diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-08 22:14:07 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-08 22:17:10 +0100 |
commit | 76c93d23c073ef8b885503b7d28a31ffe2add6d8 (patch) | |
tree | 1dd2d22a197bc40c5330e516969a7cb1ae9bc96f /lib/algorithms | |
parent | 559a144f6bbcbb611453f82e655dd7438c14d1a7 (diff) | |
download | gnutls-76c93d23c073ef8b885503b7d28a31ffe2add6d8.tar.gz |
reindented code
Diffstat (limited to 'lib/algorithms')
-rw-r--r-- | lib/algorithms/cert_types.c | 47 | ||||
-rw-r--r-- | lib/algorithms/ciphers.c | 211 | ||||
-rw-r--r-- | lib/algorithms/ciphersuites.c | 1852 | ||||
-rw-r--r-- | lib/algorithms/ecc.c | 276 | ||||
-rw-r--r-- | lib/algorithms/kx.c | 246 | ||||
-rw-r--r-- | lib/algorithms/mac.c | 236 | ||||
-rw-r--r-- | lib/algorithms/protocols.c | 180 | ||||
-rw-r--r-- | lib/algorithms/publickey.c | 210 | ||||
-rw-r--r-- | lib/algorithms/secparams.c | 157 | ||||
-rw-r--r-- | lib/algorithms/sign.c | 306 |
10 files changed, 1851 insertions, 1870 deletions
diff --git a/lib/algorithms/cert_types.c b/lib/algorithms/cert_types.c index 303438b759..7ccab552e3 100644 --- a/lib/algorithms/cert_types.c +++ b/lib/algorithms/cert_types.c @@ -34,17 +34,17 @@ * Returns: a string that contains the name of the specified * certificate type, or %NULL in case of unknown types. **/ -const char * -gnutls_certificate_type_get_name (gnutls_certificate_type_t type) +const char *gnutls_certificate_type_get_name(gnutls_certificate_type_t + type) { - const char *ret = NULL; + const char *ret = NULL; - if (type == GNUTLS_CRT_X509) - ret = "X.509"; - if (type == GNUTLS_CRT_OPENPGP) - ret = "OPENPGP"; + if (type == GNUTLS_CRT_X509) + ret = "X.509"; + if (type == GNUTLS_CRT_OPENPGP) + ret = "OPENPGP"; - return ret; + return ret; } /** @@ -56,23 +56,23 @@ gnutls_certificate_type_get_name (gnutls_certificate_type_t type) * Returns: a #gnutls_certificate_type_t for the specified in a * string certificate type, or %GNUTLS_CRT_UNKNOWN on error. **/ -gnutls_certificate_type_t -gnutls_certificate_type_get_id (const char *name) +gnutls_certificate_type_t gnutls_certificate_type_get_id(const char *name) { - gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN; + gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN; - if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0) - return GNUTLS_CRT_X509; - if (strcasecmp (name, "OPENPGP") == 0) - return GNUTLS_CRT_OPENPGP; + if (strcasecmp(name, "X.509") == 0 + || strcasecmp(name, "X509") == 0) + return GNUTLS_CRT_X509; + if (strcasecmp(name, "OPENPGP") == 0) + return GNUTLS_CRT_OPENPGP; - return ret; + return ret; } static const gnutls_certificate_type_t supported_certificate_types[] = { - GNUTLS_CRT_X509, - GNUTLS_CRT_OPENPGP, - 0 + GNUTLS_CRT_X509, + GNUTLS_CRT_OPENPGP, + 0 }; /** @@ -83,12 +83,7 @@ static const gnutls_certificate_type_t supported_certificate_types[] = { * Returns: a (0)-terminated list of #gnutls_certificate_type_t * integers indicating the available certificate types. **/ -const gnutls_certificate_type_t * -gnutls_certificate_type_list (void) +const gnutls_certificate_type_t *gnutls_certificate_type_list(void) { - return supported_certificate_types; + return supported_certificate_types; } - - - - diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 2d57933e7a..a0d372818b 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -34,46 +34,67 @@ * Make sure to update MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well. */ static const cipher_entry_st algorithms[] = { - {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 16, 0}, - {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 16, 0}, - {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 16, 0}, - {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, - {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, - {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0, 0}, - {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0}, - {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM, 8, 8, 0}, - {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK, - 16, 16, 0}, - {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24, CIPHER_BLOCK, - 16, 16, 0}, - {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK, - 16, 16, 0}, - {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, - {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32, CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, - {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 8, 0}, - {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 8, 0}, - {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0, 0}, - {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 8, 0}, + {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, + 16, 16, 0}, + {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, + 16, 16, 0}, + {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, + 16, 16, 0}, + {"AES-128-GCM", GNUTLS_CIPHER_AES_128_GCM, 16, 16, CIPHER_STREAM, + AEAD_IMPLICIT_DATA_SIZE, 12, 1}, + {"AES-256-GCM", GNUTLS_CIPHER_AES_256_GCM, 16, 32, CIPHER_STREAM, + AEAD_IMPLICIT_DATA_SIZE, 12, 1}, + {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, + 0, 0}, + {"ESTREAM-SALSA20-256", GNUTLS_CIPHER_ESTREAM_SALSA20_256, 64, 32, + CIPHER_STREAM, 8, 8, 0}, + {"SALSA20-256", GNUTLS_CIPHER_SALSA20_256, 64, 32, CIPHER_STREAM, + 8, 8, 0}, + {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, + CIPHER_BLOCK, + 16, 16, 0}, + {"CAMELLIA-192-CBC", GNUTLS_CIPHER_CAMELLIA_192_CBC, 16, 24, + CIPHER_BLOCK, + 16, 16, 0}, + {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, + CIPHER_BLOCK, + 16, 16, 0}, + {"CAMELLIA-128-GCM", GNUTLS_CIPHER_CAMELLIA_128_GCM, 16, 16, + CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, + {"CAMELLIA-256-GCM", GNUTLS_CIPHER_CAMELLIA_256_GCM, 16, 32, + CIPHER_STREAM, AEAD_IMPLICIT_DATA_SIZE, 12, 1}, + {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 8, 0}, + {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 8, 0}, + {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 0, + 0}, + {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 8, 0}, #ifdef ENABLE_OPENPGP - {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0}, - {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK, 8, 8, 0}, - {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 8, 0}, - {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8, - 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 8, 0}, - {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16, - CIPHER_BLOCK, 8, 8, 0}, - {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16, CIPHER_BLOCK, 16, - 16, 0}, - {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24, CIPHER_BLOCK, 16, - 16, 0}, - {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32, CIPHER_BLOCK, 16, - 16, 0}, - {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16, CIPHER_BLOCK, 16, - 16, 0}, + {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, + 8, 8, 0}, + {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK, + 8, 8, 0}, + {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK, + 8, 8, 0}, + {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8, + 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 8, 0}, + {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16, + CIPHER_BLOCK, 8, 8, 0}, + {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16, + CIPHER_BLOCK, 16, + 16, 0}, + {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24, + CIPHER_BLOCK, 16, + 16, 0}, + {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32, + CIPHER_BLOCK, 16, + 16, 0}, + {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16, + CIPHER_BLOCK, 16, + 16, 0}, #endif - {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0, 0}, - {0, 0, 0, 0, 0, 0, 0} + {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0, 0}, + {0, 0, 0, 0, 0, 0, 0} }; #define GNUTLS_CIPHER_LOOP(b) \ @@ -85,11 +106,11 @@ static const cipher_entry_st algorithms[] = { /* CIPHER functions */ -const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c) +const cipher_entry_st *cipher_to_entry(gnutls_cipher_algorithm_t c) { - GNUTLS_CIPHER_LOOP (if (c==p->id) return p); + GNUTLS_CIPHER_LOOP(if (c == p->id) return p); - return NULL; + return NULL; } /** @@ -100,12 +121,11 @@ const cipher_entry_st* cipher_to_entry(gnutls_cipher_algorithm_t c) * * Since: 2.10.0 **/ -int -gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm) +int gnutls_cipher_get_block_size(gnutls_cipher_algorithm_t algorithm) { - size_t ret = 0; - GNUTLS_ALG_LOOP (ret = p->blocksize); - return ret; + size_t ret = 0; + GNUTLS_ALG_LOOP(ret = p->blocksize); + return ret; } @@ -117,10 +137,9 @@ gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm) * * Since: 3.2.2 **/ -int -gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm) +int gnutls_cipher_get_tag_size(gnutls_cipher_algorithm_t algorithm) { - return _gnutls_cipher_get_tag_size(cipher_to_entry(algorithm)); + return _gnutls_cipher_get_tag_size(cipher_to_entry(algorithm)); } /** @@ -133,27 +152,27 @@ gnutls_cipher_get_tag_size (gnutls_cipher_algorithm_t algorithm) * * Since: 3.2.0 **/ -int -gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm) +int gnutls_cipher_get_iv_size(gnutls_cipher_algorithm_t algorithm) { - size_t ret = 0; - GNUTLS_ALG_LOOP (ret = p->cipher_iv); - return ret; + size_t ret = 0; + GNUTLS_ALG_LOOP(ret = p->cipher_iv); + return ret; } /* returns the priority */ int -_gnutls_cipher_priority (gnutls_session_t session, - gnutls_cipher_algorithm_t algorithm) +_gnutls_cipher_priority(gnutls_session_t session, + gnutls_cipher_algorithm_t algorithm) { - unsigned int i; - for (i = 0; i < session->internals.priorities.cipher.algorithms; i++) - { - if (session->internals.priorities.cipher.priority[i] == algorithm) - return i; - } - return -1; + unsigned int i; + for (i = 0; i < session->internals.priorities.cipher.algorithms; + i++) { + if (session->internals.priorities.cipher.priority[i] == + algorithm) + return i; + } + return -1; } /** @@ -165,12 +184,11 @@ _gnutls_cipher_priority (gnutls_session_t session, * Returns: length (in bytes) of the given cipher's key size, or 0 if * the given cipher is invalid. **/ -size_t -gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm) -{ /* In bytes */ - size_t ret = 0; - GNUTLS_ALG_LOOP (ret = p->keysize); - return ret; +size_t gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm) +{ /* In bytes */ + size_t ret = 0; + GNUTLS_ALG_LOOP(ret = p->keysize); + return ret; } @@ -183,15 +201,14 @@ gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm) * Returns: a pointer to a string that contains the name of the * specified cipher, or %NULL. **/ -const char * -gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm) +const char *gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm) { - const char *ret = NULL; + const char *ret = NULL; - /* avoid prefix */ - GNUTLS_ALG_LOOP (ret = p->name); + /* avoid prefix */ + GNUTLS_ALG_LOOP(ret = p->name); - return ret; + return ret; } /** @@ -203,20 +220,18 @@ gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm) * Returns: return a #gnutls_cipher_algorithm_t value corresponding to * the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error. **/ -gnutls_cipher_algorithm_t -gnutls_cipher_get_id (const char *name) +gnutls_cipher_algorithm_t gnutls_cipher_get_id(const char *name) { - gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN; + gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN; - GNUTLS_CIPHER_LOOP ( - if (strcasecmp (p->name, name) == 0) - { - ret = p->id; - break; - } - ); + GNUTLS_CIPHER_LOOP( + if (strcasecmp(p->name, name) == 0) { + ret = p->id; + break; + } + ); - return ret; + return ret; } /** @@ -233,22 +248,20 @@ gnutls_cipher_get_id (const char *name) * integers indicating the available ciphers. * **/ -const gnutls_cipher_algorithm_t * -gnutls_cipher_list (void) +const gnutls_cipher_algorithm_t *gnutls_cipher_list(void) { -static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] = {0}; + static gnutls_cipher_algorithm_t supported_ciphers[MAX_ALGOS] = + { 0 }; - if (supported_ciphers[0] == 0) - { - int i = 0; + if (supported_ciphers[0] == 0) { + int i = 0; - GNUTLS_CIPHER_LOOP ( - if (_gnutls_cipher_exists(p->id)) - supported_ciphers[i++]=p->id; - ); - supported_ciphers[i++]=0; - } + GNUTLS_CIPHER_LOOP( + if (_gnutls_cipher_exists(p->id)) + supported_ciphers[i++] = p->id; + ); + supported_ciphers[i++] = 0; + } - return supported_ciphers; + return supported_ciphers; } - diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 03b2118fcc..b9637d71f6 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -31,18 +31,17 @@ #define ENTRY_PRF( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf ) \ { #name, name, block_algorithm, kx_algorithm, mac_algorithm, min_version, dtls_version, prf} -typedef struct -{ - const char *name; - const uint8_t id[2]; - gnutls_cipher_algorithm_t block_algorithm; - gnutls_kx_algorithm_t kx_algorithm; - gnutls_mac_algorithm_t mac_algorithm; - gnutls_protocol_t min_version; /* this cipher suite is supported - * from 'version' and above; - */ - gnutls_protocol_t min_dtls_version; /* DTLS min version */ - gnutls_mac_algorithm_t prf; +typedef struct { + const char *name; + const uint8_t id[2]; + gnutls_cipher_algorithm_t block_algorithm; + gnutls_kx_algorithm_t kx_algorithm; + gnutls_mac_algorithm_t mac_algorithm; + gnutls_protocol_t min_version; /* this cipher suite is supported + * from 'version' and above; + */ + gnutls_protocol_t min_dtls_version; /* DTLS min version */ + gnutls_mac_algorithm_t prf; } gnutls_cipher_suite_entry; /* RSA with NULL cipher and MD5 MAC @@ -312,764 +311,764 @@ typedef struct #define CIPHER_SUITES_COUNT (sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1) static const gnutls_cipher_suite_entry cs_algorithms[] = { - /* RSA-NULL */ - ENTRY (GNUTLS_RSA_NULL_MD5, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_NULL_SHA1, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_NULL_SHA256, - GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - - /* RSA */ - ENTRY (GNUTLS_RSA_ARCFOUR_128_SHA1, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_RSA_ARCFOUR_128_MD5, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, - GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), + /* RSA-NULL */ + ENTRY(GNUTLS_RSA_NULL_MD5, + GNUTLS_CIPHER_NULL, + GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_NULL_SHA1, + GNUTLS_CIPHER_NULL, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_NULL_SHA256, + GNUTLS_CIPHER_NULL, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + + /* RSA */ + ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_RSA_ARCFOUR_128_MD5, + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_RSA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), /* GCM */ - ENTRY (GNUTLS_RSA_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_RSA_CAMELLIA_128_GCM_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_RSA_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_RSA_CAMELLIA_128_GCM_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_RSA_CAMELLIA_256_GCM_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), /* Salsa20 */ - ENTRY (GNUTLS_RSA_SALSA20_256_SHA1, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_SALSA20_256_UMAC96, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_RSA_ESTREAM_SALSA20_256_SHA1, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_ESTREAM_SALSA20_256_UMAC96, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - - /* DHE_DSS */ + ENTRY(GNUTLS_RSA_SALSA20_256_SHA1, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_SALSA20_256_UMAC96, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_RSA, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_RSA_ESTREAM_SALSA20_256_SHA1, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_ESTREAM_SALSA20_256_UMAC96, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_RSA, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + + /* DHE_DSS */ #ifdef ENABLE_DHE - ENTRY (GNUTLS_DHE_DSS_ARCFOUR_128_SHA1, - GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_DSS_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), /* GCM */ - ENTRY (GNUTLS_DHE_DSS_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - - /* DHE_RSA */ - ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_DHE_DSS_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_GCM_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_DHE_DSS_CAMELLIA_256_GCM_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_DSS, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + + /* DHE_RSA */ + ENTRY(GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), /* GCM */ - ENTRY (GNUTLS_DHE_RSA_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), -#endif /* DHE */ + ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_DHE_RSA_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_GCM_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_DHE_RSA_CAMELLIA_256_GCM_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), +#endif /* DHE */ #ifdef ENABLE_ECDHE /* ECC-RSA */ - ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1, - GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY_PRF (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY_PRF (GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - - /* ECDHE-ECDSA */ - ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1, - GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY_PRF (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - - /* More ECC */ - - ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - - ENTRY (GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_ECDHE_RSA_NULL_SHA1, + GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + + /* ECDHE-ECDSA */ + ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1, + GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_ECDSA_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + + /* More ECC */ + + ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_ECDHE_RSA_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + + ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_GCM_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), /* Salsa20 */ - ENTRY (GNUTLS_ECDHE_RSA_SALSA20_256_SHA1, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_RSA_SALSA20_256_UMAC96, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_ECDSA_SALSA20_256_SHA1, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_ECDSA_SALSA20_256_UMAC96, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_SHA1, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_UMAC96, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_SHA1, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_UMAC96, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_RSA_SALSA20_256_SHA1, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_RSA_SALSA20_256_UMAC96, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_ECDSA_SALSA20_256_SHA1, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_ECDSA_SALSA20_256_UMAC96, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_SHA1, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_RSA_ESTREAM_SALSA20_256_UMAC96, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_RSA, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_SHA1, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_ECDSA_ESTREAM_SALSA20_256_UMAC96, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_ECDSA, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), #endif #ifdef ENABLE_PSK - /* ECC - PSK */ - ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY (GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256, - GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF (GNUTLS_ECDHE_PSK_NULL_SHA384, - GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - ENTRY (GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF (GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), - - ENTRY (GNUTLS_ECDHE_PSK_SALSA20_256_SHA1, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_PSK_SALSA20_256_UMAC96, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_SHA1, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_UMAC96, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - - /* PSK */ - ENTRY (GNUTLS_PSK_ARCFOUR_128_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_PSK_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_PSK_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_PSK_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_PSK_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_PSK_CAMELLIA_128_GCM_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF (GNUTLS_PSK_CAMELLIA_256_GCM_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - - - ENTRY (GNUTLS_PSK_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_PSK_NULL_SHA256, - GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY_PRF (GNUTLS_PSK_CAMELLIA_256_CBC_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - - ENTRY (GNUTLS_PSK_SALSA20_256_SHA1, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_PSK_SALSA20_256_UMAC96, - GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_PSK_ESTREAM_SALSA20_256_SHA1, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_PSK_ESTREAM_SALSA20_256_UMAC96, - GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK, - GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, - GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - - /* RSA-PSK */ - ENTRY (GNUTLS_RSA_PSK_ARCFOUR_128_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_PSK_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_PSK_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF (GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - - - ENTRY (GNUTLS_RSA_PSK_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_RSA_PSK_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_RSA_PSK_NULL_SHA256, - GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_CBC_SHA384, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - ENTRY_PRF (GNUTLS_RSA_PSK_NULL_SHA384, - GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY_PRF (GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - - - /* DHE-PSK */ - ENTRY (GNUTLS_DHE_PSK_ARCFOUR_128_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_PSK_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DHE_PSK_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_DHE_PSK_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_DHE_PSK_NULL_SHA256, - GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, - GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY_PRF (GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + /* ECC - PSK */ + ENTRY(GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), + ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256, + GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384, + GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), + ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), + + ENTRY(GNUTLS_ECDHE_PSK_SALSA20_256_SHA1, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_PSK_SALSA20_256_UMAC96, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_SHA1, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDHE_PSK_ESTREAM_SALSA20_256_UMAC96, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_ECDHE_PSK, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + + /* PSK */ + ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_PSK_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_PSK_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_PSK_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_PSK_CAMELLIA_128_GCM_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_GCM_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + + + ENTRY(GNUTLS_PSK_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_PSK_NULL_SHA256, + GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + + ENTRY(GNUTLS_PSK_SALSA20_256_SHA1, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_PSK_SALSA20_256_UMAC96, + GNUTLS_CIPHER_SALSA20_256, GNUTLS_KX_PSK, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_PSK_ESTREAM_SALSA20_256_SHA1, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_PSK_ESTREAM_SALSA20_256_UMAC96, + GNUTLS_CIPHER_ESTREAM_SALSA20_256, GNUTLS_KX_PSK, + GNUTLS_MAC_UMAC_96, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, + GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + + /* RSA-PSK */ + ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_GCM_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + + + ENTRY(GNUTLS_RSA_PSK_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_RSA_PSK_NULL_SHA256, + GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384, + GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + + + /* DHE-PSK */ + ENTRY(GNUTLS_DHE_PSK_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_DHE_PSK_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_PSK_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DHE_PSK_NULL_SHA256, + GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, + GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_GCM_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_DHE_PSK, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), #endif #ifdef ENABLE_ANON - /* DH_ANON */ - ENTRY (GNUTLS_DH_ANON_ARCFOUR_128_MD5, - GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, - GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), - ENTRY (GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, - GNUTLS_CIPHER_CAMELLIA_256_CBC, - GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_DH_ANON_AES_128_CBC_SHA256, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_DH_ANON_AES_256_CBC_SHA256, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY (GNUTLS_DH_ANON_AES_128_GCM_SHA256, - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384, - GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), - ENTRY (GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2), - ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, - GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + /* DH_ANON */ + ENTRY(GNUTLS_DH_ANON_ARCFOUR_128_MD5, + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5, + GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_DH_ANON_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256, + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA1, + GNUTLS_CIPHER_CAMELLIA_256_CBC, + GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256, + GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_DH_ANON_AES_256_GCM_SHA384, + GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), + ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_GCM_SHA256, + GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), + ENTRY_PRF(GNUTLS_DH_ANON_CAMELLIA_256_GCM_SHA384, + GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_KX_ANON_DH, + GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), /* ECC-ANON */ - ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1, - GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1, - GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_SSL3, - GNUTLS_VERSION_UNKNOWN), + ENTRY(GNUTLS_ECDH_ANON_NULL_SHA1, + GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_ECDH_ANON_ARCFOUR_128_SHA1, + GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ANON_ECDH, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, + GNUTLS_VERSION_UNKNOWN), #endif #ifdef ENABLE_SRP - /* SRP */ - ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, - GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), - - ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, - GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + /* SRP */ + ENTRY(GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_SRP_SHA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + ENTRY(GNUTLS_SRP_SHA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1, + GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1, + GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), + + ENTRY(GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA, + GNUTLS_MAC_SHA1, GNUTLS_TLS1, + GNUTLS_DTLS_VERSION_MIN), #endif - {0, {0, 0}, 0, 0, 0, 0, 0, 0} + {0, {0, 0}, 0, 0, 0, 0, 0, 0} }; #define CIPHER_SUITE_LOOP(b) \ @@ -1081,72 +1080,70 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* Cipher Suite's functions */ -const cipher_entry_st* -_gnutls_cipher_suite_get_cipher_algo (const uint8_t suite[2]) +const cipher_entry_st *_gnutls_cipher_suite_get_cipher_algo(const uint8_t + suite[2]) { - int ret = 0; - CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm); - return cipher_to_entry(ret); + int ret = 0; + CIPHER_SUITE_ALG_LOOP(ret = p->block_algorithm); + return cipher_to_entry(ret); } gnutls_kx_algorithm_t -_gnutls_cipher_suite_get_kx_algo (const uint8_t suite[2]) +_gnutls_cipher_suite_get_kx_algo(const uint8_t suite[2]) { - int ret = 0; + int ret = 0; - CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm); - return ret; + CIPHER_SUITE_ALG_LOOP(ret = p->kx_algorithm); + return ret; } -gnutls_mac_algorithm_t -_gnutls_cipher_suite_get_prf (const uint8_t suite[2]) +gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf(const uint8_t suite[2]) { - int ret = 0; + int ret = 0; - CIPHER_SUITE_ALG_LOOP (ret = p->prf); - return ret; + CIPHER_SUITE_ALG_LOOP(ret = p->prf); + return ret; } -const mac_entry_st* -_gnutls_cipher_suite_get_mac_algo (const uint8_t suite[2]) -{ /* In bytes */ - int ret = 0; - CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm); - return mac_to_entry(ret); +const mac_entry_st *_gnutls_cipher_suite_get_mac_algo(const uint8_t + suite[2]) +{ /* In bytes */ + int ret = 0; + CIPHER_SUITE_ALG_LOOP(ret = p->mac_algorithm); + return mac_to_entry(ret); } -const char * -_gnutls_cipher_suite_get_name (const uint8_t suite[2]) +const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2]) { - const char *ret = NULL; + const char *ret = NULL; - /* avoid prefix */ - CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1); + /* avoid prefix */ + CIPHER_SUITE_ALG_LOOP(ret = p->name + sizeof("GNUTLS_") - 1); - return ret; + return ret; } -static const gnutls_cipher_suite_entry * -cipher_suite_get (gnutls_kx_algorithm_t kx_algorithm, - gnutls_cipher_algorithm_t cipher_algorithm, - gnutls_mac_algorithm_t mac_algorithm) +static const gnutls_cipher_suite_entry + *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm, + gnutls_cipher_algorithm_t cipher_algorithm, + gnutls_mac_algorithm_t mac_algorithm) { - const gnutls_cipher_suite_entry *ret = NULL; - - CIPHER_SUITE_LOOP ( - if (kx_algorithm == p->kx_algorithm && - cipher_algorithm == p->block_algorithm && mac_algorithm == p->mac_algorithm) - { - ret = p; - break; - } - ); - - return ret; + const gnutls_cipher_suite_entry *ret = NULL; + + CIPHER_SUITE_LOOP( + if (kx_algorithm == p->kx_algorithm && + cipher_algorithm == p->block_algorithm + && mac_algorithm == p->mac_algorithm) { + ret = p; + break; + } + ); + + return ret; } @@ -1162,18 +1159,21 @@ cipher_suite_get (gnutls_kx_algorithm_t kx_algorithm, * Returns: a string that contains the name of a TLS cipher suite, * specified by the given algorithms, or %NULL. **/ -const char * -gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm, - gnutls_cipher_algorithm_t cipher_algorithm, - gnutls_mac_algorithm_t mac_algorithm) +const char *gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t + kx_algorithm, + gnutls_cipher_algorithm_t + cipher_algorithm, + gnutls_mac_algorithm_t + mac_algorithm) { -const gnutls_cipher_suite_entry * ce; - - ce = cipher_suite_get (kx_algorithm, cipher_algorithm, mac_algorithm); - if (ce == NULL) - return NULL; - else - return ce->name + sizeof ("GNUTLS_") - 1; + const gnutls_cipher_suite_entry *ce; + + ce = cipher_suite_get(kx_algorithm, cipher_algorithm, + mac_algorithm); + if (ce == NULL) + return NULL; + else + return ce->name + sizeof("GNUTLS_") - 1; } /*- @@ -1188,21 +1188,22 @@ const gnutls_cipher_suite_entry * ce; * Returns: 0 on success or a negative error code otherwise. -*/ int -_gnutls_cipher_suite_get_id (gnutls_kx_algorithm_t kx_algorithm, - gnutls_cipher_algorithm_t cipher_algorithm, - gnutls_mac_algorithm_t mac_algorithm, uint8_t suite[2]) +_gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm, + gnutls_cipher_algorithm_t cipher_algorithm, + gnutls_mac_algorithm_t mac_algorithm, + uint8_t suite[2]) { -const gnutls_cipher_suite_entry * ce; - - ce = cipher_suite_get (kx_algorithm, cipher_algorithm, mac_algorithm); - if (ce == NULL) - return GNUTLS_E_INVALID_REQUEST; - else - { - suite[0] = ce->id[0]; - suite[1] = ce->id[1]; - } - return 0; + const gnutls_cipher_suite_entry *ce; + + ce = cipher_suite_get(kx_algorithm, cipher_algorithm, + mac_algorithm); + if (ce == NULL) + return GNUTLS_E_INVALID_REQUEST; + else { + suite[0] = ce->id[0]; + suite[1] = ce->id[1]; + } + return 0; } /** @@ -1223,44 +1224,42 @@ const gnutls_cipher_suite_entry * ce; * about the cipher suite in the output variables. If @idx is out of * bounds, %NULL is returned. **/ -const char * -gnutls_cipher_suite_info (size_t idx, - unsigned char *cs_id, - gnutls_kx_algorithm_t * kx, - gnutls_cipher_algorithm_t * cipher, - gnutls_mac_algorithm_t * mac, - gnutls_protocol_t * min_version) +const char *gnutls_cipher_suite_info(size_t idx, + unsigned char *cs_id, + gnutls_kx_algorithm_t * kx, + gnutls_cipher_algorithm_t * cipher, + gnutls_mac_algorithm_t * mac, + gnutls_protocol_t * min_version) { - if (idx >= CIPHER_SUITES_COUNT) - return NULL; - - if (cs_id) - memcpy (cs_id, cs_algorithms[idx].id, 2); - if (kx) - *kx = cs_algorithms[idx].kx_algorithm; - if (cipher) - *cipher = cs_algorithms[idx].block_algorithm; - if (mac) - *mac = cs_algorithms[idx].mac_algorithm; - if (min_version) - *min_version = cs_algorithms[idx].min_version; - - return cs_algorithms[idx].name + sizeof ("GNU") - 1; + if (idx >= CIPHER_SUITES_COUNT) + return NULL; + + if (cs_id) + memcpy(cs_id, cs_algorithms[idx].id, 2); + if (kx) + *kx = cs_algorithms[idx].kx_algorithm; + if (cipher) + *cipher = cs_algorithms[idx].block_algorithm; + if (mac) + *mac = cs_algorithms[idx].mac_algorithm; + if (min_version) + *min_version = cs_algorithms[idx].min_version; + + return cs_algorithms[idx].name + sizeof("GNU") - 1; } -static inline int -_gnutls_cipher_suite_is_ok (const uint8_t suite[2]) +static inline int _gnutls_cipher_suite_is_ok(const uint8_t suite[2]) { - size_t ret; - const char *name = NULL; + size_t ret; + const char *name = NULL; - CIPHER_SUITE_ALG_LOOP (name = p->name); - if (name != NULL) - ret = 0; - else - ret = 1; - return ret; + CIPHER_SUITE_ALG_LOOP(name = p->name); + if (name != NULL) + ret = 0; + else + ret = 1; + return ret; } @@ -1277,47 +1276,63 @@ _gnutls_cipher_suite_is_ok (const uint8_t suite[2]) * -*/ int -_gnutls_supported_ciphersuites (gnutls_session_t session, - uint8_t *cipher_suites, unsigned int max_cipher_suite_size) +_gnutls_supported_ciphersuites(gnutls_session_t session, + uint8_t * cipher_suites, + unsigned int max_cipher_suite_size) { - unsigned int i, ret_count, j, z, k=0; - const gnutls_cipher_suite_entry * ce; - const version_entry_st* version = get_version( session); - unsigned int is_dtls = IS_DTLS(session); - - for (i = 0; i < session->internals.priorities.kx.algorithms; i++) - for (j = 0; j < session->internals.priorities.cipher.algorithms; j++) - for (z = 0; z < session->internals.priorities.mac.algorithms; z++) - { - ce = cipher_suite_get(session->internals.priorities.kx.priority[i], - session->internals.priorities.cipher.priority[j], - session->internals.priorities.mac.priority[z]); - - if (ce == NULL) continue; - - if (is_dtls == 0 && !(version->id >= ce->min_version)) - continue; - else if (is_dtls != 0 && !(version->id >= ce->min_dtls_version)) - - if (k+2 > max_cipher_suite_size) - return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - - memcpy (&cipher_suites[k], ce->id, 2); - k+=2; - } - - ret_count = k; - - /* This function can no longer return 0 cipher suites. - * It returns an error code instead. - */ - if (ret_count == 0) - { - gnutls_assert (); - return GNUTLS_E_NO_CIPHER_SUITES; - } - return ret_count; + unsigned int i, ret_count, j, z, k = 0; + const gnutls_cipher_suite_entry *ce; + const version_entry_st *version = get_version(session); + unsigned int is_dtls = IS_DTLS(session); + + for (i = 0; i < session->internals.priorities.kx.algorithms; i++) + for (j = 0; + j < session->internals.priorities.cipher.algorithms; + j++) + for (z = 0; + z < + session->internals.priorities.mac.algorithms; + z++) { + ce = cipher_suite_get(session->internals. + priorities.kx. + priority[i], + session->internals. + priorities.cipher. + priority[j], + session->internals. + priorities.mac. + priority[z]); + + if (ce == NULL) + continue; + + if (is_dtls == 0 + && !(version->id >= ce->min_version)) + continue; + else if (is_dtls != 0 + && !(version->id >= + ce->min_dtls_version)) + + if (k + 2 > max_cipher_suite_size) + return + gnutls_assert_val + (GNUTLS_E_INTERNAL_ERROR); + + memcpy(&cipher_suites[k], ce->id, 2); + k += 2; + } + + ret_count = k; + + /* This function can no longer return 0 cipher suites. + * It returns an error code instead. + */ + if (ret_count == 0) { + gnutls_assert(); + return GNUTLS_E_NO_CIPHER_SUITES; + } + return ret_count; } /** @@ -1337,32 +1352,37 @@ _gnutls_supported_ciphersuites (gnutls_session_t session, * Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise. **/ int -gnutls_priority_get_cipher_suite_index (gnutls_priority_t pcache, unsigned int idx, unsigned int *sidx) +gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache, + unsigned int idx, + unsigned int *sidx) { -int mac_idx, cipher_idx, kx_idx; -unsigned int i; -unsigned int total = pcache->mac.algorithms * pcache->cipher.algorithms * pcache->kx.algorithms; - - if (idx >= total) - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; - - mac_idx = idx % pcache->mac.algorithms; - - idx /= pcache->mac.algorithms; - cipher_idx = idx % pcache->cipher.algorithms; - - idx /= pcache->cipher.algorithms; - kx_idx = idx % pcache->kx.algorithms; - - for (i=0;i<CIPHER_SUITES_COUNT;i++) - { - if (cs_algorithms[i].kx_algorithm == pcache->kx.priority[kx_idx] && - cs_algorithms[i].block_algorithm == pcache->cipher.priority[cipher_idx] && - cs_algorithms[i].mac_algorithm == pcache->mac.priority[mac_idx]) - { - *sidx = i; - return 0; - } - } - return GNUTLS_E_UNKNOWN_CIPHER_SUITE; + int mac_idx, cipher_idx, kx_idx; + unsigned int i; + unsigned int total = + pcache->mac.algorithms * pcache->cipher.algorithms * + pcache->kx.algorithms; + + if (idx >= total) + return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + + mac_idx = idx % pcache->mac.algorithms; + + idx /= pcache->mac.algorithms; + cipher_idx = idx % pcache->cipher.algorithms; + + idx /= pcache->cipher.algorithms; + kx_idx = idx % pcache->kx.algorithms; + + for (i = 0; i < CIPHER_SUITES_COUNT; i++) { + if (cs_algorithms[i].kx_algorithm == + pcache->kx.priority[kx_idx] + && cs_algorithms[i].block_algorithm == + pcache->cipher.priority[cipher_idx] + && cs_algorithms[i].mac_algorithm == + pcache->mac.priority[mac_idx]) { + *sidx = i; + return 0; + } + } + return GNUTLS_E_UNKNOWN_CIPHER_SUITE; } diff --git a/lib/algorithms/ecc.c b/lib/algorithms/ecc.c index c574036ae9..3aa4000f9d 100644 --- a/lib/algorithms/ecc.c +++ b/lib/algorithms/ecc.c @@ -30,42 +30,42 @@ */ static const gnutls_ecc_curve_entry_st ecc_curves[] = { - { - .name = "SECP192R1", - .oid = "1.2.840.10045.3.1.1", - .id = GNUTLS_ECC_CURVE_SECP192R1, - .tls_id = 19, - .size = 24, - }, - { - .name = "SECP224R1", - .oid = "1.3.132.0.33", - .id = GNUTLS_ECC_CURVE_SECP224R1, - .tls_id = 21, - .size = 28, - }, - { - .name = "SECP256R1", - .oid = "1.2.840.10045.3.1.7", - .id = GNUTLS_ECC_CURVE_SECP256R1, - .tls_id = 23, - .size = 32, - }, - { - .name = "SECP384R1", - .oid = "1.3.132.0.34", - .id = GNUTLS_ECC_CURVE_SECP384R1, - .tls_id = 24, - .size = 48, - }, - { - .name = "SECP521R1", - .oid = "1.3.132.0.35", - .id = GNUTLS_ECC_CURVE_SECP521R1, - .tls_id = 25, - .size = 66, - }, - {0, 0, 0} + { + .name = "SECP192R1", + .oid = "1.2.840.10045.3.1.1", + .id = GNUTLS_ECC_CURVE_SECP192R1, + .tls_id = 19, + .size = 24, + }, + { + .name = "SECP224R1", + .oid = "1.3.132.0.33", + .id = GNUTLS_ECC_CURVE_SECP224R1, + .tls_id = 21, + .size = 28, + }, + { + .name = "SECP256R1", + .oid = "1.2.840.10045.3.1.7", + .id = GNUTLS_ECC_CURVE_SECP256R1, + .tls_id = 23, + .size = 32, + }, + { + .name = "SECP384R1", + .oid = "1.3.132.0.34", + .id = GNUTLS_ECC_CURVE_SECP384R1, + .tls_id = 24, + .size = 48, + }, + { + .name = "SECP521R1", + .oid = "1.3.132.0.35", + .id = GNUTLS_ECC_CURVE_SECP521R1, + .tls_id = 25, + .size = 66, + }, + {0, 0, 0} }; #define GNUTLS_ECC_CURVE_LOOP(b) \ @@ -75,20 +75,15 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = { /* Returns the TLS id of the given curve */ -int -_gnutls_tls_id_to_ecc_curve (int num) +int _gnutls_tls_id_to_ecc_curve(int num) { - gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; - - GNUTLS_ECC_CURVE_LOOP ( - if (p->tls_id == num) - { - ret = p->id; - break; - } - ); - - return ret; + gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; + + GNUTLS_ECC_CURVE_LOOP(if (p->tls_id == num) { + ret = p->id; break;} + ); + + return ret; } /** @@ -101,41 +96,35 @@ _gnutls_tls_id_to_ecc_curve (int num) * Returns: Return a (0)-terminated list of #gnutls_ecc_curve_t * integers indicating the available curves. **/ -const gnutls_ecc_curve_t * -gnutls_ecc_curve_list (void) +const gnutls_ecc_curve_t *gnutls_ecc_curve_list(void) { -static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 }; + static gnutls_ecc_curve_t supported_curves[MAX_ALGOS] = { 0 }; - if (supported_curves[0] == 0) - { - int i = 0; + if (supported_curves[0] == 0) { + int i = 0; - GNUTLS_ECC_CURVE_LOOP ( - supported_curves[i++]=p->id; - ); - supported_curves[i++]=0; - } + GNUTLS_ECC_CURVE_LOOP(supported_curves[i++] = p->id;); + supported_curves[i++] = 0; + } - return supported_curves; + return supported_curves; } /* Maps numbers to TLS NamedCurve IDs (RFC4492). * Returns a negative number on error. */ -int -_gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc) +int _gnutls_ecc_curve_get_tls_id(gnutls_ecc_curve_t supported_ecc) { - int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; - - GNUTLS_ECC_CURVE_LOOP ( - if (p->id == supported_ecc) - { - ret = p->tls_id; - break; - } - ); - - return ret; + int ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; + + GNUTLS_ECC_CURVE_LOOP( + if (p->id == supported_ecc) { + ret = p->tls_id; + break; + } + ); + + return ret; } /*- @@ -145,19 +134,18 @@ _gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc) * Returns: return a #gnutls_ecc_curve_t value corresponding to * the specified OID, or %GNUTLS_ECC_CURVE_INVALID on error. -*/ -gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid) +gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve(const char *oid) { - gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; + gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; - GNUTLS_ECC_CURVE_LOOP ( - if (strcasecmp (p->oid, oid) == 0) - { - ret = p->id; - break; - } - ); + GNUTLS_ECC_CURVE_LOOP( + if (strcasecmp(p->oid, oid) == 0) { + ret = p->id; + break; + } + ); - return ret; + return ret; } /*- @@ -169,20 +157,18 @@ gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid) * Returns: return a #gnutls_ecc_curve_t value corresponding to * the specified curve, or %GNUTLS_ECC_CURVE_INVALID on error. -*/ -gnutls_ecc_curve_t -_gnutls_ecc_curve_get_id (const char *name) +gnutls_ecc_curve_t _gnutls_ecc_curve_get_id(const char *name) { - gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; + gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_INVALID; - GNUTLS_ECC_CURVE_LOOP ( - if (strcasecmp (p->name, name) == 0) - { - ret = p->id; - break; - } - ); + GNUTLS_ECC_CURVE_LOOP( + if (strcasecmp(p->name, name) == 0) { + ret = p->id; + break; + } + ); - return ret; + return ret; } /*- @@ -192,20 +178,18 @@ _gnutls_ecc_curve_get_id (const char *name) * Returns: return a #gnutls_ecc_curve_t value corresponding to * the specified bit length, or %GNUTLS_ECC_CURVE_INVALID on error. -*/ -gnutls_ecc_curve_t -_gnutls_ecc_bits_to_curve (int bits) +gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(int bits) { - gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1; + gnutls_ecc_curve_t ret = GNUTLS_ECC_CURVE_SECP224R1; - GNUTLS_ECC_CURVE_LOOP ( - if (8*p->size >= bits) - { - ret = p->id; - break; - } - ); + GNUTLS_ECC_CURVE_LOOP( + if (8 * p->size >= bits) { + ret = p->id; + break; + } + ); - return ret; + return ret; } /** @@ -219,20 +203,18 @@ _gnutls_ecc_bits_to_curve (int bits) * * Since: 3.0 **/ -const char * -gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve) +const char *gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve) { - const char *ret = NULL; + const char *ret = NULL; - GNUTLS_ECC_CURVE_LOOP( - if (p->id == curve) - { - ret = p->name; - break; - } - ); + GNUTLS_ECC_CURVE_LOOP( + if (p->id == curve) { + ret = p->name; + break; + } + ); - return ret; + return ret; } /*- @@ -244,20 +226,18 @@ gnutls_ecc_curve_get_name (gnutls_ecc_curve_t curve) * Returns: a string that contains the name of the specified * curve or %NULL. -*/ -const char * -_gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve) +const char *_gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve) { - const char *ret = NULL; + const char *ret = NULL; - GNUTLS_ECC_CURVE_LOOP( - if (p->id == curve) - { - ret = p->oid; - break; - } - ); + GNUTLS_ECC_CURVE_LOOP( + if (p->id == curve) { + ret = p->oid; + break; + } + ); - return ret; + return ret; } /*- @@ -268,20 +248,19 @@ _gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve) * * Returns: a pointer to #gnutls_ecc_curve_entry_st or %NULL. -*/ -const gnutls_ecc_curve_entry_st * -_gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve) +const gnutls_ecc_curve_entry_st + *_gnutls_ecc_curve_get_params(gnutls_ecc_curve_t curve) { - const gnutls_ecc_curve_entry_st *ret = NULL; + const gnutls_ecc_curve_entry_st *ret = NULL; - GNUTLS_ECC_CURVE_LOOP( - if (p->id == curve) - { - ret = p; - break; - } - ); + GNUTLS_ECC_CURVE_LOOP( + if (p->id == curve) { + ret = p; + break; + } + ); - return ret; + return ret; } /** @@ -294,17 +273,16 @@ _gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve) * * Since: 3.0 **/ -int gnutls_ecc_curve_get_size (gnutls_ecc_curve_t curve) +int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve) { - int ret = 0; + int ret = 0; - GNUTLS_ECC_CURVE_LOOP( - if (p->id == curve) - { - ret = p->size; - break; - } - ); + GNUTLS_ECC_CURVE_LOOP( + if (p->id == curve) { + ret = p->size; + break; + } + ); - return ret; + return ret; } diff --git a/lib/algorithms/kx.c b/lib/algorithms/kx.c index eb7e11ac78..3fa8a317e0 100644 --- a/lib/algorithms/kx.c +++ b/lib/algorithms/kx.c @@ -46,30 +46,33 @@ extern mod_auth_st srp_dss_auth_struct; * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require * more than one credentials type. */ -typedef struct -{ - gnutls_kx_algorithm_t algorithm; - gnutls_credentials_type_t client_type; - gnutls_credentials_type_t server_type; /* The type of credentials a server - * needs to set */ +typedef struct { + gnutls_kx_algorithm_t algorithm; + gnutls_credentials_type_t client_type; + gnutls_credentials_type_t server_type; /* The type of credentials a server + * needs to set */ } gnutls_cred_map; static const gnutls_cred_map cred_mappings[] = { - {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, - {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, - {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, - {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, - {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, - {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP}, - {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, - {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, - {0, 0, 0} + {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, + {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, + {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, + {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, + GNUTLS_CRD_CERTIFICATE}, + {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, + GNUTLS_CRD_CERTIFICATE}, + {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, + GNUTLS_CRD_CERTIFICATE}, + {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, + GNUTLS_CRD_CERTIFICATE}, + {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, + {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, + {GNUTLS_KX_RSA_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_CERTIFICATE}, + {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, + {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP}, + {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, + {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, + {0, 0, 0} }; #define GNUTLS_KX_MAP_LOOP(b) \ @@ -79,48 +82,48 @@ static const gnutls_cred_map cred_mappings[] = { #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \ GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; }) -struct gnutls_kx_algo_entry -{ - const char *name; - gnutls_kx_algorithm_t algorithm; - mod_auth_st *auth_struct; - int needs_dh_params; +struct gnutls_kx_algo_entry { + const char *name; + gnutls_kx_algorithm_t algorithm; + mod_auth_st *auth_struct; + int needs_dh_params; }; typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry; static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = { #if defined(ENABLE_ANON) && defined(ENABLE_DHE) - {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1}, + {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1}, #endif #if defined(ENABLE_ANON) && defined(ENABLE_ECDHE) - {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0}, + {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0}, #endif - {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct}, + {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct}, #ifdef ENABLE_DHE - {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1}, - {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1}, + {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1}, + {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1}, #endif #ifdef ENABLE_ECDHE - {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0}, - {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0}, + {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0}, + {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, + 0}, #endif #ifdef ENABLE_SRP - {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0}, - {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0}, - {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0}, + {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0}, + {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0}, + {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0}, #endif #ifdef ENABLE_PSK - {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0}, - {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0}, -# ifdef ENABLE_DHE - {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct, - 1 /* needs DHE params */}, -# endif -# ifdef ENABLE_ECDHE - {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0}, -# endif + {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0}, + {"RSA-PSK", GNUTLS_KX_RSA_PSK, &rsa_psk_auth_struct, 0}, +#ifdef ENABLE_DHE + {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct, + 1 /* needs DHE params */ }, +#endif +#ifdef ENABLE_ECDHE + {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0}, #endif - {0, 0, 0, 0} +#endif + {0, 0, 0, 0} }; #define GNUTLS_KX_LOOP(b) \ @@ -132,26 +135,25 @@ static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = { /* Key EXCHANGE functions */ -mod_auth_st * -_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm) +mod_auth_st *_gnutls_kx_auth_struct(gnutls_kx_algorithm_t algorithm) { - mod_auth_st *ret = NULL; - GNUTLS_KX_ALG_LOOP (ret = p->auth_struct); - return ret; + mod_auth_st *ret = NULL; + GNUTLS_KX_ALG_LOOP(ret = p->auth_struct); + return ret; } int -_gnutls_kx_priority (gnutls_session_t session, - gnutls_kx_algorithm_t algorithm) +_gnutls_kx_priority(gnutls_session_t session, + gnutls_kx_algorithm_t algorithm) { - unsigned int i; - for (i = 0; i < session->internals.priorities.kx.algorithms; i++) - { - if (session->internals.priorities.kx.priority[i] == algorithm) - return i; - } - return -1; + unsigned int i; + for (i = 0; i < session->internals.priorities.kx.algorithms; i++) { + if (session->internals.priorities.kx.priority[i] == + algorithm) + return i; + } + return -1; } /** @@ -163,15 +165,14 @@ _gnutls_kx_priority (gnutls_session_t session, * Returns: a pointer to a string that contains the name of the * specified key exchange algorithm, or %NULL. **/ -const char * -gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm) +const char *gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm) { - const char *ret = NULL; + const char *ret = NULL; - /* avoid prefix */ - GNUTLS_KX_ALG_LOOP (ret = p->name); + /* avoid prefix */ + GNUTLS_KX_ALG_LOOP(ret = p->name); - return ret; + return ret; } /** @@ -184,20 +185,18 @@ gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm) * Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN * on error. **/ -gnutls_kx_algorithm_t -gnutls_kx_get_id (const char *name) +gnutls_kx_algorithm_t gnutls_kx_get_id(const char *name) { - gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN; + gnutls_kx_algorithm_t ret = GNUTLS_KX_UNKNOWN; - GNUTLS_KX_LOOP ( - if (strcasecmp (p->name, name) == 0) - { - ret = p->algorithm; - break; - } - ); + GNUTLS_KX_LOOP( + if (strcasecmp(p->name, name) == 0) { + ret = p->algorithm; + break; + } + ); - return ret; + return ret; } /** @@ -210,77 +209,66 @@ gnutls_kx_get_id (const char *name) * Returns: a (0)-terminated list of #gnutls_kx_algorithm_t integers * indicating the available key exchange algorithms. **/ -const gnutls_kx_algorithm_t * -gnutls_kx_list (void) +const gnutls_kx_algorithm_t *gnutls_kx_list(void) { -static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS] = {0}; + static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS] = { 0 }; - if (supported_kxs[0] == 0) - { - int i = 0; + if (supported_kxs[0] == 0) { + int i = 0; - GNUTLS_KX_LOOP (supported_kxs[i++]=p->algorithm); - supported_kxs[i++]=0; - } + GNUTLS_KX_LOOP(supported_kxs[i++] = p->algorithm); + supported_kxs[i++] = 0; + } - return supported_kxs; + return supported_kxs; } -int -_gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm) +int _gnutls_kx_is_ok(gnutls_kx_algorithm_t algorithm) { - ssize_t ret = -1; - GNUTLS_KX_ALG_LOOP (ret = p->algorithm); - if (ret >= 0) - ret = 0; - else - ret = 1; - return ret; + ssize_t ret = -1; + GNUTLS_KX_ALG_LOOP(ret = p->algorithm); + if (ret >= 0) + ret = 0; + else + ret = 1; + return ret; } -int -_gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm) +int _gnutls_kx_needs_dh_params(gnutls_kx_algorithm_t algorithm) { - ssize_t ret = 0; - GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params); - return ret; + ssize_t ret = 0; + GNUTLS_KX_ALG_LOOP(ret = p->needs_dh_params); + return ret; } /* Type to KX mappings */ gnutls_kx_algorithm_t -_gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server) +_gnutls_map_kx_get_kx(gnutls_credentials_type_t type, int server) { - gnutls_kx_algorithm_t ret = -1; - - if (server) - { - GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm); - } - else - { - GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm); - } - return ret; + gnutls_kx_algorithm_t ret = -1; + + if (server) { + GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm); + } else { + GNUTLS_KX_MAP_ALG_LOOP_SERVER(ret = p->algorithm); + } + return ret; } /* Returns the credentials type required for this * Key exchange method. */ gnutls_credentials_type_t -_gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server) +_gnutls_map_kx_get_cred(gnutls_kx_algorithm_t algorithm, int server) { - gnutls_credentials_type_t ret = -1; - if (server) - { - GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = - p->server_type); - } - else - { - GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret = - p->client_type); - } - - return ret; + gnutls_credentials_type_t ret = -1; + if (server) { + GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret = + p->server_type); + } else { + GNUTLS_KX_MAP_LOOP(if (p->algorithm == algorithm) ret = + p->client_type); + } + + return ret; } - diff --git a/lib/algorithms/mac.c b/lib/algorithms/mac.c index a2fc83688d..595eab348e 100644 --- a/lib/algorithms/mac.c +++ b/lib/algorithms/mac.c @@ -26,19 +26,24 @@ #include <x509/common.h> static const mac_entry_st hash_algorithms[] = { - {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1, 64}, - {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64}, - {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1, 64}, - {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1, 64}, - {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1, 64}, - {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1, 64}, - {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0}, - {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1, 0}, - {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1, 0}, - {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0, 0}, /* not used as MAC */ - {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1, 64}, - {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0, 0}, - {0, 0, 0, 0, 0, 0, 0, 0} + {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 1, 64}, + {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64}, + {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1, + 64}, + {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48, 48, 0, 0, 1, + 64}, + {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64, 64, 0, 0, 1, + 64}, + {"SHA224", HASH_OID_SHA224, GNUTLS_MAC_SHA224, 28, 28, 0, 0, 1, + 64}, + {"UMAC-96", NULL, GNUTLS_MAC_UMAC_96, 12, 16, 8, 0, 1, 0}, + {"UMAC-128", NULL, GNUTLS_MAC_UMAC_128, 16, 16, 8, 0, 1, 0}, + {"AEAD", NULL, GNUTLS_MAC_AEAD, 0, 0, 0, 1, 1, 0}, + {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0, 0, 0, 0, 0, 0}, /* not used as MAC */ + {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20, 20, 0, 0, 1, + 64}, + {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0, 0, 0, 0, 0, 0}, + {0, 0, 0, 0, 0, 0, 0, 0} }; @@ -49,24 +54,24 @@ static const mac_entry_st hash_algorithms[] = { #define GNUTLS_HASH_ALG_LOOP(a) \ GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } ) -const mac_entry_st* mac_to_entry(gnutls_mac_algorithm_t c) +const mac_entry_st *mac_to_entry(gnutls_mac_algorithm_t c) { - GNUTLS_HASH_LOOP (if (c==p->id) return p); + GNUTLS_HASH_LOOP(if (c == p->id) return p); - return NULL; + return NULL; } int -_gnutls_mac_priority (gnutls_session_t session, - gnutls_mac_algorithm_t algorithm) -{ /* actually returns the priority */ - unsigned int i; - for (i = 0; i < session->internals.priorities.mac.algorithms; i++) - { - if (session->internals.priorities.mac.priority[i] == algorithm) - return i; - } - return -1; +_gnutls_mac_priority(gnutls_session_t session, + gnutls_mac_algorithm_t algorithm) +{ /* actually returns the priority */ + unsigned int i; + for (i = 0; i < session->internals.priorities.mac.algorithms; i++) { + if (session->internals.priorities.mac.priority[i] == + algorithm) + return i; + } + return -1; } /** @@ -78,15 +83,14 @@ _gnutls_mac_priority (gnutls_session_t session, * Returns: a string that contains the name of the specified MAC * algorithm, or %NULL. **/ -const char * -gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm) +const char *gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm) { - const char *ret = NULL; + const char *ret = NULL; - /* avoid prefix */ - GNUTLS_HASH_ALG_LOOP (ret = p->name); + /* avoid prefix */ + GNUTLS_HASH_ALG_LOOP(ret = p->name); - return ret; + return ret; } /** @@ -98,20 +102,18 @@ gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm) * Returns: a string that contains the name of the specified digest * algorithm, or %NULL. **/ -const char * -gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm) +const char *gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm) { - const char *ret = NULL; + const char *ret = NULL; - GNUTLS_HASH_LOOP ( - if (algorithm == (unsigned)p->id && p->oid != NULL) - { - ret = p->name; - break; - } - ); + GNUTLS_HASH_LOOP( + if (algorithm == (unsigned) p->id && p->oid != NULL) { + ret = p->name; + break; + } + ); - return ret; + return ret; } /** @@ -124,20 +126,18 @@ gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm) * Returns: a #gnutls_digest_algorithm_t id of the specified MAC * algorithm string, or %GNUTLS_DIG_UNKNOWN on failures. **/ -gnutls_digest_algorithm_t -gnutls_digest_get_id (const char *name) +gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name) { - gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN; + gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN; - GNUTLS_HASH_LOOP ( - if (p->oid != NULL && strcasecmp (p->name, name) == 0) - { - ret = p->id; - break; - } - ); + GNUTLS_HASH_LOOP( + if (p->oid != NULL && strcasecmp(p->name, name) == 0) { + ret = p->id; + break; + } + ); - return ret; + return ret; } /** @@ -150,20 +150,18 @@ gnutls_digest_get_id (const char *name) * Returns: a #gnutls_mac_algorithm_t id of the specified MAC * algorithm string, or %GNUTLS_MAC_UNKNOWN on failures. **/ -gnutls_mac_algorithm_t -gnutls_mac_get_id (const char *name) +gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name) { - gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN; + gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN; - GNUTLS_HASH_LOOP ( - if (strcasecmp (p->name, name) == 0) - { - ret = p->id; - break; - } - ); + GNUTLS_HASH_LOOP( + if (strcasecmp(p->name, name) == 0) { + ret = p->id; + break; + } + ); - return ret; + return ret; } /** @@ -175,15 +173,14 @@ gnutls_mac_get_id (const char *name) * Returns: length (in bytes) of the given MAC key size, or 0 if the * given MAC algorithm is invalid. **/ -size_t -gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm) +size_t gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm) { - size_t ret = 0; + size_t ret = 0; - /* avoid prefix */ - GNUTLS_HASH_ALG_LOOP (ret = p->key_size); + /* avoid prefix */ + GNUTLS_HASH_ALG_LOOP(ret = p->key_size); - return ret; + return ret; } /** @@ -196,15 +193,14 @@ gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm) * * Since: 3.2.0 **/ -size_t -gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm) +size_t gnutls_mac_get_nonce_size(gnutls_mac_algorithm_t algorithm) { - size_t ret = 0; + size_t ret = 0; - /* avoid prefix */ - GNUTLS_HASH_ALG_LOOP (ret = p->nonce_size); + /* avoid prefix */ + GNUTLS_HASH_ALG_LOOP(ret = p->nonce_size); - return ret; + return ret; } /** @@ -217,23 +213,21 @@ gnutls_mac_get_nonce_size (gnutls_mac_algorithm_t algorithm) * Returns: Return a (0)-terminated list of #gnutls_mac_algorithm_t * integers indicating the available MACs. **/ -const gnutls_mac_algorithm_t * -gnutls_mac_list (void) +const gnutls_mac_algorithm_t *gnutls_mac_list(void) { -static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 }; + static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 }; - if (supported_macs[0] == 0) - { - int i = 0; + if (supported_macs[0] == 0) { + int i = 0; - GNUTLS_HASH_LOOP ( - if (p->placeholder != 0 || _gnutls_mac_exists(p->id)) - supported_macs[i++]=p->id; - ); - supported_macs[i++]=0; - } + GNUTLS_HASH_LOOP( + if (p->placeholder != 0 || _gnutls_mac_exists(p->id)) + supported_macs[i++] = p->id; + ); + supported_macs[i++] = 0; + } - return supported_macs; + return supported_macs; } /** @@ -246,39 +240,39 @@ static gnutls_mac_algorithm_t supported_macs[MAX_ALGOS] = { 0 }; * Returns: Return a (0)-terminated list of #gnutls_digest_algorithm_t * integers indicating the available digests. **/ -const gnutls_digest_algorithm_t * -gnutls_digest_list (void) +const gnutls_digest_algorithm_t *gnutls_digest_list(void) { -static gnutls_digest_algorithm_t supported_digests[MAX_ALGOS] = { 0 }; - - if (supported_digests[0] == 0) - { - int i = 0; - - GNUTLS_HASH_LOOP ( - if (p->oid != NULL && (p->placeholder != 0 || _gnutls_mac_exists(p->id))) - supported_digests[i++]=p->id; - ); - supported_digests[i++]=0; - } - - return supported_digests; + static gnutls_digest_algorithm_t supported_digests[MAX_ALGOS] = + { 0 }; + + if (supported_digests[0] == 0) { + int i = 0; + + GNUTLS_HASH_LOOP( + if (p->oid != NULL && (p->placeholder != 0 || + _gnutls_mac_exists(p->id))) { + + supported_digests[i++] = p->id; + } + ); + supported_digests[i++] = 0; + } + + return supported_digests; } -gnutls_digest_algorithm_t -_gnutls_x509_oid_to_digest (const char *oid) +gnutls_digest_algorithm_t _gnutls_x509_oid_to_digest(const char *oid) { - gnutls_digest_algorithm_t ret = 0; - - GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0) - { - ret = (gnutls_digest_algorithm_t)p->id; - break; - } - ); - - if (ret == 0) - return GNUTLS_DIG_UNKNOWN; - return ret; + gnutls_digest_algorithm_t ret = 0; + + GNUTLS_HASH_LOOP( + if (p->oid && strcmp(oid, p->oid) == 0) { + ret = (gnutls_digest_algorithm_t) p->id; + break; + } + ); + + if (ret == 0) + return GNUTLS_DIG_UNKNOWN; + return ret; } - diff --git a/lib/algorithms/protocols.c b/lib/algorithms/protocols.c index 1f7a15804d..1ad022013e 100644 --- a/lib/algorithms/protocols.c +++ b/lib/algorithms/protocols.c @@ -27,14 +27,14 @@ /* TLS Versions */ static const version_entry_st sup_versions[] = { - {"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1, 0, 0, 0, 0}, - {"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1, 0, 1, 0, 0}, - {"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1, 1, 1, 0, 0}, - {"TLS1.2", GNUTLS_TLS1_2, 3, 3, GNUTLS_STREAM, 1, 1, 1, 1, 1}, - {"DTLS0.9", GNUTLS_DTLS0_9, 1, 0, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */ - {"DTLS1.0", GNUTLS_DTLS1_0, 254, 255, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* 1.1 over datagram */ - {"DTLS1.2", GNUTLS_DTLS1_2, 254, 253, GNUTLS_DGRAM, 1, 1, 1, 1, 1}, /* 1.2 over datagram */ - {0, 0, 0, 0, 0} + {"SSL3.0", GNUTLS_SSL3, 3, 0, GNUTLS_STREAM, 1, 0, 0, 0, 0}, + {"TLS1.0", GNUTLS_TLS1, 3, 1, GNUTLS_STREAM, 1, 0, 1, 0, 0}, + {"TLS1.1", GNUTLS_TLS1_1, 3, 2, GNUTLS_STREAM, 1, 1, 1, 0, 0}, + {"TLS1.2", GNUTLS_TLS1_2, 3, 3, GNUTLS_STREAM, 1, 1, 1, 1, 1}, + {"DTLS0.9", GNUTLS_DTLS0_9, 1, 0, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* Cisco AnyConnect (based on about OpenSSL 0.9.8e) */ + {"DTLS1.0", GNUTLS_DTLS1_0, 254, 255, GNUTLS_DGRAM, 1, 1, 1, 0, 0}, /* 1.1 over datagram */ + {"DTLS1.2", GNUTLS_DTLS1_2, 254, 253, GNUTLS_DGRAM, 1, 1, 1, 1, 1}, /* 1.2 over datagram */ + {0, 0, 0, 0, 0} }; #define GNUTLS_VERSION_LOOP(b) \ @@ -44,68 +44,71 @@ static const version_entry_st sup_versions[] = { #define GNUTLS_VERSION_ALG_LOOP(a) \ GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; }) -const version_entry_st* version_to_entry(gnutls_protocol_t version) +const version_entry_st *version_to_entry(gnutls_protocol_t version) { - GNUTLS_VERSION_ALG_LOOP (return p); - return NULL; + GNUTLS_VERSION_ALG_LOOP(return p); + return NULL; } /* Return the priority of the provided version number */ int -_gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version) +_gnutls_version_priority(gnutls_session_t session, + gnutls_protocol_t version) { - unsigned int i; - - for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) - { - if (session->internals.priorities.protocol.priority[i] == version) - return i; - } - return -1; + unsigned int i; + + for (i = 0; i < session->internals.priorities.protocol.algorithms; + i++) { + if (session->internals.priorities.protocol.priority[i] == + version) + return i; + } + return -1; } /* Returns the lowest TLS version number in the priorities. */ -gnutls_protocol_t -_gnutls_version_lowest (gnutls_session_t session) +gnutls_protocol_t _gnutls_version_lowest(gnutls_session_t session) { - unsigned int i, min = 0xff; - gnutls_protocol_t cur_prot; + unsigned int i, min = 0xff; + gnutls_protocol_t cur_prot; - for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) - { - cur_prot = session->internals.priorities.protocol.priority[i]; + for (i=0;i< session->internals.priorities.protocol.algorithms;i++) { + cur_prot = + session->internals.priorities.protocol.priority[i]; - if (cur_prot < min && _gnutls_version_is_supported(session, cur_prot)) - min = cur_prot; - } + if (cur_prot < min + && _gnutls_version_is_supported(session, cur_prot)) + min = cur_prot; + } - if (min == 0xff) - return GNUTLS_VERSION_UNKNOWN; /* unknown version */ + if (min == 0xff) + return GNUTLS_VERSION_UNKNOWN; /* unknown version */ - return min; + return min; } /* Returns the maximum version in the priorities */ -gnutls_protocol_t -_gnutls_version_max (gnutls_session_t session) +gnutls_protocol_t _gnutls_version_max(gnutls_session_t session) { - unsigned int i, max = 0x00; - gnutls_protocol_t cur_prot; + unsigned int i, max = 0x00; + gnutls_protocol_t cur_prot; - for (i = 0; i < session->internals.priorities.protocol.algorithms; i++) - { - cur_prot = session->internals.priorities.protocol.priority[i]; + for (i = 0; i < session->internals.priorities.protocol.algorithms; + i++) { + cur_prot = + session->internals.priorities.protocol.priority[i]; - if (cur_prot > max && _gnutls_version_is_supported(session, cur_prot)) - max = cur_prot; - } + if (cur_prot > max + && _gnutls_version_is_supported(session, cur_prot)) + max = cur_prot; + } - if (max == 0x00) - return GNUTLS_VERSION_UNKNOWN; /* unknown version */ + if (max == 0x00) + return GNUTLS_VERSION_UNKNOWN; /* unknown version */ - return max; + return max; } @@ -118,14 +121,13 @@ _gnutls_version_max (gnutls_session_t session) * Returns: a string that contains the name of the specified TLS * version (e.g., "TLS1.0"), or %NULL. **/ -const char * -gnutls_protocol_get_name (gnutls_protocol_t version) +const char *gnutls_protocol_get_name(gnutls_protocol_t version) { - const char *ret = NULL; + const char *ret = NULL; - /* avoid prefix */ - GNUTLS_VERSION_ALG_LOOP (ret = p->name); - return ret; + /* avoid prefix */ + GNUTLS_VERSION_ALG_LOOP(ret = p->name); + return ret; } /** @@ -137,20 +139,18 @@ gnutls_protocol_get_name (gnutls_protocol_t version) * Returns: an id of the specified protocol, or * %GNUTLS_VERSION_UNKNOWN on error. **/ -gnutls_protocol_t -gnutls_protocol_get_id (const char *name) +gnutls_protocol_t gnutls_protocol_get_id(const char *name) { - gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN; + gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN; - GNUTLS_VERSION_LOOP ( - if (strcasecmp (p->name, name) == 0) - { - ret = p->id; - break; - } - ); + GNUTLS_VERSION_LOOP( + if (strcasecmp(p->name, name) == 0) { + ret = p->id; + break; + } + ); - return ret; + return ret; } /** @@ -164,50 +164,50 @@ gnutls_protocol_get_id (const char *name) * indicating the available protocols. * **/ -const gnutls_protocol_t * -gnutls_protocol_list (void) +const gnutls_protocol_t *gnutls_protocol_list(void) { -static gnutls_protocol_t supported_protocols[MAX_ALGOS] = {0}; + static gnutls_protocol_t supported_protocols[MAX_ALGOS] = { 0 }; - if (supported_protocols[0] == 0) - { - int i = 0; + if (supported_protocols[0] == 0) { + int i = 0; - GNUTLS_VERSION_LOOP (supported_protocols[i++]=p->id); - supported_protocols[i++]=0; - } + GNUTLS_VERSION_LOOP(supported_protocols[i++] = p->id); + supported_protocols[i++] = 0; + } - return supported_protocols; + return supported_protocols; } /* Returns a version number given the major and minor numbers. */ -gnutls_protocol_t -_gnutls_version_get (uint8_t major, uint8_t minor) +gnutls_protocol_t _gnutls_version_get(uint8_t major, uint8_t minor) { - int ret = -1; + int ret = -1; - GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor)) - ret = p->id); - return ret; + GNUTLS_VERSION_LOOP( + if ((p->major == major) && (p->minor == minor)) + ret = p->id + ); + return ret; } /* Version Functions */ int -_gnutls_version_is_supported (gnutls_session_t session, - const gnutls_protocol_t version) +_gnutls_version_is_supported(gnutls_session_t session, + const gnutls_protocol_t version) { - int ret = 0; + int ret = 0; - GNUTLS_VERSION_ALG_LOOP (ret = p->supported && p->transport == session->internals.transport); + GNUTLS_VERSION_ALG_LOOP( + ret = p->supported && p->transport == session->internals.transport + ); - if (ret == 0) - return 0; + if (ret == 0) + return 0; - if (_gnutls_version_priority (session, version) < 0) - return 0; /* disabled by the user */ - else - return 1; + if (_gnutls_version_priority(session, version) < 0) + return 0; /* disabled by the user */ + else + return 1; } - diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c index f504c7b72f..59738d6ccf 100644 --- a/lib/algorithms/publickey.c +++ b/lib/algorithms/publickey.c @@ -27,17 +27,16 @@ /* KX mappings to PK algorithms */ -typedef struct -{ - gnutls_kx_algorithm_t kx_algorithm; - gnutls_pk_algorithm_t pk_algorithm; - enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used - * for encryption, CIPHER_SIGN if signature only, - * CIPHER_IGN if this does not apply at all. - * - * This is useful to certificate cipher suites, which check - * against the certificate key usage bits. - */ +typedef struct { + gnutls_kx_algorithm_t kx_algorithm; + gnutls_pk_algorithm_t pk_algorithm; + enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used + * for encryption, CIPHER_SIGN if signature only, + * CIPHER_IGN if this does not apply at all. + * + * This is useful to certificate cipher suites, which check + * against the certificate key usage bits. + */ } gnutls_pk_map; /* This table maps the Key exchange algorithms to @@ -46,15 +45,15 @@ typedef struct * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA. */ static const gnutls_pk_map pk_mappings[] = { - {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT}, - {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, - {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, - {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, - {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN}, - {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, - {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, - {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT}, - {0, 0, 0} + {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT}, + {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, + {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, + {GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN}, + {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN}, + {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, + {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN}, + {GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT}, + {0, 0, 0} }; #define GNUTLS_PK_MAP_LOOP(b) \ @@ -69,37 +68,36 @@ static const gnutls_pk_map pk_mappings[] = { * the given gnutls_kx_algorithm_t. */ gnutls_pk_algorithm_t -_gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm) +_gnutls_map_pk_get_pk(gnutls_kx_algorithm_t kx_algorithm) { - gnutls_pk_algorithm_t ret = -1; + gnutls_pk_algorithm_t ret = -1; - GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret; + GNUTLS_PK_MAP_ALG_LOOP(ret = p->pk_algorithm) return ret; } /* pk algorithms; */ -struct gnutls_pk_entry -{ - const char *name; - const char *oid; - gnutls_pk_algorithm_t id; +struct gnutls_pk_entry { + const char *name; + const char *oid; + gnutls_pk_algorithm_t id; }; typedef struct gnutls_pk_entry gnutls_pk_entry; static const gnutls_pk_entry pk_algorithms[] = { - /* having duplicate entries is ok, as long as the one - * we want to return OID from is first */ - {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN}, - {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA}, - {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */ - {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */ - {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */ - {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */ - {"DSA", PK_DSA_OID, GNUTLS_PK_DSA}, - {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN}, - {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN}, - {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC}, - {0, 0, 0} + /* having duplicate entries is ok, as long as the one + * we want to return OID from is first */ + {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN}, + {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA}, + {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */ + {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */ + {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */ + {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */ + {"DSA", PK_DSA_OID, GNUTLS_PK_DSA}, + {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN}, + {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN}, + {"EC", "1.2.840.10045.2.1", GNUTLS_PK_EC}, + {0, 0, 0} }; #define GNUTLS_PK_LOOP(b) \ @@ -116,20 +114,18 @@ static const gnutls_pk_entry pk_algorithms[] = { * Returns: a string that contains the name of the specified public * key algorithm, or %NULL. **/ -const char * -gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm) +const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm) { - const char *ret = NULL; + const char *ret = NULL; - GNUTLS_PK_LOOP( - if (p->id == algorithm) - { - ret = p->name; - break; - } - ); + GNUTLS_PK_LOOP( + if (p->id == algorithm) { + ret = p->name; + break; + } + ); - return ret; + return ret; } /** @@ -144,20 +140,21 @@ gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm) * * Since: 2.6.0 **/ -const gnutls_pk_algorithm_t * -gnutls_pk_list (void) +const gnutls_pk_algorithm_t *gnutls_pk_list(void) { -static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = {0}; + static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = { 0 }; - if (supported_pks[0] == 0) - { - int i = 0; + if (supported_pks[0] == 0) { + int i = 0; - GNUTLS_PK_LOOP (if (p->id != GNUTLS_PK_UNKNOWN && supported_pks[i>0?(i-1):0]!=p->id) supported_pks[i++]=p->id); - supported_pks[i++]=0; - } + GNUTLS_PK_LOOP( + if (p->id != GNUTLS_PK_UNKNOWN && supported_pks[i > 0 ? (i - 1) : 0] != p->id) + supported_pks[i++] = p->id + ); + supported_pks[i++] = 0; + } - return supported_pks; + return supported_pks; } /** @@ -173,20 +170,18 @@ static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = {0}; * * Since: 2.6.0 **/ -gnutls_pk_algorithm_t -gnutls_pk_get_id (const char *name) +gnutls_pk_algorithm_t gnutls_pk_get_id(const char *name) { - gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN; - const gnutls_pk_entry *p; + gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN; + const gnutls_pk_entry *p; - for (p = pk_algorithms; p->name != NULL; p++) - if (name && strcmp (p->name, name) == 0) - { - ret = p->id; - break; - } + for (p = pk_algorithms; p->name != NULL; p++) + if (name && strcmp(p->name, name) == 0) { + ret = p->id; + break; + } - return ret; + return ret; } /** @@ -200,52 +195,46 @@ gnutls_pk_get_id (const char *name) * * Since: 2.6.0 **/ -const char * -gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm) +const char *gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm) { - const char *ret = "Unknown"; - const gnutls_pk_entry *p; + const char *ret = "Unknown"; + const gnutls_pk_entry *p; - for (p = pk_algorithms; p->name != NULL; p++) - if (algorithm == p->id) - { - ret = p->name; - break; - } + for (p = pk_algorithms; p->name != NULL; p++) + if (algorithm == p->id) { + ret = p->name; + break; + } - return ret; + return ret; } -gnutls_pk_algorithm_t -_gnutls_x509_oid2pk_algorithm (const char *oid) +gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm(const char *oid) { - gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN; - const gnutls_pk_entry *p; + gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN; + const gnutls_pk_entry *p; - for (p = pk_algorithms; p->name != NULL; p++) - if (p->oid && strcmp (p->oid, oid) == 0) - { - ret = p->id; - break; - } + for (p = pk_algorithms; p->name != NULL; p++) + if (p->oid && strcmp(p->oid, oid) == 0) { + ret = p->id; + break; + } - return ret; + return ret; } -const char * -_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm) +const char *_gnutls_x509_pk_to_oid(gnutls_pk_algorithm_t algorithm) { - const char *ret = NULL; - const gnutls_pk_entry *p; + const char *ret = NULL; + const gnutls_pk_entry *p; - for (p = pk_algorithms; p->name != NULL; p++) - if (p->id == algorithm) - { - ret = p->oid; - break; - } + for (p = pk_algorithms; p->name != NULL; p++) + if (p->id == algorithm) { + ret = p->oid; + break; + } - return ret; + return ret; } /* Returns the encipher type for the given key exchange algorithm. @@ -254,10 +243,11 @@ _gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm) * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT. */ enum encipher_type -_gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm) +_gnutls_kx_encipher_type(gnutls_kx_algorithm_t kx_algorithm) { - int ret = CIPHER_IGN; - GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret; + int ret = CIPHER_IGN; + GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type) -} + return ret; +} diff --git a/lib/algorithms/secparams.c b/lib/algorithms/secparams.c index 36a1ebfa64..2dc04b7256 100644 --- a/lib/algorithms/secparams.c +++ b/lib/algorithms/secparams.c @@ -25,30 +25,29 @@ #include <gnutls_errors.h> #include <x509/common.h> -typedef struct -{ - const char *name; - gnutls_sec_param_t sec_param; - unsigned int bits; /* security level */ - unsigned int pk_bits; /* DH, RSA, SRP */ - unsigned int dsa_bits; /* bits for DSA. Handled differently since - * choice of key size in DSA is political. - */ - unsigned int subgroup_bits; /* subgroup bits */ - unsigned int ecc_bits; /* bits for ECC keys */ +typedef struct { + const char *name; + gnutls_sec_param_t sec_param; + unsigned int bits; /* security level */ + unsigned int pk_bits; /* DH, RSA, SRP */ + unsigned int dsa_bits; /* bits for DSA. Handled differently since + * choice of key size in DSA is political. + */ + unsigned int subgroup_bits; /* subgroup bits */ + unsigned int ecc_bits; /* bits for ECC keys */ } gnutls_sec_params_entry; static const gnutls_sec_params_entry sec_params[] = { - {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0}, - {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 150, 0}, - {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0}, - {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160}, - {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160}, - {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192}, - {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224}, - {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256}, - {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512}, - {NULL, 0, 0, 0, 0, 0} + {"Insecure", GNUTLS_SEC_PARAM_INSECURE, 0, 0, 0, 0, 0}, + {"Export", GNUTLS_SEC_PARAM_EXPORT, 42, 512, 0, 150, 0}, + {"Very weak", GNUTLS_SEC_PARAM_VERY_WEAK, 64, 767, 0, 160, 0}, + {"Weak", GNUTLS_SEC_PARAM_WEAK, 72, 1008, 1024, 160, 160}, + {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160}, + {"Legacy", GNUTLS_SEC_PARAM_LEGACY, 96, 1776, 2048, 192, 192}, + {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224}, + {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256}, + {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512}, + {NULL, 0, 0, 0, 0, 0} }; #define GNUTLS_SEC_PARAM_LOOP(b) \ @@ -71,41 +70,40 @@ static const gnutls_sec_params_entry sec_params[] = { * Since: 2.12.0 **/ unsigned int -gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo, - gnutls_sec_param_t param) +gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo, + gnutls_sec_param_t param) { - unsigned int ret = 0; - - /* handle DSA differently */ - GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param) - { - if (algo == GNUTLS_PK_DSA) - ret = p->dsa_bits; - else if (algo == GNUTLS_PK_EC) - ret = p->ecc_bits; - else - ret = p->pk_bits; - break; - } - ); - return ret; + unsigned int ret = 0; + + /* handle DSA differently */ + GNUTLS_SEC_PARAM_LOOP( + if (p->sec_param == param) { + if (algo == GNUTLS_PK_DSA) + ret = p->dsa_bits; + else if (algo == GNUTLS_PK_EC) + ret = p->ecc_bits; + else + ret = p->pk_bits; break; + } + ); + return ret; } /* Returns the corresponding size for subgroup bits (q), * given the group bits (p). */ -unsigned int -_gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits) +unsigned int _gnutls_pk_bits_to_subgroup_bits(unsigned int pk_bits) { - unsigned int ret = 0; + unsigned int ret = 0; - GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits >= pk_bits) - { - ret = p->subgroup_bits; break; - } - ); + GNUTLS_SEC_PARAM_LOOP( + if (p->pk_bits >= pk_bits) { + ret = p->subgroup_bits; + break; + } + ); - return ret; + return ret; } /** @@ -119,18 +117,18 @@ _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits) * * Since: 2.12.0 **/ -const char * -gnutls_sec_param_get_name (gnutls_sec_param_t param) +const char *gnutls_sec_param_get_name(gnutls_sec_param_t param) { - const char *ret = "Unknown"; + const char *ret = "Unknown"; - GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param) - { - ret = p->name; break; - } - ); + GNUTLS_SEC_PARAM_LOOP( + if (p->sec_param == param) { + ret = p->name; + break; + } + ); - return ret; + return ret; } /** @@ -147,29 +145,28 @@ gnutls_sec_param_get_name (gnutls_sec_param_t param) * Since: 2.12.0 **/ gnutls_sec_param_t -gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits) +gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo, unsigned int bits) { - gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_INSECURE; - - if (bits == 0) - return GNUTLS_SEC_PARAM_UNKNOWN; - - if (algo == GNUTLS_PK_EC) - { - GNUTLS_SEC_PARAM_LOOP (if (p->ecc_bits > bits) - { - break; - } - ret = p->sec_param;); - } - else - { - GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits > bits) - { - break; - } - ret = p->sec_param;); - } - - return ret; + gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_INSECURE; + + if (bits == 0) + return GNUTLS_SEC_PARAM_UNKNOWN; + + if (algo == GNUTLS_PK_EC) { + GNUTLS_SEC_PARAM_LOOP( + if (p->ecc_bits > bits) { + break; + } + ret = p->sec_param; + ); + } else { + GNUTLS_SEC_PARAM_LOOP( + if (p->pk_bits > bits) { + break; + } + ret = p->sec_param; + ); + } + + return ret; } diff --git a/lib/algorithms/sign.c b/lib/algorithms/sign.c index 29348e9baa..04f2645a4b 100644 --- a/lib/algorithms/sign.c +++ b/lib/algorithms/sign.c @@ -27,16 +27,15 @@ /* signature algorithms; */ -struct gnutls_sign_entry -{ - const char *name; - const char *oid; - gnutls_sign_algorithm_t id; - gnutls_pk_algorithm_t pk; - gnutls_digest_algorithm_t mac; - /* See RFC 5246 HashAlgorithm and SignatureAlgorithm - for values to use in aid struct. */ - const sign_algorithm_st aid; +struct gnutls_sign_entry { + const char *name; + const char *oid; + gnutls_sign_algorithm_t id; + gnutls_pk_algorithm_t pk; + gnutls_digest_algorithm_t mac; + /* See RFC 5246 HashAlgorithm and SignatureAlgorithm + for values to use in aid struct. */ + const sign_algorithm_st aid; }; typedef struct gnutls_sign_entry gnutls_sign_entry; @@ -44,43 +43,57 @@ typedef struct gnutls_sign_entry gnutls_sign_entry; static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN; static const gnutls_sign_entry sign_algorithms[] = { - {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, - GNUTLS_DIG_SHA1, {2, 1}}, - {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, - GNUTLS_DIG_SHA1, {2, 1}}, - {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224, GNUTLS_PK_RSA, - GNUTLS_DIG_SHA224, {3, 1}}, - {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA, - GNUTLS_DIG_SHA256, {4, 1}}, - {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA, - GNUTLS_DIG_SHA384, {5, 1}}, - {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA, - GNUTLS_DIG_SHA512, {6, 1}}, - {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA, - GNUTLS_DIG_RMD160, TLS_SIGN_AID_UNKNOWN}, - {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, - GNUTLS_DIG_SHA1, {2, 2}}, - {"DSA-SHA1", "1.3.14.3.2.27", GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, - GNUTLS_DIG_SHA1, {2, 2}}, - {"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224, GNUTLS_PK_DSA, - GNUTLS_DIG_SHA224, {3, 2}}, - {"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256, GNUTLS_PK_DSA, - GNUTLS_DIG_SHA256, {4, 2}}, - {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA, - GNUTLS_DIG_MD5, {1, 1}}, - {"RSA-MD5", "1.3.14.3.2.25", GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA, - GNUTLS_DIG_MD5, {1, 1}}, - {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA, - GNUTLS_DIG_MD2, TLS_SIGN_AID_UNKNOWN}, - {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1, GNUTLS_PK_EC, GNUTLS_DIG_SHA1, {2, 3}}, - {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224, GNUTLS_PK_EC, GNUTLS_DIG_SHA224, {3, 3}}, - {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256, GNUTLS_PK_EC, GNUTLS_DIG_SHA256, {4, 3}}, - {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384, GNUTLS_PK_EC, GNUTLS_DIG_SHA384, {5, 3}}, - {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512, GNUTLS_PK_EC, GNUTLS_DIG_SHA512, {6, 3}}, - {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, - TLS_SIGN_AID_UNKNOWN}, - {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}, - {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN} + {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA, + GNUTLS_DIG_SHA1, {2, 1}}, + {"RSA-SHA1", ISO_SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, + GNUTLS_PK_RSA, + GNUTLS_DIG_SHA1, {2, 1}}, + {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224, + GNUTLS_PK_RSA, + GNUTLS_DIG_SHA224, {3, 1}}, + {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, + GNUTLS_PK_RSA, + GNUTLS_DIG_SHA256, {4, 1}}, + {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, + GNUTLS_PK_RSA, + GNUTLS_DIG_SHA384, {5, 1}}, + {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, + GNUTLS_PK_RSA, + GNUTLS_DIG_SHA512, {6, 1}}, + {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, + GNUTLS_PK_RSA, + GNUTLS_DIG_RMD160, TLS_SIGN_AID_UNKNOWN}, + {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, + GNUTLS_DIG_SHA1, {2, 2}}, + {"DSA-SHA1", "1.3.14.3.2.27", GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA, + GNUTLS_DIG_SHA1, {2, 2}}, + {"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224, + GNUTLS_PK_DSA, + GNUTLS_DIG_SHA224, {3, 2}}, + {"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256, + GNUTLS_PK_DSA, + GNUTLS_DIG_SHA256, {4, 2}}, + {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA, + GNUTLS_DIG_MD5, {1, 1}}, + {"RSA-MD5", "1.3.14.3.2.25", GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA, + GNUTLS_DIG_MD5, {1, 1}}, + {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA, + GNUTLS_DIG_MD2, TLS_SIGN_AID_UNKNOWN}, + {"ECDSA-SHA1", "1.2.840.10045.4.1", GNUTLS_SIGN_ECDSA_SHA1, + GNUTLS_PK_EC, GNUTLS_DIG_SHA1, {2, 3}}, + {"ECDSA-SHA224", "1.2.840.10045.4.3.1", GNUTLS_SIGN_ECDSA_SHA224, + GNUTLS_PK_EC, GNUTLS_DIG_SHA224, {3, 3}}, + {"ECDSA-SHA256", "1.2.840.10045.4.3.2", GNUTLS_SIGN_ECDSA_SHA256, + GNUTLS_PK_EC, GNUTLS_DIG_SHA256, {4, 3}}, + {"ECDSA-SHA384", "1.2.840.10045.4.3.3", GNUTLS_SIGN_ECDSA_SHA384, + GNUTLS_PK_EC, GNUTLS_DIG_SHA384, {5, 3}}, + {"ECDSA-SHA512", "1.2.840.10045.4.3.4", GNUTLS_SIGN_ECDSA_SHA512, + GNUTLS_PK_EC, GNUTLS_DIG_SHA512, {6, 3}}, + {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0, + TLS_SIGN_AID_UNKNOWN}, + {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, + TLS_SIGN_AID_UNKNOWN}, + {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN} }; #define GNUTLS_SIGN_LOOP(b) \ @@ -101,16 +114,15 @@ static const gnutls_sign_entry sign_algorithms[] = { * Returns: a string that contains the name of the specified sign * algorithm, or %NULL. **/ -const char * -gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm) +const char *gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm) { - gnutls_sign_algorithm_t sign = algorithm; - const char *ret = NULL; + gnutls_sign_algorithm_t sign = algorithm; + const char *ret = NULL; - /* avoid prefix */ - GNUTLS_SIGN_ALG_LOOP (ret = p->name); + /* avoid prefix */ + GNUTLS_SIGN_ALG_LOOP(ret = p->name); - return ret; + return ret; } /** @@ -119,19 +131,18 @@ gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm) * * Returns: Non-zero if the provided signature algorithm is considered to be secure. **/ -int -gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm) +int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) { - gnutls_sign_algorithm_t sign = algorithm; - gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN; + gnutls_sign_algorithm_t sign = algorithm; + gnutls_digest_algorithm_t dig = GNUTLS_DIG_UNKNOWN; + + /* avoid prefix */ + GNUTLS_SIGN_ALG_LOOP(dig = p->mac); - /* avoid prefix */ - GNUTLS_SIGN_ALG_LOOP (dig = p->mac); - - if (dig != GNUTLS_DIG_UNKNOWN) - return _gnutls_digest_is_secure(mac_to_entry(dig)); + if (dig != GNUTLS_DIG_UNKNOWN) + return _gnutls_digest_is_secure(mac_to_entry(dig)); - return 0; + return 0; } /** @@ -143,20 +154,18 @@ gnutls_sign_is_secure (gnutls_sign_algorithm_t algorithm) * integers indicating the available ciphers. * **/ -const gnutls_sign_algorithm_t * -gnutls_sign_list (void) +const gnutls_sign_algorithm_t *gnutls_sign_list(void) { -static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = {0}; + static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = { 0 }; - if (supported_sign[0] == 0) - { - int i = 0; + if (supported_sign[0] == 0) { + int i = 0; - GNUTLS_SIGN_LOOP (supported_sign[i++]=p->id); - supported_sign[i++]=0; - } + GNUTLS_SIGN_LOOP(supported_sign[i++] = p->id); + supported_sign[i++] = 0; + } - return supported_sign; + return supported_sign; } /** @@ -168,41 +177,35 @@ static gnutls_sign_algorithm_t supported_sign[MAX_ALGOS] = {0}; * Returns: return a #gnutls_sign_algorithm_t value corresponding to * the specified algorithm, or %GNUTLS_SIGN_UNKNOWN on error. **/ -gnutls_sign_algorithm_t -gnutls_sign_get_id (const char *name) +gnutls_sign_algorithm_t gnutls_sign_get_id(const char *name) { - gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; + gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; - GNUTLS_SIGN_LOOP ( - if (strcasecmp (p->name, name) == 0) - { - ret = p->id; - break; - } - ); + GNUTLS_SIGN_LOOP( + if (strcasecmp(p->name, name) == 0) { + ret = p->id; + break; + } + ); - return ret; + return ret; } -gnutls_sign_algorithm_t -_gnutls_x509_oid2sign_algorithm (const char *oid) +gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm(const char *oid) { - gnutls_sign_algorithm_t ret = 0; - - GNUTLS_SIGN_LOOP (if (p->oid && strcmp (oid, p->oid) == 0) - { - ret = p->id; - break; - } - ); - - if (ret == 0) - { - _gnutls_debug_log ("Unknown SIGN OID: '%s'\n", oid); - return GNUTLS_SIGN_UNKNOWN; - } - return ret; + gnutls_sign_algorithm_t ret = 0; + + GNUTLS_SIGN_LOOP( + if (p->oid && strcmp(oid, p->oid) == 0) { + ret = p->id; break;} + ); + + if (ret == 0) { + _gnutls_debug_log("Unknown SIGN OID: '%s'\n", oid); + return GNUTLS_SIGN_UNKNOWN; + } + return ret; } /** @@ -216,33 +219,34 @@ _gnutls_x509_oid2sign_algorithm (const char *oid) * Returns: return a #gnutls_sign_algorithm_t value, or %GNUTLS_SIGN_UNKNOWN on error. **/ gnutls_sign_algorithm_t -gnutls_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash) +gnutls_pk_to_sign(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash) { - gnutls_sign_algorithm_t ret = 0; - - GNUTLS_SIGN_LOOP (if (pk == p->pk && hash == p->mac) - { - ret = p->id; break;} - ); - - if (ret == 0) - return GNUTLS_SIGN_UNKNOWN; - return ret; + gnutls_sign_algorithm_t ret = 0; + + GNUTLS_SIGN_LOOP( + if (pk == p->pk && hash == p->mac) { + ret = p->id; + break; + } + ); + + if (ret == 0) + return GNUTLS_SIGN_UNKNOWN; + return ret; } -const char * -_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk, - gnutls_digest_algorithm_t mac) +const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm_t pk, + gnutls_digest_algorithm_t mac) { - gnutls_sign_algorithm_t sign; - const char *ret = NULL; + gnutls_sign_algorithm_t sign; + const char *ret = NULL; - sign = gnutls_pk_to_sign (pk, mac); - if (sign == GNUTLS_SIGN_UNKNOWN) - return NULL; + sign = gnutls_pk_to_sign(pk, mac); + if (sign == GNUTLS_SIGN_UNKNOWN) + return NULL; - GNUTLS_SIGN_ALG_LOOP (ret = p->oid); - return ret; + GNUTLS_SIGN_ALG_LOOP(ret = p->oid); + return ret; } /** @@ -257,13 +261,13 @@ _gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk, * Returns: return a #gnutls_digest_algorithm_t value, or %GNUTLS_DIG_UNKNOWN on error. **/ gnutls_digest_algorithm_t -gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign) +gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign) { - gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN; + gnutls_digest_algorithm_t ret = GNUTLS_DIG_UNKNOWN; - GNUTLS_SIGN_ALG_LOOP (ret = p->mac); + GNUTLS_SIGN_ALG_LOOP(ret = p->mac); - return ret; + return ret; } /** @@ -278,46 +282,48 @@ gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign) * Returns: return a #gnutls_pk_algorithm_t value, or %GNUTLS_PK_UNKNOWN on error. **/ gnutls_pk_algorithm_t -gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign) +gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign) { - gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN; + gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN; - GNUTLS_SIGN_ALG_LOOP (ret = p->pk); + GNUTLS_SIGN_ALG_LOOP(ret = p->pk); - return ret; + return ret; } gnutls_sign_algorithm_t -_gnutls_tls_aid_to_sign (const sign_algorithm_st * aid) +_gnutls_tls_aid_to_sign(const sign_algorithm_st * aid) { - gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; + gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN; - if (memcmp(aid, &unknown_tls_aid, sizeof(*aid))==0) - return ret; + if (memcmp(aid, &unknown_tls_aid, sizeof(*aid)) == 0) + return ret; - GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm - && p->aid.sign_algorithm == aid->sign_algorithm) - { - ret = p->id; break; - } - ); + GNUTLS_SIGN_LOOP( + if (p->aid.hash_algorithm == aid->hash_algorithm && + p->aid.sign_algorithm == aid->sign_algorithm) { + ret = p->id; + break; + } + ); - return ret; + + return ret; } /* Returns NULL if a valid AID is not found */ -const sign_algorithm_st* -_gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign) +const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t + sign) { - const sign_algorithm_st * ret = NULL; + const sign_algorithm_st *ret = NULL; - GNUTLS_SIGN_ALG_LOOP (ret = &p->aid); + GNUTLS_SIGN_ALG_LOOP(ret = &p->aid); - if (ret != NULL && memcmp(ret, &unknown_tls_aid, sizeof(*ret))==0) - return NULL; + if (ret != NULL + && memcmp(ret, &unknown_tls_aid, sizeof(*ret)) == 0) + return NULL; - return ret; + return ret; } - |