search

bytinbit / strongswan

strongSwan - IPsec-based VPN
https://www.strongswan.org
Other
2 stars 0 forks source link

libtls: Implement missing constants #3

Closed bytinbit closed 4 years ago

bytinbit commented 4 years ago

Aufwandschätzung: soll=5 Stunden ist=

Three enums are specified in rfc 8446: SignatureScheme, NamedGroup, CertificateType. However, their location couldn't be found in the existing code and must be verified with the project maintainers. They haven't been implemented so far.

edit: corrected rfc name

tobiasbrunner commented 4 years ago

It's actually RFC 8446 :)

SignatureScheme is currently not explicitly represented. The signature schemes are mapped via tls_crypto_t::get_signature_algorithms().

NamedGroup is tls_named_curve_t in tls_crypto.h. There is also a map (called curves) in tls_crypto.c that maps these to DH group identifiers used otherwise in strongSwan.

CertificateType isn't really necessary as only X.509 (0) is supported.

If I may, a quick note about #2 and the associated commit. Please start the first line of the commit message with libtls: (given it changes code in src/libtls, for the test script use tls-test:) followed by a short description that starts with an upper case letter (for instance, in this case it would be something like libtls: Add TLS 1.3 constants). Also, for pretty much every enum there is one or more enum_name_t, which contain strings for logging these constants (they are defined in the *.c files of the same name). Please update them too if you add values to the enums.