2 * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
3 * 2010 Free Software Foundation, Inc.
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GnuTLS.
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26 #include "gnutls_int.h"
27 #include "gnutls_algorithms.h"
28 #include "gnutls_errors.h"
29 #include "gnutls_cert.h"
30 #include <x509/common.h>
36 gnutls_sec_param_t sec_param
;
37 int bits
; /* security level */
38 int pk_bits
; /* DH, RSA, SRP */
39 int dsa_bits
; /* bits for DSA. Handled differently since
40 * choice of key size in DSA is political.
42 int subgroup_bits
; /* subgroup bits */
43 int ecc_bits
; /* bits for ECC keys */
44 } gnutls_sec_params_entry
;
46 static const gnutls_sec_params_entry sec_params
[] = {
47 {"Weak", GNUTLS_SEC_PARAM_WEAK
, 64, 816, 1024, 128, 128},
48 {"Low", GNUTLS_SEC_PARAM_LOW
, 80, 1248, 2048, 160, 160},
49 {"Normal", GNUTLS_SEC_PARAM_NORMAL
, 112, 2432, 3072, 224, 224},
50 {"High", GNUTLS_SEC_PARAM_HIGH
, 128, 3248, 3072, 256, 256},
51 {"Ultra", GNUTLS_SEC_PARAM_ULTRA
, 256, 15424, 3072, 512, 512},
55 #define GNUTLS_SEC_PARAM_LOOP(b) \
56 { const gnutls_sec_params_entry *p; \
57 for(p = sec_params; p->name != NULL; p++) { b ; } }
60 /* Cred type mappings to KX algorithms
61 * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
62 * more than one credentials type.
66 gnutls_kx_algorithm_t algorithm
;
67 gnutls_credentials_type_t client_type
;
68 gnutls_credentials_type_t server_type
; /* The type of credentials a server
72 static const gnutls_cred_map cred_mappings
[] = {
73 {GNUTLS_KX_ANON_DH
, GNUTLS_CRD_ANON
, GNUTLS_CRD_ANON
},
74 {GNUTLS_KX_RSA
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
75 {GNUTLS_KX_RSA_EXPORT
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
76 {GNUTLS_KX_DHE_DSS
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
77 {GNUTLS_KX_DHE_RSA
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
78 {GNUTLS_KX_PSK
, GNUTLS_CRD_PSK
, GNUTLS_CRD_PSK
},
79 {GNUTLS_KX_DHE_PSK
, GNUTLS_CRD_PSK
, GNUTLS_CRD_PSK
},
80 {GNUTLS_KX_SRP
, GNUTLS_CRD_SRP
, GNUTLS_CRD_SRP
},
81 {GNUTLS_KX_SRP_RSA
, GNUTLS_CRD_SRP
, GNUTLS_CRD_CERTIFICATE
},
82 {GNUTLS_KX_SRP_DSS
, GNUTLS_CRD_SRP
, GNUTLS_CRD_CERTIFICATE
},
86 #define GNUTLS_KX_MAP_LOOP(b) \
87 const gnutls_cred_map *p; \
88 for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
90 #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
91 GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
93 /* KX mappings to PK algorithms */
96 gnutls_kx_algorithm_t kx_algorithm
;
97 gnutls_pk_algorithm_t pk_algorithm
;
98 enum encipher_type encipher_type
; /* CIPHER_ENCRYPT if this algorithm is to be used
99 * for encryption, CIPHER_SIGN if signature only,
100 * CIPHER_IGN if this does not apply at all.
102 * This is useful to certificate cipher suites, which check
103 * against the certificate key usage bits.
107 /* This table maps the Key exchange algorithms to
108 * the certificate algorithms. Eg. if we have
109 * RSA algorithm in the certificate then we can
110 * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
112 static const gnutls_pk_map pk_mappings
[] = {
113 {GNUTLS_KX_RSA
, GNUTLS_PK_RSA
, CIPHER_ENCRYPT
},
114 {GNUTLS_KX_RSA_EXPORT
, GNUTLS_PK_RSA
, CIPHER_SIGN
},
115 {GNUTLS_KX_DHE_RSA
, GNUTLS_PK_RSA
, CIPHER_SIGN
},
116 {GNUTLS_KX_SRP_RSA
, GNUTLS_PK_RSA
, CIPHER_SIGN
},
117 {GNUTLS_KX_DHE_DSS
, GNUTLS_PK_DSA
, CIPHER_SIGN
},
118 {GNUTLS_KX_SRP_DSS
, GNUTLS_PK_DSA
, CIPHER_SIGN
},
122 #define GNUTLS_PK_MAP_LOOP(b) \
123 const gnutls_pk_map *p; \
124 for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
126 #define GNUTLS_PK_MAP_ALG_LOOP(a) \
127 GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
136 gnutls_protocol_t id
; /* gnutls internal version number */
137 int major
; /* defined by the protocol */
138 int minor
; /* defined by the protocol */
139 transport_t transport
; /* Type of transport, stream or datagram */
140 int supported
; /* 0 not supported, > 0 is supported */
141 } gnutls_version_entry
;
143 static const gnutls_version_entry sup_versions
[] = {
144 {"SSL3.0", GNUTLS_SSL3
, 3, 0, GNUTLS_STREAM
, 1},
145 {"TLS1.0", GNUTLS_TLS1
, 3, 1, GNUTLS_STREAM
, 1},
146 {"TLS1.1", GNUTLS_TLS1_1
, 3, 2, GNUTLS_STREAM
, 1},
147 {"TLS1.2", GNUTLS_TLS1_2
, 3, 3, GNUTLS_STREAM
, 1},
148 {"DTLS1.0", GNUTLS_DTLS1_0
, 254, 255, GNUTLS_DGRAM
, 1}, /* 1.1 over datagram */
152 /* Keep the contents of this struct the same as the previous one. */
153 static const gnutls_protocol_t supported_protocols
[] = {
162 #define GNUTLS_VERSION_LOOP(b) \
163 const gnutls_version_entry *p; \
164 for(p = sup_versions; p->name != NULL; p++) { b ; }
166 #define GNUTLS_VERSION_ALG_LOOP(a) \
167 GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
169 struct gnutls_cipher_entry
172 gnutls_cipher_algorithm_t id
;
176 uint16_t iv
; /* the size of IV */
177 unsigned export_flag
:1; /* 0 non export */
178 unsigned auth
:1; /* Whether it is authenc cipher */
180 typedef struct gnutls_cipher_entry gnutls_cipher_entry
;
182 /* Note that all algorithms are in CBC or STREAM modes.
183 * Do not add any algorithms in other modes (avoid modified algorithms).
184 * View first: "The order of encryption and authentication for
185 * protecting communications" by Hugo Krawczyk - CRYPTO 2001
187 * Make sure to updated MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well.
189 static const gnutls_cipher_entry algorithms
[] = {
190 {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC
, 16, 32, CIPHER_BLOCK
, 16, 0, 0},
191 {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC
, 16, 24, CIPHER_BLOCK
, 16, 0, 0},
192 {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC
, 16, 16, CIPHER_BLOCK
, 16, 0, 0},
193 {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM
, 16, 16, CIPHER_STREAM
, AEAD_IMPLICIT_DATA_SIZE
, 0, 1},
194 {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC
, 8, 24, CIPHER_BLOCK
, 8, 0, 0},
195 {"DES-CBC", GNUTLS_CIPHER_DES_CBC
, 8, 8, CIPHER_BLOCK
, 8, 0, 0},
196 {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128
, 1, 16, CIPHER_STREAM
, 0, 0, 0},
197 {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40
, 1, 5, CIPHER_STREAM
, 0, 1, 0},
198 {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC
, 8, 5, CIPHER_BLOCK
, 8, 1, 0},
199 #ifdef ENABLE_CAMELLIA
200 {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC
, 16, 32, CIPHER_BLOCK
,
202 {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC
, 16, 16, CIPHER_BLOCK
,
206 #ifdef ENABLE_OPENPGP
207 {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB
, 8, 16, CIPHER_BLOCK
, 8, 0, 0},
208 {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB
, 8, 24, CIPHER_BLOCK
, 8, 0, 0},
209 {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB
, 8, 16, CIPHER_BLOCK
, 8, 0, 0},
210 {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB
, 8,
211 16 /*actually unlimited */ , CIPHER_BLOCK
, 8, 0, 0},
212 {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB
, 8, 16,
213 CIPHER_BLOCK
, 8, 0, 0},
214 {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB
, 16, 16, CIPHER_BLOCK
, 16,
216 {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB
, 16, 24, CIPHER_BLOCK
, 16,
218 {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB
, 16, 32, CIPHER_BLOCK
, 16,
220 {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB
, 16, 16, CIPHER_BLOCK
, 16,
223 {"NULL", GNUTLS_CIPHER_NULL
, 1, 0, CIPHER_STREAM
, 0, 0, 0},
224 {0, 0, 0, 0, 0, 0, 0}
227 /* Keep the contents of this struct the same as the previous one. */
228 static const gnutls_cipher_algorithm_t supported_ciphers
[] = {
229 GNUTLS_CIPHER_AES_256_CBC
,
230 GNUTLS_CIPHER_AES_128_CBC
,
231 GNUTLS_CIPHER_3DES_CBC
,
232 GNUTLS_CIPHER_DES_CBC
,
233 GNUTLS_CIPHER_ARCFOUR_128
,
234 GNUTLS_CIPHER_ARCFOUR_40
,
235 GNUTLS_CIPHER_RC2_40_CBC
,
236 #ifdef ENABLE_CAMELLIA
237 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
238 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
244 #define GNUTLS_LOOP(b) \
245 const gnutls_cipher_entry *p; \
246 for(p = algorithms; p->name != NULL; p++) { b ; }
248 #define GNUTLS_ALG_LOOP(a) \
249 GNUTLS_LOOP( if(p->id == algorithm) { a; break; } )
252 struct gnutls_hash_entry
256 gnutls_mac_algorithm_t id
;
257 size_t key_size
; /* in case of mac */
259 typedef struct gnutls_hash_entry gnutls_hash_entry
;
261 static const gnutls_hash_entry hash_algorithms
[] = {
262 {"SHA1", HASH_OID_SHA1
, GNUTLS_MAC_SHA1
, 20},
263 {"MD5", HASH_OID_MD5
, GNUTLS_MAC_MD5
, 16},
264 {"SHA256", HASH_OID_SHA256
, GNUTLS_MAC_SHA256
, 32},
265 {"SHA384", HASH_OID_SHA384
, GNUTLS_MAC_SHA384
, 48},
266 {"SHA512", HASH_OID_SHA512
, GNUTLS_MAC_SHA512
, 64},
267 {"SHA224", HASH_OID_SHA224
, GNUTLS_MAC_SHA224
, 28},
268 {"AEAD", NULL
, GNUTLS_MAC_AEAD
, 0},
269 {"MD2", HASH_OID_MD2
, GNUTLS_MAC_MD2
, 0}, /* not used as MAC */
270 {"RIPEMD160", HASH_OID_RMD160
, GNUTLS_MAC_RMD160
, 20},
271 {"MAC-NULL", NULL
, GNUTLS_MAC_NULL
, 0},
275 /* Keep the contents of this struct the same as the previous one. */
276 static const gnutls_mac_algorithm_t supported_macs
[] = {
288 #define GNUTLS_HASH_LOOP(b) \
289 const gnutls_hash_entry *p; \
290 for(p = hash_algorithms; p->name != NULL; p++) { b ; }
292 #define GNUTLS_HASH_ALG_LOOP(a) \
293 GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
295 /* Key Exchange Section */
298 extern mod_auth_st rsa_auth_struct
;
299 extern mod_auth_st rsa_export_auth_struct
;
300 extern mod_auth_st dhe_rsa_auth_struct
;
301 extern mod_auth_st dhe_dss_auth_struct
;
302 extern mod_auth_st anon_auth_struct
;
303 extern mod_auth_st srp_auth_struct
;
304 extern mod_auth_st psk_auth_struct
;
305 extern mod_auth_st dhe_psk_auth_struct
;
306 extern mod_auth_st srp_rsa_auth_struct
;
307 extern mod_auth_st srp_dss_auth_struct
;
309 struct gnutls_kx_algo_entry
312 gnutls_kx_algorithm_t algorithm
;
313 mod_auth_st
*auth_struct
;
315 int needs_rsa_params
;
317 typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry
;
319 static const gnutls_kx_algo_entry _gnutls_kx_algorithms
[] = {
321 {"ANON-DH", GNUTLS_KX_ANON_DH
, &anon_auth_struct
, 1, 0},
323 {"RSA", GNUTLS_KX_RSA
, &rsa_auth_struct
, 0, 0},
324 {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT
, &rsa_export_auth_struct
, 0,
325 1 /* needs RSA params */ },
326 {"DHE-RSA", GNUTLS_KX_DHE_RSA
, &dhe_rsa_auth_struct
, 1, 0},
327 {"DHE-DSS", GNUTLS_KX_DHE_DSS
, &dhe_dss_auth_struct
, 1, 0},
330 {"SRP-DSS", GNUTLS_KX_SRP_DSS
, &srp_dss_auth_struct
, 0, 0},
331 {"SRP-RSA", GNUTLS_KX_SRP_RSA
, &srp_rsa_auth_struct
, 0, 0},
332 {"SRP", GNUTLS_KX_SRP
, &srp_auth_struct
, 0, 0},
335 {"PSK", GNUTLS_KX_PSK
, &psk_auth_struct
, 0, 0},
336 {"DHE-PSK", GNUTLS_KX_DHE_PSK
, &dhe_psk_auth_struct
,
337 1 /* needs DHE params */ , 0},
342 /* Keep the contents of this struct the same as the previous one. */
343 static const gnutls_kx_algorithm_t supported_kxs
[] = {
348 GNUTLS_KX_RSA_EXPORT
,
363 #define GNUTLS_KX_LOOP(b) \
364 const gnutls_kx_algo_entry *p; \
365 for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
367 #define GNUTLS_KX_ALG_LOOP(a) \
368 GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
373 #define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls ) \
374 { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version, dtls}
380 gnutls_cipher_algorithm_t block_algorithm
;
381 gnutls_kx_algorithm_t kx_algorithm
;
382 gnutls_mac_algorithm_t mac_algorithm
;
383 gnutls_protocol_t min_version
; /* this cipher suite is supported
384 * from 'version' and above;
386 gnutls_protocol_t max_version
; /* this cipher suite is not supported after that */
387 int dtls
:1; /* whether this ciphersuite is valid in DTLS */
388 } gnutls_cipher_suite_entry
;
390 /* RSA with NULL cipher and MD5 MAC
393 #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
394 #define GNUTLS_RSA_NULL_SHA1 { 0x00, 0x02 }
395 #define GNUTLS_RSA_NULL_SHA256 { 0x00, 0x3B }
397 /* ANONymous cipher suites.
400 #define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
401 #define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
404 #define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
405 #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
408 #ifdef ENABLE_CAMELLIA
409 #define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
410 #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
413 #define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C }
414 #define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D }
416 /* PSK (not in TLS 1.0)
417 * draft-ietf-tls-psk:
419 #define GNUTLS_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8A }
420 #define GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8B }
421 #define GNUTLS_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x8C }
422 #define GNUTLS_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x8D }
424 #define GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8E }
425 #define GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8F }
426 #define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 }
427 #define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 }
432 #define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A }
433 #define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B }
434 #define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C }
436 #define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D }
437 #define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E }
438 #define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F }
440 #define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 }
441 #define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 }
442 #define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 }
446 #define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 }
447 #define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 }
448 #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
450 #define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 }
454 #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
455 #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
458 #ifdef ENABLE_CAMELLIA
459 #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
460 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
463 #define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
464 #define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
469 #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
472 /* draft-ietf-tls-56-bit-ciphersuites-01:
474 #define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 }
479 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
480 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
483 #ifdef ENABLE_CAMELLIA
484 #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
485 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
488 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
489 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
493 #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
497 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
498 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
501 #ifdef ENABLE_CAMELLIA
502 #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
503 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
506 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
507 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
510 #define GNUTLS_RSA_AES_128_GCM_SHA256 { 0x00, 0x9C }
511 #define GNUTLS_DHE_RSA_AES_128_GCM_SHA256 {0x00,0x9E}
512 #define GNUTLS_DHE_DSS_AES_128_GCM_SHA256 {0x00,0xA2}
513 #define GNUTLS_DH_ANON_AES_128_GCM_SHA256 {0x00,0xA6}
517 #define GNUTLS_PSK_AES_128_GCM_SHA256 { 0x00, 0xA8 }
518 #define GNUTLS_DHE_PSK_AES_128_GCM_SHA256 { 0x00, 0xAA }
520 /* PSK - SHA256 HMAC */
521 #define GNUTLS_PSK_AES_128_CBC_SHA256 { 0x00, 0xAE }
522 #define GNUTLS_DHE_PSK_AES_128_CBC_SHA256 { 0x00, 0xB2 }
524 #define GNUTLS_PSK_NULL_SHA256 { 0x00, 0xB0 }
525 #define GNUTLS_DHE_PSK_NULL_SHA256 { 0x00, 0xB4 }
527 /* Safe renegotiation */
529 #define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
531 /* FIXME: what we don't handle here is TLS 1.2 requirement
532 * that each ciphersuite has it's own PRF algorithm. Now we
533 * assume that each one uses the SHA-256 PRF in TLS 1.2.
536 static const gnutls_cipher_suite_entry cs_algorithms
[] = {
538 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5
,
539 GNUTLS_CIPHER_ARCFOUR_128
,
540 GNUTLS_KX_ANON_DH
, GNUTLS_MAC_MD5
,
541 GNUTLS_SSL3
, GNUTLS_VERSION_MAX
, 0),
542 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1
,
543 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_ANON_DH
,
544 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
545 GNUTLS_VERSION_MAX
, 1),
546 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1
,
547 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_ANON_DH
,
548 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
549 GNUTLS_VERSION_MAX
, ),
550 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1
,
551 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_ANON_DH
,
552 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
553 GNUTLS_VERSION_MAX
, 1),
554 #ifdef ENABLE_CAMELLIA
555 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1
,
556 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
558 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
559 GNUTLS_VERSION_MAX
, 1),
560 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1
,
561 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
563 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
564 GNUTLS_VERSION_MAX
, 1),
566 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256
,
567 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_ANON_DH
,
568 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
,
569 GNUTLS_VERSION_MAX
, 1),
570 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256
,
571 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_ANON_DH
,
572 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
,
573 GNUTLS_VERSION_MAX
, 1),
576 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1
,
577 GNUTLS_CIPHER_ARCFOUR
, GNUTLS_KX_PSK
,
578 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
579 GNUTLS_VERSION_MAX
, 0),
580 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1
,
581 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_PSK
,
582 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
583 GNUTLS_VERSION_MAX
, 1),
584 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1
,
585 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_PSK
,
586 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
587 GNUTLS_VERSION_MAX
, 1),
588 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1
,
589 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_PSK
,
590 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
591 GNUTLS_VERSION_MAX
, 1),
592 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256
,
593 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_PSK
,
594 GNUTLS_MAC_SHA256
, GNUTLS_TLS1
,
595 GNUTLS_VERSION_MAX
, 1),
596 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256
,
597 GNUTLS_CIPHER_AES_128_GCM
, GNUTLS_KX_PSK
,
598 GNUTLS_MAC_AEAD
, GNUTLS_TLS1_2
,
599 GNUTLS_VERSION_MAX
, 1),
600 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_NULL_SHA256
,
601 GNUTLS_CIPHER_NULL
, GNUTLS_KX_PSK
,
602 GNUTLS_MAC_SHA256
, GNUTLS_TLS1
,
603 GNUTLS_VERSION_MAX
, 1),
606 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1
,
607 GNUTLS_CIPHER_ARCFOUR
, GNUTLS_KX_DHE_PSK
,
608 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
609 GNUTLS_VERSION_MAX
, 0),
610 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1
,
611 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_DHE_PSK
,
612 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
613 GNUTLS_VERSION_MAX
, 1),
614 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1
,
615 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_PSK
,
616 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
617 GNUTLS_VERSION_MAX
, 1),
618 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1
,
619 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_PSK
,
620 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
621 GNUTLS_VERSION_MAX
, 1),
622 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256
,
623 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_PSK
,
624 GNUTLS_MAC_SHA256
, GNUTLS_TLS1
,
625 GNUTLS_VERSION_MAX
, 1),
626 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256
,
627 GNUTLS_CIPHER_AES_128_GCM
, GNUTLS_KX_DHE_PSK
,
628 GNUTLS_MAC_AEAD
, GNUTLS_TLS1_2
,
629 GNUTLS_VERSION_MAX
, 1),
630 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_NULL_SHA256
,
631 GNUTLS_CIPHER_NULL
, GNUTLS_KX_DHE_PSK
,
632 GNUTLS_MAC_SHA256
, GNUTLS_TLS1
,
633 GNUTLS_VERSION_MAX
, 1),
636 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1
,
637 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_SRP
,
638 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
639 GNUTLS_VERSION_MAX
, 1),
640 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1
,
641 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_SRP
,
642 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
643 GNUTLS_VERSION_MAX
, 1),
644 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1
,
645 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_SRP
,
646 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
647 GNUTLS_VERSION_MAX
, 1),
649 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1
,
650 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_SRP_DSS
,
651 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
652 GNUTLS_VERSION_MAX
, 1),
654 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1
,
655 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_SRP_RSA
,
656 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
657 GNUTLS_VERSION_MAX
, 1),
659 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1
,
660 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_SRP_DSS
,
661 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
662 GNUTLS_VERSION_MAX
, 1),
664 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1
,
665 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_SRP_RSA
,
666 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
667 GNUTLS_VERSION_MAX
, 1),
669 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1
,
670 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_SRP_DSS
,
671 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
672 GNUTLS_VERSION_MAX
, 1),
674 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1
,
675 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_SRP_RSA
,
676 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
677 GNUTLS_VERSION_MAX
, 1),
680 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1
,
681 GNUTLS_CIPHER_ARCFOUR_128
, GNUTLS_KX_DHE_DSS
,
682 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
683 GNUTLS_VERSION_MAX
, 0),
684 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1
,
685 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_DHE_DSS
,
686 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
687 GNUTLS_VERSION_MAX
, 1),
688 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1
,
689 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_DSS
,
690 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
691 GNUTLS_VERSION_MAX
, 1),
692 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1
,
693 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_DSS
,
694 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
695 GNUTLS_VERSION_MAX
, 1),
696 #ifdef ENABLE_CAMELLIA
697 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1
,
698 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
700 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
701 GNUTLS_VERSION_MAX
, 1),
702 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1
,
703 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
705 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
706 GNUTLS_VERSION_MAX
, 1),
708 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256
,
709 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_DSS
,
710 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
,
711 GNUTLS_VERSION_MAX
, 1),
712 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256
,
713 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_DSS
,
714 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
,
715 GNUTLS_VERSION_MAX
, 1),
717 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1
,
718 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_DHE_RSA
,
719 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
720 GNUTLS_VERSION_MAX
, 1),
721 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1
,
722 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_RSA
,
723 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
724 GNUTLS_VERSION_MAX
, 1),
725 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1
,
726 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_RSA
,
727 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
728 GNUTLS_VERSION_MAX
, 1),
729 #ifdef ENABLE_CAMELLIA
730 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1
,
731 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
733 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
734 GNUTLS_VERSION_MAX
, 1),
735 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1
,
736 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
738 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
739 GNUTLS_VERSION_MAX
, 1),
741 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256
,
742 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_RSA
,
743 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
,
744 GNUTLS_VERSION_MAX
, 1),
745 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256
,
746 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_RSA
,
747 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
,
748 GNUTLS_VERSION_MAX
, 1),
750 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5
,
752 GNUTLS_KX_RSA
, GNUTLS_MAC_MD5
, GNUTLS_SSL3
,
753 GNUTLS_VERSION_MAX
, 1),
754 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA1
,
756 GNUTLS_KX_RSA
, GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
757 GNUTLS_VERSION_MAX
, 1),
758 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA256
,
760 GNUTLS_KX_RSA
, GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
,
761 GNUTLS_VERSION_MAX
, 1),
764 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5
,
765 GNUTLS_CIPHER_ARCFOUR_40
,
766 GNUTLS_KX_RSA_EXPORT
, GNUTLS_MAC_MD5
,
767 GNUTLS_SSL3
, GNUTLS_TLS1_0
, 0),
770 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1
,
771 GNUTLS_CIPHER_ARCFOUR_128
,
772 GNUTLS_KX_RSA
, GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
773 GNUTLS_VERSION_MAX
, 0),
774 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5
,
775 GNUTLS_CIPHER_ARCFOUR_128
,
776 GNUTLS_KX_RSA
, GNUTLS_MAC_MD5
, GNUTLS_SSL3
,
777 GNUTLS_VERSION_MAX
, 0),
778 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1
,
779 GNUTLS_CIPHER_3DES_CBC
,
780 GNUTLS_KX_RSA
, GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
781 GNUTLS_VERSION_MAX
, 1),
782 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1
,
783 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_RSA
,
784 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
785 GNUTLS_VERSION_MAX
, 1),
786 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1
,
787 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_RSA
,
788 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
,
789 GNUTLS_VERSION_MAX
, 1),
790 #ifdef ENABLE_CAMELLIA
791 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1
,
792 GNUTLS_CIPHER_CAMELLIA_128_CBC
, GNUTLS_KX_RSA
,
793 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
794 GNUTLS_VERSION_MAX
, 1),
795 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1
,
796 GNUTLS_CIPHER_CAMELLIA_256_CBC
, GNUTLS_KX_RSA
,
797 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
,
798 GNUTLS_VERSION_MAX
, 1),
800 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256
,
801 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_RSA
,
802 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
,
803 GNUTLS_VERSION_MAX
, 1),
804 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256
,
805 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_RSA
,
806 GNUTLS_MAC_SHA256
, GNUTLS_TLS1_2
,
807 GNUTLS_VERSION_MAX
, 1),
809 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256
,
810 GNUTLS_CIPHER_AES_128_GCM
, GNUTLS_KX_RSA
,
811 GNUTLS_MAC_AEAD
, GNUTLS_TLS1_2
,
812 GNUTLS_VERSION_MAX
, 1),
813 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256
,
814 GNUTLS_CIPHER_AES_128_GCM
, GNUTLS_KX_DHE_RSA
,
815 GNUTLS_MAC_AEAD
, GNUTLS_TLS1_2
,
816 GNUTLS_VERSION_MAX
, 1),
817 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_GCM_SHA256
,
818 GNUTLS_CIPHER_AES_128_GCM
, GNUTLS_KX_DHE_DSS
,
819 GNUTLS_MAC_AEAD
, GNUTLS_TLS1_2
,
820 GNUTLS_VERSION_MAX
, 1),
821 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256
,
822 GNUTLS_CIPHER_AES_128_GCM
, GNUTLS_KX_ANON_DH
,
823 GNUTLS_MAC_AEAD
, GNUTLS_TLS1_2
,
824 GNUTLS_VERSION_MAX
, 1),
826 {0, {{0, 0}}, 0, 0, 0, 0, 0, 0}
829 #define GNUTLS_CIPHER_SUITE_LOOP(b) \
830 const gnutls_cipher_suite_entry *p; \
831 for(p = cs_algorithms; p->name != NULL; p++) { b ; }
833 #define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \
834 GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } )
838 /* Generic Functions */
841 _gnutls_mac_priority (gnutls_session_t session
,
842 gnutls_mac_algorithm_t algorithm
)
843 { /* actually returns the priority */
845 for (i
= 0; i
< session
->internals
.priorities
.mac
.algorithms
; i
++)
847 if (session
->internals
.priorities
.mac
.priority
[i
] == algorithm
)
854 * gnutls_mac_get_name:
855 * @algorithm: is a MAC algorithm
857 * Convert a #gnutls_mac_algorithm_t value to a string.
859 * Returns: a string that contains the name of the specified MAC
860 * algorithm, or %NULL.
863 gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm
)
865 const char *ret
= NULL
;
868 GNUTLS_HASH_ALG_LOOP (ret
= p
->name
);
875 * @name: is a MAC algorithm name
877 * Convert a string to a #gnutls_mac_algorithm_t value. The names are
878 * compared in a case insensitive way.
880 * Returns: a #gnutls_mac_algorithm_t id of the specified MAC
881 * algorithm string, or %GNUTLS_MAC_UNKNOWN on failures.
883 gnutls_mac_algorithm_t
884 gnutls_mac_get_id (const char *name
)
886 gnutls_mac_algorithm_t ret
= GNUTLS_MAC_UNKNOWN
;
888 GNUTLS_HASH_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
894 * gnutls_mac_get_key_size:
895 * @algorithm: is an encryption algorithm
897 * Get size of MAC key.
899 * Returns: length (in bytes) of the given MAC key size, or 0 if the
900 * given MAC algorithm is invalid.
903 gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm
)
908 GNUTLS_HASH_ALG_LOOP (ret
= p
->key_size
);
916 * Get a list of hash algorithms for use as MACs. Note that not
917 * necessarily all MACs are supported in TLS cipher suites. For
918 * example, MD2 is not supported as a cipher suite, but is supported
919 * for other purposes (e.g., X.509 signature verification or similar).
921 * Returns: Return a zero-terminated list of #gnutls_mac_algorithm_t
922 * integers indicating the available MACs.
924 const gnutls_mac_algorithm_t
*
925 gnutls_mac_list (void)
927 return supported_macs
;
931 _gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm
)
933 const char *ret
= NULL
;
936 GNUTLS_HASH_ALG_LOOP (ret
= p
->oid
);
941 gnutls_mac_algorithm_t
942 _gnutls_x509_oid2mac_algorithm (const char *oid
)
944 gnutls_mac_algorithm_t ret
= 0;
946 GNUTLS_HASH_LOOP (if (p
->oid
&& strcmp (oid
, p
->oid
) == 0)
952 return GNUTLS_MAC_UNKNOWN
;
958 _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm
)
961 GNUTLS_HASH_ALG_LOOP (ret
= p
->id
);
969 /* CIPHER functions */
972 * gnutls_cipher_get_block_size:
973 * @algorithm: is an encryption algorithm
975 * Get block size for encryption algorithm.
977 * Returns: block size for encryption algorithm.
982 gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm
)
985 GNUTLS_ALG_LOOP (ret
= p
->blocksize
);
990 /* returns the priority */
992 _gnutls_cipher_priority (gnutls_session_t session
,
993 gnutls_cipher_algorithm_t algorithm
)
996 for (i
= 0; i
< session
->internals
.priorities
.cipher
.algorithms
; i
++)
998 if (session
->internals
.priorities
.cipher
.priority
[i
] == algorithm
)
1006 _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm
)
1010 GNUTLS_ALG_LOOP (ret
= p
->block
);
1016 _gnutls_cipher_algo_is_aead (gnutls_cipher_algorithm_t algorithm
)
1020 GNUTLS_ALG_LOOP (ret
= p
->auth
);
1026 * gnutls_cipher_get_key_size:
1027 * @algorithm: is an encryption algorithm
1029 * Get key size for cipher.
1031 * Returns: length (in bytes) of the given cipher's key size, or 0 if
1032 * the given cipher is invalid.
1035 gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm
)
1038 GNUTLS_ALG_LOOP (ret
= p
->keysize
);
1044 _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm
)
1047 GNUTLS_ALG_LOOP (ret
= p
->iv
);
1053 _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm
)
1056 GNUTLS_ALG_LOOP (ret
= p
->export_flag
);
1062 * gnutls_cipher_get_name:
1063 * @algorithm: is an encryption algorithm
1065 * Convert a #gnutls_cipher_algorithm_t type to a string.
1067 * Returns: a pointer to a string that contains the name of the
1068 * specified cipher, or %NULL.
1071 gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm
)
1073 const char *ret
= NULL
;
1076 GNUTLS_ALG_LOOP (ret
= p
->name
);
1082 * gnutls_cipher_get_id:
1083 * @name: is a MAC algorithm name
1085 * The names are compared in a case insensitive way.
1087 * Returns: return a #gnutls_cipher_algorithm_t value corresponding to
1088 * the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error.
1090 gnutls_cipher_algorithm_t
1091 gnutls_cipher_get_id (const char *name
)
1093 gnutls_cipher_algorithm_t ret
= GNUTLS_CIPHER_UNKNOWN
;
1095 GNUTLS_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
1101 * gnutls_cipher_list:
1103 * Get a list of supported cipher algorithms. Note that not
1104 * necessarily all ciphers are supported as TLS cipher suites. For
1105 * example, DES is not supported as a cipher suite, but is supported
1106 * for other purposes (e.g., PKCS#8 or similar).
1108 * Returns: a zero-terminated list of #gnutls_cipher_algorithm_t
1109 * integers indicating the available ciphers.
1112 const gnutls_cipher_algorithm_t
*
1113 gnutls_cipher_list (void)
1115 return supported_ciphers
;
1119 _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm
)
1122 GNUTLS_ALG_LOOP (ret
= p
->id
);
1130 /* Key EXCHANGE functions */
1132 _gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm
)
1134 mod_auth_st
*ret
= NULL
;
1135 GNUTLS_KX_ALG_LOOP (ret
= p
->auth_struct
);
1142 _gnutls_kx_priority (gnutls_session_t session
,
1143 gnutls_kx_algorithm_t algorithm
)
1146 for (i
= 0; i
< session
->internals
.priorities
.kx
.algorithms
; i
++)
1148 if (session
->internals
.priorities
.kx
.priority
[i
] == algorithm
)
1155 * gnutls_kx_get_name:
1156 * @algorithm: is a key exchange algorithm
1158 * Convert a #gnutls_kx_algorithm_t value to a string.
1160 * Returns: a pointer to a string that contains the name of the
1161 * specified key exchange algorithm, or %NULL.
1164 gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm
)
1166 const char *ret
= NULL
;
1169 GNUTLS_KX_ALG_LOOP (ret
= p
->name
);
1176 * @name: is a KX name
1178 * Convert a string to a #gnutls_kx_algorithm_t value. The names are
1179 * compared in a case insensitive way.
1181 * Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN
1184 gnutls_kx_algorithm_t
1185 gnutls_kx_get_id (const char *name
)
1187 gnutls_cipher_algorithm_t ret
= GNUTLS_KX_UNKNOWN
;
1189 GNUTLS_KX_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->algorithm
);
1197 * Get a list of supported key exchange algorithms.
1199 * Returns: a zero-terminated list of #gnutls_kx_algorithm_t integers
1200 * indicating the available key exchange algorithms.
1202 const gnutls_kx_algorithm_t
*
1203 gnutls_kx_list (void)
1205 return supported_kxs
;
1209 _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm
)
1212 GNUTLS_KX_ALG_LOOP (ret
= p
->algorithm
);
1221 _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm
)
1224 GNUTLS_KX_ALG_LOOP (ret
= p
->needs_rsa_params
);
1229 _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm
)
1232 GNUTLS_KX_ALG_LOOP (ret
= p
->needs_dh_params
);
1239 _gnutls_version_priority (gnutls_session_t session
, gnutls_protocol_t version
)
1240 { /* actually returns the priority */
1243 for (i
= 0; i
< session
->internals
.priorities
.protocol
.algorithms
; i
++)
1245 if (session
->internals
.priorities
.protocol
.priority
[i
] == version
)
1252 _gnutls_version_lowest (gnutls_session_t session
)
1253 { /* returns the lowest version supported */
1254 unsigned int i
, min
= 0xff;
1255 gnutls_protocol_t cur_prot
;
1257 for (i
= 0; i
< session
->internals
.priorities
.protocol
.algorithms
; i
++)
1259 cur_prot
= session
->internals
.priorities
.protocol
.priority
[i
];
1261 if (cur_prot
< min
&& _gnutls_version_is_supported(session
, cur_prot
))
1266 return GNUTLS_VERSION_UNKNOWN
; /* unknown version */
1272 _gnutls_version_max (gnutls_session_t session
)
1273 { /* returns the maximum version supported */
1274 unsigned int i
, max
= 0x00;
1275 gnutls_protocol_t cur_prot
;
1277 for (i
= 0; i
< session
->internals
.priorities
.protocol
.algorithms
; i
++)
1279 cur_prot
= session
->internals
.priorities
.protocol
.priority
[i
];
1281 if (cur_prot
> max
&& _gnutls_version_is_supported(session
, cur_prot
))
1286 return GNUTLS_VERSION_UNKNOWN
; /* unknown version */
1293 * gnutls_protocol_get_name:
1294 * @version: is a (gnutls) version number
1296 * Convert a #gnutls_protocol_t value to a string.
1298 * Returns: a string that contains the name of the specified TLS
1299 * version (e.g., "TLS1.0"), or %NULL.
1302 gnutls_protocol_get_name (gnutls_protocol_t version
)
1304 const char *ret
= NULL
;
1307 GNUTLS_VERSION_ALG_LOOP (ret
= p
->name
);
1312 * gnutls_protocol_get_id:
1313 * @name: is a protocol name
1315 * The names are compared in a case insensitive way.
1317 * Returns: an id of the specified protocol, or
1318 * %GNUTLS_VERSION_UNKNOWN on error.
1321 gnutls_protocol_get_id (const char *name
)
1323 gnutls_protocol_t ret
= GNUTLS_VERSION_UNKNOWN
;
1325 GNUTLS_VERSION_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
1331 * gnutls_protocol_list:
1333 * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
1335 * Returns: a zero-terminated list of #gnutls_protocol_t integers
1336 * indicating the available protocols.
1339 const gnutls_protocol_t
*
1340 gnutls_protocol_list (void)
1342 return supported_protocols
;
1346 _gnutls_version_get_minor (gnutls_protocol_t version
)
1350 GNUTLS_VERSION_ALG_LOOP (ret
= p
->minor
);
1355 _gnutls_version_get (int major
, int minor
)
1359 GNUTLS_VERSION_LOOP (if ((p
->major
== major
) && (p
->minor
== minor
))
1365 _gnutls_version_get_major (gnutls_protocol_t version
)
1369 GNUTLS_VERSION_ALG_LOOP (ret
= p
->major
);
1373 /* Version Functions */
1376 _gnutls_version_is_supported (gnutls_session_t session
,
1377 const gnutls_protocol_t version
)
1381 GNUTLS_VERSION_ALG_LOOP (ret
= p
->supported
&& p
->transport
== session
->internals
.transport
);
1386 if (_gnutls_version_priority (session
, version
) < 0)
1387 return 0; /* disabled by the user */
1393 /* This function determines if the version specified has a
1394 cipher-suite selected PRF hash function instead of the old
1395 hardcoded MD5+SHA1. */
1397 _gnutls_version_has_selectable_prf (gnutls_protocol_t version
)
1401 case GNUTLS_DTLS1_0
:
1411 /* This function determines if the version specified has selectable
1412 signature/hash functions for certificate authentification. */
1414 _gnutls_version_has_selectable_sighash (gnutls_protocol_t version
)
1418 case GNUTLS_DTLS1_0
:
1428 /* This function determines if the version specified has support for
1431 _gnutls_version_has_extensions (gnutls_protocol_t version
)
1438 /* Versions after TLS 1.0 are required to handle extensions.
1439 * SSL 3.0 also required extensions to be ignored, but
1440 * some earlier draft didn't.
1446 /* This function determines if the version specified has explicit IVs
1447 (for CBC attack prevention). */
1449 _gnutls_version_has_explicit_iv (gnutls_protocol_t version
)
1457 /* All versions after TLS 1.1 have explicit IV */
1462 /* This function determines if the version specified can have
1463 non-minimal padding. */
1465 _gnutls_version_has_variable_padding (gnutls_protocol_t version
)
1476 /* Type to KX mappings */
1477 gnutls_kx_algorithm_t
1478 _gnutls_map_kx_get_kx (gnutls_credentials_type_t type
, int server
)
1480 gnutls_kx_algorithm_t ret
= -1;
1484 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret
= p
->algorithm
);
1488 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret
= p
->algorithm
);
1493 /* Returns the credentials type required for this
1494 * Key exchange method.
1496 gnutls_credentials_type_t
1497 _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm
, int server
)
1499 gnutls_credentials_type_t ret
= -1;
1502 GNUTLS_KX_MAP_LOOP (if (p
->algorithm
== algorithm
) ret
=
1507 GNUTLS_KX_MAP_LOOP (if (p
->algorithm
== algorithm
) ret
=
1515 /* Cipher Suite's functions */
1516 gnutls_cipher_algorithm_t
1517 _gnutls_cipher_suite_get_cipher_algo (const cipher_suite_st
* suite
)
1520 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->block_algorithm
);
1525 _gnutls_cipher_suite_is_version_supported (gnutls_session_t session
, const cipher_suite_st
* suite
)
1528 int version
= gnutls_protocol_get_version( session
);
1530 GNUTLS_CIPHER_SUITE_ALG_LOOP (if (version
>= p
->min_version
1531 && version
<= p
->max_version
) ret
= 1;
1532 if (IS_DTLS(session
) && p
->dtls
==0) ret
= 0;);
1536 gnutls_kx_algorithm_t
1537 _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st
* suite
)
1541 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->kx_algorithm
);
1546 gnutls_mac_algorithm_t
1547 _gnutls_cipher_suite_get_mac_algo (const cipher_suite_st
* suite
)
1550 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->mac_algorithm
);
1556 _gnutls_cipher_suite_get_name (cipher_suite_st
* suite
)
1558 const char *ret
= NULL
;
1561 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->name
+ sizeof ("GNUTLS_") - 1);
1567 * gnutls_cipher_suite_get_name:
1568 * @kx_algorithm: is a Key exchange algorithm
1569 * @cipher_algorithm: is a cipher algorithm
1570 * @mac_algorithm: is a MAC algorithm
1572 * Note that the full cipher suite name must be prepended by TLS or
1573 * SSL depending of the protocol in use.
1575 * Returns: a string that contains the name of a TLS cipher suite,
1576 * specified by the given algorithms, or %NULL.
1579 gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm
,
1580 gnutls_cipher_algorithm_t cipher_algorithm
,
1581 gnutls_mac_algorithm_t mac_algorithm
)
1583 const char *ret
= NULL
;
1586 GNUTLS_CIPHER_SUITE_LOOP (if (kx_algorithm
== p
->kx_algorithm
&&
1587 cipher_algorithm
== p
->block_algorithm
&&
1588 mac_algorithm
== p
->mac_algorithm
)
1589 ret
= p
->name
+ sizeof ("GNUTLS_") - 1);
1595 * gnutls_cipher_suite_info:
1596 * @idx: index of cipher suite to get information about, starts on 0.
1597 * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
1598 * @kx: output variable indicating key exchange algorithm, or %NULL.
1599 * @cipher: output variable indicating cipher, or %NULL.
1600 * @mac: output variable indicating MAC algorithm, or %NULL.
1601 * @version: output variable indicating TLS protocol version, or %NULL.
1603 * Get information about supported cipher suites. Use the function
1604 * iteratively to get information about all supported cipher suites.
1605 * Call with idx=0 to get information about first cipher suite, then
1606 * idx=1 and so on until the function returns NULL.
1608 * Returns: the name of @idx cipher suite, and set the information
1609 * about the cipher suite in the output variables. If @idx is out of
1610 * bounds, %NULL is returned.
1613 gnutls_cipher_suite_info (size_t idx
,
1615 gnutls_kx_algorithm_t
* kx
,
1616 gnutls_cipher_algorithm_t
* cipher
,
1617 gnutls_mac_algorithm_t
* mac
,
1618 gnutls_protocol_t
* min_version
)
1620 if (idx
>= CIPHER_SUITES_COUNT
)
1624 memcpy (cs_id
, cs_algorithms
[idx
].id
.suite
, 2);
1626 *kx
= cs_algorithms
[idx
].kx_algorithm
;
1628 *cipher
= cs_algorithms
[idx
].block_algorithm
;
1630 *mac
= cs_algorithms
[idx
].mac_algorithm
;
1632 *min_version
= cs_algorithms
[idx
].min_version
;
1634 return cs_algorithms
[idx
].name
+ sizeof ("GNU") - 1;
1639 _gnutls_cipher_suite_is_ok (cipher_suite_st
* suite
)
1642 const char *name
= NULL
;
1644 GNUTLS_CIPHER_SUITE_ALG_LOOP (name
= p
->name
);
1653 #define SWAP(x, y) memcpy(tmp,x,size); \
1657 #define MAX_ELEM_SIZE 4
1659 _gnutls_partition (gnutls_session_t session
, void *_base
,
1660 size_t nmemb
, size_t size
,
1661 int (*compar
) (gnutls_session_t
,
1662 const void *, const void *))
1664 uint8_t *base
= _base
;
1665 uint8_t tmp
[MAX_ELEM_SIZE
];
1666 uint8_t ptmp
[MAX_ELEM_SIZE
];
1672 j
= full
= (nmemb
- 1) * size
;
1674 memcpy (ptmp
, &base
[0], size
); /* set pivot item */
1678 while ((compar (session
, &base
[i
], ptmp
) <= 0) && (i
< full
))
1682 while ((compar (session
, &base
[j
], ptmp
) >= 0) && (j
> 0))
1687 SWAP (&base
[j
], &base
[i
]);
1693 SWAP (&base
[pivot
], &base
[j
]);
1698 SWAP (&base
[pivot
], &base
[i
]);
1701 return pivot
/ size
;
1705 _gnutls_qsort (gnutls_session_t session
, void *_base
, size_t nmemb
,
1706 size_t size
, int (*compar
) (gnutls_session_t
, const void *,
1711 size_t snmemb
= nmemb
;
1714 if (size
> MAX_ELEM_SIZE
)
1717 _gnutls_debug_log ("QSORT BUG\n");
1724 pivot
= _gnutls_partition (session
, _base
, nmemb
, size
, compar
);
1726 _gnutls_qsort (session
, base
, pivot
< nmemb
? pivot
+ 1 : pivot
, size
,
1728 _gnutls_qsort (session
, &base
[(pivot
+ 1) * size
], nmemb
- pivot
- 1,
1733 /* a compare function for KX algorithms (using priorities).
1734 * For use with qsort
1737 _gnutls_compare_algo (gnutls_session_t session
, const void *i_A1
,
1740 gnutls_kx_algorithm_t kA1
=
1741 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st
*) i_A1
);
1742 gnutls_kx_algorithm_t kA2
=
1743 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st
*) i_A2
);
1744 gnutls_cipher_algorithm_t cA1
=
1745 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st
*) i_A1
);
1746 gnutls_cipher_algorithm_t cA2
=
1747 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st
*) i_A2
);
1748 gnutls_mac_algorithm_t mA1
=
1749 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st
*) i_A1
);
1750 gnutls_mac_algorithm_t mA2
=
1751 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st
*) i_A2
);
1753 int p1
= (_gnutls_kx_priority (session
, kA1
) + 1) * 64;
1754 int p2
= (_gnutls_kx_priority (session
, kA2
) + 1) * 64;
1755 p1
+= (_gnutls_cipher_priority (session
, cA1
) + 1) * 8;
1756 p2
+= (_gnutls_cipher_priority (session
, cA2
) + 1) * 8;
1757 p1
+= _gnutls_mac_priority (session
, mA1
);
1758 p2
+= _gnutls_mac_priority (session
, mA2
);
1775 _gnutls_supported_ciphersuites_sorted (gnutls_session_t session
,
1776 cipher_suite_st
** ciphers
)
1781 count
= _gnutls_supported_ciphersuites (session
, ciphers
);
1788 _gnutls_qsort (session
, *ciphers
, count
,
1789 sizeof (cipher_suite_st
), _gnutls_compare_algo
);
1795 _gnutls_supported_ciphersuites (gnutls_session_t session
,
1796 cipher_suite_st
** _ciphers
)
1799 unsigned int i
, ret_count
, j
;
1800 unsigned int count
= CIPHER_SUITES_COUNT
;
1801 cipher_suite_st
*tmp_ciphers
;
1802 cipher_suite_st
*ciphers
;
1809 tmp_ciphers
= gnutls_malloc (count
* sizeof (cipher_suite_st
));
1810 if (tmp_ciphers
== NULL
)
1811 return GNUTLS_E_MEMORY_ERROR
;
1813 ciphers
= gnutls_malloc (count
* sizeof (cipher_suite_st
));
1814 if (ciphers
== NULL
)
1816 gnutls_free (tmp_ciphers
);
1817 return GNUTLS_E_MEMORY_ERROR
;
1820 for (i
= 0; i
< count
; i
++)
1822 memcpy (&tmp_ciphers
[i
], &cs_algorithms
[i
].id
,
1823 sizeof (cipher_suite_st
));
1826 for (i
= j
= 0; i
< count
; i
++)
1828 /* remove private cipher suites, if requested.
1830 if (tmp_ciphers
[i
].suite
[0] == 0xFF &&
1831 session
->internals
.enable_private
== 0)
1834 /* remove cipher suites which do not support the
1835 * protocol version used.
1837 if (_gnutls_cipher_suite_is_version_supported (session
, &tmp_ciphers
[i
])
1841 if (_gnutls_kx_priority
1842 (session
, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers
[i
])) < 0)
1845 if (_gnutls_mac_priority
1846 (session
, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers
[i
])) < 0)
1849 if (_gnutls_cipher_priority
1851 _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers
[i
])) < 0)
1854 memcpy (&ciphers
[j
], &tmp_ciphers
[i
], sizeof (cipher_suite_st
));
1860 #if 0 /* expensive */
1861 if (ret_count
> 0 && ret_count
!= count
)
1864 gnutls_realloc_fast (ciphers
, ret_count
* sizeof (cipher_suite_st
));
1868 if (ret_count
!= count
)
1870 gnutls_free (ciphers
);
1876 gnutls_free (tmp_ciphers
);
1878 /* This function can no longer return 0 cipher suites.
1879 * It returns an error code instead.
1884 gnutls_free (ciphers
);
1885 return GNUTLS_E_NO_CIPHER_SUITES
;
1887 *_ciphers
= ciphers
;
1892 * gnutls_certificate_type_get_name:
1893 * @type: is a certificate type
1895 * Convert a #gnutls_certificate_type_t type to a string.
1897 * Returns: a string that contains the name of the specified
1898 * certificate type, or %NULL in case of unknown types.
1901 gnutls_certificate_type_get_name (gnutls_certificate_type_t type
)
1903 const char *ret
= NULL
;
1905 if (type
== GNUTLS_CRT_X509
)
1907 if (type
== GNUTLS_CRT_OPENPGP
)
1914 * gnutls_certificate_type_get_id:
1915 * @name: is a certificate type name
1917 * The names are compared in a case insensitive way.
1919 * Returns: a #gnutls_certificate_type_t for the specified in a
1920 * string certificate type, or %GNUTLS_CRT_UNKNOWN on error.
1922 gnutls_certificate_type_t
1923 gnutls_certificate_type_get_id (const char *name
)
1925 gnutls_certificate_type_t ret
= GNUTLS_CRT_UNKNOWN
;
1927 if (strcasecmp (name
, "X.509") == 0 || strcasecmp (name
, "X509") == 0)
1928 return GNUTLS_CRT_X509
;
1929 if (strcasecmp (name
, "OPENPGP") == 0)
1930 return GNUTLS_CRT_OPENPGP
;
1935 static const gnutls_certificate_type_t supported_certificate_types
[] = {
1942 * gnutls_certificate_type_list:
1944 * Get a list of certificate types. Note that to be able to use
1945 * OpenPGP certificates, you must link to libgnutls-extra and call
1946 * gnutls_global_init_extra().
1948 * Returns: a zero-terminated list of #gnutls_certificate_type_t
1949 * integers indicating the available certificate types.
1951 const gnutls_certificate_type_t
*
1952 gnutls_certificate_type_list (void)
1954 return supported_certificate_types
;
1957 /* returns the gnutls_pk_algorithm_t which is compatible with
1958 * the given gnutls_kx_algorithm_t.
1960 gnutls_pk_algorithm_t
1961 _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm
)
1963 gnutls_pk_algorithm_t ret
= -1;
1965 GNUTLS_PK_MAP_ALG_LOOP (ret
= p
->pk_algorithm
) return ret
;
1968 /* Returns the encipher type for the given key exchange algorithm.
1969 * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN.
1971 * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
1974 _gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm
)
1976 int ret
= CIPHER_IGN
;
1977 GNUTLS_PK_MAP_ALG_LOOP (ret
= p
->encipher_type
) return ret
;
1981 /* signature algorithms;
1983 struct gnutls_sign_entry
1987 gnutls_sign_algorithm_t id
;
1988 gnutls_pk_algorithm_t pk
;
1989 gnutls_mac_algorithm_t mac
;
1990 /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
1991 for values to use in aid struct. */
1992 const sign_algorithm_st aid
;
1994 typedef struct gnutls_sign_entry gnutls_sign_entry
;
1996 #define TLS_SIGN_AID_UNKNOWN {255, 255}
1997 static const sign_algorithm_st unknown_tls_aid
= TLS_SIGN_AID_UNKNOWN
;
1999 static const gnutls_sign_entry sign_algorithms
[] = {
2000 {"RSA-SHA1", SIG_RSA_SHA1_OID
, GNUTLS_SIGN_RSA_SHA1
, GNUTLS_PK_RSA
,
2001 GNUTLS_MAC_SHA1
, {2, 1}},
2002 {"RSA-SHA224", SIG_RSA_SHA224_OID
, GNUTLS_SIGN_RSA_SHA224
, GNUTLS_PK_RSA
,
2003 GNUTLS_MAC_SHA224
, {3, 1}},
2004 {"RSA-SHA256", SIG_RSA_SHA256_OID
, GNUTLS_SIGN_RSA_SHA256
, GNUTLS_PK_RSA
,
2005 GNUTLS_MAC_SHA256
, {4, 1}},
2006 {"RSA-SHA384", SIG_RSA_SHA384_OID
, GNUTLS_SIGN_RSA_SHA384
, GNUTLS_PK_RSA
,
2007 GNUTLS_MAC_SHA384
, {5, 1}},
2008 {"RSA-SHA512", SIG_RSA_SHA512_OID
, GNUTLS_SIGN_RSA_SHA512
, GNUTLS_PK_RSA
,
2009 GNUTLS_MAC_SHA512
, {6, 1}},
2010 {"RSA-RMD160", SIG_RSA_RMD160_OID
, GNUTLS_SIGN_RSA_RMD160
, GNUTLS_PK_RSA
,
2011 GNUTLS_MAC_RMD160
, TLS_SIGN_AID_UNKNOWN
},
2012 {"DSA-SHA1", SIG_DSA_SHA1_OID
, GNUTLS_SIGN_DSA_SHA1
, GNUTLS_PK_DSA
,
2013 GNUTLS_MAC_SHA1
, {2, 2}},
2014 {"DSA-SHA224", SIG_DSA_SHA224_OID
, GNUTLS_SIGN_DSA_SHA224
, GNUTLS_PK_DSA
,
2015 GNUTLS_MAC_SHA224
, {3, 2}},
2016 {"DSA-SHA256", SIG_DSA_SHA256_OID
, GNUTLS_SIGN_DSA_SHA256
, GNUTLS_PK_DSA
,
2017 GNUTLS_MAC_SHA256
, {4, 2}},
2018 {"RSA-MD5", SIG_RSA_MD5_OID
, GNUTLS_SIGN_RSA_MD5
, GNUTLS_PK_RSA
,
2019 GNUTLS_MAC_MD5
, {1, 1}},
2020 {"RSA-MD2", SIG_RSA_MD2_OID
, GNUTLS_SIGN_RSA_MD2
, GNUTLS_PK_RSA
,
2021 GNUTLS_MAC_MD2
, TLS_SIGN_AID_UNKNOWN
},
2022 {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID
, 0, 0, 0,
2023 TLS_SIGN_AID_UNKNOWN
},
2024 {"GOST R 34.10-94", SIG_GOST_R3410_94_OID
, 0, 0, 0, TLS_SIGN_AID_UNKNOWN
},
2025 {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN
}
2028 /* Keep the contents of this struct the same as the previous one. */
2029 static const gnutls_sign_algorithm_t supported_sign
[] = {
2030 GNUTLS_SIGN_RSA_SHA1
,
2031 GNUTLS_SIGN_RSA_SHA256
,
2032 GNUTLS_SIGN_RSA_SHA384
,
2033 GNUTLS_SIGN_RSA_SHA512
,
2034 GNUTLS_SIGN_RSA_RMD160
,
2035 GNUTLS_SIGN_DSA_SHA1
,
2036 GNUTLS_SIGN_RSA_MD5
,
2037 GNUTLS_SIGN_RSA_MD2
,
2041 #define GNUTLS_SIGN_LOOP(b) \
2043 const gnutls_sign_entry *p; \
2044 for(p = sign_algorithms; p->name != NULL; p++) { b ; } \
2047 #define GNUTLS_SIGN_ALG_LOOP(a) \
2048 GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
2051 * gnutls_sign_get_name:
2052 * @sign: is a sign algorithm
2054 * Convert a #gnutls_sign_algorithm_t value to a string.
2056 * Returns: a string that contains the name of the specified sign
2057 * algorithm, or %NULL.
2060 gnutls_sign_get_name (gnutls_sign_algorithm_t sign
)
2062 const char *ret
= NULL
;
2065 GNUTLS_SIGN_ALG_LOOP (ret
= p
->name
);
2073 * Get a list of supported public key signature algorithms.
2075 * Returns: a zero-terminated list of #gnutls_sign_algorithm_t
2076 * integers indicating the available ciphers.
2079 const gnutls_sign_algorithm_t
*
2080 gnutls_sign_list (void)
2082 return supported_sign
;
2086 * gnutls_sign_get_id:
2087 * @name: is a MAC algorithm name
2089 * The names are compared in a case insensitive way.
2091 * Returns: return a #gnutls_sign_algorithm_t value corresponding to
2092 * the specified cipher, or %GNUTLS_SIGN_UNKNOWN on error.
2094 gnutls_sign_algorithm_t
2095 gnutls_sign_get_id (const char *name
)
2097 gnutls_sign_algorithm_t ret
= GNUTLS_SIGN_UNKNOWN
;
2099 GNUTLS_SIGN_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
2105 gnutls_sign_algorithm_t
2106 _gnutls_x509_oid2sign_algorithm (const char *oid
)
2108 gnutls_sign_algorithm_t ret
= 0;
2110 GNUTLS_SIGN_LOOP (if (p
->oid
&& strcmp (oid
, p
->oid
) == 0)
2112 ret
= p
->id
; break;}
2117 _gnutls_debug_log ("Unknown SIGN OID: '%s'\n", oid
);
2118 return GNUTLS_SIGN_UNKNOWN
;
2123 gnutls_sign_algorithm_t
2124 _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk
, gnutls_mac_algorithm_t mac
)
2126 gnutls_sign_algorithm_t ret
= 0;
2128 GNUTLS_SIGN_LOOP (if (pk
== p
->pk
&& mac
== p
->mac
)
2130 ret
= p
->id
; break;}
2134 return GNUTLS_SIGN_UNKNOWN
;
2139 _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk
,
2140 gnutls_mac_algorithm_t mac
)
2142 gnutls_sign_algorithm_t sign
;
2143 const char *ret
= NULL
;
2145 sign
= _gnutls_x509_pk_to_sign (pk
, mac
);
2146 if (sign
== GNUTLS_SIGN_UNKNOWN
)
2149 GNUTLS_SIGN_ALG_LOOP (ret
= p
->oid
);
2153 gnutls_mac_algorithm_t
2154 _gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign
)
2156 gnutls_mac_algorithm_t ret
= GNUTLS_DIG_UNKNOWN
;
2158 GNUTLS_SIGN_ALG_LOOP (ret
= p
->mac
);
2163 gnutls_pk_algorithm_t
2164 _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign
)
2166 gnutls_pk_algorithm_t ret
= GNUTLS_PK_UNKNOWN
;
2168 GNUTLS_SIGN_ALG_LOOP (ret
= p
->pk
);
2173 gnutls_sign_algorithm_t
2174 _gnutls_tls_aid_to_sign (const sign_algorithm_st
* aid
)
2176 gnutls_sign_algorithm_t ret
= GNUTLS_SIGN_UNKNOWN
;
2178 if (memcmp(aid
, &unknown_tls_aid
, sizeof(aid
))==0)
2181 GNUTLS_SIGN_LOOP (if (p
->aid
.hash_algorithm
== aid
->hash_algorithm
2182 && p
->aid
.sign_algorithm
== aid
->sign_algorithm
)
2192 /* Returns NULL if a valid AID is not found
2194 const sign_algorithm_st
*
2195 _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign
)
2197 const sign_algorithm_st
* ret
= NULL
;
2199 GNUTLS_SIGN_ALG_LOOP (ret
= &p
->aid
);
2201 if (ret
!= NULL
&& memcmp(ret
, &unknown_tls_aid
, sizeof(*ret
))==0)
2211 struct gnutls_pk_entry
2215 gnutls_pk_algorithm_t id
;
2217 typedef struct gnutls_pk_entry gnutls_pk_entry
;
2219 static const gnutls_pk_entry pk_algorithms
[] = {
2220 /* having duplicate entries is ok, as long as the one
2221 * we want to return OID from is first */
2222 {"RSA", PK_PKIX1_RSA_OID
, GNUTLS_PK_RSA
},
2223 {"RSA (X.509)", PK_X509_RSA_OID
, GNUTLS_PK_RSA
}, /* some certificates use this OID for RSA */
2224 {"RSA (MD5)", SIG_RSA_MD5_OID
, GNUTLS_PK_RSA
}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
2225 {"RSA (SHA1)", SIG_RSA_SHA1_OID
, GNUTLS_PK_RSA
}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
2226 {"DSA", PK_DSA_OID
, GNUTLS_PK_DSA
},
2227 {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID
, GNUTLS_PK_UNKNOWN
},
2228 {"GOST R 34.10-94", PK_GOST_R3410_94_OID
, GNUTLS_PK_UNKNOWN
},
2233 * gnutls_pk_algorithm_get_name:
2234 * @algorithm: is a pk algorithm
2236 * Convert a #gnutls_pk_algorithm_t value to a string.
2238 * Returns: a string that contains the name of the specified public
2239 * key algorithm, or %NULL.
2242 gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm
)
2244 const char *ret
= NULL
;
2245 const gnutls_pk_entry
*p
;
2247 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2248 if (p
->id
== algorithm
)
2260 * Get a list of supported public key algorithms.
2262 * Returns: a zero-terminated list of #gnutls_pk_algorithm_t integers
2263 * indicating the available ciphers.
2267 const gnutls_pk_algorithm_t
*
2268 gnutls_pk_list (void)
2270 static const gnutls_pk_algorithm_t supported_pks
[] = {
2273 /* GNUTLS_PK_DH is not returned because it is not
2274 * a real public key algorithm. I.e. cannot be used
2275 * as a public key algorithm of a certificate.
2280 return supported_pks
;
2285 * @name: is a string containing a public key algorithm name.
2287 * Convert a string to a #gnutls_pk_algorithm_t value. The names are
2288 * compared in a case insensitive way. For example,
2289 * gnutls_pk_get_id("RSA") will return %GNUTLS_PK_RSA.
2291 * Returns: a #gnutls_pk_algorithm_t id of the specified public key
2292 * algorithm string, or %GNUTLS_PK_UNKNOWN on failures.
2296 gnutls_pk_algorithm_t
2297 gnutls_pk_get_id (const char *name
)
2299 gnutls_pk_algorithm_t ret
= GNUTLS_PK_UNKNOWN
;
2300 const gnutls_pk_entry
*p
;
2302 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2303 if (name
&& strcmp (p
->name
, name
) == 0)
2313 * gnutls_pk_get_name:
2314 * @algorithm: is a public key algorithm
2316 * Convert a #gnutls_pk_algorithm_t value to a string.
2318 * Returns: a pointer to a string that contains the name of the
2319 * specified public key algorithm, or %NULL.
2324 gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm
)
2326 const char *ret
= "Unknown";
2327 const gnutls_pk_entry
*p
;
2329 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2330 if (algorithm
== p
->id
)
2339 gnutls_pk_algorithm_t
2340 _gnutls_x509_oid2pk_algorithm (const char *oid
)
2342 gnutls_pk_algorithm_t ret
= GNUTLS_PK_UNKNOWN
;
2343 const gnutls_pk_entry
*p
;
2345 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2346 if (p
->oid
&& strcmp (p
->oid
, oid
) == 0)
2356 _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm
)
2358 const char *ret
= NULL
;
2359 const gnutls_pk_entry
*p
;
2361 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2362 if (p
->id
== algorithm
)
2372 * gnutls_sec_param_to_pk_bits:
2373 * @algo: is a public key algorithm
2374 * @param: is a security parameter
2376 * When generating private and public key pairs a difficult question
2377 * is which size of "bits" the modulus will be in RSA and the group size
2378 * in DSA. The easy answer is 1024, which is also wrong. This function
2379 * will convert a human understandable security parameter to an
2380 * appropriate size for the specific algorithm.
2382 * Returns: The number of bits, or zero.
2386 gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo
,
2387 gnutls_sec_param_t param
)
2389 unsigned int ret
= 0;
2391 /* handle DSA differently */
2392 if (algo
== GNUTLS_PK_DSA
)
2394 GNUTLS_SEC_PARAM_LOOP (if (p
->sec_param
== param
)
2396 ret
= p
->dsa_bits
; break;}
2401 GNUTLS_SEC_PARAM_LOOP (if (p
->sec_param
== param
)
2403 ret
= p
->pk_bits
; break;}
2409 /* Returns the corresponding size for subgroup bits (q),
2410 * given the group bits (p).
2413 _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits
)
2415 unsigned int ret
= 0;
2417 GNUTLS_SEC_PARAM_LOOP (if (p
->pk_bits
>= pk_bits
)
2419 ret
= p
->subgroup_bits
; break;}
2426 * gnutls_sec_param_get_name:
2427 * @param: is a security parameter
2429 * Convert a #gnutls_sec_param_t value to a string.
2431 * Returns: a pointer to a string that contains the name of the
2432 * specified public key algorithm, or %NULL.
2436 gnutls_sec_param_get_name (gnutls_sec_param_t param
)
2438 const char *ret
= "Unknown";
2440 GNUTLS_SEC_PARAM_LOOP (if (p
->sec_param
== param
)
2442 ret
= p
->name
; break;}
2449 * gnutls_pk_bits_to_sec_param:
2450 * @algo: is a public key algorithm
2451 * @bits: is the number of bits
2453 * This is the inverse of gnutls_sec_param_to_pk_bits(). Given an algorithm
2454 * and the number of bits, it will return the security parameter. This is
2455 * a rough indication.
2457 * Returns: The security parameter.
2461 gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo
, unsigned int bits
)
2463 gnutls_sec_param_t ret
= GNUTLS_SEC_PARAM_WEAK
;
2465 GNUTLS_SEC_PARAM_LOOP (if (p
->pk_bits
> bits
)
2468 ret
= p
->sec_param
;);