]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Added new security level "legacy" for 96-bit security.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 18 Jan 2012 21:34:44 +0000 (22:34 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sat, 21 Jan 2012 00:07:09 +0000 (01:07 +0100)
doc/cha-gtls-app.texi
lib/algorithms/secparams.c
lib/includes/gnutls/gnutls.h.in
tests/slow/keygen.c

index 733dda1073a751ff6307e342dd26893ae9601cc6..c9d8e8e95db96371b44845c8991da3f931315ae6 100644 (file)
@@ -1235,18 +1235,18 @@ authentication.
 
 @headitem Security bits @tab RSA, DH and SRP parameter size @tab ECC key size @tab Security parameter @tab Description
 
-@item 64
-@tab 816
-@tab 128
-@tab @code{WEAK}
-@tab Very short term protection against small organizations
-
 @item 80
 @tab 1248
 @tab 160
 @tab @code{LOW}
 @tab Very short term protection against agencies
 
+@item 96
+@tab 1776
+@tab 192
+@tab @code{LEGACY}
+@tab Legacy standard level
+
 @item 112
 @tab 2432
 @tab 224
index 48e90a01fa3502d362d14a1c39539d8983564299..5bfd6461458f394ee78609be92480963bc737c58 100644 (file)
@@ -39,8 +39,8 @@ typedef struct
 } gnutls_sec_params_entry;
 
 static const gnutls_sec_params_entry sec_params[] = {
-  {"Weak", GNUTLS_SEC_PARAM_WEAK, 64, 816, 1024, 128, 128},
   {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
+  {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192},
   {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
   {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
   {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
@@ -161,7 +161,7 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param)
 gnutls_sec_param_t
 gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits)
 {
-  gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_WEAK;
+  gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_LOW;
 
   if (bits == 0)
     return GNUTLS_SEC_PARAM_UNKNOWN;
index f3dfed064fe13145d63bd05cd78576fedf8a4c61..537b88a7539ce1a06a37f39641f2c71031927747 100644 (file)
@@ -652,25 +652,27 @@ typedef enum
   GNUTLS_ECC_CURVE_SECP192R1,
 } gnutls_ecc_curve_t;
 
+#define GNUTLS_SEC_PARAM_WEAK GNUTLS_SEC_PARAM_LOW
+
 /**
  * gnutls_sec_param_t:
  * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
- * @GNUTLS_SEC_PARAM_WEAK: 50 or less bits of security
- * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
+ * @GNUTLS_SEC_PARAM_LOW: 80 or less bits of security
+ * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
  * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
  * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
  * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
  *
- * Enumeration of security parameters for passive attacks
+ * Enumeration of security parameters for passive attacks.
  */
   typedef enum
   {
     GNUTLS_SEC_PARAM_UNKNOWN,
-    GNUTLS_SEC_PARAM_WEAK,
-    GNUTLS_SEC_PARAM_LOW,
-    GNUTLS_SEC_PARAM_NORMAL,
-    GNUTLS_SEC_PARAM_HIGH,
-    GNUTLS_SEC_PARAM_ULTRA
+    GNUTLS_SEC_PARAM_LOW = 1,
+    GNUTLS_SEC_PARAM_LEGACY = 2,
+    GNUTLS_SEC_PARAM_NORMAL = 3,
+    GNUTLS_SEC_PARAM_HIGH = 4,
+    GNUTLS_SEC_PARAM_ULTRA = 5,
   } gnutls_sec_param_t;
 
 /**
index b4dd02de8880068d9c62e27bf89c69c5b96e9888..583a3a71cab58852146ab49de89bed81763c2793 100644 (file)
@@ -35,7 +35,7 @@
 
 #define MAX_TRIES 2
 
-static int sec_param[MAX_TRIES] = {GNUTLS_SEC_PARAM_WEAK, GNUTLS_SEC_PARAM_NORMAL};
+static int sec_param[MAX_TRIES] = {GNUTLS_SEC_PARAM_LOW, GNUTLS_SEC_PARAM_NORMAL};
 
 static void
 tls_log_func (int level, const char *str)