search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
minor doc and comment fixes
[gnutls.git] / lib / algorithms / protocols.c
blobe59c8fd30d0791b9475599f664600dd0bf7683cf
1 /*
2 * Copyright (C) 2011 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #include <gnutls_int.h>
24 #include <algorithms.h>
25 #include <gnutls_errors.h>
26 #include <x509/common.h>
27
28
29 /* TLS Versions */
30
31 typedef struct
32 {
33 const char *name;
34 gnutls_protocol_t id; /* gnutls internal version number */
35 int major; /* defined by the protocol */
36 int minor; /* defined by the protocol */
37 transport_t transport; /* Type of transport, stream or datagram */
38 int supported; /* 0 not supported, > 0 is supported */
39 } gnutls_version_entry;
40
41 static const gnutls_version_entry sup_versions[] = {
42 {"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1},
43 {"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1},
44 {"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1},
45 {"TLS1.2", GNUTLS_TLS1_2, 3, 3, GNUTLS_STREAM, 1},
46 {"DTLS1.0", GNUTLS_DTLS1_0, 254, 255, GNUTLS_DGRAM, 1}, /* 1.1 over datagram */
47 {0, 0, 0, 0, 0}
48 };
49
50 #define GNUTLS_VERSION_LOOP(b) \
51 const gnutls_version_entry *p; \
52 for(p = sup_versions; p->name != NULL; p++) { b ; }
53
54 #define GNUTLS_VERSION_ALG_LOOP(a) \
55 GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
56
57 /* Return the priority of the provided version number */
58 int
59 _gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
60 {
61 unsigned int i;
62
63 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
64 {
65 if (session->internals.priorities.protocol.priority[i] == version)
66 return i;
67 }
68 return -1;
69 }
70
71 /* Returns the lowest TLS version number in the priorities.
72 */
73 gnutls_protocol_t
74 _gnutls_version_lowest (gnutls_session_t session)
75 {
76 unsigned int i, min = 0xff;
77 gnutls_protocol_t cur_prot;
78
79 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
80 {
81 cur_prot = session->internals.priorities.protocol.priority[i];
82
83 if (cur_prot < min && _gnutls_version_is_supported(session, cur_prot))
84 min = cur_prot;
85 }
86
87 if (min == 0xff)
88 return GNUTLS_VERSION_UNKNOWN; /* unknown version */
89
90 return min;
91 }
92
93 /* Returns the maximum version in the priorities
94 */
95 gnutls_protocol_t
96 _gnutls_version_max (gnutls_session_t session)
97 {
98 unsigned int i, max = 0x00;
99 gnutls_protocol_t cur_prot;
100
101 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
102 {
103 cur_prot = session->internals.priorities.protocol.priority[i];
104
105 if (cur_prot > max && _gnutls_version_is_supported(session, cur_prot))
106 max = cur_prot;
107 }
108
109 if (max == 0x00)
110 return GNUTLS_VERSION_UNKNOWN; /* unknown version */
111
112 return max;
113 }
114
115
116 /**
117 * gnutls_protocol_get_name:
118 * @version: is a (gnutls) version number
119 *
120 * Convert a #gnutls_protocol_t value to a string.
121 *
122 * Returns: a string that contains the name of the specified TLS
123 * version (e.g., "TLS1.0"), or %NULL.
124 **/
125 const char *
126 gnutls_protocol_get_name (gnutls_protocol_t version)
127 {
128 const char *ret = NULL;
129
130 /* avoid prefix */
131 GNUTLS_VERSION_ALG_LOOP (ret = p->name);
132 return ret;
133 }
134
135 /**
136 * gnutls_protocol_get_id:
137 * @name: is a protocol name
138 *
139 * The names are compared in a case insensitive way.
140 *
141 * Returns: an id of the specified protocol, or
142 * %GNUTLS_VERSION_UNKNOWN on error.
143 **/
144 gnutls_protocol_t
145 gnutls_protocol_get_id (const char *name)
146 {
147 gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
148
149 GNUTLS_VERSION_LOOP (
150 if (strcasecmp (p->name, name) == 0)
151 {
152 ret = p->id;
153 break;
154 }
155 );
156
157 return ret;
158 }
159
160 /**
161 * gnutls_protocol_list:
162 *
163 * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
164 *
165 * This function is not thread safe.
166 *
167 * Returns: a (0)-terminated list of #gnutls_protocol_t integers
168 * indicating the available protocols.
169 *
170 **/
171 const gnutls_protocol_t *
172 gnutls_protocol_list (void)
173 {
174 static gnutls_protocol_t supported_protocols[MAX_ALGOS] = {0};
175
176 if (supported_protocols[0] == 0)
177 {
178 int i = 0;
179
180 GNUTLS_VERSION_LOOP (supported_protocols[i++]=p->id);
181 supported_protocols[i++]=0;
182 }
183
184 return supported_protocols;
185 }
186
187 int
188 _gnutls_version_get_minor (gnutls_protocol_t version)
189 {
190 int ret = -1;
191
192 GNUTLS_VERSION_ALG_LOOP (ret = p->minor);
193 return ret;
194 }
195
196 /* Returns a version number given the major and minor numbers.
197 */
198 gnutls_protocol_t
199 _gnutls_version_get (int major, int minor)
200 {
201 int ret = -1;
202
203 GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor))
204 ret = p->id);
205 return ret;
206 }
207
208 int
209 _gnutls_version_get_major (gnutls_protocol_t version)
210 {
211 int ret = -1;
212
213 GNUTLS_VERSION_ALG_LOOP (ret = p->major);
214 return ret;
215 }
216
217 /* Version Functions */
218
219 int
220 _gnutls_version_is_supported (gnutls_session_t session,
221 const gnutls_protocol_t version)
222 {
223 int ret = 0;
224
225 GNUTLS_VERSION_ALG_LOOP (ret = p->supported && p->transport == session->internals.transport);
226
227 if (ret == 0)
228 return 0;
229
230 if (_gnutls_version_priority (session, version) < 0)
231 return 0; /* disabled by the user */
232 else
233 return 1;
234 }
235
236
237 /* This function determines if the version specified has a
238 cipher-suite selected PRF hash function instead of the old
239 hardcoded MD5+SHA1. */
240 int
241 _gnutls_version_has_selectable_prf (gnutls_protocol_t version)
242 {
243 switch (version)
244 {
245 case GNUTLS_DTLS1_0:
246 case GNUTLS_TLS1_1:
247 case GNUTLS_TLS1_0:
248 case GNUTLS_SSL3:
249 return 0;
250 default:
251 return 1;
252 }
253 }
254
255 /* This function determines if the version specified has selectable
256 signature/hash functions for certificate authentification. */
257 int
258 _gnutls_version_has_selectable_sighash (gnutls_protocol_t version)
259 {
260 switch (version)
261 {
262 case GNUTLS_DTLS1_0:
263 case GNUTLS_TLS1_1:
264 case GNUTLS_TLS1_0:
265 case GNUTLS_SSL3:
266 return 0;
267 default:
268 return 1;
269 }
270 }
271
272 /* This function determines if the version specified has support for
273 TLS extensions. */
274 int
275 _gnutls_version_has_extensions (gnutls_protocol_t version)
276 {
277 switch (version)
278 {
279 case GNUTLS_SSL3:
280 return 0;
281 default:
282 /* Versions after TLS 1.0 are required to handle extensions.
283 * SSL 3.0 also required extensions to be ignored, but
284 * some earlier draft didn't.
285 */
286 return 1;
287 }
288 }
289
290 /* This function determines if the version specified has explicit IVs
291 (for CBC attack prevention). */
292 int
293 _gnutls_version_has_explicit_iv (gnutls_protocol_t version)
294 {
295 switch (version)
296 {
297 case GNUTLS_TLS1_0:
298 case GNUTLS_SSL3:
299 return 0;
300 default:
301 /* All versions after TLS 1.1 have explicit IV */
302 return 1;
303 }
304 }
305
Implementation of the SSL/TLS protocol