+	TLS_SIG_ECDSA_SHA224 =			0x0303,
 	TLS_SIG_RSA_PKCS1_SHA256 =		0x0401,
+	TLS_SIG_DSA_SHA256 =			0x0402,
 	TLS_SIG_ECDSA_SHA256 =			0x0403,
 	TLS_SIG_RSA_PKCS1_SHA384 =		0x0501,
+	TLS_SIG_DSA_SHA384 =			0x0502,
 	TLS_SIG_ECDSA_SHA384 =			0x0503,
 	TLS_SIG_RSA_PKCS1_SHA512 =		0x0601,
+	TLS_SIG_DSA_SHA512 =			0x0602,
 	TLS_SIG_ECDSA_SHA512 =			0x0603,
 	/* RSASSA-PSS for public keys with OID rsaEncryption */
 	TLS_SIG_RSA_PSS_RSAE_SHA256 =	0x0804,