Add explicit digest mapping functions (for OCSP).
[gnutls:gnutls.git] / lib / algorithms.h
1 /*
2  * Copyright (C) 2000-2011 Free Software Foundation, Inc.
3  *
4  * Author: Nikos Mavrogiannopoulos
5  *
6  * This file is part of GnuTLS.
7  *
8  * The GnuTLS is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public License
10  * as published by the Free Software Foundation; either version 3 of
11  * the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public License
19  * along with this program.  If not, see <http://www.gnu.org/licenses/>
20  *
21  */
22
23 #ifndef ALGORITHMS_H
24 #define ALGORITHMS_H
25
26 #include "gnutls_auth.h"
27
28 #define GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR 0x00
29 #define GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR 0xFF
30
31 /* would allow for 256 ciphersuites */
32 #define MAX_CIPHERSUITE_SIZE 512
33
34 /* Functions for version handling. */
35 gnutls_protocol_t _gnutls_version_lowest (gnutls_session_t session);
36 gnutls_protocol_t _gnutls_version_max (gnutls_session_t session);
37 int _gnutls_version_priority (gnutls_session_t session,
38                               gnutls_protocol_t version);
39 int _gnutls_version_is_supported (gnutls_session_t session,
40                                   const gnutls_protocol_t version);
41 int _gnutls_version_get_major (gnutls_protocol_t ver);
42 int _gnutls_version_get_minor (gnutls_protocol_t ver);
43 gnutls_protocol_t _gnutls_version_get (int major, int minor);
44
45 /* Functions for feature checks */
46 int _gnutls_version_has_selectable_prf (gnutls_protocol_t version);
47 int _gnutls_version_has_selectable_sighash (gnutls_protocol_t version);
48 int _gnutls_version_has_extensions (gnutls_protocol_t version);
49 int _gnutls_version_has_explicit_iv (gnutls_protocol_t version);
50
51 /* Functions for MACs. */
52 int _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm);
53 gnutls_mac_algorithm_t _gnutls_x509_oid2mac_algorithm (const char *oid);
54 const char *_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t mac);
55
56 /* Functions for digests. */
57 gnutls_digest_algorithm_t _gnutls_x509_oid2digest_algorithm (const char *oid);
58 const char *_gnutls_x509_digest_to_oid (gnutls_digest_algorithm_t algorithm);
59 const char *_gnutls_digest_get_name (gnutls_digest_algorithm_t algorithm);
60
61 /* Functions for cipher suites. */
62 int _gnutls_supported_ciphersuites (gnutls_session_t session,
63                                     uint8_t* cipher_suites, int max_cipher_suite_size);
64 int _gnutls_supported_ciphersuites_sorted (gnutls_session_t session,
65                                            uint8_t* cipher_suites, int max_cipher_suite_size);
66 const char *_gnutls_cipher_suite_get_name (cipher_suite_st * algorithm);
67 gnutls_mac_algorithm_t _gnutls_cipher_suite_get_prf (const cipher_suite_st * suite);
68 gnutls_cipher_algorithm_t _gnutls_cipher_suite_get_cipher_algo (const
69                                                                 cipher_suite_st
70                                                                 * algorithm);
71 gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st
72                                                         * algorithm);
73 gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
74                                                           cipher_suite_st *
75                                                           algorithm);
76 cipher_suite_st _gnutls_cipher_suite_get_suite_name (cipher_suite_st *
77                                                      algorithm);
78
79 /* Functions for ciphers. */
80 int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm);
81 int _gnutls_cipher_algo_is_aead (gnutls_cipher_algorithm_t algorithm);
82 int _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm);
83 int _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm);
84 int _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm);
85 /* at least for now iv_size == tag_size */
86 #define _gnutls_cipher_get_tag_size _gnutls_cipher_get_iv_size
87
88 /* Functions for key exchange. */
89 int _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm);
90 int _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm);
91 mod_auth_st *_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm);
92 int _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm);
93
94 /* Type to KX mappings. */
95 gnutls_kx_algorithm_t _gnutls_map_kx_get_kx (gnutls_credentials_type_t type,
96                                              int server);
97 gnutls_credentials_type_t _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t
98                                                    algorithm, int server);
99
100 /* KX to PK mapping. */
101
102 /* DSA + RSA + ECC */
103 #define GNUTLS_DISTINCT_PK_ALGORITHMS 3
104 gnutls_pk_algorithm_t _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t
105                                              kx_algorithm);
106 gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm (const char *oid);
107 const char *_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t pk);
108
109 enum encipher_type
110 { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
111
112 enum encipher_type _gnutls_kx_encipher_type (gnutls_kx_algorithm_t algorithm);
113
114 /* Functions for sign algorithms. */
115 gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid);
116 gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk,
117                                                  gnutls_digest_algorithm_t mac);
118 gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign);
119 const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
120                                       gnutls_digest_algorithm_t mac);
121 gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st *
122                                                  aid);
123 const sign_algorithm_st* _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
124 gnutls_digest_algorithm_t
125 _gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t);
126 gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
127
128 int _gnutls_mac_priority (gnutls_session_t session,
129                           gnutls_mac_algorithm_t algorithm);
130 int _gnutls_cipher_priority (gnutls_session_t session,
131                              gnutls_cipher_algorithm_t algorithm);
132 int _gnutls_kx_priority (gnutls_session_t session,
133                          gnutls_kx_algorithm_t algorithm);
134
135 unsigned int _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits);
136
137 /* ECC */
138 struct gnutls_ecc_curve_entry_st
139 {
140   const char *name;
141   const char* oid;
142   gnutls_ecc_curve_t id;
143   int tls_id; /* The RFC4492 namedCurve ID */
144   int size; /* the size in bytes */
145
146   /** The prime that defines the field the curve is in (encoded in hex) */
147   const char *prime;
148   /** The fields A param (hex) */
149   const char *A;
150   /** The fields B param (hex) */
151   const char *B;
152   /** The order of the curve (hex) */
153   const char *order;
154   /** The x co-ordinate of the base point on the curve (hex) */
155   const char *Gx;
156   /** The y co-ordinate of the base point on the curve (hex) */
157   const char *Gy;
158 };
159 typedef struct gnutls_ecc_curve_entry_st gnutls_ecc_curve_entry_st;
160
161 const gnutls_ecc_curve_entry_st * _gnutls_ecc_curve_get_params (gnutls_ecc_curve_t curve);
162 gnutls_ecc_curve_t _gnutls_ecc_curve_get_id (const char *name);
163 int _gnutls_tls_id_to_ecc_curve (int num);
164 int _gnutls_ecc_curve_get_tls_id (gnutls_ecc_curve_t supported_ecc);
165 const char * _gnutls_ecc_curve_get_oid (gnutls_ecc_curve_t curve);
166 gnutls_ecc_curve_t _gnutls_oid_to_ecc_curve (const char* oid);
167 gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve (int bits);
168 #define MAX_ECC_CURVE_SIZE 66
169
170 static inline int _gnutls_kx_is_ecc(gnutls_kx_algorithm_t kx)
171 {
172   if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA  ||
173     kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK)
174     return 1;
175
176   return 0;
177 }
178
179 #endif