2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
26 #include "gnutls_auth.h"
28 #define GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR 0x00
29 #define GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR 0xFF
31 /* would allow for 256 ciphersuites */
32 #define MAX_CIPHERSUITE_SIZE 512
34 /* Functions for version handling. */
35 gnutls_protocol_t
_gnutls_version_lowest (gnutls_session_t session
);
36 gnutls_protocol_t
_gnutls_version_max (gnutls_session_t session
);
37 int _gnutls_version_priority (gnutls_session_t session
,
38 gnutls_protocol_t version
);
39 int _gnutls_version_is_supported (gnutls_session_t session
,
40 const gnutls_protocol_t version
);
41 int _gnutls_version_get_major (gnutls_protocol_t ver
);
42 int _gnutls_version_get_minor (gnutls_protocol_t ver
);
43 gnutls_protocol_t
_gnutls_version_get (int major
, int minor
);
45 /* Functions for feature checks */
46 int _gnutls_version_has_selectable_prf (gnutls_protocol_t version
);
47 int _gnutls_version_has_selectable_sighash (gnutls_protocol_t version
);
48 int _gnutls_version_has_extensions (gnutls_protocol_t version
);
49 int _gnutls_version_has_explicit_iv (gnutls_protocol_t version
);
51 /* Functions for MACs. */
52 int _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm
);
53 gnutls_digest_algorithm_t
_gnutls_x509_oid_to_digest (const char *oid
);
54 const char *_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t mac
);
56 /* Functions for digests. */
57 const char *_gnutls_x509_digest_to_oid (gnutls_digest_algorithm_t algorithm
);
58 const char *_gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm
);
59 int _gnutls_digest_is_secure (gnutls_digest_algorithm_t algorithm
);
61 /* Functions for cipher suites. */
62 int _gnutls_supported_ciphersuites (gnutls_session_t session
,
63 uint8_t* cipher_suites
,
64 unsigned int max_cipher_suite_size
);
65 const char *_gnutls_cipher_suite_get_name (const uint8_t suite
[2]);
66 gnutls_mac_algorithm_t
_gnutls_cipher_suite_get_prf (const uint8_t suite
[2]);
67 gnutls_cipher_algorithm_t
_gnutls_cipher_suite_get_cipher_algo (const
69 gnutls_kx_algorithm_t
_gnutls_cipher_suite_get_kx_algo (const uint8_t suite
[2]);
70 gnutls_mac_algorithm_t
_gnutls_cipher_suite_get_mac_algo (const
74 _gnutls_cipher_suite_get_id (gnutls_kx_algorithm_t kx_algorithm
,
75 gnutls_cipher_algorithm_t cipher_algorithm
,
76 gnutls_mac_algorithm_t mac_algorithm
, uint8_t suite
[2]);
78 /* Functions for ciphers. */
79 int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm
);
80 int _gnutls_cipher_algo_is_aead (gnutls_cipher_algorithm_t algorithm
);
81 int _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm
);
82 int _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm
);
83 int _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm
);
84 /* at least for now iv_size == tag_size */
85 #define _gnutls_cipher_get_tag_size _gnutls_cipher_get_iv_size
87 /* Functions for key exchange. */
88 int _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm
);
89 int _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm
);
90 mod_auth_st
*_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm
);
91 int _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm
);
93 /* Type to KX mappings. */
94 gnutls_kx_algorithm_t
_gnutls_map_kx_get_kx (gnutls_credentials_type_t type
,
96 gnutls_credentials_type_t
_gnutls_map_kx_get_cred (gnutls_kx_algorithm_t
97 algorithm
, int server
);
99 /* KX to PK mapping. */
101 /* DSA + RSA + ECC */
102 #define GNUTLS_DISTINCT_PK_ALGORITHMS 3
103 gnutls_pk_algorithm_t
_gnutls_map_pk_get_pk (gnutls_kx_algorithm_t
105 gnutls_pk_algorithm_t
_gnutls_x509_oid2pk_algorithm (const char *oid
);
106 const char *_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t pk
);
109 { CIPHER_ENCRYPT
= 0, CIPHER_SIGN
= 1, CIPHER_IGN
};
111 enum encipher_type
_gnutls_kx_encipher_type (gnutls_kx_algorithm_t algorithm
);
113 /* Functions for sign algorithms. */
114 gnutls_sign_algorithm_t
_gnutls_x509_oid2sign_algorithm (const char *oid
);
115 gnutls_pk_algorithm_t
_gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign
);
116 const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t
,
117 gnutls_digest_algorithm_t mac
);
118 gnutls_sign_algorithm_t
_gnutls_tls_aid_to_sign (const sign_algorithm_st
*
120 const sign_algorithm_st
* _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign
);
122 int _gnutls_mac_priority (gnutls_session_t session
,
123 gnutls_mac_algorithm_t algorithm
);
124 int _gnutls_cipher_priority (gnutls_session_t session
,
125 gnutls_cipher_algorithm_t algorithm
);
126 int _gnutls_kx_priority (gnutls_session_t session
,
127 gnutls_kx_algorithm_t algorithm
);
129 unsigned int _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits
);
132 struct gnutls_ecc_curve_entry_st
136 gnutls_ecc_curve_t id
;
137 int tls_id
; /* The RFC4492 namedCurve ID */
138 int size
; /* the size in bytes */
140 /** The prime that defines the field the curve is in (encoded in hex) */
142 /** The fields A param (hex) */
144 /** The fields B param (hex) */
146 /** The order of the curve (hex) */
148 /** The x co-ordinate of the base point on the curve (hex) */
150 /** The y co-ordinate of the base point on the curve (hex) */
153 typedef struct gnutls_ecc_curve_entry_st gnutls_ecc_curve_entry_st
;
155 const gnutls_ecc_curve_entry_st
* _gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve
);
156 gnutls_ecc_curve_t
_gnutls_ecc_curve_get_id (const char *name
);
157 int _gnutls_tls_id_to_ecc_curve (int num
);
158 int _gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc
);
159 const char * _gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve
);
160 gnutls_ecc_curve_t
_gnutls_oid_to_ecc_curve (const char* oid
);
161 gnutls_ecc_curve_t
_gnutls_ecc_bits_to_curve (int bits
);
162 #define MAX_ECC_CURVE_SIZE 66
164 static inline int _gnutls_kx_is_ecc(gnutls_kx_algorithm_t kx
)
166 if (kx
== GNUTLS_KX_ECDHE_RSA
|| kx
== GNUTLS_KX_ECDHE_ECDSA
||
167 kx
== GNUTLS_KX_ANON_ECDH
|| kx
== GNUTLS_KX_ECDHE_PSK
)