2 * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GNUTLS.
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
25 #include "gnutls_int.h"
26 #include "gnutls_algorithms.h"
27 #include "gnutls_errors.h"
28 #include "gnutls_cert.h"
29 #include <x509/common.h>
33 /* Cred type mappings to KX algorithms
34 * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
35 * more than one credentials type.
39 gnutls_kx_algorithm_t algorithm
;
40 gnutls_credentials_type_t client_type
;
41 gnutls_credentials_type_t server_type
; /* The type of credentials a server
45 static const gnutls_cred_map cred_mappings
[] = {
46 {GNUTLS_KX_ANON_DH
, GNUTLS_CRD_ANON
, GNUTLS_CRD_ANON
},
47 {GNUTLS_KX_RSA
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
48 {GNUTLS_KX_RSA_EXPORT
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
49 {GNUTLS_KX_DHE_DSS
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
50 {GNUTLS_KX_DHE_RSA
, GNUTLS_CRD_CERTIFICATE
, GNUTLS_CRD_CERTIFICATE
},
51 {GNUTLS_KX_PSK
, GNUTLS_CRD_PSK
, GNUTLS_CRD_PSK
},
52 {GNUTLS_KX_DHE_PSK
, GNUTLS_CRD_PSK
, GNUTLS_CRD_PSK
},
53 {GNUTLS_KX_SRP
, GNUTLS_CRD_SRP
, GNUTLS_CRD_SRP
},
54 {GNUTLS_KX_SRP_RSA
, GNUTLS_CRD_SRP
, GNUTLS_CRD_CERTIFICATE
},
55 {GNUTLS_KX_SRP_DSS
, GNUTLS_CRD_SRP
, GNUTLS_CRD_CERTIFICATE
},
59 #define GNUTLS_KX_MAP_LOOP(b) \
60 const gnutls_cred_map *p; \
61 for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
63 #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
64 GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
66 #define GNUTLS_KX_MAP_ALG_LOOP_CLIENT(a) \
67 GNUTLS_KX_MAP_LOOP( if(p->client_type == type) { a; break; })
69 /* KX mappings to PK algorithms */
72 gnutls_kx_algorithm_t kx_algorithm
;
73 gnutls_pk_algorithm_t pk_algorithm
;
74 enum encipher_type encipher_type
; /* CIPHER_ENCRYPT if this algorithm is to be used
75 * for encryption, CIPHER_SIGN if signature only,
76 * CIPHER_IGN if this does not apply at all.
78 * This is useful to certificate cipher suites, which check
79 * against the certificate key usage bits.
83 /* This table maps the Key exchange algorithms to
84 * the certificate algorithms. Eg. if we have
85 * RSA algorithm in the certificate then we can
86 * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
88 static const gnutls_pk_map pk_mappings
[] = {
89 {GNUTLS_KX_RSA
, GNUTLS_PK_RSA
, CIPHER_ENCRYPT
},
90 {GNUTLS_KX_RSA_EXPORT
, GNUTLS_PK_RSA
, CIPHER_SIGN
},
91 {GNUTLS_KX_DHE_RSA
, GNUTLS_PK_RSA
, CIPHER_SIGN
},
92 {GNUTLS_KX_SRP_RSA
, GNUTLS_PK_RSA
, CIPHER_SIGN
},
93 {GNUTLS_KX_DHE_DSS
, GNUTLS_PK_DSA
, CIPHER_SIGN
},
94 {GNUTLS_KX_SRP_DSS
, GNUTLS_PK_DSA
, CIPHER_SIGN
},
98 #define GNUTLS_PK_MAP_LOOP(b) \
99 const gnutls_pk_map *p; \
100 for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
102 #define GNUTLS_PK_MAP_ALG_LOOP(a) \
103 GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
112 gnutls_protocol_t id
; /* gnutls internal version number */
113 int major
; /* defined by the protocol */
114 int minor
; /* defined by the protocol */
115 int supported
; /* 0 not supported, > 0 is supported */
116 } gnutls_version_entry
;
118 static const gnutls_version_entry sup_versions
[] = {
119 {"SSL3.0", GNUTLS_SSL3
, 3, 0, 1},
120 {"TLS1.0", GNUTLS_TLS1
, 3, 1, 1},
121 {"TLS1.1", GNUTLS_TLS1_1
, 3, 2, 1},
122 {"TLS1.2", GNUTLS_TLS1_2
, 3, 3, 1},
126 /* Keep the contents of this struct the same as the previous one. */
127 static const gnutls_protocol_t supported_protocols
[] = {
135 #define GNUTLS_VERSION_LOOP(b) \
136 const gnutls_version_entry *p; \
137 for(p = sup_versions; p->name != NULL; p++) { b ; }
139 #define GNUTLS_VERSION_ALG_LOOP(a) \
140 GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
143 struct gnutls_cipher_entry
146 gnutls_cipher_algorithm_t id
;
151 int export_flag
; /* 0 non export */
153 typedef struct gnutls_cipher_entry gnutls_cipher_entry
;
155 /* Note that all algorithms are in CBC or STREAM modes.
156 * Do not add any algorithms in other modes (avoid modified algorithms).
157 * View first: "The order of encryption and authentication for
158 * protecting communications" by Hugo Krawczyk - CRYPTO 2001
160 static const gnutls_cipher_entry algorithms
[] = {
161 {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC
, 16, 32, CIPHER_BLOCK
, 16, 0},
162 {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC
, 16, 16, CIPHER_BLOCK
, 16, 0},
163 {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC
, 8, 24, CIPHER_BLOCK
, 8, 0},
164 {"DES-CBC", GNUTLS_CIPHER_DES_CBC
, 8, 8, CIPHER_BLOCK
, 8, 0},
165 {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128
, 1, 16, CIPHER_STREAM
, 0, 0},
166 {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40
, 1, 5, CIPHER_STREAM
, 0, 1},
167 {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC
, 8, 5, CIPHER_BLOCK
, 8, 1},
168 #ifdef ENABLE_CAMELLIA
169 {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC
, 16, 32, CIPHER_BLOCK
,
171 {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC
, 16, 16, CIPHER_BLOCK
,
175 #ifdef ENABLE_OPENPGP
176 {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB
, 8, 16, CIPHER_BLOCK
, 8, 0},
177 {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB
, 8, 24, CIPHER_BLOCK
, 8, 0},
178 {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB
, 8, 16, CIPHER_BLOCK
, 8, 0},
179 {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB
, 8,
180 16 /*actually unlimited */ , CIPHER_BLOCK
, 8, 0},
181 {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB
, 8, 16,
183 {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB
, 16, 16, CIPHER_BLOCK
, 16,
185 {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB
, 16, 24, CIPHER_BLOCK
, 16,
187 {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB
, 16, 32, CIPHER_BLOCK
, 16,
189 {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB
, 16, 16, CIPHER_BLOCK
, 16,
192 {"NULL", GNUTLS_CIPHER_NULL
, 1, 0, CIPHER_STREAM
, 0, 0},
193 {0, 0, 0, 0, 0, 0, 0}
196 /* Keep the contents of this struct the same as the previous one. */
197 static const gnutls_cipher_algorithm_t supported_ciphers
[] = {
198 GNUTLS_CIPHER_AES_256_CBC
,
199 GNUTLS_CIPHER_AES_128_CBC
,
200 GNUTLS_CIPHER_3DES_CBC
,
201 GNUTLS_CIPHER_DES_CBC
,
202 GNUTLS_CIPHER_ARCFOUR_128
,
203 GNUTLS_CIPHER_ARCFOUR_40
,
204 GNUTLS_CIPHER_RC2_40_CBC
,
205 #ifdef ENABLE_CAMELLIA
206 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
207 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
213 #define GNUTLS_LOOP(b) \
214 const gnutls_cipher_entry *p; \
215 for(p = algorithms; p->name != NULL; p++) { b ; }
217 #define GNUTLS_ALG_LOOP(a) \
218 GNUTLS_LOOP( if(p->id == algorithm) { a; break; } )
221 struct gnutls_hash_entry
225 gnutls_mac_algorithm_t id
;
226 size_t key_size
; /* in case of mac */
228 typedef struct gnutls_hash_entry gnutls_hash_entry
;
230 static const gnutls_hash_entry hash_algorithms
[] = {
231 {"SHA1", HASH_OID_SHA1
, GNUTLS_MAC_SHA1
, 20},
232 {"MD5", HASH_OID_MD5
, GNUTLS_MAC_MD5
, 16},
233 {"SHA256", HASH_OID_SHA256
, GNUTLS_MAC_SHA256
, 32},
234 {"SHA384", HASH_OID_SHA384
, GNUTLS_MAC_SHA384
, 48},
235 {"SHA512", HASH_OID_SHA512
, GNUTLS_MAC_SHA512
, 64},
236 {"MD2", HASH_OID_MD2
, GNUTLS_MAC_MD2
, 0}, /* not used as MAC */
237 {"RIPEMD160", HASH_OID_RMD160
, GNUTLS_MAC_RMD160
, 20},
238 {"NULL", NULL
, GNUTLS_MAC_NULL
, 0},
242 /* Keep the contents of this struct the same as the previous one. */
243 static const gnutls_mac_algorithm_t supported_macs
[] = {
255 #define GNUTLS_HASH_LOOP(b) \
256 const gnutls_hash_entry *p; \
257 for(p = hash_algorithms; p->name != NULL; p++) { b ; }
259 #define GNUTLS_HASH_ALG_LOOP(a) \
260 GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
262 /* Key Exchange Section */
265 extern mod_auth_st rsa_auth_struct
;
266 extern mod_auth_st rsa_export_auth_struct
;
267 extern mod_auth_st dhe_rsa_auth_struct
;
268 extern mod_auth_st dhe_dss_auth_struct
;
269 extern mod_auth_st anon_auth_struct
;
270 extern mod_auth_st srp_auth_struct
;
271 extern mod_auth_st psk_auth_struct
;
272 extern mod_auth_st dhe_psk_auth_struct
;
273 extern mod_auth_st srp_rsa_auth_struct
;
274 extern mod_auth_st srp_dss_auth_struct
;
276 struct gnutls_kx_algo_entry
279 gnutls_kx_algorithm_t algorithm
;
280 mod_auth_st
*auth_struct
;
282 int needs_rsa_params
;
284 typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry
;
286 static const gnutls_kx_algo_entry _gnutls_kx_algorithms
[] = {
288 {"ANON-DH", GNUTLS_KX_ANON_DH
, &anon_auth_struct
, 1, 0},
290 {"RSA", GNUTLS_KX_RSA
, &rsa_auth_struct
, 0, 0},
291 {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT
, &rsa_export_auth_struct
, 0,
292 1 /* needs RSA params */ },
293 {"DHE-RSA", GNUTLS_KX_DHE_RSA
, &dhe_rsa_auth_struct
, 1, 0},
294 {"DHE-DSS", GNUTLS_KX_DHE_DSS
, &dhe_dss_auth_struct
, 1, 0},
297 {"SRP-DSS", GNUTLS_KX_SRP_DSS
, &srp_dss_auth_struct
, 0, 0},
298 {"SRP-RSA", GNUTLS_KX_SRP_RSA
, &srp_rsa_auth_struct
, 0, 0},
299 {"SRP", GNUTLS_KX_SRP
, &srp_auth_struct
, 0, 0},
302 {"PSK", GNUTLS_KX_PSK
, &psk_auth_struct
, 0, 0},
303 {"DHE-PSK", GNUTLS_KX_DHE_PSK
, &dhe_psk_auth_struct
,
304 1 /* needs DHE params */ , 0},
309 /* Keep the contents of this struct the same as the previous one. */
310 static const gnutls_kx_algorithm_t supported_kxs
[] = {
315 GNUTLS_KX_RSA_EXPORT
,
330 #define GNUTLS_KX_LOOP(b) \
331 const gnutls_kx_algo_entry *p; \
332 for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
334 #define GNUTLS_KX_ALG_LOOP(a) \
335 GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
340 #define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, version ) \
341 { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, version }
347 gnutls_cipher_algorithm_t block_algorithm
;
348 gnutls_kx_algorithm_t kx_algorithm
;
349 gnutls_mac_algorithm_t mac_algorithm
;
350 gnutls_protocol_t version
; /* this cipher suite is supported
351 * from 'version' and above;
353 } gnutls_cipher_suite_entry
;
355 /* RSA with NULL cipher and MD5 MAC
358 #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
361 /* ANONymous cipher suites.
364 #define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
365 #define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
368 #define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
369 #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
372 #define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
373 #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
375 /* PSK (not in TLS 1.0)
376 * draft-ietf-tls-psk:
378 #define GNUTLS_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8A }
379 #define GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8B }
380 #define GNUTLS_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x8C }
381 #define GNUTLS_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x8D }
383 #define GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8E }
384 #define GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8F }
385 #define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 }
386 #define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 }
391 #define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A }
392 #define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B }
393 #define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C }
395 #define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D }
396 #define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E }
397 #define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F }
399 #define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 }
400 #define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 }
401 #define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 }
405 #define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 }
406 #define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 }
407 #define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
409 #define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 }
413 #define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
414 #define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
417 #define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
418 #define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
423 #define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
426 /* draft-ietf-tls-56-bit-ciphersuites-01:
428 #define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 }
433 #define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
434 #define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
437 #define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
438 #define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
442 #define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
446 #define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
447 #define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
450 #define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
451 #define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
453 #define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
455 static const gnutls_cipher_suite_entry cs_algorithms
[] = {
457 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5
,
458 GNUTLS_CIPHER_ARCFOUR_128
,
459 GNUTLS_KX_ANON_DH
, GNUTLS_MAC_MD5
,
461 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1
,
462 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_ANON_DH
,
463 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
464 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1
,
465 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_ANON_DH
,
466 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
467 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1
,
468 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_ANON_DH
,
469 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
470 #ifdef ENABLE_CAMELLIA
471 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1
,
472 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
474 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
475 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1
,
476 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
478 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
482 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1
,
483 GNUTLS_CIPHER_ARCFOUR
, GNUTLS_KX_PSK
,
484 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
485 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1
,
486 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_PSK
,
487 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
488 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1
,
489 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_PSK
,
490 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
491 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1
,
492 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_PSK
,
493 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
496 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1
,
497 GNUTLS_CIPHER_ARCFOUR
, GNUTLS_KX_DHE_PSK
,
498 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
499 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1
,
500 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_DHE_PSK
,
501 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
502 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1
,
503 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_PSK
,
504 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
505 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1
,
506 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_PSK
,
507 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
510 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1
,
511 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_SRP
,
512 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
513 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1
,
514 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_SRP
,
515 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
516 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1
,
517 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_SRP
,
518 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
520 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1
,
521 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_SRP_DSS
,
522 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
524 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1
,
525 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_SRP_RSA
,
526 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
528 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1
,
529 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_SRP_DSS
,
530 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
532 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1
,
533 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_SRP_RSA
,
534 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
536 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1
,
537 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_SRP_DSS
,
538 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
540 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1
,
541 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_SRP_RSA
,
542 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
545 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1
,
546 GNUTLS_CIPHER_ARCFOUR_128
, GNUTLS_KX_DHE_DSS
,
547 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
548 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1
,
549 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_DHE_DSS
,
550 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
551 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1
,
552 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_DSS
,
553 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
554 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1
,
555 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_DSS
,
556 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
557 #ifdef ENABLE_CAMELLIA
558 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1
,
559 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
561 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
562 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1
,
563 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
565 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
568 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1
,
569 GNUTLS_CIPHER_3DES_CBC
, GNUTLS_KX_DHE_RSA
,
570 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
571 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1
,
572 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_DHE_RSA
,
573 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
574 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1
,
575 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_DHE_RSA
,
576 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
577 #ifdef ENABLE_CAMELLIA
578 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1
,
579 GNUTLS_CIPHER_CAMELLIA_128_CBC
,
581 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
582 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1
,
583 GNUTLS_CIPHER_CAMELLIA_256_CBC
,
585 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
588 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5
,
590 GNUTLS_KX_RSA
, GNUTLS_MAC_MD5
, GNUTLS_SSL3
),
592 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5
,
593 GNUTLS_CIPHER_ARCFOUR_40
,
594 GNUTLS_KX_RSA_EXPORT
, GNUTLS_MAC_MD5
,
597 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1
,
598 GNUTLS_CIPHER_ARCFOUR_128
,
599 GNUTLS_KX_RSA
, GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
600 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5
,
601 GNUTLS_CIPHER_ARCFOUR_128
,
602 GNUTLS_KX_RSA
, GNUTLS_MAC_MD5
, GNUTLS_SSL3
),
603 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1
,
604 GNUTLS_CIPHER_3DES_CBC
,
605 GNUTLS_KX_RSA
, GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
606 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1
,
607 GNUTLS_CIPHER_AES_128_CBC
, GNUTLS_KX_RSA
,
608 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
609 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1
,
610 GNUTLS_CIPHER_AES_256_CBC
, GNUTLS_KX_RSA
,
611 GNUTLS_MAC_SHA1
, GNUTLS_SSL3
),
612 #ifdef ENABLE_CAMELLIA
613 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1
,
614 GNUTLS_CIPHER_CAMELLIA_128_CBC
, GNUTLS_KX_RSA
,
615 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
616 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1
,
617 GNUTLS_CIPHER_CAMELLIA_256_CBC
, GNUTLS_KX_RSA
,
618 GNUTLS_MAC_SHA1
, GNUTLS_TLS1
),
620 {0, {{0, 0}}, 0, 0, 0, 0}
623 #define GNUTLS_CIPHER_SUITE_LOOP(b) \
624 const gnutls_cipher_suite_entry *p; \
625 for(p = cs_algorithms; p->name != NULL; p++) { b ; }
627 #define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \
628 GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } )
632 /* Generic Functions */
635 _gnutls_mac_priority (gnutls_session_t session
,
636 gnutls_mac_algorithm_t algorithm
)
637 { /* actually returns the priority */
639 for (i
= 0; i
< session
->internals
.priorities
.mac
.algorithms
; i
++)
641 if (session
->internals
.priorities
.mac
.priority
[i
] == algorithm
)
648 * gnutls_mac_get_name - Returns a string with the name of the specified mac algorithm
649 * @algorithm: is a MAC algorithm
651 * Convert a #gnutls_mac_algorithm_t value to a string.
653 * Returns: a string that contains the name of the specified MAC
654 * algorithm, or %NULL.
657 gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm
)
659 const char *ret
= NULL
;
662 GNUTLS_HASH_ALG_LOOP (ret
= p
->name
);
668 * gnutls_mac_get_id - Returns the gnutls id of the specified in string algorithm
669 * @name: is a MAC algorithm name
671 * Convert a string to a #gnutls_mac_algorithm_t value. The names are
672 * compared in a case insensitive way.
674 * Returns: an #gnutls_mac_algorithm_tid of the specified in a string
675 * MAC algorithm, or %GNUTLS_MAC_UNKNOWN on failures.
677 gnutls_mac_algorithm_t
678 gnutls_mac_get_id (const char *name
)
680 gnutls_mac_algorithm_t ret
= GNUTLS_MAC_UNKNOWN
;
682 GNUTLS_HASH_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
688 * gnutls_mac_get_key_size - Returns the length of the MAC's key size
689 * @algorithm: is an encryption algorithm
691 * Get size of MAC key.
693 * Returns: length (in bytes) of the given MAC key size, or 0 if the
694 * given MAC algorithm is invalid.
697 gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm
)
702 GNUTLS_HASH_ALG_LOOP (ret
= p
->key_size
);
708 * gnutls_mac_list - Get a list of supported MAC algorithms
710 * Get a list of hash algorithms for use as MACs. Note that not
711 * necessarily all MACs are supported in TLS cipher suites. For
712 * example, MD2 is not supported as a cipher suite, but is supported
713 * for other purposes (e.g., X.509 signature verification or similar).
715 * Returns: Return a zero-terminated list of #gnutls_mac_algorithm_t
716 * integers indicating the available MACs.
718 const gnutls_mac_algorithm_t
*
719 gnutls_mac_list (void)
721 return supported_macs
;
725 _gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm
)
727 const char *ret
= NULL
;
730 GNUTLS_HASH_ALG_LOOP (ret
= p
->oid
);
735 gnutls_mac_algorithm_t
736 _gnutls_x509_oid2mac_algorithm (const char *oid
)
738 gnutls_mac_algorithm_t ret
= 0;
740 GNUTLS_HASH_LOOP (if (p
->oid
&& strcmp (oid
, p
->oid
) == 0)
746 return GNUTLS_MAC_UNKNOWN
;
752 _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm
)
755 GNUTLS_HASH_ALG_LOOP (ret
= p
->id
);
763 /* CIPHER functions */
765 _gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm
)
768 GNUTLS_ALG_LOOP (ret
= p
->blocksize
);
773 /* returns the priority */
775 _gnutls_cipher_priority (gnutls_session_t session
,
776 gnutls_cipher_algorithm_t algorithm
)
779 for (i
= 0; i
< session
->internals
.priorities
.cipher
.algorithms
; i
++)
781 if (session
->internals
.priorities
.cipher
.priority
[i
] == algorithm
)
789 _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm
)
793 GNUTLS_ALG_LOOP (ret
= p
->block
);
799 * gnutls_cipher_get_key_size - Returns the length of the cipher's key size
800 * @algorithm: is an encryption algorithm
802 * Get key size for cipher.
804 * Returns: length (in bytes) of the given cipher's key size, or 0 if
805 * the given cipher is invalid.
808 gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm
)
811 GNUTLS_ALG_LOOP (ret
= p
->keysize
);
817 _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm
)
820 GNUTLS_ALG_LOOP (ret
= p
->iv
);
826 _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm
)
829 GNUTLS_ALG_LOOP (ret
= p
->export_flag
);
835 * gnutls_cipher_get_name - Returns a string with the name of the specified cipher algorithm
836 * @algorithm: is an encryption algorithm
838 * Convert a #gnutls_cipher_algorithm_t type to a string.
840 * Returns: a pointer to a string that contains the name of the
841 * specified cipher, or %NULL.
844 gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm
)
846 const char *ret
= NULL
;
849 GNUTLS_ALG_LOOP (ret
= p
->name
);
855 * gnutls_cipher_get_id - Returns the gnutls id of the specified in string algorithm
856 * @name: is a MAC algorithm name
858 * The names are compared in a case insensitive way.
860 * Returns: return a #gnutls_cipher_algorithm_t value corresponding to
861 * the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error.
863 gnutls_cipher_algorithm_t
864 gnutls_cipher_get_id (const char *name
)
866 gnutls_cipher_algorithm_t ret
= GNUTLS_CIPHER_UNKNOWN
;
868 GNUTLS_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
874 * gnutls_cipher_list - Get a list of supported ciphers
876 * Get a list of supported cipher algorithms. Note that not
877 * necessarily all ciphers are supported as TLS cipher suites. For
878 * example, DES is not supported as a cipher suite, but is supported
879 * for other purposes (e.g., PKCS#8 or similar).
881 * Returns: a zero-terminated list of #gnutls_cipher_algorithm_t
882 * integers indicating the available ciphers.
885 const gnutls_cipher_algorithm_t
*
886 gnutls_cipher_list (void)
888 return supported_ciphers
;
892 _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm
)
895 GNUTLS_ALG_LOOP (ret
= p
->id
);
903 /* Key EXCHANGE functions */
905 _gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm
)
907 mod_auth_st
*ret
= NULL
;
908 GNUTLS_KX_ALG_LOOP (ret
= p
->auth_struct
);
915 _gnutls_kx_priority (gnutls_session_t session
,
916 gnutls_kx_algorithm_t algorithm
)
919 for (i
= 0; i
< session
->internals
.priorities
.kx
.algorithms
; i
++)
921 if (session
->internals
.priorities
.kx
.priority
[i
] == algorithm
)
928 * gnutls_kx_get_name - Returns a string with the name of the specified key exchange algorithm
929 * @algorithm: is a key exchange algorithm
931 * Convert a #gnutls_kx_algorithm_t value to a string.
933 * Returns: a pointer to a string that contains the name of the
934 * specified key exchange algorithm, or %NULL.
937 gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm
)
939 const char *ret
= NULL
;
942 GNUTLS_KX_ALG_LOOP (ret
= p
->name
);
948 * gnutls_kx_get_id - Returns the gnutls id of the specified in string algorithm
949 * @name: is a KX name
951 * Convert a string to a #gnutls_kx_algorithm_t value. The names are
952 * compared in a case insensitive way.
954 * Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN
957 gnutls_kx_algorithm_t
958 gnutls_kx_get_id (const char *name
)
960 gnutls_cipher_algorithm_t ret
= GNUTLS_KX_UNKNOWN
;
962 GNUTLS_KX_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->algorithm
);
968 * gnutls_kx_list - Get a list of supported key exchange methods
970 * Get a list of supported key exchange algorithms.
972 * Returns: a zero-terminated list of #gnutls_kx_algorithm_t integers
973 * indicating the available key exchange algorithms.
975 const gnutls_kx_algorithm_t
*
976 gnutls_kx_list (void)
978 return supported_kxs
;
982 _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm
)
985 GNUTLS_KX_ALG_LOOP (ret
= p
->algorithm
);
994 _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm
)
997 GNUTLS_KX_ALG_LOOP (ret
= p
->needs_rsa_params
);
1002 _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm
)
1005 GNUTLS_KX_ALG_LOOP (ret
= p
->needs_dh_params
);
1012 _gnutls_version_priority (gnutls_session_t session
, gnutls_protocol_t version
)
1013 { /* actually returns the priority */
1016 if (session
->internals
.priorities
.protocol
.priority
== NULL
)
1022 for (i
= 0; i
< session
->internals
.priorities
.protocol
.algorithms
; i
++)
1024 if (session
->internals
.priorities
.protocol
.priority
[i
] == version
)
1031 _gnutls_version_lowest (gnutls_session_t session
)
1032 { /* returns the lowest version supported */
1033 unsigned int i
, min
= 0xff;
1035 if (session
->internals
.priorities
.protocol
.priority
== NULL
)
1037 return GNUTLS_VERSION_UNKNOWN
;
1040 for (i
= 0; i
< session
->internals
.priorities
.protocol
.algorithms
; i
++)
1042 if (session
->internals
.priorities
.protocol
.priority
[i
] < min
)
1043 min
= session
->internals
.priorities
.protocol
.priority
[i
];
1047 return GNUTLS_VERSION_UNKNOWN
; /* unknown version */
1053 _gnutls_version_max (gnutls_session_t session
)
1054 { /* returns the maximum version supported */
1055 unsigned int i
, max
= 0x00;
1057 if (session
->internals
.priorities
.protocol
.priority
== NULL
)
1059 return GNUTLS_VERSION_UNKNOWN
;
1062 for (i
= 0; i
< session
->internals
.priorities
.protocol
.algorithms
; i
++)
1064 if (session
->internals
.priorities
.protocol
.priority
[i
] > max
)
1065 max
= session
->internals
.priorities
.protocol
.priority
[i
];
1069 return GNUTLS_VERSION_UNKNOWN
; /* unknown version */
1076 * gnutls_protocol_get_name - Returns a string with the name of the specified SSL/TLS version
1077 * @version: is a (gnutls) version number
1079 * Convert a #gnutls_protocol_t value to a string.
1081 * Returns: a string that contains the name of the specified TLS
1082 * version (e.g., "TLS1.0"), or %NULL.
1085 gnutls_protocol_get_name (gnutls_protocol_t version
)
1087 const char *ret
= NULL
;
1090 GNUTLS_VERSION_ALG_LOOP (ret
= p
->name
);
1095 * gnutls_protocol_get_id - Returns the gnutls id of the specified in string protocol
1096 * @name: is a protocol name
1098 * The names are compared in a case insensitive way.
1100 * Returns: an id of the specified protocol, or
1101 * %GNUTLS_VERSION_UNKNOWN on error.
1104 gnutls_protocol_get_id (const char *name
)
1106 gnutls_protocol_t ret
= GNUTLS_VERSION_UNKNOWN
;
1108 GNUTLS_VERSION_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
1114 * gnutls_protocol_list - Get a list of supported protocols
1116 * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
1118 * Returns: a zero-terminated list of #gnutls_protocol_t integers
1119 * indicating the available protocols.
1122 const gnutls_protocol_t
*
1123 gnutls_protocol_list (void)
1125 return supported_protocols
;
1129 _gnutls_version_get_minor (gnutls_protocol_t version
)
1133 GNUTLS_VERSION_ALG_LOOP (ret
= p
->minor
);
1138 _gnutls_version_get (int major
, int minor
)
1142 GNUTLS_VERSION_LOOP (if ((p
->major
== major
) && (p
->minor
== minor
))
1148 _gnutls_version_get_major (gnutls_protocol_t version
)
1152 GNUTLS_VERSION_ALG_LOOP (ret
= p
->major
);
1156 /* Version Functions */
1159 _gnutls_version_is_supported (gnutls_session_t session
,
1160 const gnutls_protocol_t version
)
1164 GNUTLS_VERSION_ALG_LOOP (ret
= p
->supported
);
1168 if (_gnutls_version_priority (session
, version
) < 0)
1169 return 0; /* disabled by the user */
1174 /* Type to KX mappings */
1175 gnutls_kx_algorithm_t
1176 _gnutls_map_kx_get_kx (gnutls_credentials_type_t type
, int server
)
1178 gnutls_kx_algorithm_t ret
= -1;
1182 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret
= p
->algorithm
);
1186 GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret
= p
->algorithm
);
1191 gnutls_credentials_type_t
1192 _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm
, int server
)
1194 gnutls_credentials_type_t ret
= -1;
1197 GNUTLS_KX_MAP_LOOP (if (p
->algorithm
== algorithm
) ret
=
1202 GNUTLS_KX_MAP_LOOP (if (p
->algorithm
== algorithm
) ret
=
1210 /* Cipher Suite's functions */
1211 gnutls_cipher_algorithm_t
1212 _gnutls_cipher_suite_get_cipher_algo (const cipher_suite_st
* suite
)
1215 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->block_algorithm
);
1220 _gnutls_cipher_suite_get_version (const cipher_suite_st
* suite
)
1223 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->version
);
1227 gnutls_kx_algorithm_t
1228 _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st
* suite
)
1232 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->kx_algorithm
);
1237 gnutls_mac_algorithm_t
1238 _gnutls_cipher_suite_get_mac_algo (const cipher_suite_st
* suite
)
1241 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->mac_algorithm
);
1247 _gnutls_cipher_suite_get_name (cipher_suite_st
* suite
)
1249 const char *ret
= NULL
;
1252 GNUTLS_CIPHER_SUITE_ALG_LOOP (ret
= p
->name
+ sizeof ("GNUTLS_") - 1);
1258 * gnutls_cipher_suite_get_name - Returns a string with the name of the specified cipher suite
1259 * @kx_algorithm: is a Key exchange algorithm
1260 * @cipher_algorithm: is a cipher algorithm
1261 * @mac_algorithm: is a MAC algorithm
1263 * Note that the full cipher suite name must be prepended by TLS or
1264 * SSL depending of the protocol in use.
1266 * Returns: a string that contains the name of a TLS cipher suite,
1267 * specified by the given algorithms, or %NULL.
1270 gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm
,
1271 gnutls_cipher_algorithm_t cipher_algorithm
,
1272 gnutls_mac_algorithm_t mac_algorithm
)
1274 const char *ret
= NULL
;
1277 GNUTLS_CIPHER_SUITE_LOOP (if (kx_algorithm
== p
->kx_algorithm
&&
1278 cipher_algorithm
== p
->block_algorithm
&&
1279 mac_algorithm
== p
->mac_algorithm
)
1280 ret
= p
->name
+ sizeof ("GNUTLS_") - 1);
1286 * gnutls_cipher_suite_info:
1287 * @idx: index of cipher suite to get information about, starts on 0.
1288 * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
1289 * @kx: output variable indicating key exchange algorithm, or %NULL.
1290 * @cipher: output variable indicating cipher, or %NULL.
1291 * @mac: output variable indicating MAC algorithm, or %NULL.
1292 * @version: output variable indicating TLS protocol version, or %NULL.
1294 * Get information about supported cipher suites. Use the function
1295 * iteratively to get information about all supported cipher suites.
1296 * Call with idx=0 to get information about first cipher suite, then
1297 * idx=1 and so on until the function returns NULL.
1299 * Returns: the name of @idx cipher suite, and set the information
1300 * about the cipher suite in the output variables. If @idx is out of
1301 * bounds, %NULL is returned.
1304 gnutls_cipher_suite_info (size_t idx
,
1306 gnutls_kx_algorithm_t
* kx
,
1307 gnutls_cipher_algorithm_t
* cipher
,
1308 gnutls_mac_algorithm_t
* mac
,
1309 gnutls_protocol_t
* version
)
1311 if (idx
>= CIPHER_SUITES_COUNT
)
1315 memcpy (cs_id
, cs_algorithms
[idx
].id
.suite
, 2);
1317 *kx
= cs_algorithms
[idx
].kx_algorithm
;
1319 *cipher
= cs_algorithms
[idx
].block_algorithm
;
1321 *mac
= cs_algorithms
[idx
].mac_algorithm
;
1323 *version
= cs_algorithms
[idx
].version
;
1325 return cs_algorithms
[idx
].name
+ sizeof ("GNU") - 1;
1330 _gnutls_cipher_suite_is_ok (cipher_suite_st
* suite
)
1333 const char *name
= NULL
;
1335 GNUTLS_CIPHER_SUITE_ALG_LOOP (name
= p
->name
);
1344 #define SWAP(x, y) memcpy(tmp,x,size); \
1348 #define MAX_ELEM_SIZE 4
1350 _gnutls_partition (gnutls_session_t session
, void *_base
,
1351 size_t nmemb
, size_t size
,
1352 int (*compar
) (gnutls_session_t
,
1353 const void *, const void *))
1355 uint8_t *base
= _base
;
1356 uint8_t tmp
[MAX_ELEM_SIZE
];
1357 uint8_t ptmp
[MAX_ELEM_SIZE
];
1363 j
= full
= (nmemb
- 1) * size
;
1365 memcpy (ptmp
, &base
[0], size
); /* set pivot item */
1369 while ((compar (session
, &base
[i
], ptmp
) <= 0) && (i
< full
))
1373 while ((compar (session
, &base
[j
], ptmp
) >= 0) && (j
> 0))
1378 SWAP (&base
[j
], &base
[i
]);
1384 SWAP (&base
[pivot
], &base
[j
]);
1389 SWAP (&base
[pivot
], &base
[i
]);
1392 return pivot
/ size
;
1396 _gnutls_qsort (gnutls_session_t session
, void *_base
, size_t nmemb
,
1397 size_t size
, int (*compar
) (gnutls_session_t
, const void *,
1402 size_t snmemb
= nmemb
;
1405 if (size
> MAX_ELEM_SIZE
)
1408 _gnutls_debug_log ("QSORT BUG\n");
1415 pivot
= _gnutls_partition (session
, _base
, nmemb
, size
, compar
);
1417 _gnutls_qsort (session
, base
, pivot
< nmemb
? pivot
+ 1 : pivot
, size
,
1419 _gnutls_qsort (session
, &base
[(pivot
+ 1) * size
], nmemb
- pivot
- 1,
1424 /* a compare function for KX algorithms (using priorities).
1425 * For use with qsort
1428 _gnutls_compare_algo (gnutls_session_t session
, const void *i_A1
,
1431 gnutls_kx_algorithm_t kA1
=
1432 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st
*) i_A1
);
1433 gnutls_kx_algorithm_t kA2
=
1434 _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st
*) i_A2
);
1435 gnutls_cipher_algorithm_t cA1
=
1436 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st
*) i_A1
);
1437 gnutls_cipher_algorithm_t cA2
=
1438 _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st
*) i_A2
);
1439 gnutls_mac_algorithm_t mA1
=
1440 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st
*) i_A1
);
1441 gnutls_mac_algorithm_t mA2
=
1442 _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st
*) i_A2
);
1444 int p1
= (_gnutls_kx_priority (session
, kA1
) + 1) * 64;
1445 int p2
= (_gnutls_kx_priority (session
, kA2
) + 1) * 64;
1446 p1
+= (_gnutls_cipher_priority (session
, cA1
) + 1) * 8;
1447 p2
+= (_gnutls_cipher_priority (session
, cA2
) + 1) * 8;
1448 p1
+= _gnutls_mac_priority (session
, mA1
);
1449 p2
+= _gnutls_mac_priority (session
, mA2
);
1467 _gnutls_bsort (gnutls_session_t session
, void *_base
, size_t nmemb
,
1468 size_t size
, int (*compar
) (gnutls_session_t
, const void *,
1472 int full
= nmemb
* size
;
1474 char tmp
[MAX_ELEM_SIZE
];
1476 for (i
= 0; i
< full
; i
+= size
)
1478 for (j
= 0; j
< full
; j
+= size
)
1480 if (compar (session
, &base
[i
], &base
[j
]) < 0)
1482 SWAP (&base
[j
], &base
[i
]);
1491 _gnutls_supported_ciphersuites_sorted (gnutls_session_t session
,
1492 cipher_suite_st
** ciphers
)
1500 count
= _gnutls_supported_ciphersuites (session
, ciphers
);
1507 _gnutls_debug_log ("Unsorted: \n");
1508 for (i
= 0; i
< count
; i
++)
1509 _gnutls_debug_log ("\t%d: %s\n", i
,
1510 _gnutls_cipher_suite_get_name ((*ciphers
)[i
]));
1513 _gnutls_qsort (session
, *ciphers
, count
,
1514 sizeof (cipher_suite_st
), _gnutls_compare_algo
);
1517 _gnutls_debug_log ("Sorted: \n");
1518 for (i
= 0; i
< count
; i
++)
1519 _gnutls_debug_log ("\t%d: %s\n", i
,
1520 _gnutls_cipher_suite_get_name ((*ciphers
)[i
]));
1527 _gnutls_supported_ciphersuites (gnutls_session_t session
,
1528 cipher_suite_st
** _ciphers
)
1531 unsigned int i
, ret_count
, j
;
1532 unsigned int count
= CIPHER_SUITES_COUNT
;
1533 cipher_suite_st
*tmp_ciphers
;
1534 cipher_suite_st
*ciphers
;
1535 gnutls_protocol_t version
;
1542 tmp_ciphers
= gnutls_malloc (count
* sizeof (cipher_suite_st
));
1543 if (tmp_ciphers
== NULL
)
1544 return GNUTLS_E_MEMORY_ERROR
;
1546 ciphers
= gnutls_malloc (count
* sizeof (cipher_suite_st
));
1547 if (ciphers
== NULL
)
1549 gnutls_free (tmp_ciphers
);
1550 return GNUTLS_E_MEMORY_ERROR
;
1553 version
= gnutls_protocol_get_version (session
);
1555 for (i
= 0; i
< count
; i
++)
1557 memcpy (&tmp_ciphers
[i
], &cs_algorithms
[i
].id
,
1558 sizeof (cipher_suite_st
));
1561 for (i
= j
= 0; i
< count
; i
++)
1563 /* remove private cipher suites, if requested.
1565 if (tmp_ciphers
[i
].suite
[0] == 0xFF &&
1566 session
->internals
.enable_private
== 0)
1569 /* remove cipher suites which do not support the
1570 * protocol version used.
1572 if (_gnutls_cipher_suite_get_version (&tmp_ciphers
[i
]) > version
)
1575 if (_gnutls_kx_priority
1576 (session
, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers
[i
])) < 0)
1578 if (_gnutls_mac_priority
1579 (session
, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers
[i
])) < 0)
1581 if (_gnutls_cipher_priority
1583 _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers
[i
])) < 0)
1586 memcpy (&ciphers
[j
], &tmp_ciphers
[i
], sizeof (cipher_suite_st
));
1592 #if 0 /* expensive */
1593 if (ret_count
> 0 && ret_count
!= count
)
1596 gnutls_realloc_fast (ciphers
, ret_count
* sizeof (cipher_suite_st
));
1600 if (ret_count
!= count
)
1602 gnutls_free (ciphers
);
1608 gnutls_free (tmp_ciphers
);
1610 /* This function can no longer return 0 cipher suites.
1611 * It returns an error code instead.
1616 gnutls_free (ciphers
);
1617 return GNUTLS_E_NO_CIPHER_SUITES
;
1619 *_ciphers
= ciphers
;
1624 * gnutls_certificate_type_get_name - Returns a string with the name of the specified certificate type
1625 * @type: is a certificate type
1627 * Convert a #gnutls_certificate_type_t type to a string.
1629 * Returns: a string that contains the name of the specified
1630 * certificate type, or %NULL in case of unknown types.
1633 gnutls_certificate_type_get_name (gnutls_certificate_type_t type
)
1635 const char *ret
= NULL
;
1637 if (type
== GNUTLS_CRT_X509
)
1639 if (type
== GNUTLS_CRT_OPENPGP
)
1646 * gnutls_certificate_type_get_id - Returns the gnutls id of the specified in string type
1647 * @name: is a certificate type name
1649 * The names are compared in a case insensitive way.
1651 * Returns: an #gnutls_certificate_type_t for the specified in a
1652 * string certificate type, or %GNUTLS_CRT_UNKNOWN on error.
1654 gnutls_certificate_type_t
1655 gnutls_certificate_type_get_id (const char *name
)
1657 gnutls_certificate_type_t ret
= GNUTLS_CRT_UNKNOWN
;
1659 if (strcasecmp (name
, "X.509") == 0 || strcasecmp (name
, "X509") == 0)
1660 return GNUTLS_CRT_X509
;
1661 if (strcasecmp (name
, "OPENPGP") == 0)
1662 return GNUTLS_CRT_OPENPGP
;
1667 static const gnutls_certificate_type_t supported_certificate_types
[] = {
1674 * gnutls_certificate_type_list - Get a list of supported certificate types
1676 * Get a list of certificate types. Note that to be able to use
1677 * OpenPGP certificates, you must link to libgnutls-extra and call
1678 * gnutls_global_init_extra().
1680 * Returns: a zero-terminated list of #gnutls_certificate_type_t
1681 * integers indicating the available certificate types.
1683 const gnutls_certificate_type_t
*
1684 gnutls_certificate_type_list (void)
1686 return supported_certificate_types
;
1689 /* returns the gnutls_pk_algorithm_t which is compatible with
1690 * the given gnutls_kx_algorithm_t.
1692 gnutls_pk_algorithm_t
1693 _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm
)
1695 gnutls_pk_algorithm_t ret
= -1;
1697 GNUTLS_PK_MAP_ALG_LOOP (ret
= p
->pk_algorithm
) return ret
;
1700 /* Returns the encipher type for the given key exchange algorithm.
1701 * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN.
1703 * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
1706 _gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm
)
1708 int ret
= CIPHER_IGN
;
1709 GNUTLS_PK_MAP_ALG_LOOP (ret
= p
->encipher_type
) return ret
;
1713 /* signature algorithms;
1715 struct gnutls_sign_entry
1719 gnutls_sign_algorithm_t id
;
1720 gnutls_pk_algorithm_t pk
;
1721 gnutls_mac_algorithm_t mac
;
1723 typedef struct gnutls_sign_entry gnutls_sign_entry
;
1725 static const gnutls_sign_entry sign_algorithms
[] = {
1726 {"RSA-SHA", SIG_RSA_SHA1_OID
, GNUTLS_SIGN_RSA_SHA1
, GNUTLS_PK_RSA
,
1728 {"RSA-SHA256", SIG_RSA_SHA256_OID
, GNUTLS_SIGN_RSA_SHA256
, GNUTLS_PK_RSA
,
1730 {"RSA-SHA384", SIG_RSA_SHA384_OID
, GNUTLS_SIGN_RSA_SHA384
, GNUTLS_PK_RSA
,
1732 {"RSA-SHA512", SIG_RSA_SHA512_OID
, GNUTLS_SIGN_RSA_SHA512
, GNUTLS_PK_RSA
,
1734 {"RSA-RMD160", SIG_RSA_RMD160_OID
, GNUTLS_SIGN_RSA_RMD160
, GNUTLS_PK_RSA
,
1736 {"DSA-SHA", SIG_DSA_SHA1_OID
, GNUTLS_SIGN_DSA_SHA1
, GNUTLS_PK_DSA
,
1738 {"RSA-MD5", SIG_RSA_MD5_OID
, GNUTLS_SIGN_RSA_MD5
, GNUTLS_PK_RSA
,
1740 {"RSA-MD2", SIG_RSA_MD2_OID
, GNUTLS_SIGN_RSA_MD2
, GNUTLS_PK_RSA
,
1742 {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID
, 0, 0, 0},
1743 {"GOST R 34.10-94", SIG_GOST_R3410_94_OID
, 0, 0, 0},
1747 /* Keep the contents of this struct the same as the previous one. */
1748 static const gnutls_sign_algorithm_t supported_sign
[] = {
1749 GNUTLS_SIGN_RSA_SHA1
,
1750 GNUTLS_SIGN_RSA_SHA256
,
1751 GNUTLS_SIGN_RSA_SHA384
,
1752 GNUTLS_SIGN_RSA_SHA512
,
1753 GNUTLS_SIGN_RSA_RMD160
,
1754 GNUTLS_SIGN_DSA_SHA1
,
1755 GNUTLS_SIGN_RSA_MD5
,
1756 GNUTLS_SIGN_RSA_MD2
,
1760 #define GNUTLS_SIGN_LOOP(b) \
1762 const gnutls_sign_entry *p; \
1763 for(p = sign_algorithms; p->name != NULL; p++) { b ; } \
1766 #define GNUTLS_SIGN_ALG_LOOP(a) \
1767 GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
1770 * gnutls_sign_algorithm_get_name - Returns a string with the name of the specified sign algorithm
1771 * @algorithm: is a sign algorithm
1773 * Convert a #gnutls_sign_algorithm_t value to a string.
1775 * Returns: a string that contains the name of the specified sign
1776 * algorithm, or %NULL.
1779 gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign
)
1781 const char *ret
= NULL
;
1784 GNUTLS_SIGN_ALG_LOOP (ret
= p
->name
);
1790 * gnutls_sign_list - Get a list of supported public key signature algorithms
1792 * Get a list of supported public key signature algorithms.
1794 * Returns: a zero-terminated list of #gnutls_sign_algorithm_t
1795 * integers indicating the available ciphers.
1798 const gnutls_sign_algorithm_t
*
1799 gnutls_sign_list (void)
1801 return supported_sign
;
1805 * gnutls_sign_get_id - Returns the gnutls id of the specified in signature algorithm
1806 * @name: is a MAC algorithm name
1808 * The names are compared in a case insensitive way.
1810 * Returns: return a #gnutls_sign_algorithm_t value corresponding to
1811 * the specified cipher, or %GNUTLS_SIGN_UNKNOWN on error.
1813 gnutls_sign_algorithm_t
1814 gnutls_sign_get_id (const char *name
)
1816 gnutls_sign_algorithm_t ret
= GNUTLS_SIGN_UNKNOWN
;
1818 GNUTLS_SIGN_LOOP (if (strcasecmp (p
->name
, name
) == 0) ret
= p
->id
);
1825 * gnutls_sign_get_name - Get name string for a #gnutls_sign_algorithm_t
1826 * @algorithm: is a public key signature algorithm
1828 * Convert a #gnutls_sign_algorithm_t value to a string.
1830 * Returns: a pointer to a string that contains the name of the
1831 * specified public key signature algorithm, or %NULL.
1836 gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm
)
1838 const char *ret
= "SIGN_UNKNOWN";
1840 GNUTLS_SIGN_LOOP (if (p
->id
== algorithm
) ret
= p
->name
);
1845 gnutls_sign_algorithm_t
1846 _gnutls_x509_oid2sign_algorithm (const char *oid
)
1848 gnutls_sign_algorithm_t ret
= 0;
1850 GNUTLS_SIGN_LOOP (if (strcmp (oid
, p
->oid
) == 0)
1852 ret
= p
->id
; break;}
1857 _gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid
);
1858 return GNUTLS_SIGN_UNKNOWN
;
1863 gnutls_sign_algorithm_t
1864 _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk
, gnutls_mac_algorithm_t mac
)
1866 gnutls_sign_algorithm_t ret
= 0;
1868 GNUTLS_SIGN_LOOP (if (pk
== p
->pk
&& mac
== p
->mac
)
1870 ret
= p
->id
; break;}
1874 return GNUTLS_SIGN_UNKNOWN
;
1879 _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk
,
1880 gnutls_mac_algorithm_t mac
)
1882 gnutls_sign_algorithm_t sign
;
1883 const char *ret
= NULL
;
1885 sign
= _gnutls_x509_pk_to_sign (pk
, mac
);
1886 if (sign
== GNUTLS_SIGN_UNKNOWN
)
1889 GNUTLS_SIGN_ALG_LOOP (ret
= p
->oid
);
1896 struct gnutls_pk_entry
1900 gnutls_pk_algorithm_t id
;
1902 typedef struct gnutls_pk_entry gnutls_pk_entry
;
1904 static const gnutls_pk_entry pk_algorithms
[] = {
1905 {"RSA", PK_PKIX1_RSA_OID
, GNUTLS_PK_RSA
},
1906 {"DSA", PK_DSA_OID
, GNUTLS_PK_DSA
},
1907 {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID
, 0},
1908 {"GOST R 34.10-94", PK_GOST_R3410_94_OID
, 0},
1913 * gnutls_pk_algorithm_get_name - Get string with name of public key algorithm
1914 * @algorithm: is a pk algorithm
1916 * Convert a #gnutls_pk_algorithm_t value to a string.
1918 * Returns: a string that contains the name of the specified public
1919 * key algorithm, or %NULL.
1922 gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm
)
1924 const char *ret
= NULL
;
1925 const gnutls_pk_entry
*p
;
1927 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
1928 if (p
->id
&& p
->id
== algorithm
)
1938 * gnutls_pk_list - Get a list of supported public key algorithms
1940 * Get a list of supported public key algorithms.
1942 * Returns: a zero-terminated list of #gnutls_pk_algorithm_t integers
1943 * indicating the available ciphers.
1947 const gnutls_pk_algorithm_t
*
1948 gnutls_pk_list (void)
1950 static const gnutls_pk_algorithm_t supported_pks
[] = {
1956 return supported_pks
;
1960 * gnutls_pk_get_id - Get #gnutls_pk_algorithm_t from a string
1961 * @name: is a string containing a public key algorithm name.
1963 * Convert a string to a #gnutls_pk_algorithm_t value. The names are
1964 * compared in a case insensitive way. For example,
1965 * gnutls_pk_get_id("RSA") will return %GNUTLS_PK_RSA.
1967 * Returns: an #gnutls_pk_algorithm_tid of the specified in a string
1968 * public key algorithm, or %GNUTLS_PK_UNKNOWN on failures.
1972 gnutls_pk_algorithm_t
1973 gnutls_pk_get_id (const char *name
)
1975 if (strcasecmp (name
, "RSA") == 0)
1976 return GNUTLS_PK_RSA
;
1977 else if (strcasecmp (name
, "DSA") == 0)
1978 return GNUTLS_PK_DSA
;
1980 return GNUTLS_PK_UNKNOWN
;
1984 * gnutls_pk_get_name - Get name string with #gnutls_pk_algorithm_t algorithm
1985 * @algorithm: is a public key algorithm
1987 * Convert a #gnutls_pk_algorithm_t value to a string.
1989 * Returns: a pointer to a string that contains the name of the
1990 * specified public key algorithm, or %NULL.
1995 gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm
)
2010 case GNUTLS_PK_UNKNOWN
:
2018 gnutls_pk_algorithm_t
2019 _gnutls_x509_oid2pk_algorithm (const char *oid
)
2021 gnutls_pk_algorithm_t ret
= GNUTLS_PK_UNKNOWN
;
2022 const gnutls_pk_entry
*p
;
2024 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2025 if (strcmp (p
->oid
, oid
) == 0)
2035 _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm
)
2037 const char *ret
= NULL
;
2038 const gnutls_pk_entry
*p
;
2040 for (p
= pk_algorithms
; p
->name
!= NULL
; p
++)
2041 if (p
->id
== algorithm
)