588
638
#define MAX_ELEMENTS 48
640
#define LEVEL_NONE "NONE"
641
#define LEVEL_NORMAL "NORMAL"
642
#define LEVEL_PERFORMANCE "PERFORMANCE"
643
#define LEVEL_SECURE128 "SECURE128"
644
#define LEVEL_SECURE192 "SECURE192"
645
#define LEVEL_SECURE256 "SECURE256"
646
#define LEVEL_SUITEB128 "SUITEB128"
647
#define LEVEL_SUITEB192 "SUITEB192"
648
#define LEVEL_EXPORT "EXPORT"
651
int check_level(const char* level, gnutls_priority_t priority_cache, int add)
653
bulk_rmadd_func *func;
655
if (add) func = _add_priority;
656
else func = _set_priority;
658
if (strcasecmp (level, LEVEL_PERFORMANCE) == 0)
660
func (&priority_cache->cipher,
661
cipher_priority_performance);
662
func (&priority_cache->kx, kx_priority_performance);
663
func (&priority_cache->mac, mac_priority_normal);
664
func (&priority_cache->sign_algo,
665
sign_priority_default);
666
func (&priority_cache->supported_ecc, supported_ecc_normal);
668
if (priority_cache->level == 0)
669
priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
672
else if (strcasecmp (level, LEVEL_NORMAL) == 0)
674
func (&priority_cache->cipher, cipher_priority_normal);
675
func (&priority_cache->kx, kx_priority_secure);
676
func (&priority_cache->mac, mac_priority_normal);
677
func (&priority_cache->sign_algo,
678
sign_priority_default);
679
func (&priority_cache->supported_ecc, supported_ecc_normal);
681
if (priority_cache->level == 0)
682
priority_cache->level = GNUTLS_SEC_PARAM_VERY_WEAK;
685
else if (strcasecmp (level, LEVEL_SECURE256) == 0
686
|| strcasecmp (level, LEVEL_SECURE192) == 0)
688
func (&priority_cache->cipher,
689
cipher_priority_secure192);
690
func (&priority_cache->kx, kx_priority_secure);
691
func (&priority_cache->mac, mac_priority_secure192);
692
func (&priority_cache->sign_algo,
693
sign_priority_secure192);
694
func (&priority_cache->supported_ecc, supported_ecc_secure192);
696
/* be conservative for now. Set the bits to correspond to 96-bit level */
697
if (priority_cache->level == 0)
698
priority_cache->level = GNUTLS_SEC_PARAM_LEGACY;
701
else if (strcasecmp (level, LEVEL_SECURE128) == 0
702
|| strcasecmp (level, "SECURE") == 0)
704
func (&priority_cache->cipher,
705
cipher_priority_secure128);
706
func (&priority_cache->kx, kx_priority_secure);
707
func (&priority_cache->mac, mac_priority_secure128);
708
func (&priority_cache->sign_algo,
709
sign_priority_secure128);
710
func (&priority_cache->supported_ecc, supported_ecc_secure128);
712
/* be conservative for now. Set the bits to correspond to an 72-bit level */
713
if (priority_cache->level == 0)
714
priority_cache->level = GNUTLS_SEC_PARAM_WEAK;
717
else if (strcasecmp (level, LEVEL_SUITEB128) == 0)
719
func (&priority_cache->protocol, protocol_priority_suiteb);
720
func (&priority_cache->cipher,
721
cipher_priority_suiteb128);
722
func (&priority_cache->kx, kx_priority_suiteb);
723
func (&priority_cache->mac, mac_priority_suiteb128);
724
func (&priority_cache->sign_algo,
725
sign_priority_suiteb128);
726
func (&priority_cache->supported_ecc, supported_ecc_suiteb128);
728
if (priority_cache->level == 0)
729
priority_cache->level = GNUTLS_SEC_PARAM_HIGH;
732
else if (strcasecmp (level, LEVEL_SUITEB192) == 0)
734
func (&priority_cache->protocol, protocol_priority_suiteb);
735
func (&priority_cache->cipher,
736
cipher_priority_suiteb192);
737
func (&priority_cache->kx, kx_priority_suiteb);
738
func (&priority_cache->mac, mac_priority_suiteb192);
739
func (&priority_cache->sign_algo,
740
sign_priority_suiteb192);
741
func (&priority_cache->supported_ecc, supported_ecc_suiteb192);
743
if (priority_cache->level == 0)
744
priority_cache->level = GNUTLS_SEC_PARAM_ULTRA;
747
else if (strcasecmp (level, LEVEL_EXPORT) == 0)
749
func (&priority_cache->cipher, cipher_priority_export);
750
func (&priority_cache->kx, kx_priority_export);
751
func (&priority_cache->mac, mac_priority_secure128);
752
func (&priority_cache->sign_algo,
753
sign_priority_default);
754
func (&priority_cache->supported_ecc, supported_ecc_normal);
756
if (priority_cache->level == 0)
757
priority_cache->level = GNUTLS_SEC_PARAM_EXPORT;
591
764
* gnutls_priority_init:
592
765
* @priority_cache: is a #gnutls_prioritity_t structure.
707
889
for (; i < broken_list_size; i++)
709
if (strcasecmp (broken_list[i], "PERFORMANCE") == 0)
711
_set_priority (&(*priority_cache)->cipher,
712
cipher_priority_performance);
713
_set_priority (&(*priority_cache)->kx, kx_priority_performance);
714
_set_priority (&(*priority_cache)->mac, mac_priority_normal);
715
_set_priority (&(*priority_cache)->sign_algo,
716
sign_priority_default);
717
_set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
719
else if (strcasecmp (broken_list[i], "NORMAL") == 0)
721
_set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
722
_set_priority (&(*priority_cache)->kx, kx_priority_secure);
723
_set_priority (&(*priority_cache)->mac, mac_priority_normal);
724
_set_priority (&(*priority_cache)->sign_algo,
725
sign_priority_default);
726
_set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
728
else if (strcasecmp (broken_list[i], "SECURE256") == 0
729
|| strcasecmp (broken_list[i], "SECURE192") == 0)
731
_set_priority (&(*priority_cache)->cipher,
732
cipher_priority_secure192);
733
_set_priority (&(*priority_cache)->kx, kx_priority_secure);
734
_set_priority (&(*priority_cache)->mac, mac_priority_secure192);
735
_set_priority (&(*priority_cache)->sign_algo,
736
sign_priority_secure192);
737
_set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure192);
739
else if (strcasecmp (broken_list[i], "SECURE128") == 0
740
|| strcasecmp (broken_list[i], "SECURE") == 0)
742
_set_priority (&(*priority_cache)->cipher,
743
cipher_priority_secure128);
744
_set_priority (&(*priority_cache)->kx, kx_priority_secure);
745
_set_priority (&(*priority_cache)->mac, mac_priority_secure128);
746
_set_priority (&(*priority_cache)->sign_algo,
747
sign_priority_secure128);
748
_set_priority (&(*priority_cache)->supported_ecc, supported_ecc_secure128);
750
else if (strcasecmp (broken_list[i], "SUITEB128") == 0)
752
_set_priority (&(*priority_cache)->protocol, protocol_priority_suiteb);
753
_set_priority (&(*priority_cache)->cipher,
754
cipher_priority_suiteb128);
755
_set_priority (&(*priority_cache)->kx, kx_priority_suiteb);
756
_set_priority (&(*priority_cache)->mac, mac_priority_suiteb128);
757
_set_priority (&(*priority_cache)->sign_algo,
758
sign_priority_suiteb128);
759
_set_priority (&(*priority_cache)->supported_ecc, supported_ecc_suiteb128);
761
else if (strcasecmp (broken_list[i], "SUITEB192") == 0)
763
_set_priority (&(*priority_cache)->protocol, protocol_priority_suiteb);
764
_set_priority (&(*priority_cache)->cipher,
765
cipher_priority_suiteb192);
766
_set_priority (&(*priority_cache)->kx, kx_priority_suiteb);
767
_set_priority (&(*priority_cache)->mac, mac_priority_suiteb192);
768
_set_priority (&(*priority_cache)->sign_algo,
769
sign_priority_suiteb192);
770
_set_priority (&(*priority_cache)->supported_ecc, supported_ecc_suiteb192);
772
else if (strcasecmp (broken_list[i], "EXPORT") == 0)
774
_set_priority (&(*priority_cache)->cipher, cipher_priority_export);
775
_set_priority (&(*priority_cache)->kx, kx_priority_export);
776
_set_priority (&(*priority_cache)->mac, mac_priority_secure128);
777
_set_priority (&(*priority_cache)->sign_algo,
778
sign_priority_default);
779
_set_priority (&(*priority_cache)->supported_ecc, supported_ecc_normal);
780
} /* now check if the element is something like -ALGO */
891
if (check_level(broken_list[i], *priority_cache, 0) != 0)
781
895
else if (broken_list[i][0] == '!' || broken_list[i][0] == '+'
782
896
|| broken_list[i][0] == '-')
784
898
if (broken_list[i][0] == '+')
787
bulk_fn = _set_priority;
901
bulk_fn = _add_priority;
1291
* gnutls_priority_kx_list:
1292
* @pcache: is a #gnutls_prioritity_t structure.
1293
* @list: will point to an integer list
1295
* Get a list of available key exchange methods in the priority
1298
* Returns: the number of curves, or an error code.
1302
gnutls_priority_kx_list (gnutls_priority_t pcache, const unsigned int** list)
1304
if (pcache->kx.algorithms == 0)
1307
*list = pcache->kx.priority;
1308
return pcache->kx.algorithms;
1312
* gnutls_priority_cipher_list:
1313
* @pcache: is a #gnutls_prioritity_t structure.
1314
* @list: will point to an integer list
1316
* Get a list of available ciphers in the priority
1319
* Returns: the number of curves, or an error code.
1323
gnutls_priority_cipher_list (gnutls_priority_t pcache, const unsigned int** list)
1325
if (pcache->cipher.algorithms == 0)
1328
*list = pcache->cipher.priority;
1329
return pcache->cipher.algorithms;
1333
* gnutls_priority_mac_list:
1334
* @pcache: is a #gnutls_prioritity_t structure.
1335
* @list: will point to an integer list
1337
* Get a list of available MAC algorithms in the priority
1340
* Returns: the number of curves, or an error code.
1344
gnutls_priority_mac_list (gnutls_priority_t pcache, const unsigned int** list)
1346
if (pcache->mac.algorithms == 0)
1349
*list = pcache->mac.priority;
1350
return pcache->mac.algorithms;
1154
1354
* gnutls_priority_compression_list:
1155
1355
* @pcache: is a #gnutls_prioritity_t structure.
1156
1356
* @list: will point to an integer list