search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Check whether `-fgnu89-inline' is supported before using it.
[gnutls.git] / lib / gnutls_algorithms.c
blobdc32003016897b6e8ae44896b911bcafc8feb5a7
1 /*
2 * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25 #include "gnutls_int.h"
26 #include "gnutls_algorithms.h"
27 #include "gnutls_errors.h"
28 #include "gnutls_cert.h"
29 #include <x509/common.h>
30
31
32
33 /* Cred type mappings to KX algorithms
34 * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
35 * more than one credentials type.
36 */
37 typedef struct
38 {
39 gnutls_kx_algorithm_t algorithm;
40 gnutls_credentials_type_t client_type;
41 gnutls_credentials_type_t server_type; /* The type of credentials a server
42 * needs to set */
43 } gnutls_cred_map;
44
45 static const gnutls_cred_map cred_mappings[] = {
46 {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
47 {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
48 {GNUTLS_KX_RSA_EXPORT, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
49 {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
50 {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
51 {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
52 {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
53 {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
54 {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
55 {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
56 {0, 0, 0}
57 };
58
59 #define GNUTLS_KX_MAP_LOOP(b) \
60 const gnutls_cred_map *p; \
61 for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
62
63 #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
64 GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
65
66 #define GNUTLS_KX_MAP_ALG_LOOP_CLIENT(a) \
67 GNUTLS_KX_MAP_LOOP( if(p->client_type == type) { a; break; })
68
69 /* KX mappings to PK algorithms */
70 typedef struct
71 {
72 gnutls_kx_algorithm_t kx_algorithm;
73 gnutls_pk_algorithm_t pk_algorithm;
74 enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
75 * for encryption, CIPHER_SIGN if signature only,
76 * CIPHER_IGN if this does not apply at all.
77 *
78 * This is useful to certificate cipher suites, which check
79 * against the certificate key usage bits.
80 */
81 } gnutls_pk_map;
82
83 /* This table maps the Key exchange algorithms to
84 * the certificate algorithms. Eg. if we have
85 * RSA algorithm in the certificate then we can
86 * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
87 */
88 static const gnutls_pk_map pk_mappings[] = {
89 {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
90 {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN},
91 {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
92 {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
93 {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
94 {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
95 {0, 0, 0}
96 };
97
98 #define GNUTLS_PK_MAP_LOOP(b) \
99 const gnutls_pk_map *p; \
100 for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
101
102 #define GNUTLS_PK_MAP_ALG_LOOP(a) \
103 GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
104
105
106
107 /* TLS Versions */
108
109 typedef struct
110 {
111 const char *name;
112 gnutls_protocol_t id; /* gnutls internal version number */
113 int major; /* defined by the protocol */
114 int minor; /* defined by the protocol */
115 int supported; /* 0 not supported, > 0 is supported */
116 } gnutls_version_entry;
117
118 static const gnutls_version_entry sup_versions[] = {
119 {"SSL3.0", GNUTLS_SSL3, 3, 0, 1},
120 {"TLS1.0", GNUTLS_TLS1, 3, 1, 1},
121 {"TLS1.1", GNUTLS_TLS1_1, 3, 2, 1},
122 {"TLS1.2", GNUTLS_TLS1_2, 3, 3, 1},
123 {0, 0, 0, 0, 0}
124 };
125
126 /* Keep the contents of this struct the same as the previous one. */
127 static const gnutls_protocol_t supported_protocols[] = {
128 GNUTLS_SSL3,
129 GNUTLS_TLS1,
130 GNUTLS_TLS1_1,
131 GNUTLS_TLS1_2,
132 0
133 };
134
135 #define GNUTLS_VERSION_LOOP(b) \
136 const gnutls_version_entry *p; \
137 for(p = sup_versions; p->name != NULL; p++) { b ; }
138
139 #define GNUTLS_VERSION_ALG_LOOP(a) \
140 GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
141
142
143 struct gnutls_cipher_entry
144 {
145 const char *name;
146 gnutls_cipher_algorithm_t id;
147 uint16_t blocksize;
148 uint16_t keysize;
149 cipher_type_t block;
150 uint16_t iv;
151 int export_flag; /* 0 non export */
152 };
153 typedef struct gnutls_cipher_entry gnutls_cipher_entry;
154
155 /* Note that all algorithms are in CBC or STREAM modes.
156 * Do not add any algorithms in other modes (avoid modified algorithms).
157 * View first: "The order of encryption and authentication for
158 * protecting communications" by Hugo Krawczyk - CRYPTO 2001
159 */
160 static const gnutls_cipher_entry algorithms[] = {
161 {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0},
162 {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0},
163 {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0},
164 {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0},
165 {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0},
166 {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1},
167 {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1},
168 #ifdef ENABLE_CAMELLIA
169 {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
170 16, 0},
171 {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
172 16, 0},
173 #endif
174 {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0},
175 {0, 0, 0, 0, 0, 0, 0}
176 };
177
178 /* Keep the contents of this struct the same as the previous one. */
179 static const gnutls_cipher_algorithm_t supported_ciphers[] = {
180 GNUTLS_CIPHER_AES_256_CBC,
181 GNUTLS_CIPHER_AES_128_CBC,
182 GNUTLS_CIPHER_3DES_CBC,
183 GNUTLS_CIPHER_DES_CBC,
184 GNUTLS_CIPHER_ARCFOUR_128,
185 GNUTLS_CIPHER_ARCFOUR_40,
186 GNUTLS_CIPHER_RC2_40_CBC,
187 #ifdef ENABLE_CAMELLIA
188 GNUTLS_CIPHER_CAMELLIA_256_CBC,
189 GNUTLS_CIPHER_CAMELLIA_128_CBC,
190 #endif
191 GNUTLS_CIPHER_NULL,
192 0
193 };
194
195 #define GNUTLS_LOOP(b) \
196 const gnutls_cipher_entry *p; \
197 for(p = algorithms; p->name != NULL; p++) { b ; }
198
199 #define GNUTLS_ALG_LOOP(a) \
200 GNUTLS_LOOP( if(p->id == algorithm) { a; break; } )
201
202
203 struct gnutls_hash_entry
204 {
205 const char *name;
206 const char *oid;
207 gnutls_mac_algorithm_t id;
208 size_t key_size; /* in case of mac */
209 };
210 typedef struct gnutls_hash_entry gnutls_hash_entry;
211
212 static const gnutls_hash_entry hash_algorithms[] = {
213 {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20},
214 {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16},
215 {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32},
216 {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48},
217 {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64},
218 {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */
219 {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20},
220 {"NULL", NULL, GNUTLS_MAC_NULL, 0},
221 {0, 0, 0, 0}
222 };
223
224 /* Keep the contents of this struct the same as the previous one. */
225 static const gnutls_mac_algorithm_t supported_macs[] = {
226 GNUTLS_MAC_SHA1,
227 GNUTLS_MAC_MD5,
228 GNUTLS_MAC_SHA256,
229 GNUTLS_MAC_SHA384,
230 GNUTLS_MAC_SHA512,
231 GNUTLS_MAC_MD2,
232 GNUTLS_MAC_RMD160,
233 GNUTLS_MAC_NULL,
234 0
235 };
236
237 #define GNUTLS_HASH_LOOP(b) \
238 const gnutls_hash_entry *p; \
239 for(p = hash_algorithms; p->name != NULL; p++) { b ; }
240
241 #define GNUTLS_HASH_ALG_LOOP(a) \
242 GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
243
244
245 /* Compression Section */
246 #define GNUTLS_COMPRESSION_ENTRY(name, id, wb, ml, cl) \
247 { #name, name, id, wb, ml, cl}
248
249
250 #define MAX_COMP_METHODS 5
251 const int _gnutls_comp_algorithms_size = MAX_COMP_METHODS;
252
253 /* the compression entry is defined in gnutls_algorithms.h */
254
255 gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = {
256 GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
257 #ifdef HAVE_LIBZ
258 /* draft-ietf-tls-compression-02 */
259 GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
260 #endif
261 {0, 0, 0, 0, 0, 0}
262 };
263
264 static const gnutls_compression_method_t supported_compressions[] = {
265 #ifdef USE_LZO
266 GNUTLS_COMP_LZO,
267 #endif
268 #ifdef HAVE_LIBZ
269 GNUTLS_COMP_DEFLATE,
270 #endif
271 GNUTLS_COMP_NULL,
272 0
273 };
274
275 #define GNUTLS_COMPRESSION_LOOP(b) \
276 const gnutls_compression_entry *p; \
277 for(p = _gnutls_compression_algorithms; p->name != NULL; p++) { b ; }
278 #define GNUTLS_COMPRESSION_ALG_LOOP(a) \
279 GNUTLS_COMPRESSION_LOOP( if(p->id == algorithm) { a; break; } )
280 #define GNUTLS_COMPRESSION_ALG_LOOP_NUM(a) \
281 GNUTLS_COMPRESSION_LOOP( if(p->num == num) { a; break; } )
282
283
284 /* Key Exchange Section */
285
286
287 extern mod_auth_st rsa_auth_struct;
288 extern mod_auth_st rsa_export_auth_struct;
289 extern mod_auth_st dhe_rsa_auth_struct;
290 extern mod_auth_st dhe_dss_auth_struct;
291 extern mod_auth_st anon_auth_struct;
292 extern mod_auth_st srp_auth_struct;
293 extern mod_auth_st psk_auth_struct;
294 extern mod_auth_st dhe_psk_auth_struct;
295 extern mod_auth_st srp_rsa_auth_struct;
296 extern mod_auth_st srp_dss_auth_struct;
297
298 struct gnutls_kx_algo_entry
299 {
300 const char *name;
301 gnutls_kx_algorithm_t algorithm;
302 mod_auth_st *auth_struct;
303 int needs_dh_params;
304 int needs_rsa_params;
305 };
306 typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry;
307
308 static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
309 #ifdef ENABLE_ANON
310 {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0},
311 #endif
312 {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0},
313 {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0,
314 1 /* needs RSA params */ },
315 {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0},
316 {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0},
317
318 #ifdef ENABLE_SRP
319 {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0},
320 {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0},
321 {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0, 0},
322 #endif
323 #ifdef ENABLE_PSK
324 {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0},
325 {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
326 1 /* needs DHE params */ , 0},
327 #endif
328 {0, 0, 0, 0, 0}
329 };
330
331 /* Keep the contents of this struct the same as the previous one. */
332 static const gnutls_kx_algorithm_t supported_kxs[] = {
333 #ifdef ENABLE_ANON
334 GNUTLS_KX_ANON_DH,
335 #endif
336 GNUTLS_KX_RSA,
337 GNUTLS_KX_RSA_EXPORT,
338 GNUTLS_KX_DHE_RSA,
339 GNUTLS_KX_DHE_DSS,
340 #ifdef ENABLE_SRP
341 GNUTLS_KX_SRP_DSS,
342 GNUTLS_KX_SRP_RSA,
343 GNUTLS_KX_SRP,
344 #endif
345 #ifdef ENABLE_PSK
346 GNUTLS_KX_PSK,
347 GNUTLS_KX_DHE_PSK,
348 #endif
349 0
350 };
351
352 #define GNUTLS_KX_LOOP(b) \
353 const gnutls_kx_algo_entry *p; \
354 for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
355
356 #define GNUTLS_KX_ALG_LOOP(a) \
357 GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
358
359
360
361 /* Cipher SUITES */
362 #define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, version ) \
363 { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version }
364
365 typedef struct
366 {
367 const char *name;
368 cipher_suite_st id;
369 gnutls_cipher_algorithm_t block_algorithm;
370 gnutls_kx_algorithm_t kx_algorithm;
371 gnutls_mac_algorithm_t mac_algorithm;
372 gnutls_protocol_t version; /* this cipher suite is supported
373 * from 'version' and above;
374 */
375 } gnutls_cipher_suite_entry;
376
377 /* RSA with NULL cipher and MD5 MAC
378 * for test purposes.
379 */
380 #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
381
382
383 /* ANONymous cipher suites.
384 */
385
386 #define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
387 #define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
388
389 /* rfc3268: */
390 #define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
391 #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
392
393 /* rfc4132 */
394 #define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
395 #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
396
397 /* PSK (not in TLS 1.0)
398 * draft-ietf-tls-psk:
399 */
400 #define GNUTLS_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8A }
401 #define GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8B }
402 #define GNUTLS_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x8C }
403 #define GNUTLS_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x8D }
404
405 #define GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8E }
406 #define GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8F }
407 #define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 }
408 #define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 }
409
410
411 /* SRP (rfc5054)
412 */
413 #define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A }
414 #define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B }
415 #define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C }
416
417 #define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D }
418 #define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E }
419 #define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F }
420
421 #define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 }
422 #define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 }
423 #define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 }
424
425 /* RSA
426 */
427 #define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 }
428 #define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 }
429 #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
430
431 #define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 }
432
433 /* rfc3268:
434 */
435 #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
436 #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
437
438 /* rfc4132 */
439 #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
440 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
441
442 /* DHE DSS
443 */
444
445 #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
446
447
448 /* draft-ietf-tls-56-bit-ciphersuites-01:
449 */
450 #define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 }
451
452
453 /* rfc3268:
454 */
455 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
456 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
457
458 /* rfc4132 */
459 #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
460 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
461
462 /* DHE RSA
463 */
464 #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
465
466 /* rfc3268:
467 */
468 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
469 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
470
471 /* rfc4132 */
472 #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
473 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
474
475 #define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
476
477 static const gnutls_cipher_suite_entry cs_algorithms[] = {
478 /* ANON_DH */
479 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
480 GNUTLS_CIPHER_ARCFOUR_128,
481 GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
482 GNUTLS_SSL3),
483 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
484 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
485 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
486 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
487 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
488 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
489 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
490 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
491 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
492 #ifdef ENABLE_CAMELLIA
493 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
494 GNUTLS_CIPHER_CAMELLIA_128_CBC,
495 GNUTLS_KX_ANON_DH,
496 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
497 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
498 GNUTLS_CIPHER_CAMELLIA_256_CBC,
499 GNUTLS_KX_ANON_DH,
500 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
501 #endif
502
503 /* PSK */
504 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
505 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
506 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
507 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
508 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
509 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
510 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
511 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
512 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
513 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
514 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
515 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
516
517 /* DHE-PSK */
518 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
519 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
520 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
521 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
522 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
523 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
524 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
525 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
526 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
527 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
528 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
529 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
530
531 /* SRP */
532 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
533 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
534 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
535 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
536 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
537 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
538 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
539 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
540 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
541
542 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
543 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
544 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
545
546 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
547 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
548 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
549
550 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
551 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
552 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
553
554 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
555 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
556 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
557
558 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
559 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
560 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
561
562 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
563 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
564 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
565
566 /* DHE_DSS */
567 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
568 GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
569 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
570 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
571 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
572 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
573 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
574 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
575 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
576 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
577 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
578 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
579 #ifdef ENABLE_CAMELLIA
580 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
581 GNUTLS_CIPHER_CAMELLIA_128_CBC,
582 GNUTLS_KX_DHE_DSS,
583 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
584 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
585 GNUTLS_CIPHER_CAMELLIA_256_CBC,
586 GNUTLS_KX_DHE_DSS,
587 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
588 #endif
589 /* DHE_RSA */
590 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
591 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
592 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
593 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
594 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
595 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
596 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
597 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
598 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
599 #ifdef ENABLE_CAMELLIA
600 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
601 GNUTLS_CIPHER_CAMELLIA_128_CBC,
602 GNUTLS_KX_DHE_RSA,
603 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
604 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
605 GNUTLS_CIPHER_CAMELLIA_256_CBC,
606 GNUTLS_KX_DHE_RSA,
607 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
608 #endif
609 /* RSA */
610 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
611 GNUTLS_CIPHER_NULL,
612 GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
613
614 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
615 GNUTLS_CIPHER_ARCFOUR_40,
616 GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
617 GNUTLS_SSL3),
618
619 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
620 GNUTLS_CIPHER_ARCFOUR_128,
621 GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
622 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
623 GNUTLS_CIPHER_ARCFOUR_128,
624 GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
625 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
626 GNUTLS_CIPHER_3DES_CBC,
627 GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
628 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
629 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
630 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
631 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
632 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
633 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
634 #ifdef ENABLE_CAMELLIA
635 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
636 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
637 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
638 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
639 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
640 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
641 #endif
642 {0, {{0, 0}}, 0, 0, 0, 0}
643 };
644
645 #define GNUTLS_CIPHER_SUITE_LOOP(b) \
646 const gnutls_cipher_suite_entry *p; \
647 for(p = cs_algorithms; p->name != NULL; p++) { b ; }
648
649 #define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \
650 GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } )
651
652
653
654 /* Generic Functions */
655
656 int
657 _gnutls_mac_priority (gnutls_session_t session,
658 gnutls_mac_algorithm_t algorithm)
659 { /* actually returns the priority */
660 unsigned int i;
661 for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
662 {
663 if (session->internals.priorities.mac.priority[i] == algorithm)
664 return i;
665 }
666 return -1;
667 }
668
669 /**
670 * gnutls_mac_get_name - Returns a string with the name of the specified mac algorithm
671 * @algorithm: is a MAC algorithm
672 *
673 * Convert a #gnutls_mac_algorithm_t value to a string.
674 *
675 * Returns: a string that contains the name of the specified MAC
676 * algorithm, or %NULL.
677 **/
678 const char *
679 gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
680 {
681 const char *ret = NULL;
682
683 /* avoid prefix */
684 GNUTLS_HASH_ALG_LOOP (ret = p->name);
685
686 return ret;
687 }
688
689 /**
690 * gnutls_mac_get_id - Returns the gnutls id of the specified in string algorithm
691 * @algorithm: is a MAC algorithm name
692 *
693 * Convert a string to a #gnutls_mac_algorithm_t value. The names are
694 * compared in a case insensitive way.
695 *
696 * Returns: an #gnutls_mac_algorithm_tid of the specified in a string
697 * MAC algorithm, or %GNUTLS_MAC_UNKNOWN on failures.
698 **/
699 gnutls_mac_algorithm_t
700 gnutls_mac_get_id (const char* name)
701 {
702 gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
703
704 GNUTLS_HASH_LOOP( if (strcasecmp( p->name, name)==0) ret = p->id);
705
706 return ret;
707 }
708
709 /**
710 * gnutls_mac_get_key_size - Returns the length of the MAC's key size
711 * @algorithm: is an encryption algorithm
712 *
713 * Get size of MAC key.
714 *
715 * Returns: length (in bytes) of the given MAC key size, or 0 if the
716 * given MAC algorithm is invalid.
717 **/
718 size_t
719 gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
720 {
721 size_t ret = 0;
722
723 /* avoid prefix */
724 GNUTLS_HASH_ALG_LOOP (ret = p->key_size);
725
726 return ret;
727 }
728
729 /**
730 * gnutls_mac_list - Get a list of supported MAC algorithms
731 *
732 * Get a list of hash algorithms for use as MACs. Note that not
733 * necessarily all MACs are supported in TLS cipher suites. For
734 * example, MD2 is not supported as a cipher suite, but is supported
735 * for other purposes (e.g., X.509 signature verification or similar).
736 *
737 * Returns: Return a zero-terminated list of #gnutls_mac_algorithm_t
738 * integers indicating the available MACs.
739 **/
740 const gnutls_mac_algorithm_t *
741 gnutls_mac_list (void)
742 {
743 return supported_macs;
744 }
745
746 const char *
747 _gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm)
748 {
749 const char *ret = NULL;
750
751 /* avoid prefix */
752 GNUTLS_HASH_ALG_LOOP (ret = p->oid);
753
754 return ret;
755 }
756
757 gnutls_mac_algorithm_t
758 _gnutls_x509_oid2mac_algorithm (const char *oid)
759 {
760 gnutls_mac_algorithm_t ret = 0;
761
762 GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
763 {
764 ret = p->id; break;}
765 );
766
767 if (ret == 0)
768 return GNUTLS_MAC_UNKNOWN;
769 return ret;
770 }
771
772
773 int
774 _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm)
775 {
776 ssize_t ret = -1;
777 GNUTLS_HASH_ALG_LOOP (ret = p->id);
778 if (ret >= 0)
779 ret = 0;
780 else
781 ret = 1;
782 return ret;
783 }
784
785 /* Compression Functions */
786 int
787 _gnutls_compression_priority (gnutls_session_t session,
788 gnutls_compression_method_t algorithm)
789 { /* actually returns the priority */
790 unsigned int i;
791 for (i = 0;
792 i < session->internals.priorities.compression.algorithms; i++)
793 {
794 if (session->internals.priorities.
795 compression.priority[i] == algorithm)
796 return i;
797 }
798 return -1;
799 }
800
801 /**
802 * gnutls_compression_get_name - Returns a string with the name of the specified compression algorithm
803 * @algorithm: is a Compression algorithm
804 *
805 * Convert a #gnutls_compression_method_t value to a string.
806 *
807 * Returns: a pointer to a string that contains the name of the
808 * specified compression algorithm, or %NULL.
809 **/
810 const char *
811 gnutls_compression_get_name (gnutls_compression_method_t algorithm)
812 {
813 const char *ret = NULL;
814
815 /* avoid prefix */
816 GNUTLS_COMPRESSION_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_COMP_") - 1);
817
818 return ret;
819 }
820
821 /**
822 * gnutls_compression_get_id - Returns the gnutls id of the specified in string algorithm
823 * @algorithm: is a compression method name
824 *
825 * The names are compared in a case insensitive way.
826 *
827 * Returns: an id of the specified in a string compression method, or
828 * %GNUTLS_COMP_UNKNOWN on error.
829 **/
830 gnutls_compression_method_t
831 gnutls_compression_get_id (const char* name)
832 {
833 gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN;
834
835 GNUTLS_COMPRESSION_LOOP( if (strcasecmp( p->name+sizeof("GNUTLS_COMP_")-1, name)==0) ret = p->id);
836
837 return ret;
838 }
839
840 /**
841 * gnutls_compression_list - Get a list of supported compression methods
842 *
843 * Get a list of compression methods. Note that to be able to use LZO
844 * compression, you must link to libgnutls-extra and call
845 * gnutls_global_init_extra().
846 *
847 * Returns: a zero-terminated list of #gnutls_compression_method_t
848 * integers indicating the available compression methods.
849 **/
850 const gnutls_compression_method_t *
851 gnutls_compression_list (void)
852 {
853 return supported_compressions;
854 }
855
856 /* return the tls number of the specified algorithm */
857 int
858 _gnutls_compression_get_num (gnutls_compression_method_t algorithm)
859 {
860 int ret = -1;
861
862 /* avoid prefix */
863 GNUTLS_COMPRESSION_ALG_LOOP (ret = p->num);
864
865 return ret;
866 }
867
868 int
869 _gnutls_compression_get_wbits (gnutls_compression_method_t algorithm)
870 {
871 int ret = -1;
872 /* avoid prefix */
873 GNUTLS_COMPRESSION_ALG_LOOP (ret = p->window_bits);
874 return ret;
875 }
876
877 int
878 _gnutls_compression_get_mem_level (gnutls_compression_method_t algorithm)
879 {
880 int ret = -1;
881 /* avoid prefix */
882 GNUTLS_COMPRESSION_ALG_LOOP (ret = p->mem_level);
883 return ret;
884 }
885
886 int
887 _gnutls_compression_get_comp_level (gnutls_compression_method_t algorithm)
888 {
889 int ret = -1;
890 /* avoid prefix */
891 GNUTLS_COMPRESSION_ALG_LOOP (ret = p->comp_level);
892 return ret;
893 }
894
895 /* returns the gnutls internal ID of the TLS compression
896 * method num
897 */
898 gnutls_compression_method_t
899 _gnutls_compression_get_id (int num)
900 {
901 gnutls_compression_method_t ret = -1;
902
903 /* avoid prefix */
904 GNUTLS_COMPRESSION_ALG_LOOP_NUM (ret = p->id);
905
906 return ret;
907 }
908
909 int
910 _gnutls_compression_is_ok (gnutls_compression_method_t algorithm)
911 {
912 ssize_t ret = -1;
913 GNUTLS_COMPRESSION_ALG_LOOP (ret = p->id);
914 if (ret >= 0)
915 ret = 0;
916 else
917 ret = 1;
918 return ret;
919 }
920
921
922
923 /* CIPHER functions */
924 int
925 _gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
926 {
927 size_t ret = 0;
928 GNUTLS_ALG_LOOP (ret = p->blocksize);
929 return ret;
930
931 }
932
933 /* returns the priority */
934 int
935 _gnutls_cipher_priority (gnutls_session_t session,
936 gnutls_cipher_algorithm_t algorithm)
937 {
938 unsigned int i;
939 for (i = 0;
940 i < session->internals.priorities.cipher.algorithms; i++)
941 {
942 if (session->internals.priorities.
943 cipher.priority[i] == algorithm)
944 return i;
945 }
946 return -1;
947 }
948
949
950 int
951 _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm)
952 {
953 size_t ret = 0;
954
955 GNUTLS_ALG_LOOP (ret = p->block);
956 return ret;
957
958 }
959
960 /**
961 * gnutls_cipher_get_key_size - Returns the length of the cipher's key size
962 * @algorithm: is an encryption algorithm
963 *
964 * Get key size for cipher.
965 *
966 * Returns: length (in bytes) of the given cipher's key size, or 0 if
967 * the given cipher is invalid.
968 **/
969 size_t
970 gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
971 { /* In bytes */
972 size_t ret = 0;
973 GNUTLS_ALG_LOOP (ret = p->keysize);
974 return ret;
975
976 }
977
978 int
979 _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm)
980 { /* In bytes */
981 size_t ret = 0;
982 GNUTLS_ALG_LOOP (ret = p->iv);
983 return ret;
984
985 }
986
987 int
988 _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm)
989 { /* In bytes */
990 size_t ret = 0;
991 GNUTLS_ALG_LOOP (ret = p->export_flag);
992 return ret;
993
994 }
995
996 /**
997 * gnutls_cipher_get_name - Returns a string with the name of the specified cipher algorithm
998 * @algorithm: is an encryption algorithm
999 *
1000 * Convert a #gnutls_cipher_algorithm_t type to a string.
1001 *
1002 * Returns: a pointer to a string that contains the name of the
1003 * specified cipher, or %NULL.
1004 **/
1005 const char *
1006 gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)
1007 {
1008 const char *ret = NULL;
1009
1010 /* avoid prefix */
1011 GNUTLS_ALG_LOOP (ret = p->name);
1012
1013 return ret;
1014 }
1015
1016 /**
1017 * gnutls_cipher_get_id - Returns the gnutls id of the specified in string algorithm
1018 * @algorithm: is a MAC algorithm name
1019 *
1020 * The names are compared in a case insensitive way.
1021 *
1022 * Returns: return a #gnutls_cipher_algorithm_t value corresponding to
1023 * the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error.
1024 **/
1025 gnutls_cipher_algorithm_t
1026 gnutls_cipher_get_id (const char* name)
1027 {
1028 gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
1029
1030 GNUTLS_LOOP( if (strcasecmp( p->name, name)==0) ret = p->id);
1031
1032 return ret;
1033 }
1034
1035 /**
1036 * gnutls_cipher_list - Get a list of supported ciphers
1037 *
1038 * Get a list of supported cipher algorithms. Note that not
1039 * necessarily all ciphers are supported as TLS cipher suites. For
1040 * example, DES is not supported as a cipher suite, but is supported
1041 * for other purposes (e.g., PKCS#8 or similar).
1042 *
1043 * Returns: a zero-terminated list of #gnutls_cipher_algorithm_t
1044 * integers indicating the available ciphers.
1045 *
1046 **/
1047 const gnutls_cipher_algorithm_t *
1048 gnutls_cipher_list (void)
1049 {
1050 return supported_ciphers;
1051 }
1052
1053 int
1054 _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm)
1055 {
1056 ssize_t ret = -1;
1057 GNUTLS_ALG_LOOP (ret = p->id);
1058 if (ret >= 0)
1059 ret = 0;
1060 else
1061 ret = 1;
1062 return ret;
1063 }
1064
1065 /* Key EXCHANGE functions */
1066 mod_auth_st *
1067 _gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm)
1068 {
1069 mod_auth_st *ret = NULL;
1070 GNUTLS_KX_ALG_LOOP (ret = p->auth_struct);
1071 return ret;
1072
1073 }
1074
1075
1076 int
1077 _gnutls_kx_priority (gnutls_session_t session,
1078 gnutls_kx_algorithm_t algorithm)
1079 {
1080 unsigned int i;
1081 for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
1082 {
1083 if (session->internals.priorities.kx.priority[i] == algorithm)
1084 return i;
1085 }
1086 return -1;
1087 }
1088
1089 /**
1090 * gnutls_kx_get_name - Returns a string with the name of the specified key exchange algorithm
1091 * @algorithm: is a key exchange algorithm
1092 *
1093 * Convert a #gnutls_kx_algorithm_t value to a string.
1094 *
1095 * Returns: a pointer to a string that contains the name of the
1096 * specified key exchange algorithm, or %NULL.
1097 **/
1098 const char *
1099 gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)
1100 {
1101 const char *ret = NULL;
1102
1103 /* avoid prefix */
1104 GNUTLS_KX_ALG_LOOP (ret = p->name);
1105
1106 return ret;
1107 }
1108
1109 /**
1110 * gnutls_kx_get_id - Returns the gnutls id of the specified in string algorithm
1111 * @algorithm: is a KX name
1112 *
1113 * Convert a string to a #gnutls_kx_algorithm_t value. The names are
1114 * compared in a case insensitive way.
1115 *
1116 * Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN
1117 * on error.
1118 **/
1119 gnutls_kx_algorithm_t
1120 gnutls_kx_get_id (const char* name)
1121 {
1122 gnutls_cipher_algorithm_t ret = GNUTLS_KX_UNKNOWN;
1123
1124 GNUTLS_KX_LOOP( if (strcasecmp( p->name, name)==0) ret = p->algorithm);
1125
1126 return ret;
1127 }
1128
1129 /**
1130 * gnutls_kx_list - Get a list of supported key exchange methods
1131 *
1132 * Get a list of supported key exchange algorithms.
1133 *
1134 * Returns: a zero-terminated list of #gnutls_kx_algorithm_t integers
1135 * indicating the available key exchange algorithms.
1136 **/
1137 const gnutls_kx_algorithm_t *
1138 gnutls_kx_list (void)
1139 {
1140 return supported_kxs;
1141 }
1142
1143 int
1144 _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm)
1145 {
1146 ssize_t ret = -1;
1147 GNUTLS_KX_ALG_LOOP (ret = p->algorithm);
1148 if (ret >= 0)
1149 ret = 0;
1150 else
1151 ret = 1;
1152 return ret;
1153 }
1154
1155 int
1156 _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm)
1157 {
1158 ssize_t ret = 0;
1159 GNUTLS_KX_ALG_LOOP (ret = p->needs_rsa_params);
1160 return ret;
1161 }
1162
1163 int
1164 _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm)
1165 {
1166 ssize_t ret = 0;
1167 GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params);
1168 return ret;
1169 }
1170
1171
1172 /* Version */
1173 int
1174 _gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
1175 { /* actually returns the priority */
1176 unsigned int i;
1177
1178 if (session->internals.priorities.protocol.priority == NULL)
1179 {
1180 gnutls_assert ();
1181 return -1;
1182 }
1183
1184 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
1185 {
1186 if (session->internals.priorities.protocol.priority[i] == version)
1187 return i;
1188 }
1189 return -1;
1190 }
1191
1192 gnutls_protocol_t
1193 _gnutls_version_lowest (gnutls_session_t session)
1194 { /* returns the lowest version supported */
1195 unsigned int i, min = 0xff;
1196
1197 if (session->internals.priorities.protocol.priority == NULL)
1198 {
1199 return GNUTLS_VERSION_UNKNOWN;
1200 }
1201 else
1202 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
1203 {
1204 if (session->internals.priorities.protocol.priority[i] < min)
1205 min = session->internals.priorities.protocol.priority[i];
1206 }
1207
1208 if (min == 0xff)
1209 return GNUTLS_VERSION_UNKNOWN; /* unknown version */
1210
1211 return min;
1212 }
1213
1214 gnutls_protocol_t
1215 _gnutls_version_max (gnutls_session_t session)
1216 { /* returns the maximum version supported */
1217 unsigned int i, max = 0x00;
1218
1219 if (session->internals.priorities.protocol.priority == NULL)
1220 {
1221 return GNUTLS_VERSION_UNKNOWN;
1222 }
1223 else
1224 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
1225 {
1226 if (session->internals.priorities.protocol.priority[i] > max)
1227 max = session->internals.priorities.protocol.priority[i];
1228 }
1229
1230 if (max == 0x00)
1231 return GNUTLS_VERSION_UNKNOWN; /* unknown version */
1232
1233 return max;
1234 }
1235
1236
1237 /**
1238 * gnutls_protocol_get_name - Returns a string with the name of the specified SSL/TLS version
1239 * @version: is a (gnutls) version number
1240 *
1241 * Convert a #gnutls_protocol_t value to a string.
1242 *
1243 * Returns: a string that contains the name of the specified TLS
1244 * version (e.g., "TLS1.0"), or %NULL.
1245 **/
1246 const char *
1247 gnutls_protocol_get_name (gnutls_protocol_t version)
1248 {
1249 const char *ret = NULL;
1250
1251 /* avoid prefix */
1252 GNUTLS_VERSION_ALG_LOOP (ret = p->name);
1253 return ret;
1254 }
1255
1256 /**
1257 * gnutls_protocol_get_id - Returns the gnutls id of the specified in string protocol
1258 * @algorithm: is a protocol name
1259 *
1260 * The names are compared in a case insensitive way.
1261 *
1262 * Returns: an id of the specified protocol, or
1263 * %GNUTLS_VERSION_UNKNOWN on error.
1264 **/
1265 gnutls_protocol_t
1266 gnutls_protocol_get_id (const char* name)
1267 {
1268 gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
1269
1270 GNUTLS_VERSION_LOOP( if (strcasecmp( p->name, name)==0) ret = p->id);
1271
1272 return ret;
1273 }
1274
1275 /**
1276 * gnutls_protocol_list - Get a list of supported protocols
1277 *
1278 * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
1279 *
1280 * Returns: a zero-terminated list of #gnutls_protocol_t integers
1281 * indicating the available protocols.
1282 *
1283 **/
1284 const gnutls_protocol_t *
1285 gnutls_protocol_list (void)
1286 {
1287 return supported_protocols;
1288 }
1289
1290 int
1291 _gnutls_version_get_minor (gnutls_protocol_t version)
1292 {
1293 int ret = -1;
1294
1295 GNUTLS_VERSION_ALG_LOOP (ret = p->minor);
1296 return ret;
1297 }
1298
1299 gnutls_protocol_t
1300 _gnutls_version_get (int major, int minor)
1301 {
1302 int ret = -1;
1303
1304 GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor))
1305 ret = p->id);
1306 return ret;
1307 }
1308
1309 int
1310 _gnutls_version_get_major (gnutls_protocol_t version)
1311 {
1312 int ret = -1;
1313
1314 GNUTLS_VERSION_ALG_LOOP (ret = p->major);
1315 return ret;
1316 }
1317
1318 /* Version Functions */
1319
1320 int
1321 _gnutls_version_is_supported (gnutls_session_t session,
1322 const gnutls_protocol_t version)
1323 {
1324 int ret = 0;
1325
1326 GNUTLS_VERSION_ALG_LOOP (ret = p->supported);
1327 if (ret == 0)
1328 return 0;
1329
1330 if (_gnutls_version_priority (session, version) < 0)
1331 return 0; /* disabled by the user */
1332 else
1333 return 1;
1334 }
1335
1336 /* Type to KX mappings */
1337 gnutls_kx_algorithm_t
1338 _gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server)
1339 {
1340 gnutls_kx_algorithm_t ret = -1;
1341
1342 if (server)
1343 {
1344 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
1345 }
1346 else
1347 {
1348 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
1349 }
1350 return ret;
1351 }
1352
1353 gnutls_credentials_type_t
1354 _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server)
1355 {
1356 gnutls_credentials_type_t ret = -1;
1357 if (server)
1358 {
1359 GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
1360 p->server_type);
1361 }
1362 else
1363 {
1364 GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
1365 p->client_type);
1366 }
1367
1368 return ret;
1369 }
1370
1371
1372 /* Cipher Suite's functions */
1373 gnutls_cipher_algorithm_t
1374 _gnutls_cipher_suite_get_cipher_algo (const cipher_suite_st * suite)
1375 {
1376 int ret = 0;
1377 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm);
1378 return ret;
1379 }
1380
1381 gnutls_protocol_t
1382 _gnutls_cipher_suite_get_version (const cipher_suite_st * suite)
1383 {
1384 int ret = 0;
1385 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->version);
1386 return ret;
1387 }
1388
1389 gnutls_kx_algorithm_t
1390 _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st * suite)
1391 {
1392 int ret = 0;
1393
1394 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm);
1395 return ret;
1396
1397 }
1398
1399 gnutls_mac_algorithm_t
1400 _gnutls_cipher_suite_get_mac_algo (const cipher_suite_st * suite)
1401 { /* In bytes */
1402 int ret = 0;
1403 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm);
1404 return ret;
1405
1406 }
1407
1408 const char *
1409 _gnutls_cipher_suite_get_name (cipher_suite_st * suite)
1410 {
1411 const char *ret = NULL;
1412
1413 /* avoid prefix */
1414 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1);
1415
1416 return ret;
1417 }
1418
1419 /**
1420 * gnutls_cipher_suite_get_name - Returns a string with the name of the specified cipher suite
1421 * @kx_algorithm: is a Key exchange algorithm
1422 * @cipher_algorithm: is a cipher algorithm
1423 * @mac_algorithm: is a MAC algorithm
1424 *
1425 * Note that the full cipher suite name must be prepended by TLS or
1426 * SSL depending of the protocol in use.
1427 *
1428 * Returns: a string that contains the name of a TLS cipher suite,
1429 * specified by the given algorithms, or %NULL.
1430 **/
1431 const char *
1432 gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm,
1433 gnutls_cipher_algorithm_t cipher_algorithm,
1434 gnutls_mac_algorithm_t mac_algorithm)
1435 {
1436 const char *ret = NULL;
1437
1438 /* avoid prefix */
1439 GNUTLS_CIPHER_SUITE_LOOP (if (kx_algorithm == p->kx_algorithm &&
1440 cipher_algorithm == p->block_algorithm &&
1441 mac_algorithm == p->mac_algorithm)
1442 ret = p->name + sizeof ("GNUTLS_") - 1);
1443
1444 return ret;
1445 }
1446
1447 /**
1448 * gnutls_cipher_suite_info:
1449 * @idx: index of cipher suite to get information about, starts on 0.
1450 * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
1451 * @kx: output variable indicating key exchange algorithm, or %NULL.
1452 * @cipher: output variable indicating cipher, or %NULL.
1453 * @mac: output variable indicating MAC algorithm, or %NULL.
1454 * @version: output variable indicating TLS protocol version, or %NULL.
1455 *
1456 * Get information about supported cipher suites. Use the function
1457 * iteratively to get information about all supported cipher suites.
1458 * Call with idx=0 to get information about first cipher suite, then
1459 * idx=1 and so on until the function returns NULL.
1460 *
1461 * Returns: the name of @idx cipher suite, and set the information
1462 * about the cipher suite in the output variables. If @idx is out of
1463 * bounds, %NULL is returned.
1464 **/
1465 const char *
1466 gnutls_cipher_suite_info (size_t idx,
1467 char *cs_id,
1468 gnutls_kx_algorithm_t * kx,
1469 gnutls_cipher_algorithm_t * cipher,
1470 gnutls_mac_algorithm_t * mac,
1471 gnutls_protocol_t * version)
1472 {
1473 if (idx >= CIPHER_SUITES_COUNT)
1474 return NULL;
1475
1476 if (cs_id)
1477 memcpy (cs_id, cs_algorithms[idx].id.suite, 2);
1478 if (kx)
1479 *kx = cs_algorithms[idx].kx_algorithm;
1480 if (cipher)
1481 *cipher = cs_algorithms[idx].block_algorithm;
1482 if (mac)
1483 *mac = cs_algorithms[idx].mac_algorithm;
1484 if (version)
1485 *version = cs_algorithms[idx].version;
1486
1487 return cs_algorithms[idx].name + sizeof ("GNU") - 1;
1488 }
1489
1490
1491 static inline int
1492 _gnutls_cipher_suite_is_ok (cipher_suite_st * suite)
1493 {
1494 size_t ret;
1495 const char *name = NULL;
1496
1497 GNUTLS_CIPHER_SUITE_ALG_LOOP (name = p->name);
1498 if (name != NULL)
1499 ret = 0;
1500 else
1501 ret = 1;
1502 return ret;
1503
1504 }
1505
1506 #define SWAP(x, y) memcpy(tmp,x,size); \
1507 memcpy(x,y,size); \
1508 memcpy(y,tmp,size);
1509
1510 #define MAX_ELEM_SIZE 4
1511 static inline int
1512 _gnutls_partition (gnutls_session_t session, void *_base,
1513 size_t nmemb, size_t size,
1514 int (*compar) (gnutls_session_t,
1515 const void *, const void *))
1516 {
1517 uint8_t *base = _base;
1518 uint8_t tmp[MAX_ELEM_SIZE];
1519 uint8_t ptmp[MAX_ELEM_SIZE];
1520 unsigned int pivot;
1521 unsigned int i, j;
1522 unsigned int full;
1523
1524 i = pivot = 0;
1525 j = full = (nmemb - 1) * size;
1526
1527 memcpy (ptmp, &base[0], size); /* set pivot item */
1528
1529 while (i < j)
1530 {
1531 while ((compar (session, &base[i], ptmp) <= 0) && (i < full))
1532 {
1533 i += size;
1534 }
1535 while ((compar (session, &base[j], ptmp) >= 0) && (j > 0))
1536 j -= size;
1537
1538 if (i < j)
1539 {
1540 SWAP (&base[j], &base[i]);
1541 }
1542 }
1543
1544 if (j > pivot)
1545 {
1546 SWAP (&base[pivot], &base[j]);
1547 pivot = j;
1548 }
1549 else if (i < pivot)
1550 {
1551 SWAP (&base[pivot], &base[i]);
1552 pivot = i;
1553 }
1554 return pivot / size;
1555 }
1556
1557 static void
1558 _gnutls_qsort (gnutls_session_t session, void *_base, size_t nmemb,
1559 size_t size, int (*compar) (gnutls_session_t, const void *,
1560 const void *))
1561 {
1562 unsigned int pivot;
1563 char *base = _base;
1564 size_t snmemb = nmemb;
1565
1566 #ifdef DEBUG
1567 if (size > MAX_ELEM_SIZE)
1568 {
1569 gnutls_assert ();
1570 _gnutls_debug_log ("QSORT BUG\n");
1571 exit (1);
1572 }
1573 #endif
1574
1575 if (snmemb <= 1)
1576 return;
1577 pivot = _gnutls_partition (session, _base, nmemb, size, compar);
1578
1579 _gnutls_qsort (session, base, pivot < nmemb ? pivot + 1 : pivot, size,
1580 compar);
1581 _gnutls_qsort (session, &base[(pivot + 1) * size], nmemb - pivot - 1,
1582 size, compar);
1583 }
1584
1585
1586 /* a compare function for KX algorithms (using priorities).
1587 * For use with qsort
1588 */
1589 static int
1590 _gnutls_compare_algo (gnutls_session_t session, const void *i_A1,
1591 const void *i_A2)
1592 {
1593 gnutls_kx_algorithm_t kA1 =
1594 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A1);
1595 gnutls_kx_algorithm_t kA2 =
1596 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A2);
1597 gnutls_cipher_algorithm_t cA1 =
1598 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A1);
1599 gnutls_cipher_algorithm_t cA2 =
1600 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A2);
1601 gnutls_mac_algorithm_t mA1 =
1602 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A1);
1603 gnutls_mac_algorithm_t mA2 =
1604 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A2);
1605
1606 int p1 = (_gnutls_kx_priority (session, kA1) + 1) * 64;
1607 int p2 = (_gnutls_kx_priority (session, kA2) + 1) * 64;
1608 p1 += (_gnutls_cipher_priority (session, cA1) + 1) * 8;
1609 p2 += (_gnutls_cipher_priority (session, cA2) + 1) * 8;
1610 p1 += _gnutls_mac_priority (session, mA1);
1611 p2 += _gnutls_mac_priority (session, mA2);
1612
1613 if (p1 > p2)
1614 {
1615 return 1;
1616 }
1617 else
1618 {
1619 if (p1 == p2)
1620 {
1621 return 0;
1622 }
1623 return -1;
1624 }
1625 }
1626
1627 #ifdef SORT_DEBUG
1628 static void
1629 _gnutls_bsort (gnutls_session_t session, void *_base, size_t nmemb,
1630 size_t size, int (*compar) (gnutls_session_t, const void *,
1631 const void *))
1632 {
1633 unsigned int i, j;
1634 int full = nmemb * size;
1635 char *base = _base;
1636 char tmp[MAX_ELEM_SIZE];
1637
1638 for (i = 0; i < full; i += size)
1639 {
1640 for (j = 0; j < full; j += size)
1641 {
1642 if (compar (session, &base[i], &base[j]) < 0)
1643 {
1644 SWAP (&base[j], &base[i]);
1645 }
1646 }
1647 }
1648
1649 }
1650 #endif
1651
1652 int
1653 _gnutls_supported_ciphersuites_sorted (gnutls_session_t session,
1654 cipher_suite_st ** ciphers)
1655 {
1656
1657 #ifdef SORT_DEBUG
1658 unsigned int i;
1659 #endif
1660 int count;
1661
1662 count = _gnutls_supported_ciphersuites (session, ciphers);
1663 if (count <= 0)
1664 {
1665 gnutls_assert ();
1666 return count;
1667 }
1668 #ifdef SORT_DEBUG
1669 _gnutls_debug_log ("Unsorted: \n");
1670 for (i = 0; i < count; i++)
1671 _gnutls_debug_log ("\t%d: %s\n", i,
1672 _gnutls_cipher_suite_get_name ((*ciphers)[i]));
1673 #endif
1674
1675 _gnutls_qsort (session, *ciphers, count,
1676 sizeof (cipher_suite_st), _gnutls_compare_algo);
1677
1678 #ifdef SORT_DEBUG
1679 _gnutls_debug_log ("Sorted: \n");
1680 for (i = 0; i < count; i++)
1681 _gnutls_debug_log ("\t%d: %s\n", i,
1682 _gnutls_cipher_suite_get_name ((*ciphers)[i]));
1683 #endif
1684
1685 return count;
1686 }
1687
1688 int
1689 _gnutls_supported_ciphersuites (gnutls_session_t session,
1690 cipher_suite_st ** _ciphers)
1691 {
1692
1693 unsigned int i, ret_count, j;
1694 unsigned int count = CIPHER_SUITES_COUNT;
1695 cipher_suite_st *tmp_ciphers;
1696 cipher_suite_st *ciphers;
1697 gnutls_protocol_t version;
1698
1699 if (count == 0)
1700 {
1701 return 0;
1702 }
1703
1704 tmp_ciphers = gnutls_alloca (count * sizeof (cipher_suite_st));
1705 if (tmp_ciphers == NULL)
1706 return GNUTLS_E_MEMORY_ERROR;
1707
1708 ciphers = gnutls_malloc (count * sizeof (cipher_suite_st));
1709 if (ciphers == NULL)
1710 {
1711 gnutls_afree (tmp_ciphers);
1712 return GNUTLS_E_MEMORY_ERROR;
1713 }
1714
1715 version = gnutls_protocol_get_version (session);
1716
1717 for (i = 0; i < count; i++)
1718 {
1719 memcpy (&tmp_ciphers[i], &cs_algorithms[i].id,
1720 sizeof (cipher_suite_st));
1721 }
1722
1723 for (i = j = 0; i < count; i++)
1724 {
1725 /* remove private cipher suites, if requested.
1726 */
1727 if (tmp_ciphers[i].suite[0] == 0xFF &&
1728 session->internals.enable_private == 0)
1729 continue;
1730
1731 /* remove cipher suites which do not support the
1732 * protocol version used.
1733 */
1734 if (_gnutls_cipher_suite_get_version (&tmp_ciphers[i]) > version)
1735 continue;
1736
1737 if (_gnutls_kx_priority
1738 (session, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers[i])) < 0)
1739 continue;
1740 if (_gnutls_mac_priority
1741 (session, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers[i])) < 0)
1742 continue;
1743 if (_gnutls_cipher_priority
1744 (session,
1745 _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers[i])) < 0)
1746 continue;
1747
1748 memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st));
1749 j++;
1750 }
1751
1752 ret_count = j;
1753
1754 #if 0 /* expensive */
1755 if (ret_count > 0 && ret_count != count)
1756 {
1757 ciphers =
1758 gnutls_realloc_fast (ciphers, ret_count * sizeof (cipher_suite_st));
1759 }
1760 else
1761 {
1762 if (ret_count != count)
1763 {
1764 gnutls_free (ciphers);
1765 ciphers = NULL;
1766 }
1767 }
1768 #endif
1769
1770 gnutls_afree (tmp_ciphers);
1771
1772 /* This function can no longer return 0 cipher suites.
1773 * It returns an error code instead.
1774 */
1775 if (ret_count == 0)
1776 {
1777 gnutls_assert ();
1778 gnutls_free (ciphers);
1779 return GNUTLS_E_NO_CIPHER_SUITES;
1780 }
1781 *_ciphers = ciphers;
1782 return ret_count;
1783 }
1784
1785
1786 /* For compression */
1787
1788 #define MIN_PRIVATE_COMP_ALGO 0xEF
1789
1790 /* returns the TLS numbers of the compression methods we support
1791 */
1792 #define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms
1793 int
1794 _gnutls_supported_compression_methods (gnutls_session_t session,
1795 uint8_t ** comp)
1796 {
1797 unsigned int i, j;
1798
1799 *comp = gnutls_malloc (sizeof (uint8_t) * SUPPORTED_COMPRESSION_METHODS);
1800 if (*comp == NULL)
1801 return GNUTLS_E_MEMORY_ERROR;
1802
1803 for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++)
1804 {
1805 int tmp = _gnutls_compression_get_num (session->internals.priorities.
1806 compression.priority[i]);
1807
1808 /* remove private compression algorithms, if requested.
1809 */
1810 if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
1811 session->internals.enable_private == 0))
1812 {
1813 gnutls_assert ();
1814 continue;
1815 }
1816
1817 (*comp)[j] = (uint8_t) tmp;
1818 j++;
1819 }
1820
1821 if (j == 0)
1822 {
1823 gnutls_assert ();
1824 gnutls_free (*comp);
1825 *comp = NULL;
1826 return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
1827 }
1828 return j;
1829 }
1830
1831 /**
1832 * gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type
1833 * @type: is a certificate type
1834 *
1835 * Convert a #gnutls_certificate_type_t type to a string.
1836 *
1837 * Returns: a string that contains the name of the specified
1838 * certificate type, or %NULL in case of unknown types.
1839 **/
1840 const char *
1841 gnutls_certificate_type_get_name (gnutls_certificate_type_t type)
1842 {
1843 const char *ret = NULL;
1844
1845 if (type == GNUTLS_CRT_X509)
1846 ret = "X.509";
1847 if (type == GNUTLS_CRT_OPENPGP)
1848 ret = "OPENPGP";
1849
1850 return ret;
1851 }
1852
1853 /**
1854 * gnutls_certificate_type_get_id - Returns the gnutls id of the specified in string type
1855 * @name: is a certificate type name
1856 *
1857 * The names are compared in a case insensitive way.
1858 *
1859 * Returns: an id of the specified in a string certificate type, or
1860 * %GNUTLS_CRT_UNKNOWN on error.
1861 **/
1862 gnutls_certificate_type_t
1863 gnutls_certificate_type_get_id (const char* name)
1864 {
1865 gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN;
1866
1867 if (strcasecmp( name, "X.509")==0 || strcasecmp( name, "X509")==0)
1868 return GNUTLS_CRT_X509;
1869 if (strcasecmp( name, "OPENPGP")==0)
1870 return GNUTLS_CRT_OPENPGP;
1871
1872 return ret;
1873 }
1874
1875 static const gnutls_certificate_type_t supported_certificate_types[] = {
1876 GNUTLS_CRT_X509,
1877 GNUTLS_CRT_OPENPGP,
1878 0
1879 };
1880
1881 /**
1882 * gnutls_certificate_type_list - Get a list of supported certificate types
1883 *
1884 * Get a list of certificate types. Note that to be able to use
1885 * OpenPGP certificates, you must link to libgnutls-extra and call
1886 * gnutls_global_init_extra().
1887 *
1888 * Returns: a zero-terminated list of #gnutls_certificate_type_t
1889 * integers indicating the available certificate types.
1890 **/
1891 const gnutls_certificate_type_t *
1892 gnutls_certificate_type_list (void)
1893 {
1894 return supported_certificate_types;
1895 }
1896
1897 /* returns the gnutls_pk_algorithm_t which is compatible with
1898 * the given gnutls_kx_algorithm_t.
1899 */
1900 gnutls_pk_algorithm_t
1901 _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm)
1902 {
1903 gnutls_pk_algorithm_t ret = -1;
1904
1905 GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret;
1906 }
1907
1908 /* Returns the encipher type for the given key exchange algorithm.
1909 * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN.
1910 *
1911 * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
1912 */
1913 enum encipher_type
1914 _gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm)
1915 {
1916 int ret = CIPHER_IGN;
1917 GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret;
1918
1919 }
1920
1921 /* signature algorithms;
1922 */
1923 struct gnutls_sign_entry
1924 {
1925 const char *name;
1926 const char *oid;
1927 gnutls_sign_algorithm_t id;
1928 gnutls_pk_algorithm_t pk;
1929 gnutls_mac_algorithm_t mac;
1930 };
1931 typedef struct gnutls_sign_entry gnutls_sign_entry;
1932
1933 static const gnutls_sign_entry sign_algorithms[] = {
1934 {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
1935 GNUTLS_MAC_SHA1},
1936 {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA,
1937 GNUTLS_MAC_SHA256},
1938 {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA,
1939 GNUTLS_MAC_SHA384},
1940 {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA,
1941 GNUTLS_MAC_SHA512},
1942 {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA,
1943 GNUTLS_MAC_RMD160},
1944 {"DSA-SHA", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
1945 GNUTLS_MAC_SHA1},
1946 {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
1947 GNUTLS_MAC_MD5},
1948 {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
1949 GNUTLS_MAC_MD2},
1950 {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0},
1951 {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0},
1952 {0, 0, 0, 0, 0}
1953 };
1954
1955 #define GNUTLS_SIGN_LOOP(b) \
1956 do { \
1957 const gnutls_sign_entry *p; \
1958 for(p = sign_algorithms; p->name != NULL; p++) { b ; } \
1959 } while (0)
1960
1961 #define GNUTLS_SIGN_ALG_LOOP(a) \
1962 GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
1963
1964 /**
1965 * gnutls_sign_algorithm_get_name - Returns a string with the name of the specified sign algorithm
1966 * @algorithm: is a sign algorithm
1967 *
1968 * Convert a #gnutls_sign_algorithm_t value to a string.
1969 *
1970 * Returns: a string that contains the name of the specified sign
1971 * algorithm, or %NULL.
1972 **/
1973 const char *
1974 gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign)
1975 {
1976 const char *ret = NULL;
1977
1978 /* avoid prefix */
1979 GNUTLS_SIGN_ALG_LOOP (ret = p->name);
1980
1981 return ret;
1982 }
1983
1984 gnutls_sign_algorithm_t
1985 _gnutls_x509_oid2sign_algorithm (const char *oid)
1986 {
1987 gnutls_sign_algorithm_t ret = 0;
1988
1989 GNUTLS_SIGN_LOOP (if (strcmp (oid, p->oid) == 0)
1990 {
1991 ret = p->id; break;}
1992 );
1993
1994 if (ret == 0)
1995 {
1996 _gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid);
1997 return GNUTLS_SIGN_UNKNOWN;
1998 }
1999 return ret;
2000 }
2001
2002 gnutls_sign_algorithm_t
2003 _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_mac_algorithm_t mac)
2004 {
2005 gnutls_sign_algorithm_t ret = 0;
2006
2007 GNUTLS_SIGN_LOOP (if (pk == p->pk && mac == p->mac)
2008 {
2009 ret = p->id; break;}
2010 );
2011
2012 if (ret == 0)
2013 return GNUTLS_SIGN_UNKNOWN;
2014 return ret;
2015 }
2016
2017 const char *
2018 _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
2019 gnutls_mac_algorithm_t mac)
2020 {
2021 gnutls_sign_algorithm_t sign;
2022 const char *ret = NULL;
2023
2024 sign = _gnutls_x509_pk_to_sign (pk, mac);
2025 if (sign == GNUTLS_SIGN_UNKNOWN)
2026 return NULL;
2027
2028 GNUTLS_SIGN_ALG_LOOP (ret = p->oid);
2029 return ret;
2030 }
2031
2032
2033 /* pk algorithms;
2034 */
2035 struct gnutls_pk_entry
2036 {
2037 const char *name;
2038 const char *oid;
2039 gnutls_pk_algorithm_t id;
2040 };
2041 typedef struct gnutls_pk_entry gnutls_pk_entry;
2042
2043 static const gnutls_pk_entry pk_algorithms[] = {
2044 {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
2045 {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
2046 {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, 0},
2047 {"GOST R 34.10-94", PK_GOST_R3410_94_OID, 0},
2048 {0, 0, 0}
2049 };
2050
2051 /**
2052 * gnutls_pk_algorithm_get_name - Returns a string with the name of the specified public key algorithm
2053 * @algorithm: is a pk algorithm
2054 *
2055 * Convert a #gnutls_pk_algorithm_t value to a string.
2056 *
2057 * Returns: a string that contains the name of the specified public
2058 * key algorithm, or %NULL.
2059 **/
2060 const char *
2061 gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
2062 {
2063 const char *ret = NULL;
2064 const gnutls_pk_entry *p;
2065
2066 for (p = pk_algorithms; p->name != NULL; p++)
2067 if (p->id && p->id == algorithm)
2068 {
2069 ret = p->name;
2070 break;
2071 }
2072
2073 return ret;
2074 }
2075
2076 gnutls_pk_algorithm_t
2077 _gnutls_x509_oid2pk_algorithm (const char *oid)
2078 {
2079 gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
2080 const gnutls_pk_entry *p;
2081
2082 for (p = pk_algorithms; p->name != NULL; p++)
2083 if (strcmp (p->oid, oid) == 0)
2084 {
2085 ret = p->id;
2086 break;
2087 }
2088
2089 return ret;
2090 }
2091
2092 const char *
2093 _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
2094 {
2095 const char *ret = NULL;
2096 const gnutls_pk_entry *p;
2097
2098 for (p = pk_algorithms; p->name != NULL; p++)
2099 if (p->id == algorithm)
2100 {
2101 ret = p->oid;
2102 break;
2103 }
2104
2105 return ret;
2106 }
2107
Implementation of the SSL/TLS protocol