4589N/A * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved. 3002N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3002N/A * This code is free software; you can redistribute it and/or modify it 3002N/A * under the terms of the GNU General Public License version 2 only, as 3002N/A * published by the Free Software Foundation. Oracle designates this 3002N/A * particular file as subject to the "Classpath" exception as provided 3002N/A * by Oracle in the LICENSE file that accompanied this code. 3002N/A * This code is distributed in the hope that it will be useful, but WITHOUT 3002N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 3002N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 3002N/A * version 2 for more details (a copy is included in the LICENSE file that 3002N/A * You should have received a copy of the GNU General Public License version 3002N/A * 2 along with this work; if not, write to the Free Software Foundation, 3002N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 3002N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 3002N/A * or visit www.oracle.com if you need additional information or have any 3002N/A * Signature and hash algorithm. 3002N/A * [RFC5246] The client uses the "signature_algorithms" extension to 3002N/A * used in digital signatures. The "extension_data" field of this 3002N/A * extension contains a "supported_signature_algorithms" value. 3002N/A * none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), 3002N/A * enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) } 3002N/A * SignatureAlgorithm signature; 3002N/A * } SignatureAndHashAlgorithm; 3002N/A // minimum priority for default enabled algorithms 3002N/A // performance optimization 3002N/A // supported pairs of signature and hash algorithm 3002N/A // id in 16 bit MSB format, i.e. 0x0603 for SHA512withECDSA 3002N/A // the standard algorithm name, for example "SHA512withECDSA" 3002N/A // Priority for the preference order. The lower the better. 3002N/A // If the algorithm is unsupported, its priority should be bigger 3002N/A // than SUPPORTED_ALG_PRIORITY_MAX_NUM. 3002N/A // constructor for supported algorithm 3002N/A // constructor for unsupported algorithm 3002N/A // add one more to the sequece number, in case that the number is zero 3002N/A // Note that we do not use the sequence argument for supported algorithms, 3002N/A // so please don't sort by comparing the objects read from handshake 3002N/A // return the size of a SignatureAndHashAlgorithm structure in TLS record 3002N/A // Get local supported algorithm collection complying to 3002N/A // Get supported algorithm collection from an untrusted collection 3002N/A "Duplicate SignatureAndHashAlgorithm definition, id: " +
3002N/A "Duplicate SignatureAndHashAlgorithm definition, priority: " +
4589N/A return null;
// no expected algorithm, no supported algorithm 4589N/A * Need to check RSA key length to match the length of hash value 4589N/A * RSA keys of 512 bits have been shown to be practically 4589N/A * breakable, it does not make much sense to use the strong 4589N/A * hash algorithm for keys whose key size less than 512 bits. 4589N/A * So it is not necessary to caculate the required max digest 4589N/A * If key size is greater than or equals to 768, there is no max 4589N/A * digest length limitation in currect implementation. 4589N/A * If key size is greater than or equals to 512, but less than 4589N/A * 768, the digest length should be less than or equal to 32 bytes. 4589N/A * If key size is less than 512, the digest length should be 4589N/A * less than or equal to 20 bytes. 4589N/A }
// Otherwise, cannot determine the key size, prefer the most 4589N/A // perferable hash algorithm. 3002N/A // except the UNDEFINED, other names are defined 4589N/A final int length;
// digest length in bytes, -1 means not applicable 3002N/A // except the UNDEFINED, other names are defined