search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add interfaces to get PK and PK-sign algorithms. Use them.
[gnutls.git] / lib / gnutls_algorithms.c
blobe023a432d4cc56b644966c113a058ba4efa7bfea
1 /*
2 * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25 #include "gnutls_int.h"
26 #include "gnutls_algorithms.h"
27 #include "gnutls_errors.h"
28 #include "gnutls_cert.h"
29 #include <x509/common.h>
30
31
32
33 /* Cred type mappings to KX algorithms
34 * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
35 * more than one credentials type.
36 */
37 typedef struct
38 {
39 gnutls_kx_algorithm_t algorithm;
40 gnutls_credentials_type_t client_type;
41 gnutls_credentials_type_t server_type; /* The type of credentials a server
42 * needs to set */
43 } gnutls_cred_map;
44
45 static const gnutls_cred_map cred_mappings[] = {
46 {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
47 {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
48 {GNUTLS_KX_RSA_EXPORT, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
49 {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
50 {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
51 {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
52 {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
53 {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
54 {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
55 {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
56 {0, 0, 0}
57 };
58
59 #define GNUTLS_KX_MAP_LOOP(b) \
60 const gnutls_cred_map *p; \
61 for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
62
63 #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
64 GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
65
66 #define GNUTLS_KX_MAP_ALG_LOOP_CLIENT(a) \
67 GNUTLS_KX_MAP_LOOP( if(p->client_type == type) { a; break; })
68
69 /* KX mappings to PK algorithms */
70 typedef struct
71 {
72 gnutls_kx_algorithm_t kx_algorithm;
73 gnutls_pk_algorithm_t pk_algorithm;
74 enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
75 * for encryption, CIPHER_SIGN if signature only,
76 * CIPHER_IGN if this does not apply at all.
77 *
78 * This is useful to certificate cipher suites, which check
79 * against the certificate key usage bits.
80 */
81 } gnutls_pk_map;
82
83 /* This table maps the Key exchange algorithms to
84 * the certificate algorithms. Eg. if we have
85 * RSA algorithm in the certificate then we can
86 * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
87 */
88 static const gnutls_pk_map pk_mappings[] = {
89 {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
90 {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN},
91 {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
92 {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
93 {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
94 {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
95 {0, 0, 0}
96 };
97
98 #define GNUTLS_PK_MAP_LOOP(b) \
99 const gnutls_pk_map *p; \
100 for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
101
102 #define GNUTLS_PK_MAP_ALG_LOOP(a) \
103 GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
104
105
106
107 /* TLS Versions */
108
109 typedef struct
110 {
111 const char *name;
112 gnutls_protocol_t id; /* gnutls internal version number */
113 int major; /* defined by the protocol */
114 int minor; /* defined by the protocol */
115 int supported; /* 0 not supported, > 0 is supported */
116 } gnutls_version_entry;
117
118 static const gnutls_version_entry sup_versions[] = {
119 {"SSL3.0", GNUTLS_SSL3, 3, 0, 1},
120 {"TLS1.0", GNUTLS_TLS1, 3, 1, 1},
121 {"TLS1.1", GNUTLS_TLS1_1, 3, 2, 1},
122 {"TLS1.2", GNUTLS_TLS1_2, 3, 3, 1},
123 {0, 0, 0, 0, 0}
124 };
125
126 /* Keep the contents of this struct the same as the previous one. */
127 static const gnutls_protocol_t supported_protocols[] = {
128 GNUTLS_SSL3,
129 GNUTLS_TLS1,
130 GNUTLS_TLS1_1,
131 GNUTLS_TLS1_2,
132 0
133 };
134
135 #define GNUTLS_VERSION_LOOP(b) \
136 const gnutls_version_entry *p; \
137 for(p = sup_versions; p->name != NULL; p++) { b ; }
138
139 #define GNUTLS_VERSION_ALG_LOOP(a) \
140 GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
141
142
143 struct gnutls_cipher_entry
144 {
145 const char *name;
146 gnutls_cipher_algorithm_t id;
147 uint16_t blocksize;
148 uint16_t keysize;
149 cipher_type_t block;
150 uint16_t iv;
151 int export_flag; /* 0 non export */
152 };
153 typedef struct gnutls_cipher_entry gnutls_cipher_entry;
154
155 /* Note that all algorithms are in CBC or STREAM modes.
156 * Do not add any algorithms in other modes (avoid modified algorithms).
157 * View first: "The order of encryption and authentication for
158 * protecting communications" by Hugo Krawczyk - CRYPTO 2001
159 */
160 static const gnutls_cipher_entry algorithms[] = {
161 {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0},
162 {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0},
163 {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0},
164 {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0},
165 {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0},
166 {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1},
167 {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1},
168 #ifdef ENABLE_CAMELLIA
169 {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
170 16, 0},
171 {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
172 16, 0},
173 #endif
174
175 #ifdef ENABLE_OPENPGP
176 {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0},
177 {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK, 8, 0},
178 {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0},
179 {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8,
180 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 0},
181 {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16,
182 CIPHER_BLOCK, 8, 0},
183 {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
184 0},
185 {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24, CIPHER_BLOCK, 16,
186 0},
187 {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32, CIPHER_BLOCK, 16,
188 0},
189 {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
190 0},
191 #endif
192 {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0},
193 {0, 0, 0, 0, 0, 0, 0}
194 };
195
196 /* Keep the contents of this struct the same as the previous one. */
197 static const gnutls_cipher_algorithm_t supported_ciphers[] = {
198 GNUTLS_CIPHER_AES_256_CBC,
199 GNUTLS_CIPHER_AES_128_CBC,
200 GNUTLS_CIPHER_3DES_CBC,
201 GNUTLS_CIPHER_DES_CBC,
202 GNUTLS_CIPHER_ARCFOUR_128,
203 GNUTLS_CIPHER_ARCFOUR_40,
204 GNUTLS_CIPHER_RC2_40_CBC,
205 #ifdef ENABLE_CAMELLIA
206 GNUTLS_CIPHER_CAMELLIA_256_CBC,
207 GNUTLS_CIPHER_CAMELLIA_128_CBC,
208 #endif
209 GNUTLS_CIPHER_NULL,
210 0
211 };
212
213 #define GNUTLS_LOOP(b) \
214 const gnutls_cipher_entry *p; \
215 for(p = algorithms; p->name != NULL; p++) { b ; }
216
217 #define GNUTLS_ALG_LOOP(a) \
218 GNUTLS_LOOP( if(p->id == algorithm) { a; break; } )
219
220
221 struct gnutls_hash_entry
222 {
223 const char *name;
224 const char *oid;
225 gnutls_mac_algorithm_t id;
226 size_t key_size; /* in case of mac */
227 };
228 typedef struct gnutls_hash_entry gnutls_hash_entry;
229
230 static const gnutls_hash_entry hash_algorithms[] = {
231 {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20},
232 {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16},
233 {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32},
234 {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48},
235 {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64},
236 {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */
237 {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20},
238 {"NULL", NULL, GNUTLS_MAC_NULL, 0},
239 {0, 0, 0, 0}
240 };
241
242 /* Keep the contents of this struct the same as the previous one. */
243 static const gnutls_mac_algorithm_t supported_macs[] = {
244 GNUTLS_MAC_SHA1,
245 GNUTLS_MAC_MD5,
246 GNUTLS_MAC_SHA256,
247 GNUTLS_MAC_SHA384,
248 GNUTLS_MAC_SHA512,
249 GNUTLS_MAC_MD2,
250 GNUTLS_MAC_RMD160,
251 GNUTLS_MAC_NULL,
252 0
253 };
254
255 #define GNUTLS_HASH_LOOP(b) \
256 const gnutls_hash_entry *p; \
257 for(p = hash_algorithms; p->name != NULL; p++) { b ; }
258
259 #define GNUTLS_HASH_ALG_LOOP(a) \
260 GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
261
262 /* Key Exchange Section */
263
264
265 extern mod_auth_st rsa_auth_struct;
266 extern mod_auth_st rsa_export_auth_struct;
267 extern mod_auth_st dhe_rsa_auth_struct;
268 extern mod_auth_st dhe_dss_auth_struct;
269 extern mod_auth_st anon_auth_struct;
270 extern mod_auth_st srp_auth_struct;
271 extern mod_auth_st psk_auth_struct;
272 extern mod_auth_st dhe_psk_auth_struct;
273 extern mod_auth_st srp_rsa_auth_struct;
274 extern mod_auth_st srp_dss_auth_struct;
275
276 struct gnutls_kx_algo_entry
277 {
278 const char *name;
279 gnutls_kx_algorithm_t algorithm;
280 mod_auth_st *auth_struct;
281 int needs_dh_params;
282 int needs_rsa_params;
283 };
284 typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry;
285
286 static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
287 #ifdef ENABLE_ANON
288 {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0},
289 #endif
290 {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0},
291 {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0,
292 1 /* needs RSA params */ },
293 {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0},
294 {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0},
295
296 #ifdef ENABLE_SRP
297 {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0},
298 {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0},
299 {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0, 0},
300 #endif
301 #ifdef ENABLE_PSK
302 {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0},
303 {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
304 1 /* needs DHE params */ , 0},
305 #endif
306 {0, 0, 0, 0, 0}
307 };
308
309 /* Keep the contents of this struct the same as the previous one. */
310 static const gnutls_kx_algorithm_t supported_kxs[] = {
311 #ifdef ENABLE_ANON
312 GNUTLS_KX_ANON_DH,
313 #endif
314 GNUTLS_KX_RSA,
315 GNUTLS_KX_RSA_EXPORT,
316 GNUTLS_KX_DHE_RSA,
317 GNUTLS_KX_DHE_DSS,
318 #ifdef ENABLE_SRP
319 GNUTLS_KX_SRP_DSS,
320 GNUTLS_KX_SRP_RSA,
321 GNUTLS_KX_SRP,
322 #endif
323 #ifdef ENABLE_PSK
324 GNUTLS_KX_PSK,
325 GNUTLS_KX_DHE_PSK,
326 #endif
327 0
328 };
329
330 #define GNUTLS_KX_LOOP(b) \
331 const gnutls_kx_algo_entry *p; \
332 for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
333
334 #define GNUTLS_KX_ALG_LOOP(a) \
335 GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
336
337
338
339 /* Cipher SUITES */
340 #define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, version ) \
341 { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version }
342
343 typedef struct
344 {
345 const char *name;
346 cipher_suite_st id;
347 gnutls_cipher_algorithm_t block_algorithm;
348 gnutls_kx_algorithm_t kx_algorithm;
349 gnutls_mac_algorithm_t mac_algorithm;
350 gnutls_protocol_t version; /* this cipher suite is supported
351 * from 'version' and above;
352 */
353 } gnutls_cipher_suite_entry;
354
355 /* RSA with NULL cipher and MD5 MAC
356 * for test purposes.
357 */
358 #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
359
360
361 /* ANONymous cipher suites.
362 */
363
364 #define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
365 #define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
366
367 /* rfc3268: */
368 #define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
369 #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
370
371 /* rfc4132 */
372 #define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
373 #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
374
375 /* PSK (not in TLS 1.0)
376 * draft-ietf-tls-psk:
377 */
378 #define GNUTLS_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8A }
379 #define GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8B }
380 #define GNUTLS_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x8C }
381 #define GNUTLS_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x8D }
382
383 #define GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8E }
384 #define GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8F }
385 #define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 }
386 #define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 }
387
388
389 /* SRP (rfc5054)
390 */
391 #define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A }
392 #define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B }
393 #define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C }
394
395 #define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D }
396 #define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E }
397 #define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F }
398
399 #define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 }
400 #define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 }
401 #define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 }
402
403 /* RSA
404 */
405 #define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 }
406 #define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 }
407 #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
408
409 #define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 }
410
411 /* rfc3268:
412 */
413 #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
414 #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
415
416 /* rfc4132 */
417 #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
418 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
419
420 /* DHE DSS
421 */
422
423 #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
424
425
426 /* draft-ietf-tls-56-bit-ciphersuites-01:
427 */
428 #define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 }
429
430
431 /* rfc3268:
432 */
433 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
434 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
435
436 /* rfc4132 */
437 #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
438 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
439
440 /* DHE RSA
441 */
442 #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
443
444 /* rfc3268:
445 */
446 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
447 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
448
449 /* rfc4132 */
450 #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
451 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
452
453 #define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
454
455 static const gnutls_cipher_suite_entry cs_algorithms[] = {
456 /* ANON_DH */
457 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
458 GNUTLS_CIPHER_ARCFOUR_128,
459 GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
460 GNUTLS_SSL3),
461 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
462 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
463 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
464 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
465 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
466 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
467 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
468 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
469 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
470 #ifdef ENABLE_CAMELLIA
471 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
472 GNUTLS_CIPHER_CAMELLIA_128_CBC,
473 GNUTLS_KX_ANON_DH,
474 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
475 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
476 GNUTLS_CIPHER_CAMELLIA_256_CBC,
477 GNUTLS_KX_ANON_DH,
478 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
479 #endif
480
481 /* PSK */
482 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
483 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
484 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
485 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
486 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
487 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
488 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
489 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
490 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
491 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
492 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
493 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
494
495 /* DHE-PSK */
496 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
497 GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
498 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
499 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
500 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
501 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
502 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
503 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
504 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
505 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
506 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
507 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
508
509 /* SRP */
510 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
511 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
512 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
513 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
514 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
515 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
516 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
517 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
518 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
519
520 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
521 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
522 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
523
524 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
525 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
526 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
527
528 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
529 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
530 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
531
532 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
533 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
534 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
535
536 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
537 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
538 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
539
540 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
541 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
542 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
543
544 /* DHE_DSS */
545 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
546 GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
547 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
548 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
549 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
550 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
551 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
552 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
553 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
554 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
555 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
556 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
557 #ifdef ENABLE_CAMELLIA
558 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
559 GNUTLS_CIPHER_CAMELLIA_128_CBC,
560 GNUTLS_KX_DHE_DSS,
561 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
562 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
563 GNUTLS_CIPHER_CAMELLIA_256_CBC,
564 GNUTLS_KX_DHE_DSS,
565 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
566 #endif
567 /* DHE_RSA */
568 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
569 GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
570 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
571 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
572 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
573 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
574 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
575 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
576 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
577 #ifdef ENABLE_CAMELLIA
578 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
579 GNUTLS_CIPHER_CAMELLIA_128_CBC,
580 GNUTLS_KX_DHE_RSA,
581 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
582 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
583 GNUTLS_CIPHER_CAMELLIA_256_CBC,
584 GNUTLS_KX_DHE_RSA,
585 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
586 #endif
587 /* RSA */
588 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
589 GNUTLS_CIPHER_NULL,
590 GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
591
592 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
593 GNUTLS_CIPHER_ARCFOUR_40,
594 GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
595 GNUTLS_SSL3),
596
597 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
598 GNUTLS_CIPHER_ARCFOUR_128,
599 GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
600 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
601 GNUTLS_CIPHER_ARCFOUR_128,
602 GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3),
603 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
604 GNUTLS_CIPHER_3DES_CBC,
605 GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3),
606 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
607 GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
608 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
609 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
610 GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
611 GNUTLS_MAC_SHA1, GNUTLS_SSL3),
612 #ifdef ENABLE_CAMELLIA
613 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
614 GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
615 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
616 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
617 GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
618 GNUTLS_MAC_SHA1, GNUTLS_TLS1),
619 #endif
620 {0, {{0, 0}}, 0, 0, 0, 0}
621 };
622
623 #define GNUTLS_CIPHER_SUITE_LOOP(b) \
624 const gnutls_cipher_suite_entry *p; \
625 for(p = cs_algorithms; p->name != NULL; p++) { b ; }
626
627 #define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \
628 GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } )
629
630
631
632 /* Generic Functions */
633
634 int
635 _gnutls_mac_priority (gnutls_session_t session,
636 gnutls_mac_algorithm_t algorithm)
637 { /* actually returns the priority */
638 unsigned int i;
639 for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
640 {
641 if (session->internals.priorities.mac.priority[i] == algorithm)
642 return i;
643 }
644 return -1;
645 }
646
647 /**
648 * gnutls_mac_get_name - Returns a string with the name of the specified mac algorithm
649 * @algorithm: is a MAC algorithm
650 *
651 * Convert a #gnutls_mac_algorithm_t value to a string.
652 *
653 * Returns: a string that contains the name of the specified MAC
654 * algorithm, or %NULL.
655 **/
656 const char *
657 gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
658 {
659 const char *ret = NULL;
660
661 /* avoid prefix */
662 GNUTLS_HASH_ALG_LOOP (ret = p->name);
663
664 return ret;
665 }
666
667 /**
668 * gnutls_mac_get_id - Returns the gnutls id of the specified in string algorithm
669 * @name: is a MAC algorithm name
670 *
671 * Convert a string to a #gnutls_mac_algorithm_t value. The names are
672 * compared in a case insensitive way.
673 *
674 * Returns: an #gnutls_mac_algorithm_tid of the specified in a string
675 * MAC algorithm, or %GNUTLS_MAC_UNKNOWN on failures.
676 **/
677 gnutls_mac_algorithm_t
678 gnutls_mac_get_id (const char *name)
679 {
680 gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
681
682 GNUTLS_HASH_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
683
684 return ret;
685 }
686
687 /**
688 * gnutls_mac_get_key_size - Returns the length of the MAC's key size
689 * @algorithm: is an encryption algorithm
690 *
691 * Get size of MAC key.
692 *
693 * Returns: length (in bytes) of the given MAC key size, or 0 if the
694 * given MAC algorithm is invalid.
695 **/
696 size_t
697 gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
698 {
699 size_t ret = 0;
700
701 /* avoid prefix */
702 GNUTLS_HASH_ALG_LOOP (ret = p->key_size);
703
704 return ret;
705 }
706
707 /**
708 * gnutls_mac_list - Get a list of supported MAC algorithms
709 *
710 * Get a list of hash algorithms for use as MACs. Note that not
711 * necessarily all MACs are supported in TLS cipher suites. For
712 * example, MD2 is not supported as a cipher suite, but is supported
713 * for other purposes (e.g., X.509 signature verification or similar).
714 *
715 * Returns: Return a zero-terminated list of #gnutls_mac_algorithm_t
716 * integers indicating the available MACs.
717 **/
718 const gnutls_mac_algorithm_t *
719 gnutls_mac_list (void)
720 {
721 return supported_macs;
722 }
723
724 const char *
725 _gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm)
726 {
727 const char *ret = NULL;
728
729 /* avoid prefix */
730 GNUTLS_HASH_ALG_LOOP (ret = p->oid);
731
732 return ret;
733 }
734
735 gnutls_mac_algorithm_t
736 _gnutls_x509_oid2mac_algorithm (const char *oid)
737 {
738 gnutls_mac_algorithm_t ret = 0;
739
740 GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
741 {
742 ret = p->id; break;}
743 );
744
745 if (ret == 0)
746 return GNUTLS_MAC_UNKNOWN;
747 return ret;
748 }
749
750
751 int
752 _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm)
753 {
754 ssize_t ret = -1;
755 GNUTLS_HASH_ALG_LOOP (ret = p->id);
756 if (ret >= 0)
757 ret = 0;
758 else
759 ret = 1;
760 return ret;
761 }
762
763 /* CIPHER functions */
764 int
765 _gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
766 {
767 size_t ret = 0;
768 GNUTLS_ALG_LOOP (ret = p->blocksize);
769 return ret;
770
771 }
772
773 /* returns the priority */
774 int
775 _gnutls_cipher_priority (gnutls_session_t session,
776 gnutls_cipher_algorithm_t algorithm)
777 {
778 unsigned int i;
779 for (i = 0; i < session->internals.priorities.cipher.algorithms; i++)
780 {
781 if (session->internals.priorities.cipher.priority[i] == algorithm)
782 return i;
783 }
784 return -1;
785 }
786
787
788 int
789 _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm)
790 {
791 size_t ret = 0;
792
793 GNUTLS_ALG_LOOP (ret = p->block);
794 return ret;
795
796 }
797
798 /**
799 * gnutls_cipher_get_key_size - Returns the length of the cipher's key size
800 * @algorithm: is an encryption algorithm
801 *
802 * Get key size for cipher.
803 *
804 * Returns: length (in bytes) of the given cipher's key size, or 0 if
805 * the given cipher is invalid.
806 **/
807 size_t
808 gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
809 { /* In bytes */
810 size_t ret = 0;
811 GNUTLS_ALG_LOOP (ret = p->keysize);
812 return ret;
813
814 }
815
816 int
817 _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm)
818 { /* In bytes */
819 size_t ret = 0;
820 GNUTLS_ALG_LOOP (ret = p->iv);
821 return ret;
822
823 }
824
825 int
826 _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm)
827 { /* In bytes */
828 size_t ret = 0;
829 GNUTLS_ALG_LOOP (ret = p->export_flag);
830 return ret;
831
832 }
833
834 /**
835 * gnutls_cipher_get_name - Returns a string with the name of the specified cipher algorithm
836 * @algorithm: is an encryption algorithm
837 *
838 * Convert a #gnutls_cipher_algorithm_t type to a string.
839 *
840 * Returns: a pointer to a string that contains the name of the
841 * specified cipher, or %NULL.
842 **/
843 const char *
844 gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)
845 {
846 const char *ret = NULL;
847
848 /* avoid prefix */
849 GNUTLS_ALG_LOOP (ret = p->name);
850
851 return ret;
852 }
853
854 /**
855 * gnutls_cipher_get_id - Returns the gnutls id of the specified in string algorithm
856 * @name: is a MAC algorithm name
857 *
858 * The names are compared in a case insensitive way.
859 *
860 * Returns: return a #gnutls_cipher_algorithm_t value corresponding to
861 * the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error.
862 **/
863 gnutls_cipher_algorithm_t
864 gnutls_cipher_get_id (const char *name)
865 {
866 gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
867
868 GNUTLS_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
869
870 return ret;
871 }
872
873 /**
874 * gnutls_cipher_list - Get a list of supported ciphers
875 *
876 * Get a list of supported cipher algorithms. Note that not
877 * necessarily all ciphers are supported as TLS cipher suites. For
878 * example, DES is not supported as a cipher suite, but is supported
879 * for other purposes (e.g., PKCS#8 or similar).
880 *
881 * Returns: a zero-terminated list of #gnutls_cipher_algorithm_t
882 * integers indicating the available ciphers.
883 *
884 **/
885 const gnutls_cipher_algorithm_t *
886 gnutls_cipher_list (void)
887 {
888 return supported_ciphers;
889 }
890
891 int
892 _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm)
893 {
894 ssize_t ret = -1;
895 GNUTLS_ALG_LOOP (ret = p->id);
896 if (ret >= 0)
897 ret = 0;
898 else
899 ret = 1;
900 return ret;
901 }
902
903 /* Key EXCHANGE functions */
904 mod_auth_st *
905 _gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm)
906 {
907 mod_auth_st *ret = NULL;
908 GNUTLS_KX_ALG_LOOP (ret = p->auth_struct);
909 return ret;
910
911 }
912
913
914 int
915 _gnutls_kx_priority (gnutls_session_t session,
916 gnutls_kx_algorithm_t algorithm)
917 {
918 unsigned int i;
919 for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
920 {
921 if (session->internals.priorities.kx.priority[i] == algorithm)
922 return i;
923 }
924 return -1;
925 }
926
927 /**
928 * gnutls_kx_get_name - Returns a string with the name of the specified key exchange algorithm
929 * @algorithm: is a key exchange algorithm
930 *
931 * Convert a #gnutls_kx_algorithm_t value to a string.
932 *
933 * Returns: a pointer to a string that contains the name of the
934 * specified key exchange algorithm, or %NULL.
935 **/
936 const char *
937 gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)
938 {
939 const char *ret = NULL;
940
941 /* avoid prefix */
942 GNUTLS_KX_ALG_LOOP (ret = p->name);
943
944 return ret;
945 }
946
947 /**
948 * gnutls_kx_get_id - Returns the gnutls id of the specified in string algorithm
949 * @name: is a KX name
950 *
951 * Convert a string to a #gnutls_kx_algorithm_t value. The names are
952 * compared in a case insensitive way.
953 *
954 * Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN
955 * on error.
956 **/
957 gnutls_kx_algorithm_t
958 gnutls_kx_get_id (const char *name)
959 {
960 gnutls_cipher_algorithm_t ret = GNUTLS_KX_UNKNOWN;
961
962 GNUTLS_KX_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->algorithm);
963
964 return ret;
965 }
966
967 /**
968 * gnutls_kx_list - Get a list of supported key exchange methods
969 *
970 * Get a list of supported key exchange algorithms.
971 *
972 * Returns: a zero-terminated list of #gnutls_kx_algorithm_t integers
973 * indicating the available key exchange algorithms.
974 **/
975 const gnutls_kx_algorithm_t *
976 gnutls_kx_list (void)
977 {
978 return supported_kxs;
979 }
980
981 int
982 _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm)
983 {
984 ssize_t ret = -1;
985 GNUTLS_KX_ALG_LOOP (ret = p->algorithm);
986 if (ret >= 0)
987 ret = 0;
988 else
989 ret = 1;
990 return ret;
991 }
992
993 int
994 _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm)
995 {
996 ssize_t ret = 0;
997 GNUTLS_KX_ALG_LOOP (ret = p->needs_rsa_params);
998 return ret;
999 }
1000
1001 int
1002 _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm)
1003 {
1004 ssize_t ret = 0;
1005 GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params);
1006 return ret;
1007 }
1008
1009
1010 /* Version */
1011 int
1012 _gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
1013 { /* actually returns the priority */
1014 unsigned int i;
1015
1016 if (session->internals.priorities.protocol.priority == NULL)
1017 {
1018 gnutls_assert ();
1019 return -1;
1020 }
1021
1022 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
1023 {
1024 if (session->internals.priorities.protocol.priority[i] == version)
1025 return i;
1026 }
1027 return -1;
1028 }
1029
1030 gnutls_protocol_t
1031 _gnutls_version_lowest (gnutls_session_t session)
1032 { /* returns the lowest version supported */
1033 unsigned int i, min = 0xff;
1034
1035 if (session->internals.priorities.protocol.priority == NULL)
1036 {
1037 return GNUTLS_VERSION_UNKNOWN;
1038 }
1039 else
1040 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
1041 {
1042 if (session->internals.priorities.protocol.priority[i] < min)
1043 min = session->internals.priorities.protocol.priority[i];
1044 }
1045
1046 if (min == 0xff)
1047 return GNUTLS_VERSION_UNKNOWN; /* unknown version */
1048
1049 return min;
1050 }
1051
1052 gnutls_protocol_t
1053 _gnutls_version_max (gnutls_session_t session)
1054 { /* returns the maximum version supported */
1055 unsigned int i, max = 0x00;
1056
1057 if (session->internals.priorities.protocol.priority == NULL)
1058 {
1059 return GNUTLS_VERSION_UNKNOWN;
1060 }
1061 else
1062 for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
1063 {
1064 if (session->internals.priorities.protocol.priority[i] > max)
1065 max = session->internals.priorities.protocol.priority[i];
1066 }
1067
1068 if (max == 0x00)
1069 return GNUTLS_VERSION_UNKNOWN; /* unknown version */
1070
1071 return max;
1072 }
1073
1074
1075 /**
1076 * gnutls_protocol_get_name - Returns a string with the name of the specified SSL/TLS version
1077 * @version: is a (gnutls) version number
1078 *
1079 * Convert a #gnutls_protocol_t value to a string.
1080 *
1081 * Returns: a string that contains the name of the specified TLS
1082 * version (e.g., "TLS1.0"), or %NULL.
1083 **/
1084 const char *
1085 gnutls_protocol_get_name (gnutls_protocol_t version)
1086 {
1087 const char *ret = NULL;
1088
1089 /* avoid prefix */
1090 GNUTLS_VERSION_ALG_LOOP (ret = p->name);
1091 return ret;
1092 }
1093
1094 /**
1095 * gnutls_protocol_get_id - Returns the gnutls id of the specified in string protocol
1096 * @name: is a protocol name
1097 *
1098 * The names are compared in a case insensitive way.
1099 *
1100 * Returns: an id of the specified protocol, or
1101 * %GNUTLS_VERSION_UNKNOWN on error.
1102 **/
1103 gnutls_protocol_t
1104 gnutls_protocol_get_id (const char *name)
1105 {
1106 gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
1107
1108 GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
1109
1110 return ret;
1111 }
1112
1113 /**
1114 * gnutls_protocol_list - Get a list of supported protocols
1115 *
1116 * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
1117 *
1118 * Returns: a zero-terminated list of #gnutls_protocol_t integers
1119 * indicating the available protocols.
1120 *
1121 **/
1122 const gnutls_protocol_t *
1123 gnutls_protocol_list (void)
1124 {
1125 return supported_protocols;
1126 }
1127
1128 int
1129 _gnutls_version_get_minor (gnutls_protocol_t version)
1130 {
1131 int ret = -1;
1132
1133 GNUTLS_VERSION_ALG_LOOP (ret = p->minor);
1134 return ret;
1135 }
1136
1137 gnutls_protocol_t
1138 _gnutls_version_get (int major, int minor)
1139 {
1140 int ret = -1;
1141
1142 GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor))
1143 ret = p->id);
1144 return ret;
1145 }
1146
1147 int
1148 _gnutls_version_get_major (gnutls_protocol_t version)
1149 {
1150 int ret = -1;
1151
1152 GNUTLS_VERSION_ALG_LOOP (ret = p->major);
1153 return ret;
1154 }
1155
1156 /* Version Functions */
1157
1158 int
1159 _gnutls_version_is_supported (gnutls_session_t session,
1160 const gnutls_protocol_t version)
1161 {
1162 int ret = 0;
1163
1164 GNUTLS_VERSION_ALG_LOOP (ret = p->supported);
1165 if (ret == 0)
1166 return 0;
1167
1168 if (_gnutls_version_priority (session, version) < 0)
1169 return 0; /* disabled by the user */
1170 else
1171 return 1;
1172 }
1173
1174 /* Type to KX mappings */
1175 gnutls_kx_algorithm_t
1176 _gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server)
1177 {
1178 gnutls_kx_algorithm_t ret = -1;
1179
1180 if (server)
1181 {
1182 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
1183 }
1184 else
1185 {
1186 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
1187 }
1188 return ret;
1189 }
1190
1191 gnutls_credentials_type_t
1192 _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server)
1193 {
1194 gnutls_credentials_type_t ret = -1;
1195 if (server)
1196 {
1197 GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
1198 p->server_type);
1199 }
1200 else
1201 {
1202 GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
1203 p->client_type);
1204 }
1205
1206 return ret;
1207 }
1208
1209
1210 /* Cipher Suite's functions */
1211 gnutls_cipher_algorithm_t
1212 _gnutls_cipher_suite_get_cipher_algo (const cipher_suite_st * suite)
1213 {
1214 int ret = 0;
1215 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm);
1216 return ret;
1217 }
1218
1219 gnutls_protocol_t
1220 _gnutls_cipher_suite_get_version (const cipher_suite_st * suite)
1221 {
1222 int ret = 0;
1223 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->version);
1224 return ret;
1225 }
1226
1227 gnutls_kx_algorithm_t
1228 _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st * suite)
1229 {
1230 int ret = 0;
1231
1232 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm);
1233 return ret;
1234
1235 }
1236
1237 gnutls_mac_algorithm_t
1238 _gnutls_cipher_suite_get_mac_algo (const cipher_suite_st * suite)
1239 { /* In bytes */
1240 int ret = 0;
1241 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm);
1242 return ret;
1243
1244 }
1245
1246 const char *
1247 _gnutls_cipher_suite_get_name (cipher_suite_st * suite)
1248 {
1249 const char *ret = NULL;
1250
1251 /* avoid prefix */
1252 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1);
1253
1254 return ret;
1255 }
1256
1257 /**
1258 * gnutls_cipher_suite_get_name - Returns a string with the name of the specified cipher suite
1259 * @kx_algorithm: is a Key exchange algorithm
1260 * @cipher_algorithm: is a cipher algorithm
1261 * @mac_algorithm: is a MAC algorithm
1262 *
1263 * Note that the full cipher suite name must be prepended by TLS or
1264 * SSL depending of the protocol in use.
1265 *
1266 * Returns: a string that contains the name of a TLS cipher suite,
1267 * specified by the given algorithms, or %NULL.
1268 **/
1269 const char *
1270 gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm,
1271 gnutls_cipher_algorithm_t cipher_algorithm,
1272 gnutls_mac_algorithm_t mac_algorithm)
1273 {
1274 const char *ret = NULL;
1275
1276 /* avoid prefix */
1277 GNUTLS_CIPHER_SUITE_LOOP (if (kx_algorithm == p->kx_algorithm &&
1278 cipher_algorithm == p->block_algorithm &&
1279 mac_algorithm == p->mac_algorithm)
1280 ret = p->name + sizeof ("GNUTLS_") - 1);
1281
1282 return ret;
1283 }
1284
1285 /**
1286 * gnutls_cipher_suite_info:
1287 * @idx: index of cipher suite to get information about, starts on 0.
1288 * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
1289 * @kx: output variable indicating key exchange algorithm, or %NULL.
1290 * @cipher: output variable indicating cipher, or %NULL.
1291 * @mac: output variable indicating MAC algorithm, or %NULL.
1292 * @version: output variable indicating TLS protocol version, or %NULL.
1293 *
1294 * Get information about supported cipher suites. Use the function
1295 * iteratively to get information about all supported cipher suites.
1296 * Call with idx=0 to get information about first cipher suite, then
1297 * idx=1 and so on until the function returns NULL.
1298 *
1299 * Returns: the name of @idx cipher suite, and set the information
1300 * about the cipher suite in the output variables. If @idx is out of
1301 * bounds, %NULL is returned.
1302 **/
1303 const char *
1304 gnutls_cipher_suite_info (size_t idx,
1305 char *cs_id,
1306 gnutls_kx_algorithm_t * kx,
1307 gnutls_cipher_algorithm_t * cipher,
1308 gnutls_mac_algorithm_t * mac,
1309 gnutls_protocol_t * version)
1310 {
1311 if (idx >= CIPHER_SUITES_COUNT)
1312 return NULL;
1313
1314 if (cs_id)
1315 memcpy (cs_id, cs_algorithms[idx].id.suite, 2);
1316 if (kx)
1317 *kx = cs_algorithms[idx].kx_algorithm;
1318 if (cipher)
1319 *cipher = cs_algorithms[idx].block_algorithm;
1320 if (mac)
1321 *mac = cs_algorithms[idx].mac_algorithm;
1322 if (version)
1323 *version = cs_algorithms[idx].version;
1324
1325 return cs_algorithms[idx].name + sizeof ("GNU") - 1;
1326 }
1327
1328
1329 static inline int
1330 _gnutls_cipher_suite_is_ok (cipher_suite_st * suite)
1331 {
1332 size_t ret;
1333 const char *name = NULL;
1334
1335 GNUTLS_CIPHER_SUITE_ALG_LOOP (name = p->name);
1336 if (name != NULL)
1337 ret = 0;
1338 else
1339 ret = 1;
1340 return ret;
1341
1342 }
1343
1344 #define SWAP(x, y) memcpy(tmp,x,size); \
1345 memcpy(x,y,size); \
1346 memcpy(y,tmp,size);
1347
1348 #define MAX_ELEM_SIZE 4
1349 static inline int
1350 _gnutls_partition (gnutls_session_t session, void *_base,
1351 size_t nmemb, size_t size,
1352 int (*compar) (gnutls_session_t,
1353 const void *, const void *))
1354 {
1355 uint8_t *base = _base;
1356 uint8_t tmp[MAX_ELEM_SIZE];
1357 uint8_t ptmp[MAX_ELEM_SIZE];
1358 unsigned int pivot;
1359 unsigned int i, j;
1360 unsigned int full;
1361
1362 i = pivot = 0;
1363 j = full = (nmemb - 1) * size;
1364
1365 memcpy (ptmp, &base[0], size); /* set pivot item */
1366
1367 while (i < j)
1368 {
1369 while ((compar (session, &base[i], ptmp) <= 0) && (i < full))
1370 {
1371 i += size;
1372 }
1373 while ((compar (session, &base[j], ptmp) >= 0) && (j > 0))
1374 j -= size;
1375
1376 if (i < j)
1377 {
1378 SWAP (&base[j], &base[i]);
1379 }
1380 }
1381
1382 if (j > pivot)
1383 {
1384 SWAP (&base[pivot], &base[j]);
1385 pivot = j;
1386 }
1387 else if (i < pivot)
1388 {
1389 SWAP (&base[pivot], &base[i]);
1390 pivot = i;
1391 }
1392 return pivot / size;
1393 }
1394
1395 static void
1396 _gnutls_qsort (gnutls_session_t session, void *_base, size_t nmemb,
1397 size_t size, int (*compar) (gnutls_session_t, const void *,
1398 const void *))
1399 {
1400 unsigned int pivot;
1401 char *base = _base;
1402 size_t snmemb = nmemb;
1403
1404 #ifdef DEBUG
1405 if (size > MAX_ELEM_SIZE)
1406 {
1407 gnutls_assert ();
1408 _gnutls_debug_log ("QSORT BUG\n");
1409 exit (1);
1410 }
1411 #endif
1412
1413 if (snmemb <= 1)
1414 return;
1415 pivot = _gnutls_partition (session, _base, nmemb, size, compar);
1416
1417 _gnutls_qsort (session, base, pivot < nmemb ? pivot + 1 : pivot, size,
1418 compar);
1419 _gnutls_qsort (session, &base[(pivot + 1) * size], nmemb - pivot - 1,
1420 size, compar);
1421 }
1422
1423
1424 /* a compare function for KX algorithms (using priorities).
1425 * For use with qsort
1426 */
1427 static int
1428 _gnutls_compare_algo (gnutls_session_t session, const void *i_A1,
1429 const void *i_A2)
1430 {
1431 gnutls_kx_algorithm_t kA1 =
1432 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A1);
1433 gnutls_kx_algorithm_t kA2 =
1434 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A2);
1435 gnutls_cipher_algorithm_t cA1 =
1436 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A1);
1437 gnutls_cipher_algorithm_t cA2 =
1438 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A2);
1439 gnutls_mac_algorithm_t mA1 =
1440 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A1);
1441 gnutls_mac_algorithm_t mA2 =
1442 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A2);
1443
1444 int p1 = (_gnutls_kx_priority (session, kA1) + 1) * 64;
1445 int p2 = (_gnutls_kx_priority (session, kA2) + 1) * 64;
1446 p1 += (_gnutls_cipher_priority (session, cA1) + 1) * 8;
1447 p2 += (_gnutls_cipher_priority (session, cA2) + 1) * 8;
1448 p1 += _gnutls_mac_priority (session, mA1);
1449 p2 += _gnutls_mac_priority (session, mA2);
1450
1451 if (p1 > p2)
1452 {
1453 return 1;
1454 }
1455 else
1456 {
1457 if (p1 == p2)
1458 {
1459 return 0;
1460 }
1461 return -1;
1462 }
1463 }
1464
1465 #ifdef SORT_DEBUG
1466 static void
1467 _gnutls_bsort (gnutls_session_t session, void *_base, size_t nmemb,
1468 size_t size, int (*compar) (gnutls_session_t, const void *,
1469 const void *))
1470 {
1471 unsigned int i, j;
1472 int full = nmemb * size;
1473 char *base = _base;
1474 char tmp[MAX_ELEM_SIZE];
1475
1476 for (i = 0; i < full; i += size)
1477 {
1478 for (j = 0; j < full; j += size)
1479 {
1480 if (compar (session, &base[i], &base[j]) < 0)
1481 {
1482 SWAP (&base[j], &base[i]);
1483 }
1484 }
1485 }
1486
1487 }
1488 #endif
1489
1490 int
1491 _gnutls_supported_ciphersuites_sorted (gnutls_session_t session,
1492 cipher_suite_st ** ciphers)
1493 {
1494
1495 #ifdef SORT_DEBUG
1496 unsigned int i;
1497 #endif
1498 int count;
1499
1500 count = _gnutls_supported_ciphersuites (session, ciphers);
1501 if (count <= 0)
1502 {
1503 gnutls_assert ();
1504 return count;
1505 }
1506 #ifdef SORT_DEBUG
1507 _gnutls_debug_log ("Unsorted: \n");
1508 for (i = 0; i < count; i++)
1509 _gnutls_debug_log ("\t%d: %s\n", i,
1510 _gnutls_cipher_suite_get_name ((*ciphers)[i]));
1511 #endif
1512
1513 _gnutls_qsort (session, *ciphers, count,
1514 sizeof (cipher_suite_st), _gnutls_compare_algo);
1515
1516 #ifdef SORT_DEBUG
1517 _gnutls_debug_log ("Sorted: \n");
1518 for (i = 0; i < count; i++)
1519 _gnutls_debug_log ("\t%d: %s\n", i,
1520 _gnutls_cipher_suite_get_name ((*ciphers)[i]));
1521 #endif
1522
1523 return count;
1524 }
1525
1526 int
1527 _gnutls_supported_ciphersuites (gnutls_session_t session,
1528 cipher_suite_st ** _ciphers)
1529 {
1530
1531 unsigned int i, ret_count, j;
1532 unsigned int count = CIPHER_SUITES_COUNT;
1533 cipher_suite_st *tmp_ciphers;
1534 cipher_suite_st *ciphers;
1535 gnutls_protocol_t version;
1536
1537 if (count == 0)
1538 {
1539 return 0;
1540 }
1541
1542 tmp_ciphers = gnutls_malloc (count * sizeof (cipher_suite_st));
1543 if (tmp_ciphers == NULL)
1544 return GNUTLS_E_MEMORY_ERROR;
1545
1546 ciphers = gnutls_malloc (count * sizeof (cipher_suite_st));
1547 if (ciphers == NULL)
1548 {
1549 gnutls_free (tmp_ciphers);
1550 return GNUTLS_E_MEMORY_ERROR;
1551 }
1552
1553 version = gnutls_protocol_get_version (session);
1554
1555 for (i = 0; i < count; i++)
1556 {
1557 memcpy (&tmp_ciphers[i], &cs_algorithms[i].id,
1558 sizeof (cipher_suite_st));
1559 }
1560
1561 for (i = j = 0; i < count; i++)
1562 {
1563 /* remove private cipher suites, if requested.
1564 */
1565 if (tmp_ciphers[i].suite[0] == 0xFF &&
1566 session->internals.enable_private == 0)
1567 continue;
1568
1569 /* remove cipher suites which do not support the
1570 * protocol version used.
1571 */
1572 if (_gnutls_cipher_suite_get_version (&tmp_ciphers[i]) > version)
1573 continue;
1574
1575 if (_gnutls_kx_priority
1576 (session, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers[i])) < 0)
1577 continue;
1578 if (_gnutls_mac_priority
1579 (session, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers[i])) < 0)
1580 continue;
1581 if (_gnutls_cipher_priority
1582 (session,
1583 _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers[i])) < 0)
1584 continue;
1585
1586 memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st));
1587 j++;
1588 }
1589
1590 ret_count = j;
1591
1592 #if 0 /* expensive */
1593 if (ret_count > 0 && ret_count != count)
1594 {
1595 ciphers =
1596 gnutls_realloc_fast (ciphers, ret_count * sizeof (cipher_suite_st));
1597 }
1598 else
1599 {
1600 if (ret_count != count)
1601 {
1602 gnutls_free (ciphers);
1603 ciphers = NULL;
1604 }
1605 }
1606 #endif
1607
1608 gnutls_free (tmp_ciphers);
1609
1610 /* This function can no longer return 0 cipher suites.
1611 * It returns an error code instead.
1612 */
1613 if (ret_count == 0)
1614 {
1615 gnutls_assert ();
1616 gnutls_free (ciphers);
1617 return GNUTLS_E_NO_CIPHER_SUITES;
1618 }
1619 *_ciphers = ciphers;
1620 return ret_count;
1621 }
1622
1623 /**
1624 * gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type
1625 * @type: is a certificate type
1626 *
1627 * Convert a #gnutls_certificate_type_t type to a string.
1628 *
1629 * Returns: a string that contains the name of the specified
1630 * certificate type, or %NULL in case of unknown types.
1631 **/
1632 const char *
1633 gnutls_certificate_type_get_name (gnutls_certificate_type_t type)
1634 {
1635 const char *ret = NULL;
1636
1637 if (type == GNUTLS_CRT_X509)
1638 ret = "X.509";
1639 if (type == GNUTLS_CRT_OPENPGP)
1640 ret = "OPENPGP";
1641
1642 return ret;
1643 }
1644
1645 /**
1646 * gnutls_certificate_type_get_id - Returns the gnutls id of the specified in string type
1647 * @name: is a certificate type name
1648 *
1649 * The names are compared in a case insensitive way.
1650 *
1651 * Returns: an #gnutls_certificate_type_t for the specified in a
1652 * string certificate type, or %GNUTLS_CRT_UNKNOWN on error.
1653 **/
1654 gnutls_certificate_type_t
1655 gnutls_certificate_type_get_id (const char *name)
1656 {
1657 gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN;
1658
1659 if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0)
1660 return GNUTLS_CRT_X509;
1661 if (strcasecmp (name, "OPENPGP") == 0)
1662 return GNUTLS_CRT_OPENPGP;
1663
1664 return ret;
1665 }
1666
1667 static const gnutls_certificate_type_t supported_certificate_types[] = {
1668 GNUTLS_CRT_X509,
1669 GNUTLS_CRT_OPENPGP,
1670 0
1671 };
1672
1673 /**
1674 * gnutls_certificate_type_list - Get a list of supported certificate types
1675 *
1676 * Get a list of certificate types. Note that to be able to use
1677 * OpenPGP certificates, you must link to libgnutls-extra and call
1678 * gnutls_global_init_extra().
1679 *
1680 * Returns: a zero-terminated list of #gnutls_certificate_type_t
1681 * integers indicating the available certificate types.
1682 **/
1683 const gnutls_certificate_type_t *
1684 gnutls_certificate_type_list (void)
1685 {
1686 return supported_certificate_types;
1687 }
1688
1689 /* returns the gnutls_pk_algorithm_t which is compatible with
1690 * the given gnutls_kx_algorithm_t.
1691 */
1692 gnutls_pk_algorithm_t
1693 _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm)
1694 {
1695 gnutls_pk_algorithm_t ret = -1;
1696
1697 GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret;
1698 }
1699
1700 /* Returns the encipher type for the given key exchange algorithm.
1701 * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN.
1702 *
1703 * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
1704 */
1705 enum encipher_type
1706 _gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm)
1707 {
1708 int ret = CIPHER_IGN;
1709 GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret;
1710
1711 }
1712
1713 /* signature algorithms;
1714 */
1715 struct gnutls_sign_entry
1716 {
1717 const char *name;
1718 const char *oid;
1719 gnutls_sign_algorithm_t id;
1720 gnutls_pk_algorithm_t pk;
1721 gnutls_mac_algorithm_t mac;
1722 };
1723 typedef struct gnutls_sign_entry gnutls_sign_entry;
1724
1725 static const gnutls_sign_entry sign_algorithms[] = {
1726 {"RSA-SHA", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
1727 GNUTLS_MAC_SHA1},
1728 {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA,
1729 GNUTLS_MAC_SHA256},
1730 {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA,
1731 GNUTLS_MAC_SHA384},
1732 {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA,
1733 GNUTLS_MAC_SHA512},
1734 {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA,
1735 GNUTLS_MAC_RMD160},
1736 {"DSA-SHA", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
1737 GNUTLS_MAC_SHA1},
1738 {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
1739 GNUTLS_MAC_MD5},
1740 {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
1741 GNUTLS_MAC_MD2},
1742 {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0},
1743 {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0},
1744 {0, 0, 0, 0, 0}
1745 };
1746
1747 /* Keep the contents of this struct the same as the previous one. */
1748 static const gnutls_sign_algorithm_t supported_sign[] = {
1749 GNUTLS_SIGN_RSA_SHA1,
1750 GNUTLS_SIGN_RSA_SHA256,
1751 GNUTLS_SIGN_RSA_SHA384,
1752 GNUTLS_SIGN_RSA_SHA512,
1753 GNUTLS_SIGN_RSA_RMD160,
1754 GNUTLS_SIGN_DSA_SHA1,
1755 GNUTLS_SIGN_RSA_MD5,
1756 GNUTLS_SIGN_RSA_MD2,
1757 0
1758 };
1759
1760 #define GNUTLS_SIGN_LOOP(b) \
1761 do { \
1762 const gnutls_sign_entry *p; \
1763 for(p = sign_algorithms; p->name != NULL; p++) { b ; } \
1764 } while (0)
1765
1766 #define GNUTLS_SIGN_ALG_LOOP(a) \
1767 GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
1768
1769 /**
1770 * gnutls_sign_algorithm_get_name - Returns a string with the name of the specified sign algorithm
1771 * @algorithm: is a sign algorithm
1772 *
1773 * Convert a #gnutls_sign_algorithm_t value to a string.
1774 *
1775 * Returns: a string that contains the name of the specified sign
1776 * algorithm, or %NULL.
1777 **/
1778 const char *
1779 gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign)
1780 {
1781 const char *ret = NULL;
1782
1783 /* avoid prefix */
1784 GNUTLS_SIGN_ALG_LOOP (ret = p->name);
1785
1786 return ret;
1787 }
1788
1789 /**
1790 * gnutls_sign_list - Get a list of supported public key signature algorithms
1791 *
1792 * Get a list of supported public key signature algorithms.
1793 *
1794 * Returns: a zero-terminated list of #gnutls_sign_algorithm_t
1795 * integers indicating the available ciphers.
1796 *
1797 **/
1798 const gnutls_sign_algorithm_t *
1799 gnutls_sign_list (void)
1800 {
1801 return supported_sign;
1802 }
1803
1804 /**
1805 * gnutls_sign_get_id - Returns the gnutls id of the specified in signature algorithm
1806 * @name: is a MAC algorithm name
1807 *
1808 * The names are compared in a case insensitive way.
1809 *
1810 * Returns: return a #gnutls_sign_algorithm_t value corresponding to
1811 * the specified cipher, or %GNUTLS_SIGN_UNKNOWN on error.
1812 **/
1813 gnutls_sign_algorithm_t
1814 gnutls_sign_get_id (const char *name)
1815 {
1816 gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
1817
1818 GNUTLS_SIGN_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
1819
1820 return ret;
1821
1822 }
1823
1824 /**
1825 * gnutls_sign_get_name - Get name string for a #gnutls_sign_algorithm_t
1826 * @algorithm: is a public key signature algorithm
1827 *
1828 * Convert a #gnutls_sign_algorithm_t value to a string.
1829 *
1830 * Returns: a pointer to a string that contains the name of the
1831 * specified public key signature algorithm, or %NULL.
1832 *
1833 * Since: 2.6.0
1834 **/
1835 const char *
1836 gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
1837 {
1838 const char *ret = "SIGN_UNKNOWN";
1839
1840 GNUTLS_SIGN_LOOP (if (p->id == algorithm) ret = p->name);
1841
1842 return ret;
1843 }
1844
1845 gnutls_sign_algorithm_t
1846 _gnutls_x509_oid2sign_algorithm (const char *oid)
1847 {
1848 gnutls_sign_algorithm_t ret = 0;
1849
1850 GNUTLS_SIGN_LOOP (if (strcmp (oid, p->oid) == 0)
1851 {
1852 ret = p->id; break;}
1853 );
1854
1855 if (ret == 0)
1856 {
1857 _gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid);
1858 return GNUTLS_SIGN_UNKNOWN;
1859 }
1860 return ret;
1861 }
1862
1863 gnutls_sign_algorithm_t
1864 _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_mac_algorithm_t mac)
1865 {
1866 gnutls_sign_algorithm_t ret = 0;
1867
1868 GNUTLS_SIGN_LOOP (if (pk == p->pk && mac == p->mac)
1869 {
1870 ret = p->id; break;}
1871 );
1872
1873 if (ret == 0)
1874 return GNUTLS_SIGN_UNKNOWN;
1875 return ret;
1876 }
1877
1878 const char *
1879 _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
1880 gnutls_mac_algorithm_t mac)
1881 {
1882 gnutls_sign_algorithm_t sign;
1883 const char *ret = NULL;
1884
1885 sign = _gnutls_x509_pk_to_sign (pk, mac);
1886 if (sign == GNUTLS_SIGN_UNKNOWN)
1887 return NULL;
1888
1889 GNUTLS_SIGN_ALG_LOOP (ret = p->oid);
1890 return ret;
1891 }
1892
1893
1894 /* pk algorithms;
1895 */
1896 struct gnutls_pk_entry
1897 {
1898 const char *name;
1899 const char *oid;
1900 gnutls_pk_algorithm_t id;
1901 };
1902 typedef struct gnutls_pk_entry gnutls_pk_entry;
1903
1904 static const gnutls_pk_entry pk_algorithms[] = {
1905 {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
1906 {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
1907 {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, 0},
1908 {"GOST R 34.10-94", PK_GOST_R3410_94_OID, 0},
1909 {0, 0, 0}
1910 };
1911
1912 /**
1913 * gnutls_pk_algorithm_get_name - Get string with name of public key algorithm
1914 * @algorithm: is a pk algorithm
1915 *
1916 * Convert a #gnutls_pk_algorithm_t value to a string.
1917 *
1918 * Returns: a string that contains the name of the specified public
1919 * key algorithm, or %NULL.
1920 **/
1921 const char *
1922 gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
1923 {
1924 const char *ret = NULL;
1925 const gnutls_pk_entry *p;
1926
1927 for (p = pk_algorithms; p->name != NULL; p++)
1928 if (p->id && p->id == algorithm)
1929 {
1930 ret = p->name;
1931 break;
1932 }
1933
1934 return ret;
1935 }
1936
1937 /**
1938 * gnutls_pk_list - Get a list of supported public key algorithms
1939 *
1940 * Get a list of supported public key algorithms.
1941 *
1942 * Returns: a zero-terminated list of #gnutls_pk_algorithm_t integers
1943 * indicating the available ciphers.
1944 *
1945 * Since: 2.6.0
1946 **/
1947 const gnutls_pk_algorithm_t *
1948 gnutls_pk_list (void)
1949 {
1950 static const gnutls_pk_algorithm_t supported_pks[] = {
1951 GNUTLS_PK_RSA,
1952 GNUTLS_PK_DSA,
1953 0
1954 };
1955
1956 return supported_pks;
1957 }
1958
1959 /**
1960 * gnutls_pk_get_id - Get #gnutls_pk_algorithm_t from a string
1961 * @name: is a string containing a public key algorithm name.
1962 *
1963 * Convert a string to a #gnutls_pk_algorithm_t value. The names are
1964 * compared in a case insensitive way. For example,
1965 * gnutls_pk_get_id("RSA") will return %GNUTLS_PK_RSA.
1966 *
1967 * Returns: an #gnutls_pk_algorithm_tid of the specified in a string
1968 * public key algorithm, or %GNUTLS_PK_UNKNOWN on failures.
1969 *
1970 * Since: 2.6.0
1971 **/
1972 gnutls_pk_algorithm_t
1973 gnutls_pk_get_id (const char *name)
1974 {
1975 if (strcasecmp (name, "RSA") == 0)
1976 return GNUTLS_PK_RSA;
1977 else if (strcasecmp (name, "DSA") == 0)
1978 return GNUTLS_PK_DSA;
1979
1980 return GNUTLS_PK_UNKNOWN;
1981 }
1982
1983 /**
1984 * gnutls_pk_get_name - Get name string with #gnutls_pk_algorithm_t algorithm
1985 * @algorithm: is a public key algorithm
1986 *
1987 * Convert a #gnutls_pk_algorithm_t value to a string.
1988 *
1989 * Returns: a pointer to a string that contains the name of the
1990 * specified public key algorithm, or %NULL.
1991 *
1992 * Since: 2.6.0
1993 **/
1994 const char *
1995 gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm)
1996 {
1997 const char *p;
1998
1999 switch (algorithm)
2000 {
2001 case GNUTLS_PK_RSA:
2002 p = "RSA";
2003 break;
2004
2005 case GNUTLS_PK_DSA:
2006 p = "DSA";
2007 break;
2008
2009 default:
2010 case GNUTLS_PK_UNKNOWN:
2011 p = "PK_UNKNOWN";
2012 break;
2013 }
2014
2015 return p;
2016 }
2017
2018 gnutls_pk_algorithm_t
2019 _gnutls_x509_oid2pk_algorithm (const char *oid)
2020 {
2021 gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
2022 const gnutls_pk_entry *p;
2023
2024 for (p = pk_algorithms; p->name != NULL; p++)
2025 if (strcmp (p->oid, oid) == 0)
2026 {
2027 ret = p->id;
2028 break;
2029 }
2030
2031 return ret;
2032 }
2033
2034 const char *
2035 _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
2036 {
2037 const char *ret = NULL;
2038 const gnutls_pk_entry *p;
2039
2040 for (p = pk_algorithms; p->name != NULL; p++)
2041 if (p->id == algorithm)
2042 {
2043 ret = p->oid;
2044 break;
2045 }
2046
2047 return ret;
2048 }
Implementation of the SSL/TLS protocol