2 * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
3 * 2010 Free Software Foundation, Inc.
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GNUTLS.
9 * The GNUTLS library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26 #include "gnutls_int.h"
27 #include "gnutls_algorithms.h"
28 #include "gnutls_errors.h"
29 #include "gnutls_cert.h"
30 #include <x509/common.h>
34 /* Cred type mappings to KX algorithms
35 * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
36 * more than one credentials type.
40 gnutls_kx_algorithm_t algorithm
;
41 gnutls_credentials_type_t client_type
;
42 gnutls_credentials_type_t server_type
; /* The type of credentials a server
46 static const gnutls_cred_map cred_mappings
[] = {
47 {GNUTLS_KX_ANON_DH
, GNUTLS_CRD_ANON
, GNUTLS_CRD_ANON
},
48 {GNUTLS_KX_RSA
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
49 {GNUTLS_KX_RSA_EXPORT
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
50 {GNUTLS_KX_DHE_DSS
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
51 {GNUTLS_KX_DHE_RSA
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
52 {GNUTLS_KX_PSK
, GNUTLS_CRD_PSK
, GNUTLS_CRD_PSK
},
53 {GNUTLS_KX_DHE_PSK
, GNUTLS_CRD_PSK
, GNUTLS_CRD_PSK
},
54 {GNUTLS_KX_SRP
, GNUTLS_CRD_SRP
, GNUTLS_CRD_SRP
},
55 {GNUTLS_KX_SRP_RSA
, GNUTLS_CRD_SRP
, GNUTLS_CRD_CERTIFICATE
},
56 {GNUTLS_KX_SRP_DSS
, GNUTLS_CRD_SRP
, GNUTLS_CRD_CERTIFICATE
},
60 #define GNUTLS_KX_MAP_LOOP(b) \
61 const gnutls_cred_map *p; \
62 for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
64 #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
65 GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
67 /* KX mappings to PK algorithms */
70 gnutls_kx_algorithm_t kx_algorithm
;
71 gnutls_pk_algorithm_t pk_algorithm
;
72 enum encipher_type encipher_type
; /* CIPHER_ENCRYPT if this algorithm is to be used
73 * for encryption, CIPHER_SIGN if signature only,
74 * CIPHER_IGN if this does not apply at all.
76 * This is useful to certificate cipher suites, which check
77 * against the certificate key usage bits.
81 /* This table maps the Key exchange algorithms to
82 * the certificate algorithms. Eg. if we have
83 * RSA algorithm in the certificate then we can
84 * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
86 static const gnutls_pk_map pk_mappings
[] = {
87 {GNUTLS_KX_RSA
, GNUTLS_PK_RSA
, CIPHER_ENCRYPT
},
88 {GNUTLS_KX_RSA_EXPORT
, GNUTLS_PK_RSA
, CIPHER_SIGN
},
89 {GNUTLS_KX_DHE_RSA
, GNUTLS_PK_RSA
, CIPHER_SIGN
},
90 {GNUTLS_KX_SRP_RSA
, GNUTLS_PK_RSA
, CIPHER_SIGN
},
91 {GNUTLS_KX_DHE_DSS
, GNUTLS_PK_DSA
, CIPHER_SIGN
},
92 {GNUTLS_KX_SRP_DSS
, GNUTLS_PK_DSA
, CIPHER_SIGN
},
96 #define GNUTLS_PK_MAP_LOOP(b) \
97 const gnutls_pk_map *p; \
98 for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
100 #define GNUTLS_PK_MAP_ALG_LOOP(a) \
101 GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
110 gnutls_protocol_t id
; /* gnutls internal version number */
111 int major
; /* defined by the protocol */
112 int minor
; /* defined by the protocol */
113 int supported
; /* 0 not supported, > 0 is supported */
114 } gnutls_version_entry
;
116 static const gnutls_version_entry sup_versions
[] = {
117 {"SSL3.0", GNUTLS_SSL3
, 3, 0, 1},
118 {"TLS1.0", GNUTLS_TLS1
, 3, 1, 1},
119 {"TLS1.1", GNUTLS_TLS1_1
, 3, 2, 1},
120 {"TLS1.2", GNUTLS_TLS1_2
, 3, 3, 1},
124 /* Keep the contents of this struct the same as the previous one. */
125 static const gnutls_protocol_t supported_protocols
[] = {
133 #define GNUTLS_VERSION_LOOP(b) \
134 const gnutls_version_entry *p; \
135 for(p = sup_versions; p->name != NULL; p++) { b ; }
137 #define GNUTLS_VERSION_ALG_LOOP(a) \
138 GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
141 struct gnutls_cipher_entry
144 gnutls_cipher_algorithm_t id
;
149 int export_flag
; /* 0 non export */
151 typedef struct gnutls_cipher_entry gnutls_cipher_entry
;
153 /* Note that all algorithms are in CBC or STREAM modes.
154 * Do not add any algorithms in other modes (avoid modified algorithms).
155 * View first: "The order of encryption and authentication for
156 * protecting communications" by Hugo Krawczyk - CRYPTO 2001
158 * Make sure to updated MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well.
160 static const gnutls_cipher_entry algorithms
[] = {
161 {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC
, 16, 32, CIPHER_BLOCK
, 16, 0},
162 {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC
, 16, 24, CIPHER_BLOCK
, 16, 0},
163 {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC
, 16, 16, CIPHER_BLOCK
, 16, 0},
164 {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC
, 8, 24, CIPHER_BLOCK
, 8, 0},
165 {"DES-CBC", GNUTLS_CIPHER_DES_CBC
, 8, 8, CIPHER_BLOCK
, 8, 0},
166 {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128
, 1, 16, CIPHER_STREAM
, 0, 0},
167 {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40
, 1, 5, CIPHER_STREAM
, 0, 1},
168 {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC
, 8, 5, CIPHER_BLOCK
, 8, 1},
169 #ifdef ENABLE_CAMELLIA
170 {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC
, 16, 32, CIPHER_BLOCK
,
172 {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC
, 16, 16, CIPHER_BLOCK
,
176 #ifdef ENABLE_OPENPGP
177 {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB
, 8, 16, CIPHER_BLOCK
, 8, 0},
178 {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB
, 8, 24, CIPHER_BLOCK
, 8, 0},
179 {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB
, 8, 16, CIPHER_BLOCK
, 8, 0},
180 {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB
, 8,
181 16 /*actually unlimited */ , CIPHER_BLOCK
, 8, 0},
182 {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB
, 8, 16,
184 {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB
, 16, 16, CIPHER_BLOCK
, 16,
186 {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB
, 16, 24, CIPHER_BLOCK
, 16,
188 {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB
, 16, 32, CIPHER_BLOCK
, 16,
190 {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB
, 16, 16, CIPHER_BLOCK
, 16,
193 {"NULL", GNUTLS_CIPHER_NULL
, 1, 0, CIPHER_STREAM
, 0, 0},
194 {0, 0, 0, 0, 0, 0, 0}
197 /* Keep the contents of this struct the same as the previous one. */
198 static const gnutls_cipher_algorithm_t supported_ciphers
[] = {
199 GNUTLS_CIPHER_AES_256_CBC
,
200 GNUTLS_CIPHER_AES_128_CBC
,
201 GNUTLS_CIPHER_3DES_CBC
,
202 GNUTLS_CIPHER_DES_CBC
,
203 GNUTLS_CIPHER_ARCFOUR_128
,
204 GNUTLS_CIPHER_ARCFOUR_40
,
205 GNUTLS_CIPHER_RC2_40_CBC
,
206 #ifdef ENABLE_CAMELLIA
207 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
208 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
214 #define GNUTLS_LOOP(b) \
215 const gnutls_cipher_entry *p; \
216 for(p = algorithms; p->name != NULL; p++) { b ; }
218 #define GNUTLS_ALG_LOOP(a) \
219 GNUTLS_LOOP( if(p->id == algorithm) { a; break; } )
222 struct gnutls_hash_entry
226 gnutls_mac_algorithm_t id
;
227 size_t key_size
; /* in case of mac */
229 typedef struct gnutls_hash_entry gnutls_hash_entry
;
231 static const gnutls_hash_entry hash_algorithms
[] = {
232 {"SHA1", HASH_OID_SHA1
, GNUTLS_MAC_SHA1
, 20},
233 {"MD5", HASH_OID_MD5
, GNUTLS_MAC_MD5
, 16},
234 {"SHA256", HASH_OID_SHA256
, GNUTLS_MAC_SHA256
, 32},
235 {"SHA384", HASH_OID_SHA384
, GNUTLS_MAC_SHA384
, 48},
236 {"SHA512", HASH_OID_SHA512
, GNUTLS_MAC_SHA512
, 64},
237 {"MD2", HASH_OID_MD2
, GNUTLS_MAC_MD2
, 0}, /* not used as MAC */
238 {"RIPEMD160", HASH_OID_RMD160
, GNUTLS_MAC_RMD160
, 20},
239 {"NULL", NULL
, GNUTLS_MAC_NULL
, 0},
243 /* Keep the contents of this struct the same as the previous one. */
244 static const gnutls_mac_algorithm_t supported_macs
[] = {
256 #define GNUTLS_HASH_LOOP(b) \
257 const gnutls_hash_entry *p; \
258 for(p = hash_algorithms; p->name != NULL; p++) { b ; }
260 #define GNUTLS_HASH_ALG_LOOP(a) \
261 GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
263 /* Key Exchange Section */
266 extern mod_auth_st rsa_auth_struct
;
267 extern mod_auth_st rsa_export_auth_struct
;
268 extern mod_auth_st dhe_rsa_auth_struct
;
269 extern mod_auth_st dhe_dss_auth_struct
;
270 extern mod_auth_st anon_auth_struct
;
271 extern mod_auth_st srp_auth_struct
;
272 extern mod_auth_st psk_auth_struct
;
273 extern mod_auth_st dhe_psk_auth_struct
;
274 extern mod_auth_st srp_rsa_auth_struct
;
275 extern mod_auth_st srp_dss_auth_struct
;
277 struct gnutls_kx_algo_entry
280 gnutls_kx_algorithm_t algorithm
;
281 mod_auth_st
*auth_struct
;
283 int needs_rsa_params
;
285 typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry
;
287 static const gnutls_kx_algo_entry _gnutls_kx_algorithms
[] = {
289 {"ANON-DH", GNUTLS_KX_ANON_DH
, &anon_auth_struct
, 1, 0},
291 {"RSA", GNUTLS_KX_RSA
, &rsa_auth_struct
, 0, 0},
292 {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT
, &rsa_export_auth_struct
, 0,
293 1 /* needs RSA params */ },
294 {"DHE-RSA", GNUTLS_KX_DHE_RSA
, &dhe_rsa_auth_struct
, 1, 0},
295 {"DHE-DSS", GNUTLS_KX_DHE_DSS
, &dhe_dss_auth_struct
, 1, 0},
298 {"SRP-DSS", GNUTLS_KX_SRP_DSS
, &srp_dss_auth_struct
, 0, 0},
299 {"SRP-RSA", GNUTLS_KX_SRP_RSA
, &srp_rsa_auth_struct
, 0, 0},
300 {"SRP", GNUTLS_KX_SRP
, &srp_auth_struct
, 0, 0},
303 {"PSK", GNUTLS_KX_PSK
, &psk_auth_struct
, 0, 0},
304 {"DHE-PSK", GNUTLS_KX_DHE_PSK
, &dhe_psk_auth_struct
,
305 1 /* needs DHE params */ , 0},
310 /* Keep the contents of this struct the same as the previous one. */
311 static const gnutls_kx_algorithm_t supported_kxs
[] = {
316 GNUTLS_KX_RSA_EXPORT
,
331 #define GNUTLS_KX_LOOP(b) \
332 const gnutls_kx_algo_entry *p; \
333 for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
335 #define GNUTLS_KX_ALG_LOOP(a) \
336 GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
341 #define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, version ) \
342 { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version }
348 gnutls_cipher_algorithm_t block_algorithm
;
349 gnutls_kx_algorithm_t kx_algorithm
;
350 gnutls_mac_algorithm_t mac_algorithm
;
351 gnutls_protocol_t version
; /* this cipher suite is supported
352 * from 'version' and above;
354 } gnutls_cipher_suite_entry
;
356 /* RSA with NULL cipher and MD5 MAC
359 #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
362 /* ANONymous cipher suites.
365 #define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
366 #define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
369 #define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
370 #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
373 #ifdef ENABLE_CAMELLIA
374 #define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
375 #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
378 #define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C }
379 #define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D }
381 /* PSK (not in TLS 1.0)
382 * draft-ietf-tls-psk:
384 #define GNUTLS_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8A }
385 #define GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8B }
386 #define GNUTLS_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x8C }
387 #define GNUTLS_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x8D }
389 #define GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8E }
390 #define GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8F }
391 #define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 }
392 #define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 }
397 #define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A }
398 #define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B }
399 #define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C }
401 #define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D }
402 #define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E }
403 #define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F }
405 #define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 }
406 #define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 }
407 #define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 }
411 #define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 }
412 #define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 }
413 #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
415 #define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 }
419 #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
420 #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
423 #ifdef ENABLE_CAMELLIA
424 #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
425 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
428 #define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
429 #define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
434 #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
437 /* draft-ietf-tls-56-bit-ciphersuites-01:
439 #define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 }
444 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
445 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
448 #ifdef ENABLE_CAMELLIA
449 #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
450 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
453 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
454 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
458 #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
462 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
463 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
466 #ifdef ENABLE_CAMELLIA
467 #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
468 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
471 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
472 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
474 /* Safe renegotiation */
476 #define GNUTLS_RENEGO_PROTECTION_REQUEST { GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR, GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR }
478 #define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
480 static const gnutls_cipher_suite_entry cs_algorithms
[] = {
482 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5
,
483 GNUTLS_CIPHER_ARCFOUR_128
,
484 GNUTLS_KX_ANON_DH
, GNUTLS_MAC_MD5
,
486 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1
,
487 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_ANON_DH
,
488 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
489 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1
,
490 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_ANON_DH
,
491 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
492 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1
,
493 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_ANON_DH
,
494 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
495 #ifdef ENABLE_CAMELLIA
496 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1
,
497 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
499 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
500 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1
,
501 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
503 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
505 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256
,
506 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_ANON_DH
,
507 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
),
508 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256
,
509 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_ANON_DH
,
510 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
),
513 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1
,
514 GNUTLS_CIPHER_ARCFOUR
, GNUTLS_KX_PSK
,
515 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
516 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1
,
517 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_PSK
,
518 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
519 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1
,
520 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_PSK
,
521 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
522 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1
,
523 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_PSK
,
524 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
527 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1
,
528 GNUTLS_CIPHER_ARCFOUR
, GNUTLS_KX_DHE_PSK
,
529 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
530 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1
,
531 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_DHE_PSK
,
532 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
533 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1
,
534 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_PSK
,
535 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
536 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1
,
537 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_PSK
,
538 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
541 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1
,
542 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_SRP
,
543 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
544 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1
,
545 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_SRP
,
546 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
547 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1
,
548 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_SRP
,
549 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
551 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1
,
552 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_SRP_DSS
,
553 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
555 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1
,
556 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_SRP_RSA
,
557 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
559 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1
,
560 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_SRP_DSS
,
561 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
563 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1
,
564 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_SRP_RSA
,
565 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
567 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1
,
568 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_SRP_DSS
,
569 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
571 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1
,
572 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_SRP_RSA
,
573 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
576 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1
,
577 GNUTLS_CIPHER_ARCFOUR_128
, GNUTLS_KX_DHE_DSS
,
578 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
579 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1
,
580 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_DHE_DSS
,
581 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
582 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1
,
583 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_DSS
,
584 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
585 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1
,
586 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_DSS
,
587 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
588 #ifdef ENABLE_CAMELLIA
589 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1
,
590 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
592 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
593 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1
,
594 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
596 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
598 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256
,
599 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_DSS
,
600 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
),
601 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256
,
602 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_DSS
,
603 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
),
605 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1
,
606 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_DHE_RSA
,
607 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
608 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1
,
609 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_RSA
,
610 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
611 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1
,
612 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_RSA
,
613 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
614 #ifdef ENABLE_CAMELLIA
615 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1
,
616 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
618 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
619 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1
,
620 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
622 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
624 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256
,
625 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_RSA
,
626 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
),
627 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256
,
628 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_RSA
,
629 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
),
631 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5
,
633 GNUTLS_KX_RSA
, GNUTLS_MAC_MD5
, GNUTLS_SSL3
),
635 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5
,
636 GNUTLS_CIPHER_ARCFOUR_40
,
637 GNUTLS_KX_RSA_EXPORT
, GNUTLS_MAC_MD5
,
640 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1
,
641 GNUTLS_CIPHER_ARCFOUR_128
,
642 GNUTLS_KX_RSA
, GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
643 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5
,
644 GNUTLS_CIPHER_ARCFOUR_128
,
645 GNUTLS_KX_RSA
, GNUTLS_MAC_MD5
, GNUTLS_SSL3
),
646 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1
,
647 GNUTLS_CIPHER_3DES_CBC
,
648 GNUTLS_KX_RSA
, GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
649 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1
,
650 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_RSA
,
651 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
652 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1
,
653 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_RSA
,
654 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
655 #ifdef ENABLE_CAMELLIA
656 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1
,
657 GNUTLS_CIPHER_CAMELLIA_128_CBC
, GNUTLS_KX_RSA
,
658 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
659 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1
,
660 GNUTLS_CIPHER_CAMELLIA_256_CBC
, GNUTLS_KX_RSA
,
661 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
663 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256
,
664 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_RSA
,
665 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
),
666 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256
,
667 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_RSA
,
668 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
),
669 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RENEGO_PROTECTION_REQUEST
,
670 GNUTLS_CIPHER_UNKNOWN
, GNUTLS_KX_UNKNOWN
,
671 GNUTLS_MAC_UNKNOWN
, GNUTLS_SSL3
),
672 {0, {{0, 0}}, 0, 0, 0, 0}
675 #define GNUTLS_CIPHER_SUITE_LOOP(b) \
676 const gnutls_cipher_suite_entry *p; \
677 for(p = cs_algorithms; p->name != NULL; p++) { b ; }
679 #define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \
680 GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } )
684 /* Generic Functions */
687 _gnutls_mac_priority (gnutls_session_t session
,
688 gnutls_mac_algorithm_t algorithm
)
689 { /* actually returns the priority */
691 for (i
= 0; i
< session
->internals
.priorities
.mac
.algorithms
; i
++)
693 if (session
->internals
.priorities
.mac
.priority
[i
] == algorithm
)
700 * gnutls_mac_get_name - Returns a string with the name of the specified mac algorithm
701 * @algorithm: is a MAC algorithm
703 * Convert a #gnutls_mac_algorithm_t value to a string.
705 * Returns: a string that contains the name of the specified MAC
706 * algorithm, or %NULL.
709 gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm
)
711 const char *ret
= NULL
;
714 GNUTLS_HASH_ALG_LOOP (ret
= p
->name
);
720 * gnutls_mac_get_id - Returns the gnutls id of the specified in string algorithm
721 * @name: is a MAC algorithm name
723 * Convert a string to a #gnutls_mac_algorithm_t value. The names are
724 * compared in a case insensitive way.
726 * Returns: a #gnutls_mac_algorithm_t id of the specified MAC
727 * algorithm string, or %GNUTLS_MAC_UNKNOWN on failures.
729 gnutls_mac_algorithm_t
730 gnutls_mac_get_id (const char *name
)
732 gnutls_mac_algorithm_t ret
= GNUTLS_MAC_UNKNOWN
;
734 GNUTLS_HASH_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
740 * gnutls_mac_get_key_size - Returns the length of the MAC's key size
741 * @algorithm: is an encryption algorithm
743 * Get size of MAC key.
745 * Returns: length (in bytes) of the given MAC key size, or 0 if the
746 * given MAC algorithm is invalid.
749 gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm
)
754 GNUTLS_HASH_ALG_LOOP (ret
= p
->key_size
);
760 * gnutls_mac_list - Get a list of supported MAC algorithms
762 * Get a list of hash algorithms for use as MACs. Note that not
763 * necessarily all MACs are supported in TLS cipher suites. For
764 * example, MD2 is not supported as a cipher suite, but is supported
765 * for other purposes (e.g., X.509 signature verification or similar).
767 * Returns: Return a zero-terminated list of #gnutls_mac_algorithm_t
768 * integers indicating the available MACs.
770 const gnutls_mac_algorithm_t
*
771 gnutls_mac_list (void)
773 return supported_macs
;
777 _gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm
)
779 const char *ret
= NULL
;
782 GNUTLS_HASH_ALG_LOOP (ret
= p
->oid
);
787 gnutls_mac_algorithm_t
788 _gnutls_x509_oid2mac_algorithm (const char *oid
)
790 gnutls_mac_algorithm_t ret
= 0;
792 GNUTLS_HASH_LOOP (if (p
->oid
&& strcmp (oid
, p
->oid
) == 0)
798 return GNUTLS_MAC_UNKNOWN
;
804 _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm
)
807 GNUTLS_HASH_ALG_LOOP (ret
= p
->id
);
815 /* CIPHER functions */
817 gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm
)
820 GNUTLS_ALG_LOOP (ret
= p
->blocksize
);
825 /* returns the priority */
827 _gnutls_cipher_priority (gnutls_session_t session
,
828 gnutls_cipher_algorithm_t algorithm
)
831 for (i
= 0; i
< session
->internals
.priorities
.cipher
.algorithms
; i
++)
833 if (session
->internals
.priorities
.cipher
.priority
[i
] == algorithm
)
841 _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm
)
845 GNUTLS_ALG_LOOP (ret
= p
->block
);
851 * gnutls_cipher_get_key_size - Returns the length of the cipher's key size
852 * @algorithm: is an encryption algorithm
854 * Get key size for cipher.
856 * Returns: length (in bytes) of the given cipher's key size, or 0 if
857 * the given cipher is invalid.
860 gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm
)
863 GNUTLS_ALG_LOOP (ret
= p
->keysize
);
869 _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm
)
872 GNUTLS_ALG_LOOP (ret
= p
->iv
);
878 _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm
)
881 GNUTLS_ALG_LOOP (ret
= p
->export_flag
);
887 * gnutls_cipher_get_name - Returns a string with the name of the specified cipher algorithm
888 * @algorithm: is an encryption algorithm
890 * Convert a #gnutls_cipher_algorithm_t type to a string.
892 * Returns: a pointer to a string that contains the name of the
893 * specified cipher, or %NULL.
896 gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm
)
898 const char *ret
= NULL
;
901 GNUTLS_ALG_LOOP (ret
= p
->name
);
907 * gnutls_cipher_get_id - Returns the gnutls id of the specified in string algorithm
908 * @name: is a MAC algorithm name
910 * The names are compared in a case insensitive way.
912 * Returns: return a #gnutls_cipher_algorithm_t value corresponding to
913 * the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error.
915 gnutls_cipher_algorithm_t
916 gnutls_cipher_get_id (const char *name
)
918 gnutls_cipher_algorithm_t ret
= GNUTLS_CIPHER_UNKNOWN
;
920 GNUTLS_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
926 * gnutls_cipher_list - Get a list of supported ciphers
928 * Get a list of supported cipher algorithms. Note that not
929 * necessarily all ciphers are supported as TLS cipher suites. For
930 * example, DES is not supported as a cipher suite, but is supported
931 * for other purposes (e.g., PKCS#8 or similar).
933 * Returns: a zero-terminated list of #gnutls_cipher_algorithm_t
934 * integers indicating the available ciphers.
937 const gnutls_cipher_algorithm_t
*
938 gnutls_cipher_list (void)
940 return supported_ciphers
;
944 _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm
)
947 GNUTLS_ALG_LOOP (ret
= p
->id
);
955 /* Key EXCHANGE functions */
957 _gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm
)
959 mod_auth_st
*ret
= NULL
;
960 GNUTLS_KX_ALG_LOOP (ret
= p
->auth_struct
);
967 _gnutls_kx_priority (gnutls_session_t session
,
968 gnutls_kx_algorithm_t algorithm
)
971 for (i
= 0; i
< session
->internals
.priorities
.kx
.algorithms
; i
++)
973 if (session
->internals
.priorities
.kx
.priority
[i
] == algorithm
)
980 * gnutls_kx_get_name - Returns a string with the name of the specified key exchange algorithm
981 * @algorithm: is a key exchange algorithm
983 * Convert a #gnutls_kx_algorithm_t value to a string.
985 * Returns: a pointer to a string that contains the name of the
986 * specified key exchange algorithm, or %NULL.
989 gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm
)
991 const char *ret
= NULL
;
994 GNUTLS_KX_ALG_LOOP (ret
= p
->name
);
1000 * gnutls_kx_get_id - Returns the gnutls id of the specified in string algorithm
1001 * @name: is a KX name
1003 * Convert a string to a #gnutls_kx_algorithm_t value. The names are
1004 * compared in a case insensitive way.
1006 * Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN
1009 gnutls_kx_algorithm_t
1010 gnutls_kx_get_id (const char *name
)
1012 gnutls_cipher_algorithm_t ret
= GNUTLS_KX_UNKNOWN
;
1014 GNUTLS_KX_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->algorithm
);
1020 * gnutls_kx_list - Get a list of supported key exchange methods
1022 * Get a list of supported key exchange algorithms.
1024 * Returns: a zero-terminated list of #gnutls_kx_algorithm_t integers
1025 * indicating the available key exchange algorithms.
1027 const gnutls_kx_algorithm_t
*
1028 gnutls_kx_list (void)
1030 return supported_kxs
;
1034 _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm
)
1037 GNUTLS_KX_ALG_LOOP (ret
= p
->algorithm
);
1046 _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm
)
1049 GNUTLS_KX_ALG_LOOP (ret
= p
->needs_rsa_params
);
1054 _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm
)
1057 GNUTLS_KX_ALG_LOOP (ret
= p
->needs_dh_params
);
1064 _gnutls_version_priority (gnutls_session_t session
, gnutls_protocol_t version
)
1065 { /* actually returns the priority */
1068 for (i
= 0; i
< session
->internals
.priorities
.protocol
.algorithms
; i
++)
1070 if (session
->internals
.priorities
.protocol
.priority
[i
] == version
)
1077 _gnutls_version_lowest (gnutls_session_t session
)
1078 { /* returns the lowest version supported */
1079 unsigned int i
, min
= 0xff;
1081 for (i
= 0; i
< session
->internals
.priorities
.protocol
.algorithms
; i
++)
1083 if (session
->internals
.priorities
.protocol
.priority
[i
] < min
)
1084 min
= session
->internals
.priorities
.protocol
.priority
[i
];
1088 return GNUTLS_VERSION_UNKNOWN
; /* unknown version */
1094 _gnutls_version_max (gnutls_session_t session
)
1095 { /* returns the maximum version supported */
1096 unsigned int i
, max
= 0x00;
1098 for (i
= 0; i
< session
->internals
.priorities
.protocol
.algorithms
; i
++)
1100 if (session
->internals
.priorities
.protocol
.priority
[i
] > max
)
1101 max
= session
->internals
.priorities
.protocol
.priority
[i
];
1105 return GNUTLS_VERSION_UNKNOWN
; /* unknown version */
1112 * gnutls_protocol_get_name - Returns a string with the name of the specified SSL/TLS version
1113 * @version: is a (gnutls) version number
1115 * Convert a #gnutls_protocol_t value to a string.
1117 * Returns: a string that contains the name of the specified TLS
1118 * version (e.g., "TLS1.0"), or %NULL.
1121 gnutls_protocol_get_name (gnutls_protocol_t version
)
1123 const char *ret
= NULL
;
1126 GNUTLS_VERSION_ALG_LOOP (ret
= p
->name
);
1131 * gnutls_protocol_get_id - Returns the gnutls id of the specified in string protocol
1132 * @name: is a protocol name
1134 * The names are compared in a case insensitive way.
1136 * Returns: an id of the specified protocol, or
1137 * %GNUTLS_VERSION_UNKNOWN on error.
1140 gnutls_protocol_get_id (const char *name
)
1142 gnutls_protocol_t ret
= GNUTLS_VERSION_UNKNOWN
;
1144 GNUTLS_VERSION_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
1150 * gnutls_protocol_list - Get a list of supported protocols
1152 * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
1154 * Returns: a zero-terminated list of #gnutls_protocol_t integers
1155 * indicating the available protocols.
1158 const gnutls_protocol_t
*
1159 gnutls_protocol_list (void)
1161 return supported_protocols
;
1165 _gnutls_version_get_minor (gnutls_protocol_t version
)
1169 GNUTLS_VERSION_ALG_LOOP (ret
= p
->minor
);
1174 _gnutls_version_get (int major
, int minor
)
1178 GNUTLS_VERSION_LOOP (if ((p
->major
== major
) && (p
->minor
== minor
))
1184 _gnutls_version_get_major (gnutls_protocol_t version
)
1188 GNUTLS_VERSION_ALG_LOOP (ret
= p
->major
);
1192 /* Version Functions */
1195 _gnutls_version_is_supported (gnutls_session_t session
,
1196 const gnutls_protocol_t version
)
1200 GNUTLS_VERSION_ALG_LOOP (ret
= p
->supported
);
1204 if (_gnutls_version_priority (session
, version
) < 0)
1205 return 0; /* disabled by the user */
1211 /* This function determines if the version specified has a
1212 cipher-suite selected PRF hash function instead of the old
1213 hardcoded MD5+SHA1. */
1215 _gnutls_version_has_selectable_prf (gnutls_protocol_t version
)
1217 return version
== GNUTLS_TLS1_2
;
1220 /* This function determines if the version specified has selectable
1221 signature/hash functions for certificate authentification. */
1223 _gnutls_version_has_selectable_sighash (gnutls_protocol_t version
)
1225 return version
== GNUTLS_TLS1_2
;
1228 /* This function determines if the version specified has support for
1231 _gnutls_version_has_extensions (gnutls_protocol_t version
)
1244 /* This function determines if the version specified has explicit IVs
1245 (for CBC attack prevention). */
1247 _gnutls_version_has_explicit_iv (gnutls_protocol_t version
)
1259 /* This function determines if the version specified can have
1260 non-minimal padding. */
1262 _gnutls_version_has_variable_padding (gnutls_protocol_t version
)
1275 /* Type to KX mappings */
1276 gnutls_kx_algorithm_t
1277 _gnutls_map_kx_get_kx (gnutls_credentials_type_t type
, int server
)
1279 gnutls_kx_algorithm_t ret
= -1;
1283 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret
= p
->algorithm
);
1287 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret
= p
->algorithm
);
1292 gnutls_credentials_type_t
1293 _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm
, int server
)
1295 gnutls_credentials_type_t ret
= -1;
1298 GNUTLS_KX_MAP_LOOP (if (p
->algorithm
== algorithm
) ret
=
1303 GNUTLS_KX_MAP_LOOP (if (p
->algorithm
== algorithm
) ret
=
1311 /* Cipher Suite's functions */
1312 gnutls_cipher_algorithm_t
1313 _gnutls_cipher_suite_get_cipher_algo (const cipher_suite_st
* suite
)
1316 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->block_algorithm
);
1321 _gnutls_cipher_suite_get_version (const cipher_suite_st
* suite
)
1324 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->version
);
1328 gnutls_kx_algorithm_t
1329 _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st
* suite
)
1333 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->kx_algorithm
);
1338 gnutls_mac_algorithm_t
1339 _gnutls_cipher_suite_get_mac_algo (const cipher_suite_st
* suite
)
1342 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->mac_algorithm
);
1348 _gnutls_cipher_suite_get_name (cipher_suite_st
* suite
)
1350 const char *ret
= NULL
;
1353 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->name
+ sizeof ("GNUTLS_") - 1);
1359 * gnutls_cipher_suite_get_name - get name of the specified cipher suite
1360 * @kx_algorithm: is a Key exchange algorithm
1361 * @cipher_algorithm: is a cipher algorithm
1362 * @mac_algorithm: is a MAC algorithm
1364 * Note that the full cipher suite name must be prepended by TLS or
1365 * SSL depending of the protocol in use.
1367 * Returns: a string that contains the name of a TLS cipher suite,
1368 * specified by the given algorithms, or %NULL.
1371 gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm
,
1372 gnutls_cipher_algorithm_t cipher_algorithm
,
1373 gnutls_mac_algorithm_t mac_algorithm
)
1375 const char *ret
= NULL
;
1378 GNUTLS_CIPHER_SUITE_LOOP (if (kx_algorithm
== p
->kx_algorithm
&&
1379 cipher_algorithm
== p
->block_algorithm
&&
1380 mac_algorithm
== p
->mac_algorithm
)
1381 ret
= p
->name
+ sizeof ("GNUTLS_") - 1);
1387 * gnutls_cipher_suite_info:
1388 * @idx: index of cipher suite to get information about, starts on 0.
1389 * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
1390 * @kx: output variable indicating key exchange algorithm, or %NULL.
1391 * @cipher: output variable indicating cipher, or %NULL.
1392 * @mac: output variable indicating MAC algorithm, or %NULL.
1393 * @version: output variable indicating TLS protocol version, or %NULL.
1395 * Get information about supported cipher suites. Use the function
1396 * iteratively to get information about all supported cipher suites.
1397 * Call with idx=0 to get information about first cipher suite, then
1398 * idx=1 and so on until the function returns NULL.
1400 * Returns: the name of @idx cipher suite, and set the information
1401 * about the cipher suite in the output variables. If @idx is out of
1402 * bounds, %NULL is returned.
1405 gnutls_cipher_suite_info (size_t idx
,
1407 gnutls_kx_algorithm_t
* kx
,
1408 gnutls_cipher_algorithm_t
* cipher
,
1409 gnutls_mac_algorithm_t
* mac
,
1410 gnutls_protocol_t
* version
)
1412 if (idx
>= CIPHER_SUITES_COUNT
)
1416 memcpy (cs_id
, cs_algorithms
[idx
].id
.suite
, 2);
1418 *kx
= cs_algorithms
[idx
].kx_algorithm
;
1420 *cipher
= cs_algorithms
[idx
].block_algorithm
;
1422 *mac
= cs_algorithms
[idx
].mac_algorithm
;
1424 *version
= cs_algorithms
[idx
].version
;
1426 return cs_algorithms
[idx
].name
+ sizeof ("GNU") - 1;
1431 _gnutls_cipher_suite_is_ok (cipher_suite_st
* suite
)
1434 const char *name
= NULL
;
1436 GNUTLS_CIPHER_SUITE_ALG_LOOP (name
= p
->name
);
1445 #define SWAP(x, y) memcpy(tmp,x,size); \
1449 #define MAX_ELEM_SIZE 4
1451 _gnutls_partition (gnutls_session_t session
, void *_base
,
1452 size_t nmemb
, size_t size
,
1453 int (*compar
) (gnutls_session_t
,
1454 const void *, const void *))
1456 uint8_t *base
= _base
;
1457 uint8_t tmp
[MAX_ELEM_SIZE
];
1458 uint8_t ptmp
[MAX_ELEM_SIZE
];
1464 j
= full
= (nmemb
- 1) * size
;
1466 memcpy (ptmp
, &base
[0], size
); /* set pivot item */
1470 while ((compar (session
, &base
[i
], ptmp
) <= 0) && (i
< full
))
1474 while ((compar (session
, &base
[j
], ptmp
) >= 0) && (j
> 0))
1479 SWAP (&base
[j
], &base
[i
]);
1485 SWAP (&base
[pivot
], &base
[j
]);
1490 SWAP (&base
[pivot
], &base
[i
]);
1493 return pivot
/ size
;
1497 _gnutls_qsort (gnutls_session_t session
, void *_base
, size_t nmemb
,
1498 size_t size
, int (*compar
) (gnutls_session_t
, const void *,
1503 size_t snmemb
= nmemb
;
1506 if (size
> MAX_ELEM_SIZE
)
1509 _gnutls_debug_log ("QSORT BUG\n");
1516 pivot
= _gnutls_partition (session
, _base
, nmemb
, size
, compar
);
1518 _gnutls_qsort (session
, base
, pivot
< nmemb
? pivot
+ 1 : pivot
, size
,
1520 _gnutls_qsort (session
, &base
[(pivot
+ 1) * size
], nmemb
- pivot
- 1,
1525 /* a compare function for KX algorithms (using priorities).
1526 * For use with qsort
1529 _gnutls_compare_algo (gnutls_session_t session
, const void *i_A1
,
1532 gnutls_kx_algorithm_t kA1
=
1533 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st
*) i_A1
);
1534 gnutls_kx_algorithm_t kA2
=
1535 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st
*) i_A2
);
1536 gnutls_cipher_algorithm_t cA1
=
1537 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st
*) i_A1
);
1538 gnutls_cipher_algorithm_t cA2
=
1539 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st
*) i_A2
);
1540 gnutls_mac_algorithm_t mA1
=
1541 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st
*) i_A1
);
1542 gnutls_mac_algorithm_t mA2
=
1543 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st
*) i_A2
);
1545 int p1
= (_gnutls_kx_priority (session
, kA1
) + 1) * 64;
1546 int p2
= (_gnutls_kx_priority (session
, kA2
) + 1) * 64;
1547 p1
+= (_gnutls_cipher_priority (session
, cA1
) + 1) * 8;
1548 p2
+= (_gnutls_cipher_priority (session
, cA2
) + 1) * 8;
1549 p1
+= _gnutls_mac_priority (session
, mA1
);
1550 p2
+= _gnutls_mac_priority (session
, mA2
);
1568 _gnutls_bsort (gnutls_session_t session
, void *_base
, size_t nmemb
,
1569 size_t size
, int (*compar
) (gnutls_session_t
, const void *,
1573 int full
= nmemb
* size
;
1575 char tmp
[MAX_ELEM_SIZE
];
1577 for (i
= 0; i
< full
; i
+= size
)
1579 for (j
= 0; j
< full
; j
+= size
)
1581 if (compar (session
, &base
[i
], &base
[j
]) < 0)
1583 SWAP (&base
[j
], &base
[i
]);
1592 _gnutls_supported_ciphersuites_sorted (gnutls_session_t session
,
1593 cipher_suite_st
** ciphers
)
1601 count
= _gnutls_supported_ciphersuites (session
, ciphers
);
1608 _gnutls_debug_log ("Unsorted: \n");
1609 for (i
= 0; i
< count
; i
++)
1610 _gnutls_debug_log ("\t%d: %s\n", i
,
1611 _gnutls_cipher_suite_get_name ((*ciphers
)[i
]));
1614 _gnutls_qsort (session
, *ciphers
, count
,
1615 sizeof (cipher_suite_st
), _gnutls_compare_algo
);
1618 _gnutls_debug_log ("Sorted: \n");
1619 for (i
= 0; i
< count
; i
++)
1620 _gnutls_debug_log ("\t%d: %s\n", i
,
1621 _gnutls_cipher_suite_get_name ((*ciphers
)[i
]));
1628 _gnutls_supported_ciphersuites (gnutls_session_t session
,
1629 cipher_suite_st
** _ciphers
)
1632 unsigned int i
, ret_count
, j
;
1633 unsigned int count
= CIPHER_SUITES_COUNT
;
1634 cipher_suite_st
*tmp_ciphers
;
1635 cipher_suite_st
*ciphers
;
1636 gnutls_protocol_t version
;
1643 tmp_ciphers
= gnutls_malloc (count
* sizeof (cipher_suite_st
));
1644 if (tmp_ciphers
== NULL
)
1645 return GNUTLS_E_MEMORY_ERROR
;
1647 ciphers
= gnutls_malloc (count
* sizeof (cipher_suite_st
));
1648 if (ciphers
== NULL
)
1650 gnutls_free (tmp_ciphers
);
1651 return GNUTLS_E_MEMORY_ERROR
;
1654 version
= gnutls_protocol_get_version (session
);
1656 for (i
= 0; i
< count
; i
++)
1658 memcpy (&tmp_ciphers
[i
], &cs_algorithms
[i
].id
,
1659 sizeof (cipher_suite_st
));
1662 for (i
= j
= 0; i
< count
; i
++)
1664 /* remove private cipher suites, if requested.
1666 if (tmp_ciphers
[i
].suite
[0] == 0xFF &&
1667 session
->internals
.enable_private
== 0)
1670 /* remove cipher suites which do not support the
1671 * protocol version used.
1673 if (_gnutls_cipher_suite_get_version (&tmp_ciphers
[i
]) > version
)
1676 if (_gnutls_kx_priority
1677 (session
, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers
[i
])) < 0)
1679 if (_gnutls_mac_priority
1680 (session
, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers
[i
])) < 0)
1682 if (_gnutls_cipher_priority
1684 _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers
[i
])) < 0)
1687 memcpy (&ciphers
[j
], &tmp_ciphers
[i
], sizeof (cipher_suite_st
));
1693 #if 0 /* expensive */
1694 if (ret_count
> 0 && ret_count
!= count
)
1697 gnutls_realloc_fast (ciphers
, ret_count
* sizeof (cipher_suite_st
));
1701 if (ret_count
!= count
)
1703 gnutls_free (ciphers
);
1709 gnutls_free (tmp_ciphers
);
1711 /* This function can no longer return 0 cipher suites.
1712 * It returns an error code instead.
1717 gnutls_free (ciphers
);
1718 return GNUTLS_E_NO_CIPHER_SUITES
;
1720 *_ciphers
= ciphers
;
1725 * gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type
1726 * @type: is a certificate type
1728 * Convert a #gnutls_certificate_type_t type to a string.
1730 * Returns: a string that contains the name of the specified
1731 * certificate type, or %NULL in case of unknown types.
1734 gnutls_certificate_type_get_name (gnutls_certificate_type_t type
)
1736 const char *ret
= NULL
;
1738 if (type
== GNUTLS_CRT_X509
)
1740 if (type
== GNUTLS_CRT_OPENPGP
)
1747 * gnutls_certificate_type_get_id - Returns the gnutls id of the specified in string type
1748 * @name: is a certificate type name
1750 * The names are compared in a case insensitive way.
1752 * Returns: a #gnutls_certificate_type_t for the specified in a
1753 * string certificate type, or %GNUTLS_CRT_UNKNOWN on error.
1755 gnutls_certificate_type_t
1756 gnutls_certificate_type_get_id (const char *name
)
1758 gnutls_certificate_type_t ret
= GNUTLS_CRT_UNKNOWN
;
1760 if (strcasecmp (name
, "X.509") == 0 || strcasecmp (name
, "X509") == 0)
1761 return GNUTLS_CRT_X509
;
1762 if (strcasecmp (name
, "OPENPGP") == 0)
1763 return GNUTLS_CRT_OPENPGP
;
1768 static const gnutls_certificate_type_t supported_certificate_types
[] = {
1775 * gnutls_certificate_type_list - Get a list of supported certificate types
1777 * Get a list of certificate types. Note that to be able to use
1778 * OpenPGP certificates, you must link to libgnutls-extra and call
1779 * gnutls_global_init_extra().
1781 * Returns: a zero-terminated list of #gnutls_certificate_type_t
1782 * integers indicating the available certificate types.
1784 const gnutls_certificate_type_t
*
1785 gnutls_certificate_type_list (void)
1787 return supported_certificate_types
;
1790 /* returns the gnutls_pk_algorithm_t which is compatible with
1791 * the given gnutls_kx_algorithm_t.
1793 gnutls_pk_algorithm_t
1794 _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm
)
1796 gnutls_pk_algorithm_t ret
= -1;
1798 GNUTLS_PK_MAP_ALG_LOOP (ret
= p
->pk_algorithm
) return ret
;
1801 /* Returns the encipher type for the given key exchange algorithm.
1802 * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN.
1804 * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
1807 _gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm
)
1809 int ret
= CIPHER_IGN
;
1810 GNUTLS_PK_MAP_ALG_LOOP (ret
= p
->encipher_type
) return ret
;
1814 /* signature algorithms;
1816 struct gnutls_sign_entry
1820 gnutls_sign_algorithm_t id
;
1821 gnutls_pk_algorithm_t pk
;
1822 gnutls_mac_algorithm_t mac
;
1823 /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
1824 for values to use in aid struct. */
1825 sign_algorithm_st aid
;
1827 typedef struct gnutls_sign_entry gnutls_sign_entry
;
1829 #define TLS_SIGN_AID_UNKNOWN {255, 255}
1831 static const gnutls_sign_entry sign_algorithms
[] = {
1832 {"RSA-SHA1", SIG_RSA_SHA1_OID
, GNUTLS_SIGN_RSA_SHA1
, GNUTLS_PK_RSA
,
1833 GNUTLS_MAC_SHA1
, {2, 1}},
1834 {"RSA-SHA256", SIG_RSA_SHA256_OID
, GNUTLS_SIGN_RSA_SHA256
, GNUTLS_PK_RSA
,
1835 GNUTLS_MAC_SHA256
, {4, 1}},
1836 {"RSA-SHA384", SIG_RSA_SHA384_OID
, GNUTLS_SIGN_RSA_SHA384
, GNUTLS_PK_RSA
,
1837 GNUTLS_MAC_SHA384
, {5, 1}},
1838 {"RSA-SHA512", SIG_RSA_SHA512_OID
, GNUTLS_SIGN_RSA_SHA512
, GNUTLS_PK_RSA
,
1839 GNUTLS_MAC_SHA512
, {6, 1}},
1840 {"RSA-RMD160", SIG_RSA_RMD160_OID
, GNUTLS_SIGN_RSA_RMD160
, GNUTLS_PK_RSA
,
1841 GNUTLS_MAC_RMD160
, TLS_SIGN_AID_UNKNOWN
},
1842 {"DSA-SHA1", SIG_DSA_SHA1_OID
, GNUTLS_SIGN_DSA_SHA1
, GNUTLS_PK_DSA
,
1843 GNUTLS_MAC_SHA1
, {2, 2}},
1844 {"RSA-MD5", SIG_RSA_MD5_OID
, GNUTLS_SIGN_RSA_MD5
, GNUTLS_PK_RSA
,
1845 GNUTLS_MAC_MD5
, {1, 1}},
1846 {"RSA-MD2", SIG_RSA_MD2_OID
, GNUTLS_SIGN_RSA_MD2
, GNUTLS_PK_RSA
,
1847 GNUTLS_MAC_MD2
, TLS_SIGN_AID_UNKNOWN
},
1848 {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID
, 0, 0, 0,
1849 TLS_SIGN_AID_UNKNOWN
},
1850 {"GOST R 34.10-94", SIG_GOST_R3410_94_OID
, 0, 0, 0, TLS_SIGN_AID_UNKNOWN
},
1851 {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN
}
1854 /* Keep the contents of this struct the same as the previous one. */
1855 static const gnutls_sign_algorithm_t supported_sign
[] = {
1856 GNUTLS_SIGN_RSA_SHA1
,
1857 GNUTLS_SIGN_RSA_SHA256
,
1858 GNUTLS_SIGN_RSA_SHA384
,
1859 GNUTLS_SIGN_RSA_SHA512
,
1860 GNUTLS_SIGN_RSA_RMD160
,
1861 GNUTLS_SIGN_DSA_SHA1
,
1862 GNUTLS_SIGN_RSA_MD5
,
1863 GNUTLS_SIGN_RSA_MD2
,
1867 #define GNUTLS_SIGN_LOOP(b) \
1869 const gnutls_sign_entry *p; \
1870 for(p = sign_algorithms; p->name != NULL; p++) { b ; } \
1873 #define GNUTLS_SIGN_ALG_LOOP(a) \
1874 GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
1877 * gnutls_sign_algorithm_get_name - Returns a string with the name of the specified sign algorithm
1878 * @sign: is a sign algorithm
1880 * Convert a #gnutls_sign_algorithm_t value to a string.
1882 * Returns: a string that contains the name of the specified sign
1883 * algorithm, or %NULL.
1886 gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign
)
1888 const char *ret
= NULL
;
1891 GNUTLS_SIGN_ALG_LOOP (ret
= p
->name
);
1897 * gnutls_sign_list - Get a list of supported public key signature algorithms
1899 * Get a list of supported public key signature algorithms.
1901 * Returns: a zero-terminated list of #gnutls_sign_algorithm_t
1902 * integers indicating the available ciphers.
1905 const gnutls_sign_algorithm_t
*
1906 gnutls_sign_list (void)
1908 return supported_sign
;
1912 * gnutls_sign_get_id - Returns the gnutls id of the specified in signature algorithm
1913 * @name: is a MAC algorithm name
1915 * The names are compared in a case insensitive way.
1917 * Returns: return a #gnutls_sign_algorithm_t value corresponding to
1918 * the specified cipher, or %GNUTLS_SIGN_UNKNOWN on error.
1920 gnutls_sign_algorithm_t
1921 gnutls_sign_get_id (const char *name
)
1923 gnutls_sign_algorithm_t ret
= GNUTLS_SIGN_UNKNOWN
;
1925 GNUTLS_SIGN_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
1932 * gnutls_sign_get_name - Get name string for a #gnutls_sign_algorithm_t
1933 * @algorithm: is a public key signature algorithm
1935 * Convert a #gnutls_sign_algorithm_t value to a string.
1937 * Returns: a pointer to a string that contains the name of the
1938 * specified public key signature algorithm, or %NULL.
1943 gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm
)
1945 const char *ret
= "SIGN_UNKNOWN";
1947 GNUTLS_SIGN_LOOP (if (p
->id
== algorithm
) ret
= p
->name
);
1952 gnutls_sign_algorithm_t
1953 _gnutls_x509_oid2sign_algorithm (const char *oid
)
1955 gnutls_sign_algorithm_t ret
= 0;
1957 GNUTLS_SIGN_LOOP (if (strcmp (oid
, p
->oid
) == 0)
1959 ret
= p
->id
; break;}
1964 _gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid
);
1965 return GNUTLS_SIGN_UNKNOWN
;
1970 gnutls_sign_algorithm_t
1971 _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk
, gnutls_mac_algorithm_t mac
)
1973 gnutls_sign_algorithm_t ret
= 0;
1975 GNUTLS_SIGN_LOOP (if (pk
== p
->pk
&& mac
== p
->mac
)
1977 ret
= p
->id
; break;}
1981 return GNUTLS_SIGN_UNKNOWN
;
1986 _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk
,
1987 gnutls_mac_algorithm_t mac
)
1989 gnutls_sign_algorithm_t sign
;
1990 const char *ret
= NULL
;
1992 sign
= _gnutls_x509_pk_to_sign (pk
, mac
);
1993 if (sign
== GNUTLS_SIGN_UNKNOWN
)
1996 GNUTLS_SIGN_ALG_LOOP (ret
= p
->oid
);
2000 gnutls_mac_algorithm_t
2001 _gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign
)
2003 gnutls_mac_algorithm_t ret
= GNUTLS_DIG_UNKNOWN
;
2005 GNUTLS_SIGN_ALG_LOOP (ret
= p
->mac
);
2010 gnutls_pk_algorithm_t
2011 _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign
)
2013 gnutls_pk_algorithm_t ret
= GNUTLS_PK_UNKNOWN
;
2015 GNUTLS_SIGN_ALG_LOOP (ret
= p
->pk
);
2020 gnutls_sign_algorithm_t
2021 _gnutls_tls_aid_to_sign (const sign_algorithm_st
* aid
)
2023 gnutls_sign_algorithm_t ret
= GNUTLS_SIGN_UNKNOWN
;
2025 GNUTLS_SIGN_LOOP (if (p
->aid
.hash_algorithm
== aid
->hash_algorithm
2026 && p
->aid
.sign_algorithm
== aid
->sign_algorithm
)
2028 ret
= p
->id
; break;}
2035 _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign
)
2037 sign_algorithm_st ret
= TLS_SIGN_AID_UNKNOWN
;
2039 GNUTLS_SIGN_ALG_LOOP (ret
= p
->aid
);
2048 struct gnutls_pk_entry
2052 gnutls_pk_algorithm_t id
;
2054 typedef struct gnutls_pk_entry gnutls_pk_entry
;
2056 static const gnutls_pk_entry pk_algorithms
[] = {
2057 {"RSA", PK_PKIX1_RSA_OID
, GNUTLS_PK_RSA
},
2058 {"DSA", PK_DSA_OID
, GNUTLS_PK_DSA
},
2059 {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID
, 0},
2060 {"GOST R 34.10-94", PK_GOST_R3410_94_OID
, 0},
2065 * gnutls_pk_algorithm_get_name - Get string with name of public key algorithm
2066 * @algorithm: is a pk algorithm
2068 * Convert a #gnutls_pk_algorithm_t value to a string.
2070 * Returns: a string that contains the name of the specified public
2071 * key algorithm, or %NULL.
2074 gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm
)
2076 const char *ret
= NULL
;
2077 const gnutls_pk_entry
*p
;
2079 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2080 if (p
->id
&& p
->id
== algorithm
)
2090 * gnutls_pk_list - Get a list of supported public key algorithms
2092 * Get a list of supported public key algorithms.
2094 * Returns: a zero-terminated list of #gnutls_pk_algorithm_t integers
2095 * indicating the available ciphers.
2099 const gnutls_pk_algorithm_t
*
2100 gnutls_pk_list (void)
2102 static const gnutls_pk_algorithm_t supported_pks
[] = {
2108 return supported_pks
;
2112 * gnutls_pk_get_id - Get #gnutls_pk_algorithm_t from a string
2113 * @name: is a string containing a public key algorithm name.
2115 * Convert a string to a #gnutls_pk_algorithm_t value. The names are
2116 * compared in a case insensitive way. For example,
2117 * gnutls_pk_get_id("RSA") will return %GNUTLS_PK_RSA.
2119 * Returns: a #gnutls_pk_algorithm_t id of the specified public key
2120 * algorithm string, or %GNUTLS_PK_UNKNOWN on failures.
2124 gnutls_pk_algorithm_t
2125 gnutls_pk_get_id (const char *name
)
2127 if (strcasecmp (name
, "RSA") == 0)
2128 return GNUTLS_PK_RSA
;
2129 else if (strcasecmp (name
, "DSA") == 0)
2130 return GNUTLS_PK_DSA
;
2132 return GNUTLS_PK_UNKNOWN
;
2136 * gnutls_pk_get_name - Get name string with #gnutls_pk_algorithm_t algorithm
2137 * @algorithm: is a public key algorithm
2139 * Convert a #gnutls_pk_algorithm_t value to a string.
2141 * Returns: a pointer to a string that contains the name of the
2142 * specified public key algorithm, or %NULL.
2147 gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm
)
2162 case GNUTLS_PK_UNKNOWN
:
2170 gnutls_pk_algorithm_t
2171 _gnutls_x509_oid2pk_algorithm (const char *oid
)
2173 gnutls_pk_algorithm_t ret
= GNUTLS_PK_UNKNOWN
;
2174 const gnutls_pk_entry
*p
;
2176 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2177 if (strcmp (p
->oid
, oid
) == 0)
2187 _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm
)
2189 const char *ret
= NULL
;
2190 const gnutls_pk_entry
*p
;
2192 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2193 if (p
->id
== algorithm
)