search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add gnutls_psk_client_get_hint function. Use it.
[gnutls.git] / src / common.c
blob13cf549a8f5adf7550ad63e199c9941ccf7b9676
1 /*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
3 * Author: Nikos Mavrogiannopoulos
4 *
5 * This file is part of GNUTLS.
6 *
7 * GNUTLS is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation, either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * GNUTLS is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include <config.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <gnutls/gnutls.h>
26 #include <gnutls/extra.h>
27 #include <gnutls/x509.h>
28 #include <gnutls/openpgp.h>
29 #include <time.h>
30 #include <common.h>
31
32 #define TEST_STRING
33
34 #define SU(x) (x!=NULL?x:"Unknown")
35
36 int print_cert;
37 extern int verbose;
38
39 static char buffer[5 * 1024];
40
41 #define PRINTX(x,y) if (y[0]!=0) printf(" # %s %s\n", x, y)
42 #define PRINT_PGP_NAME(X) PRINTX( "NAME:", name)
43
44 const char str_unknown[] = "(unknown)";
45
46 /* Hex encodes the given data.
47 */
48 const char *
49 raw_to_string (const unsigned char *raw, size_t raw_size)
50 {
51 static char buf[1024];
52 size_t i;
53 if (raw_size == 0)
54 return NULL;
55
56 if (raw_size * 3 + 1 >= sizeof (buf))
57 return NULL;
58
59 for (i = 0; i < raw_size; i++)
60 {
61 sprintf (&(buf[i * 3]), "%02X%s", raw[i],
62 (i == raw_size - 1) ? "" : ":");
63 }
64 buf[sizeof (buf) - 1] = '\0';
65
66 return buf;
67 }
68
69 static const char *
70 my_ctime (const time_t * tv)
71 {
72 static char buf[256];
73 struct tm *tp;
74
75 if (((tp = localtime (tv)) == NULL) ||
76 (!strftime (buf, sizeof buf, "%a %b %e %H:%M:%S %Z %Y\n", tp)))
77 strcpy (buf, str_unknown); /* make sure buf text isn't garbage */
78
79 return buf;
80
81 }
82
83
84 void
85 print_x509_info (gnutls_session_t session, const char *hostname)
86 {
87 gnutls_x509_crt_t crt;
88 const gnutls_datum_t *cert_list;
89 unsigned int cert_list_size = 0;
90 int ret;
91 char digest[20];
92 char serial[40];
93 char dn[256];
94 size_t dn_size;
95 size_t digest_size = sizeof (digest);
96 unsigned int j;
97 size_t serial_size = sizeof (serial);
98 const char *print;
99 const char *cstr;
100 unsigned int bits, algo;
101 time_t expiret, activet;
102
103 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
104
105
106 if (cert_list_size == 0)
107 {
108 fprintf (stderr, "No certificates found!\n");
109 return;
110 }
111
112 printf (" - Got a certificate list of %d certificates.\n\n",
113 cert_list_size);
114
115 for (j = 0; j < (unsigned int) cert_list_size; j++)
116 {
117
118 gnutls_x509_crt_init (&crt);
119 ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
120 if (ret < 0)
121 {
122 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
123 return;
124 }
125
126 printf (" - Certificate[%d] info:\n", j);
127
128 if (print_cert)
129 {
130 size_t size;
131
132 size = sizeof (buffer);
133
134 ret =
135 gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, buffer, &size);
136 if (ret < 0)
137 {
138 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
139 return;
140 }
141 fputs ("\n", stdout);
142 fputs (buffer, stdout);
143 fputs ("\n", stdout);
144 }
145
146 if (j == 0 && hostname != NULL)
147 { /* Check the hostname of the first certificate
148 * if it matches the name of the host we
149 * connected to.
150 */
151 if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
152 {
153 printf
154 (" # The hostname in the certificate does NOT match '%s'.\n",
155 hostname);
156 }
157 else
158 {
159 printf
160 (" # The hostname in the certificate matches '%s'.\n",
161 hostname);
162 }
163 }
164
165
166 expiret = gnutls_x509_crt_get_expiration_time (crt);
167 activet = gnutls_x509_crt_get_activation_time (crt);
168
169 printf (" # valid since: %s", my_ctime (&activet));
170 printf (" # expires at: %s", my_ctime (&expiret));
171
172
173 /* Print the serial number of the certificate.
174 */
175 if (verbose
176 && gnutls_x509_crt_get_serial (crt, serial, &serial_size) >= 0)
177 {
178 print = raw_to_string (serial, serial_size);
179 if (print != NULL)
180 printf (" # serial number: %s\n", print);
181 }
182
183 /* Print the fingerprint of the certificate
184 */
185 digest_size = sizeof (digest);
186 if ((ret =
187 gnutls_x509_crt_get_fingerprint (crt,
188 GNUTLS_DIG_MD5,
189 digest, &digest_size)) < 0)
190 {
191 fprintf (stderr,
192 "Error in fingerprint calculation: %s\n",
193 gnutls_strerror (ret));
194 }
195 else
196 {
197 print = raw_to_string (digest, digest_size);
198 if (print != NULL)
199 printf (" # fingerprint: %s\n", print);
200 }
201
202 /* Print the version of the X.509
203 * certificate.
204 */
205 if (verbose)
206 {
207 printf (" # version: #%d\n", gnutls_x509_crt_get_version (crt));
208
209 bits = 0;
210 algo = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
211 printf (" # public key algorithm: ");
212
213 cstr = SU (gnutls_pk_algorithm_get_name (algo));
214 printf ("%s (%d bits)\n", cstr, bits);
215
216 #ifdef ENABLE_PKI
217 if (algo == GNUTLS_PK_RSA)
218 {
219 gnutls_datum_t e, m;
220
221 ret = gnutls_x509_crt_get_pk_rsa_raw (crt, &m, &e);
222 if (ret >= 0)
223 {
224 print = SU (raw_to_string (e.data, e.size));
225 printf (" # e [%d bits]: %s\n", e.size * 8, print);
226
227 print = SU (raw_to_string (m.data, m.size));
228 printf (" # m [%d bits]: %s\n", m.size * 8, print);
229
230 gnutls_free (e.data);
231 gnutls_free (m.data);
232 }
233 }
234 else if (algo == GNUTLS_PK_DSA)
235 {
236 gnutls_datum_t p, q, g, y;
237
238 ret = gnutls_x509_crt_get_pk_dsa_raw (crt, &p, &q, &g, &y);
239 if (ret >= 0)
240 {
241 print = SU (raw_to_string (p.data, p.size));
242 printf (" # p [%d bits]: %s\n", p.size * 8, print);
243
244 print = SU (raw_to_string (q.data, q.size));
245 printf (" # q [%d bits]: %s\n", q.size * 8, print);
246
247 print = SU (raw_to_string (g.data, g.size));
248 printf (" # g [%d bits]: %s\n", g.size * 8, print);
249
250 print = SU (raw_to_string (y.data, y.size));
251 printf (" # y [%d bits]: %s\n", y.size * 8, print);
252
253 gnutls_free (p.data);
254 gnutls_free (q.data);
255 gnutls_free (g.data);
256 gnutls_free (y.data);
257 }
258 }
259 #endif
260 }
261
262 dn_size = sizeof (dn);
263 ret = gnutls_x509_crt_get_dn (crt, dn, &dn_size);
264 if (ret >= 0)
265 printf (" # Subject's DN: %s\n", dn);
266
267 dn_size = sizeof (dn);
268 ret = gnutls_x509_crt_get_issuer_dn (crt, dn, &dn_size);
269 if (ret >= 0)
270 printf (" # Issuer's DN: %s\n", dn);
271
272 gnutls_x509_crt_deinit (crt);
273
274 printf ("\n");
275
276 }
277
278 }
279
280 #ifdef ENABLE_OPENPGP
281
282 void
283 print_openpgp_info (gnutls_session_t session, const char *hostname)
284 {
285
286 char digest[20];
287 size_t digest_size = sizeof (digest);
288 int ret;
289 const char *print;
290 const char *cstr;
291 char name[256];
292 size_t name_len = sizeof (name);
293 gnutls_openpgp_crt_t crt;
294 const gnutls_datum_t *cert_list;
295 int cert_list_size = 0;
296 time_t expiret;
297 time_t activet;
298
299 cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
300
301 if (cert_list_size > 0)
302 {
303 unsigned int algo, bits;
304
305 gnutls_openpgp_crt_init (&crt);
306 ret =
307 gnutls_openpgp_crt_import (crt, &cert_list[0],
308 GNUTLS_OPENPGP_FMT_RAW);
309 if (ret < 0)
310 {
311 fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
312 return;
313 }
314
315 if (print_cert)
316 {
317 size_t size;
318
319 size = sizeof (buffer);
320
321 ret =
322 gnutls_openpgp_crt_export (crt,
323 GNUTLS_OPENPGP_FMT_BASE64,
324 buffer, &size);
325 if (ret < 0)
326 {
327 fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
328 return;
329 }
330 fputs ("\n", stdout);
331 fputs (buffer, stdout);
332 fputs ("\n", stdout);
333 }
334
335 if (hostname != NULL)
336 { /* Check the hostname of the first certificate
337 * if it matches the name of the host we
338 * connected to.
339 */
340 if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
341 {
342 printf
343 (" # The hostname in the key does NOT match '%s'.\n",
344 hostname);
345 }
346 else
347 {
348 printf (" # The hostname in the key matches '%s'.\n", hostname);
349 }
350 }
351
352 activet = gnutls_openpgp_crt_get_creation_time (crt);
353 expiret = gnutls_openpgp_crt_get_expiration_time (crt);
354
355 printf (" # Key was created at: %s", my_ctime (&activet));
356 printf (" # Key expires: ");
357 if (expiret != 0)
358 printf ("%s", my_ctime (&expiret));
359 else
360 printf ("Never\n");
361
362 if (gnutls_openpgp_crt_get_fingerprint (crt, digest, &digest_size) >= 0)
363 {
364 print = raw_to_string (digest, digest_size);
365
366 printf (" # PGP Key version: %d\n",
367 gnutls_openpgp_crt_get_version (crt));
368
369 bits = 0;
370 algo = gnutls_openpgp_crt_get_pk_algorithm (crt, &bits);
371
372 printf (" # PGP Key public key algorithm: ");
373 cstr = SU (gnutls_pk_algorithm_get_name (algo));
374 printf ("%s (%d bits)\n", cstr, bits);
375
376 if (print != NULL)
377 printf (" # PGP Key fingerprint: %s\n", print);
378
379 name_len = sizeof (name);
380 if (gnutls_openpgp_crt_get_name (crt, 0, name, &name_len) < 0)
381 {
382 fprintf (stderr, "Could not extract name\n");
383 }
384 else
385 {
386 PRINT_PGP_NAME (name);
387 }
388
389 }
390
391 gnutls_openpgp_crt_deinit (crt);
392
393 }
394 }
395
396 #endif
397
398 void
399 print_cert_vrfy (gnutls_session_t session)
400 {
401 int rc;
402 unsigned int status;
403
404 rc = gnutls_certificate_verify_peers2 (session, &status);
405 printf ("\n");
406
407 if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
408 {
409 printf ("- Peer did not send any certificate.\n");
410 return;
411 }
412
413 if (rc < 0)
414 {
415 printf ("- Could not verify certificate (err: %s)\n",
416 gnutls_strerror (rc));
417 return;
418 }
419
420 if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
421 {
422 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
423 printf ("- Peer's certificate issuer is unknown\n");
424 if (status & GNUTLS_CERT_INVALID)
425 printf ("- Peer's certificate is NOT trusted\n");
426 else
427 printf ("- Peer's certificate is trusted\n");
428 }
429 else
430 {
431 if (status & GNUTLS_CERT_INVALID)
432 printf ("- Peer's key is invalid\n");
433 else
434 printf ("- Peer's key is valid\n");
435 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
436 printf ("- Could not find a signer of the peer's key\n");
437 }
438 }
439
440 void
441 print_dh_info (gnutls_session_t session, const char *str)
442 {
443 printf ("- %sDiffie-Hellman parameters\n", str);
444 printf (" - Using prime: %d bits\n",
445 gnutls_dh_get_prime_bits (session));
446 printf (" - Secret key: %d bits\n",
447 gnutls_dh_get_secret_bits (session));
448 printf (" - Peer's public key: %d bits\n",
449 gnutls_dh_get_peers_public_bits (session));
450
451 if (print_cert)
452 {
453 int ret;
454 gnutls_datum_t raw_gen = { NULL, 0 };
455 gnutls_datum_t raw_prime = { NULL, 0 };
456 gnutls_dh_params_t dh_params = NULL;
457 unsigned char *params_data = NULL;
458 size_t params_data_size = 0;
459
460 ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
461 if (ret)
462 {
463 fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
464 goto out;
465 }
466
467 ret = gnutls_dh_params_init (&dh_params);
468 if (ret)
469 {
470 fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
471 goto out;
472 }
473
474 ret = gnutls_dh_params_import_raw (dh_params, &raw_prime,
475 &raw_gen);
476 if (ret)
477 {
478 fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
479 goto out;
480 }
481
482 ret = gnutls_dh_params_export_pkcs3 (dh_params,
483 GNUTLS_X509_FMT_PEM,
484 params_data,
485 &params_data_size);
486 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
487 {
488 fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
489 goto out;
490 }
491
492 params_data = gnutls_malloc (params_data_size);
493 if (!params_data)
494 {
495 fprintf (stderr, "gnutls_malloc %d\n", ret);
496 goto out;
497 }
498
499 ret = gnutls_dh_params_export_pkcs3 (dh_params,
500 GNUTLS_X509_FMT_PEM,
501 params_data,
502 &params_data_size);
503 if (ret)
504 {
505 fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
506 goto out;
507 }
508
509 printf (" - PKCS#3 format:\n\n%.*s\n", params_data_size, params_data);
510
511 out:
512 gnutls_free (params_data);
513 gnutls_free (raw_prime.data);
514 gnutls_free (raw_gen.data);
515 gnutls_dh_params_deinit (dh_params);
516 }
517 }
518
519 int
520 print_info (gnutls_session_t session, const char *hostname)
521 {
522 const char *tmp;
523 gnutls_credentials_type_t cred;
524 gnutls_kx_algorithm_t kx;
525
526
527 /* print the key exchange's algorithm name
528 */
529 kx = gnutls_kx_get (session);
530
531 cred = gnutls_auth_get_type (session);
532 switch (cred)
533 {
534 #ifdef ENABLE_ANON
535 case GNUTLS_CRD_ANON:
536 print_dh_info (session, "Anonymous ");
537 break;
538 #endif
539 #ifdef ENABLE_SRP
540 case GNUTLS_CRD_SRP:
541 /* This should be only called in server
542 * side.
543 */
544 if (gnutls_srp_server_get_username (session) != NULL)
545 printf ("- SRP authentication. Connected as '%s'\n",
546 gnutls_srp_server_get_username (session));
547 break;
548 #endif
549 #ifdef ENABLE_PSK
550 case GNUTLS_CRD_PSK:
551 /* This returns NULL in server side.
552 */
553 if (gnutls_psk_client_get_hint (session) != NULL)
554 printf ("- PSK authentication. PSK hint '%s'\n",
555 gnutls_psk_client_get_hint (session));
556 /* This returns NULL in client side.
557 */
558 if (gnutls_psk_server_get_username (session) != NULL)
559 printf ("- PSK authentication. Connected as '%s'\n",
560 gnutls_psk_server_get_username (session));
561 if (kx == GNUTLS_KX_DHE_PSK)
562 print_dh_info (session, "Ephemeral ");
563 break;
564 #endif
565 case GNUTLS_CRD_IA:
566 printf ("- TLS/IA authentication\n");
567 break;
568 case GNUTLS_CRD_CERTIFICATE:
569 {
570 char dns[256];
571 size_t dns_size = sizeof (dns);
572 unsigned int type;
573
574 /* This fails in client side */
575 if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
576 {
577 printf ("- Given server name[%d]: %s\n", type, dns);
578 }
579 }
580
581 if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
582 print_dh_info (session, "Ephemeral ");
583
584 print_cert_info (session, hostname);
585
586 print_cert_vrfy (session);
587
588 }
589
590 tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
591 printf ("- Version: %s\n", tmp);
592
593 tmp = SU (gnutls_kx_get_name (kx));
594 printf ("- Key Exchange: %s\n", tmp);
595
596 tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
597 printf ("- Cipher: %s\n", tmp);
598
599 tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
600 printf ("- MAC: %s\n", tmp);
601
602 tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
603 printf ("- Compression: %s\n", tmp);
604
605 if (verbose) {
606 char id[32];
607 size_t id_size = sizeof(id);
608 gnutls_session_get_id (session, id, &id_size);
609 printf("- Session ID: %s\n", raw_to_string(id, id_size) );
610 }
611
612
613 fflush (stdout);
614
615 return 0;
616 }
617
618 void
619 print_cert_info (gnutls_session_t session, const char *hostname)
620 {
621
622 if (gnutls_certificate_client_get_request_status (session) != 0)
623 printf ("- Server has requested a certificate.\n");
624
625 printf ("- Certificate type: ");
626 switch (gnutls_certificate_type_get (session))
627 {
628 case GNUTLS_CRT_UNKNOWN:
629 printf ("Unknown\n");
630 break;
631 case GNUTLS_CRT_X509:
632 printf ("X.509\n");
633 print_x509_info (session, hostname);
634 break;
635 #ifdef ENABLE_OPENPGP
636 case GNUTLS_CRT_OPENPGP:
637 printf ("OpenPGP\n");
638 print_openpgp_info (session, hostname);
639 break;
640 #endif
641 }
642 }
643
644 void
645 print_list (int verbose)
646 {
647 {
648 size_t i;
649 const char *name;
650 char id[2];
651 gnutls_kx_algorithm_t kx;
652 gnutls_cipher_algorithm_t cipher;
653 gnutls_mac_algorithm_t mac;
654 gnutls_protocol_t version;
655
656 printf ("Cipher suites:\n");
657 for (i = 0; (name = gnutls_cipher_suite_info
658 (i, id, &kx, &cipher, &mac, &version)); i++)
659 {
660 printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
661 name,
662 (unsigned char) id[0], (unsigned char) id[1],
663 gnutls_protocol_get_name (version));
664 if (verbose)
665 printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
666 gnutls_kx_get_name (kx),
667 gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
668 }
669 }
670
671 {
672 const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
673
674 printf ("Certificate types: ");
675 for (; *p; p++)
676 {
677 printf ("%s", gnutls_certificate_type_get_name (*p));
678 if (*(p + 1))
679 printf (", ");
680 else
681 printf ("\n");
682 }
683 }
684
685 {
686 const gnutls_protocol_t *p = gnutls_protocol_list ();
687
688 printf ("Protocols: ");
689 for (; *p; p++)
690 {
691 printf ("%s", gnutls_protocol_get_name (*p));
692 if (*(p + 1))
693 printf (", ");
694 else
695 printf ("\n");
696 }
697 }
698
699 {
700 const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
701
702 printf ("Ciphers: ");
703 for (; *p; p++)
704 {
705 printf ("%s", gnutls_cipher_get_name (*p));
706 if (*(p + 1))
707 printf (", ");
708 else
709 printf ("\n");
710 }
711 }
712
713 {
714 const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
715
716 printf ("MACs: ");
717 for (; *p; p++)
718 {
719 printf ("%s", gnutls_mac_get_name (*p));
720 if (*(p + 1))
721 printf (", ");
722 else
723 printf ("\n");
724 }
725 }
726
727 {
728 const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
729
730 printf ("Key exchange algorithms: ");
731 for (; *p; p++)
732 {
733 printf ("%s", gnutls_kx_get_name (*p));
734 if (*(p + 1))
735 printf (", ");
736 else
737 printf ("\n");
738 }
739 }
740
741 {
742 const gnutls_compression_method_t *p = gnutls_compression_list ();
743
744 printf ("Compression: ");
745 for (; *p; p++)
746 {
747 printf ("%s", gnutls_compression_get_name (*p));
748 if (*(p + 1))
749 printf (", ");
750 else
751 printf ("\n");
752 }
753 }
754 }
755
756 void
757 print_license (void)
758 {
759 fputs ("\nCopyright (C) 2004,2005,2006,2007 Free Software Foundation\n"
760 "This program is free software; you can redistribute it and/or modify \n"
761 "it under the terms of the GNU General Public License as published by \n"
762 "the Free Software Foundation; either version 3 of the License, or \n"
763 "(at your option) any later version. \n" "\n"
764 "This program is distributed in the hope that it will be useful, \n"
765 "but WITHOUT ANY WARRANTY; without even the implied warranty of \n"
766 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the \n"
767 "GNU General Public License for more details. \n" "\n"
768 "You should have received a copy of the GNU General Public License \n"
769 "along with this program; if not, write to the Free Software \n"
770 "Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.\n\n",
771 stdout);
772 }
773
774 static int depr_printed = 0;
775 #define DEPRECATED if (depr_printed==0) { \
776 fprintf(stderr, "This method of specifying algorithms is deprecated. Please use the --priority option.\n"); \
777 depr_printed = 1; \
778 }
779
780 void
781 parse_protocols (char **protocols, int protocols_size, int *protocol_priority)
782 {
783 int i, j;
784
785 if (protocols != NULL && protocols_size > 0)
786 {
787 DEPRECATED;
788
789 for (j = i = 0; i < protocols_size; i++)
790 {
791 if (strncasecmp (protocols[i], "SSL", 3) == 0)
792 protocol_priority[j++] = GNUTLS_SSL3;
793 else if (strncasecmp (protocols[i], "TLS1.1", 6) == 0)
794 protocol_priority[j++] = GNUTLS_TLS1_1;
795 else if (strncasecmp (protocols[i], "TLS1.2", 6) == 0)
796 protocol_priority[j++] = GNUTLS_TLS1_2;
797 else if (strncasecmp (protocols[i], "TLS", 3) == 0)
798 protocol_priority[j++] = GNUTLS_TLS1_0;
799 else
800 fprintf (stderr, "Unknown protocol: '%s'\n", protocols[i]);
801 }
802 protocol_priority[j] = 0;
803 }
804 }
805
806 void
807 parse_ciphers (char **ciphers, int nciphers, int *cipher_priority)
808 {
809 int j, i;
810
811
812 if (ciphers != NULL && nciphers > 0)
813 {
814 DEPRECATED;
815 for (j = i = 0; i < nciphers; i++)
816 {
817 if (strncasecmp (ciphers[i], "AES-2", 5) == 0)
818 cipher_priority[j++] = GNUTLS_CIPHER_AES_256_CBC;
819 else if (strncasecmp (ciphers[i], "AES", 3) == 0)
820 cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC;
821 else if (strncasecmp (ciphers[i], "3DE", 3) == 0)
822 cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC;
823 else if (strcasecmp (ciphers[i], "ARCFOUR-40") == 0)
824 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_40;
825 else if (strcasecmp (ciphers[i], "ARCFOUR") == 0)
826 cipher_priority[j++] = GNUTLS_CIPHER_ARCFOUR_128;
827 #ifdef ENABLE_CAMELLIA
828 else if (strncasecmp (ciphers[i], "CAMELLIA-2", 10) == 0)
829 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_256_CBC;
830 else if (strncasecmp (ciphers[i], "CAM", 3) == 0)
831 cipher_priority[j++] = GNUTLS_CIPHER_CAMELLIA_128_CBC;
832 #endif
833 else if (strncasecmp (ciphers[i], "NUL", 3) == 0)
834 cipher_priority[j++] = GNUTLS_CIPHER_NULL;
835 else
836 fprintf (stderr, "Unknown cipher: '%s'\n", ciphers[i]);
837 }
838 cipher_priority[j] = 0;
839 }
840 }
841
842 void
843 parse_macs (char **macs, int nmacs, int *mac_priority)
844 {
845 int i, j;
846
847
848 if (macs != NULL && nmacs > 0)
849 {
850 DEPRECATED;
851 for (j = i = 0; i < nmacs; i++)
852 {
853 if (strncasecmp (macs[i], "MD5", 3) == 0)
854 mac_priority[j++] = GNUTLS_MAC_MD5;
855 else if (strncasecmp (macs[i], "RMD", 3) == 0)
856 mac_priority[j++] = GNUTLS_MAC_RMD160;
857 else if (strncasecmp (macs[i], "SHA512", 6) == 0)
858 mac_priority[j++] = GNUTLS_MAC_SHA512;
859 else if (strncasecmp (macs[i], "SHA384", 6) == 0)
860 mac_priority[j++] = GNUTLS_MAC_SHA384;
861 else if (strncasecmp (macs[i], "SHA256", 6) == 0)
862 mac_priority[j++] = GNUTLS_MAC_SHA256;
863 else if (strncasecmp (macs[i], "SHA", 3) == 0)
864 mac_priority[j++] = GNUTLS_MAC_SHA1;
865 else
866 fprintf (stderr, "Unknown MAC: '%s'\n", macs[i]);
867 }
868 mac_priority[j] = 0;
869 }
870 }
871
872 void
873 parse_ctypes (char **ctype, int nctype, int *cert_type_priority)
874 {
875 int i, j;
876
877 if (ctype != NULL && nctype > 0)
878 {
879 DEPRECATED;
880 for (j = i = 0; i < nctype; i++)
881 {
882 if (strncasecmp (ctype[i], "OPE", 3) == 0)
883 cert_type_priority[j++] = GNUTLS_CRT_OPENPGP;
884 else if (strncasecmp (ctype[i], "X", 1) == 0)
885 cert_type_priority[j++] = GNUTLS_CRT_X509;
886 else
887 fprintf (stderr, "Unknown certificate type: '%s'\n", ctype[i]);
888 }
889 cert_type_priority[j] = 0;
890 }
891 }
892
893 void
894 parse_kx (char **kx, int nkx, int *kx_priority)
895 {
896 int i, j;
897
898
899 if (kx != NULL && nkx > 0)
900 {
901 DEPRECATED;
902 for (j = i = 0; i < nkx; i++)
903 {
904 if (strcasecmp (kx[i], "SRP") == 0)
905 kx_priority[j++] = GNUTLS_KX_SRP;
906 else if (strcasecmp (kx[i], "SRP-RSA") == 0)
907 kx_priority[j++] = GNUTLS_KX_SRP_RSA;
908 else if (strcasecmp (kx[i], "SRP-DSS") == 0)
909 kx_priority[j++] = GNUTLS_KX_SRP_DSS;
910 else if (strcasecmp (kx[i], "RSA") == 0)
911 kx_priority[j++] = GNUTLS_KX_RSA;
912 else if (strcasecmp (kx[i], "PSK") == 0)
913 kx_priority[j++] = GNUTLS_KX_PSK;
914 else if (strcasecmp (kx[i], "DHE-PSK") == 0)
915 kx_priority[j++] = GNUTLS_KX_DHE_PSK;
916 else if (strcasecmp (kx[i], "RSA-EXPORT") == 0)
917 kx_priority[j++] = GNUTLS_KX_RSA_EXPORT;
918 else if (strncasecmp (kx[i], "DHE-RSA", 7) == 0)
919 kx_priority[j++] = GNUTLS_KX_DHE_RSA;
920 else if (strncasecmp (kx[i], "DHE-DSS", 7) == 0)
921 kx_priority[j++] = GNUTLS_KX_DHE_DSS;
922 else if (strncasecmp (kx[i], "ANON", 4) == 0)
923 kx_priority[j++] = GNUTLS_KX_ANON_DH;
924 else
925 fprintf (stderr, "Unknown key exchange: '%s'\n", kx[i]);
926 }
927 kx_priority[j] = 0;
928 }
929 }
930
931 void
932 parse_comp (char **comp, int ncomp, int *comp_priority)
933 {
934 int i, j;
935
936 if (comp != NULL && ncomp > 0)
937 {
938 DEPRECATED;
939 for (j = i = 0; i < ncomp; i++)
940 {
941 if (strncasecmp (comp[i], "NUL", 3) == 0)
942 comp_priority[j++] = GNUTLS_COMP_NULL;
943 else if (strncasecmp (comp[i], "ZLI", 3) == 0)
944 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
945 else if (strncasecmp (comp[i], "DEF", 3) == 0)
946 comp_priority[j++] = GNUTLS_COMP_DEFLATE;
947 else if (strncasecmp (comp[i], "LZO", 3) == 0)
948 comp_priority[j++] = GNUTLS_COMP_LZO;
949 else
950 fprintf (stderr, "Unknown compression: '%s'\n", comp[i]);
951 }
952 comp_priority[j] = 0;
953 }
954 }
955
956 void
957 sockets_init (void)
958 {
959 #ifdef _WIN32
960 WORD wVersionRequested;
961 WSADATA wsaData;
962
963 wVersionRequested = MAKEWORD (1, 1);
964 if (WSAStartup (wVersionRequested, &wsaData) != 0)
965 {
966 perror ("WSA_STARTUP_ERROR");
967 }
968 #endif
969 }
970
971 /* converts a service name or a port (in string) to a
972 * port number. The protocol is assumed to be TCP.
973 *
974 * returns -1 on error;
975 */
976 int
977 service_to_port (const char *service)
978 {
979 int port;
980 struct servent *server_port;
981
982 port = atoi (service);
983 if (port != 0)
984 return port;
985
986 server_port = getservbyname (service, "tcp");
987 if (server_port == NULL)
988 {
989 perror ("getservbyname()");
990 return (-1);
991 }
992
993 return ntohs (server_port->s_port);
994
995 }
Implementation of the SSL/TLS protocol