aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl/src/tls_v1.erl
diff options
context:
space:
mode:
authorPéter Dimitrov <[email protected]>2018-09-03 10:34:12 +0200
committerPéter Dimitrov <[email protected]>2018-09-06 10:53:10 +0200
commit6d5cac99b366e30bb95473f4f99ec80df410f297 (patch)
tree9cf46c6d8495b315cf3f1a4f7886b50cfac87e53 /lib/ssl/src/tls_v1.erl
parent6279f44c017aa75bd83e02169579502c7335cd54 (diff)
downloadotp-6d5cac99b366e30bb95473f4f99ec80df410f297.tar.gz
otp-6d5cac99b366e30bb95473f4f99ec80df410f297.tar.bz2
otp-6d5cac99b366e30bb95473f4f99ec80df410f297.zip
ssl: Add new extension with encode/decode functions
Change-Id: I8a5c11b3503b44cfc6cbd6e4fd8ff3005a8669dd
Diffstat (limited to 'lib/ssl/src/tls_v1.erl')
-rw-r--r--lib/ssl/src/tls_v1.erl61
1 files changed, 60 insertions, 1 deletions
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index 79d50684f1..e6be574916 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -32,7 +32,8 @@
-export([master_secret/4, finished/5, certificate_verify/3, mac_hash/7, hmac_hash/3,
setup_keys/8, suites/1, prf/5,
ecc_curves/1, ecc_curves/2, oid_to_enum/1, enum_to_oid/1,
- default_signature_algs/1, signature_algs/2, v1_3_filters/0]).
+ default_signature_algs/1, signature_algs/2, v1_3_filters/0,
+ default_signature_schemes/1, signature_schemes/2]).
-type named_curve() :: sect571r1 | sect571k1 | secp521r1 | brainpoolP512r1 |
sect409k1 | sect409r1 | brainpoolP384r1 | secp384r1 |
@@ -303,6 +304,64 @@ default_signature_algs({3, 3} = Version) ->
default_signature_algs(_) ->
undefined.
+
+signature_schemes(Version, SignatureSchemes) when is_tuple(Version)
+ andalso Version >= {3, 3} ->
+ CryptoSupports = crypto:supports(),
+ Hashes = proplists:get_value(hashs, CryptoSupports),
+ PubKeys = proplists:get_value(public_keys, CryptoSupports),
+ Curves = proplists:get_value(curves, CryptoSupports),
+ Fun = fun (Scheme, Acc) ->
+ {Hash0, Sign0, Curve} =
+ ssl_cipher:scheme_to_components(Scheme),
+ Sign = case Sign0 of
+ rsa_pkcs1 -> rsa;
+ S -> S
+ end,
+ Hash = case Hash0 of
+ sha1 -> sha;
+ H -> H
+ end,
+ case proplists:get_bool(Sign, PubKeys)
+ andalso proplists:get_bool(Hash, Hashes)
+ andalso (Curve =:= undefined orelse
+ proplists:get_bool(Curve, Curves))
+ andalso is_pair(Hash, Sign, Hashes)
+ of
+ true ->
+ [Scheme | Acc];
+ false ->
+ Acc
+ end
+ end,
+ Supported = lists:foldl(Fun, [], SignatureSchemes),
+ lists:reverse(Supported);
+signature_schemes(_, _) ->
+ [].
+
+
+default_signature_schemes(Version) ->
+ Default = [
+ rsa_pkcs1_sha256,
+ rsa_pkcs1_sha384,
+ rsa_pkcs1_sha512,
+ ecdsa_secp256r1_sha256,
+ ecdsa_secp384r1_sha384,
+ ecdsa_secp521r1_sha512,
+ rsa_pss_rsae_sha256,
+ rsa_pss_rsae_sha384,
+ rsa_pss_rsae_sha512,
+ %% ed25519,
+ %% ed448,
+ rsa_pss_pss_sha256,
+ rsa_pss_pss_sha384,
+ rsa_pss_pss_sha512,
+ rsa_pkcs1_sha1,
+ ecdsa_sha1
+ ],
+ signature_schemes(Version, Default).
+
+
%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 14:34:53 +0000