crypto: add package.

The crypto package is added as a common place to store identifiers for hash functions. At the moment, the rsa package has an enumeration of hash functions and knowledge of their digest lengths. This is an unfortunate coupling and other high level crypto packages tend to need to duplicate this enumeration and knowledge (i.e. openpgp). crypto pulls this code out into a common location. It would also make sense to add similar support for ciphers to crypto, but the problem there isn't as acute that isn't done in this change. R=bradfitzgo, r, rsc CC=golang-dev https://golang.org/cl/4080046
2011-02-01 11:02:48 -05:00 · 2011-02-01 11:02:48 -05:00 · b8e817cbf8
commit b8e817cbf8
parent 45b573322e
3 changed files with 7 additions and 4 deletions
--- a/handshake_client.go
+++ b/handshake_client.go
@ -5,6 +5,7 @@
 package tls

 import (
+	"crypto"
 	"crypto/rsa"
 	"crypto/subtle"
 	"crypto/x509"
@ -248,7 +249,7 @@ func (c *Conn) clientHandshake() os.Error {
 		var digest [36]byte
 		copy(digest[0:16], finishedHash.serverMD5.Sum())
 		copy(digest[16:36], finishedHash.serverSHA1.Sum())
-		signed, err := rsa.SignPKCS1v15(c.config.rand(), c.config.Certificates[0].PrivateKey, rsa.HashMD5SHA1, digest[0:])
+		signed, err := rsa.SignPKCS1v15(c.config.rand(), c.config.Certificates[0].PrivateKey, crypto.MD5SHA1, digest[0:])
 		if err != nil {
 			return c.sendAlert(alertInternalError)
 		}
--- a/handshake_server.go
+++ b/handshake_server.go
@ -5,6 +5,7 @@
 package tls

 import (
+	"crypto"
 	"crypto/rsa"
 	"crypto/subtle"
 	"crypto/x509"
@ -213,7 +214,7 @@ Curves:
 		digest := make([]byte, 36)
 		copy(digest[0:16], finishedHash.serverMD5.Sum())
 		copy(digest[16:36], finishedHash.serverSHA1.Sum())
-		err = rsa.VerifyPKCS1v15(pub, rsa.HashMD5SHA1, digest, certVerify.signature)
+		err = rsa.VerifyPKCS1v15(pub, crypto.MD5SHA1, digest, certVerify.signature)
 		if err != nil {
 			c.sendAlert(alertBadCertificate)
 			return os.ErrorString("could not validate signature of connection nonces: " + err.String())
--- a/key_agreement.go
+++ b/key_agreement.go
@ -6,6 +6,7 @@ package tls

 import (
 	"big"
+	"crypto"
 	"crypto/elliptic"
 	"crypto/md5"
 	"crypto/rsa"
@ -143,7 +144,7 @@ Curve:
 	copy(serverECDHParams[4:], ecdhePublic)

 	md5sha1 := md5SHA1Hash(clientHello.random, hello.random, serverECDHParams)
-	sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey, rsa.HashMD5SHA1, md5sha1)
+	sig, err := rsa.SignPKCS1v15(config.rand(), config.Certificates[0].PrivateKey, crypto.MD5SHA1, md5sha1)
 	if err != nil {
 		return nil, os.ErrorString("failed to sign ECDHE parameters: " + err.String())
 	}
@ -216,7 +217,7 @@ func (ka *ecdheRSAKeyAgreement) processServerKeyExchange(config *Config, clientH
 	sig = sig[2:]

 	md5sha1 := md5SHA1Hash(clientHello.random, serverHello.random, serverECDHParams)
-	return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), rsa.HashMD5SHA1, md5sha1, sig)
+	return rsa.VerifyPKCS1v15(cert.PublicKey.(*rsa.PublicKey), crypto.MD5SHA1, md5sha1, sig)

 Error:
 	return os.ErrorString("invalid ServerKeyExchange")