gnutls_ecc_curve_t str_to_curve(const char *str) { unsigned num = 0; const gnutls_ecc_curve_t *list, *p; list = gnutls_ecc_curve_list(); p = list; while(*p != 0) { if (strcasecmp(str, gnutls_ecc_curve_get_name(*p)) == 0) return *p; p++; num++; } fprintf(stderr, "Unsupported curve: %s\nAvailable curves:\n", str); if (num == 0) printf("none\n"); p = list; while(*p != 0) { fprintf(stderr, "\t- %s\n", gnutls_ecc_curve_get_name(*p)); p++; } exit(1); }
static inline int is_supported_curve(int curve) { if (gnutls_ecc_curve_get_name(curve) != NULL) return 1; else return 0; }
void _gnutls_session_ecc_curve_set (gnutls_session_t session, gnutls_ecc_curve_t c) { _gnutls_handshake_log("HSK[%p]: Selected ECC curve %s (%d)\n", session, gnutls_ecc_curve_get_name(c), c); session->security_parameters.ecc_curve = c; }
test_code_t test_ecdhe_curve (gnutls_session_t session) { if (curve == GNUTLS_ECC_CURVE_INVALID) return TEST_IGNORE; printf ("\n Curve %s", gnutls_ecc_curve_get_name(curve)); return TEST_SUCCEED; }
void print_ecc_pkey(FILE * outfile, gnutls_ecc_curve_t curve, gnutls_datum_t * k, gnutls_datum_t * x, gnutls_datum_t * y, int cprint) { if (cprint != 0) fprintf(outfile, "/* curve: %s */\n", gnutls_ecc_curve_get_name(curve)); else fprintf(outfile, "curve:\t%s\n", gnutls_ecc_curve_get_name(curve)); if (k) { print_head(outfile, "private key", k->size, cprint); print_hex_datum(outfile, k, cprint); } print_head(outfile, "x", x->size, cprint); print_hex_datum(outfile, x, cprint); print_head(outfile, "y", y->size, cprint); print_hex_datum(outfile, y, cprint); }
static void print_ecdh_info(gnutls_session_t session, const char *str) { int curve; printf("- %sEC Diffie-Hellman parameters\n", str); curve = gnutls_ecc_curve_get(session); printf(" - Using curve: %s\n", gnutls_ecc_curve_get_name(curve)); printf(" - Curve size: %d bits\n", gnutls_ecc_curve_get_size(curve) * 8); }
void print_ecc_pkey (FILE* outfile, gnutls_ecc_curve_t curve, gnutls_datum_t* k, gnutls_datum_t * x, gnutls_datum_t * y) { fprintf (outfile, "curve:\t%s\n", gnutls_ecc_curve_get_name(curve)); if (k) { fprintf (outfile, "private key:"); print_hex_datum (outfile, k); } fprintf (outfile, "x:"); print_hex_datum (outfile, x); fprintf (outfile, "y:"); print_hex_datum (outfile, y); }
void print_list (const char *priorities, int verbose) { size_t i; int ret; unsigned int idx; const char *name; const char *err; unsigned char id[2]; gnutls_kx_algorithm_t kx; gnutls_cipher_algorithm_t cipher; gnutls_mac_algorithm_t mac; gnutls_protocol_t version; gnutls_priority_t pcache; const unsigned int *list; if (priorities != NULL) { printf ("Cipher suites for %s\n", priorities); ret = gnutls_priority_init (&pcache, priorities, &err); if (ret < 0) { fprintf (stderr, "Syntax error at: %s\n", err); exit (1); } for (i = 0;; i++) { ret = gnutls_priority_get_cipher_suite_index (pcache, i, &idx); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue; name = gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL, &version); if (name != NULL) printf ("%-50s\t0x%02x, 0x%02x\t%s\n", name, (unsigned char) id[0], (unsigned char) id[1], gnutls_protocol_get_name (version)); } printf("\n"); { ret = gnutls_priority_certificate_type_list (pcache, &list); printf ("Certificate types: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("CTYPE-%s", gnutls_certificate_type_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } { ret = gnutls_priority_protocol_list (pcache, &list); printf ("Protocols: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("VERS-%s", gnutls_protocol_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } { ret = gnutls_priority_compression_list (pcache, &list); printf ("Compression: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("COMP-%s", gnutls_compression_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } { ret = gnutls_priority_ecc_curve_list (pcache, &list); printf ("Elliptic curves: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("CURVE-%s", gnutls_ecc_curve_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } { ret = gnutls_priority_sign_list (pcache, &list); printf ("PK-signatures: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("SIGN-%s", gnutls_sign_algorithm_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } return; } printf ("Cipher suites:\n"); for (i = 0; (name = gnutls_cipher_suite_info (i, id, &kx, &cipher, &mac, &version)); i++) { printf ("%-50s\t0x%02x, 0x%02x\t%s\n", name, (unsigned char) id[0], (unsigned char) id[1], gnutls_protocol_get_name (version)); if (verbose) printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n", gnutls_kx_get_name (kx), gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac)); } printf("\n"); { const gnutls_certificate_type_t *p = gnutls_certificate_type_list (); printf ("Certificate types: "); for (; *p; p++) { printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_protocol_t *p = gnutls_protocol_list (); printf ("Protocols: "); for (; *p; p++) { printf ("VERS-%s", gnutls_protocol_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_cipher_algorithm_t *p = gnutls_cipher_list (); printf ("Ciphers: "); for (; *p; p++) { printf ("%s", gnutls_cipher_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_mac_algorithm_t *p = gnutls_mac_list (); printf ("MACs: "); for (; *p; p++) { printf ("%s", gnutls_mac_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_kx_algorithm_t *p = gnutls_kx_list (); printf ("Key exchange algorithms: "); for (; *p; p++) { printf ("%s", gnutls_kx_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_compression_method_t *p = gnutls_compression_list (); printf ("Compression: "); for (; *p; p++) { printf ("COMP-%s", gnutls_compression_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list (); printf ("Elliptic curves: "); for (; *p; p++) { printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_pk_algorithm_t *p = gnutls_pk_list (); printf ("Public Key Systems: "); for (; *p; p++) { printf ("%s", gnutls_pk_algorithm_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_sign_algorithm_t *p = gnutls_sign_list (); printf ("PK-signatures: "); for (; *p; p++) { printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } }
/** * gnutls_session_get_desc: * @session: is a gnutls session * * This function returns a string describing the current session. * The string is null terminated and allocated using gnutls_malloc(). * * Returns: a description of the protocols and algorithms in the current session. * * Since: 3.1.10 **/ char *gnutls_session_get_desc(gnutls_session_t session) { gnutls_kx_algorithm_t kx; unsigned type; char kx_name[32]; char proto_name[32]; const char *curve_name = NULL; unsigned dh_bits = 0; unsigned mac_id; char *desc; kx = session->security_parameters.kx_algorithm; if (kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK || kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) { curve_name = gnutls_ecc_curve_get_name(gnutls_ecc_curve_get (session)); } else if (kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK || kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) { dh_bits = gnutls_dh_get_prime_bits(session); } if (curve_name != NULL) snprintf(kx_name, sizeof(kx_name), "%s-%s", gnutls_kx_get_name(kx), curve_name); else if (dh_bits != 0) snprintf(kx_name, sizeof(kx_name), "%s-%u", gnutls_kx_get_name(kx), dh_bits); else snprintf(kx_name, sizeof(kx_name), "%s", gnutls_kx_get_name(kx)); type = gnutls_certificate_type_get(session); if (type == GNUTLS_CRT_X509) snprintf(proto_name, sizeof(proto_name), "%s", gnutls_protocol_get_name(get_num_version (session))); else snprintf(proto_name, sizeof(proto_name), "%s-%s", gnutls_protocol_get_name(get_num_version (session)), gnutls_certificate_type_get_name(type)); gnutls_protocol_get_name(get_num_version(session)), desc = gnutls_malloc(DESC_SIZE); if (desc == NULL) return NULL; mac_id = gnutls_mac_get(session); if (mac_id == GNUTLS_MAC_AEAD) { /* no need to print */ snprintf(desc, DESC_SIZE, "(%s)-(%s)-(%s)", proto_name, kx_name, gnutls_cipher_get_name(gnutls_cipher_get(session))); } else { snprintf(desc, DESC_SIZE, "(%s)-(%s)-(%s)-(%s)", proto_name, kx_name, gnutls_cipher_get_name(gnutls_cipher_get(session)), gnutls_mac_get_name(mac_id)); } return desc; }
static void main_texinfo (void) { { size_t i; const char *name; char id[2]; gnutls_kx_algorithm_t kx; gnutls_cipher_algorithm_t cipher; gnutls_mac_algorithm_t mac; gnutls_protocol_t version; printf ("@heading Ciphersuites\n"); printf ("@multitable @columnfractions .60 .20 .20\n"); printf("@headitem Ciphersuite name @tab TLS ID @tab Since\n"); for (i = 0; (name = gnutls_cipher_suite_info (i, id, &kx, &cipher, &mac, &version)); i++) { printf ("@item %s\n@tab 0x%02X 0x%02X\n@tab %s\n", escape_texi_string(name, buffer, sizeof(buffer)), (unsigned char) id[0], (unsigned char) id[1], gnutls_protocol_get_name (version)); } printf ("@end multitable\n"); } { const gnutls_certificate_type_t *p = gnutls_certificate_type_list (); printf ("\n\n@heading Certificate types\n"); printf ("@table @code\n"); for (; *p; p++) { printf ("@item %s\n", gnutls_certificate_type_get_name (*p)); } printf ("@end table\n"); } { const gnutls_protocol_t *p = gnutls_protocol_list (); printf ("\n@heading Protocols\n@table @code\n"); for (; *p; p++) { printf ("@item %s\n", gnutls_protocol_get_name (*p)); } printf ("@end table\n"); } { const gnutls_cipher_algorithm_t *p = gnutls_cipher_list (); printf ("\n@heading Ciphers\n@table @code\n"); for (; *p; p++) { printf ("@item %s\n", gnutls_cipher_get_name (*p)); } printf ("@end table\n"); } { const gnutls_mac_algorithm_t *p = gnutls_mac_list (); printf ("\n@heading MAC algorithms\n@table @code\n"); for (; *p; p++) { printf ("@item %s\n", gnutls_mac_get_name (*p)); } printf ("@end table\n"); } { const gnutls_kx_algorithm_t *p = gnutls_kx_list (); printf ("\n@heading Key exchange methods\n@table @code\n"); for (; *p; p++) { printf ("@item %s\n", gnutls_kx_get_name (*p)); } printf ("@end table\n"); } { const gnutls_pk_algorithm_t *p = gnutls_pk_list (); printf ("\n@heading Public key algorithms\n@table @code\n"); for (; *p; p++) { printf ("@item %s\n", gnutls_pk_get_name (*p)); } printf ("@end table\n"); } { const gnutls_sign_algorithm_t *p = gnutls_sign_list (); printf ("\n@heading Public key signature algorithms\n@table @code\n"); for (; *p; p++) { printf ("@item %s\n", gnutls_sign_get_name (*p)); } printf ("@end table\n"); } { const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list (); printf ("\n@heading Elliptic curves\n@table @code\n"); for (; *p; p++) { printf ("@item %s\n", gnutls_ecc_curve_get_name (*p)); } printf ("@end table\n"); } { const gnutls_compression_method_t *p = gnutls_compression_list (); printf ("\n@heading Compression methods\n@table @code\n"); for (; *p; p++) { printf ("@item %s\n", gnutls_compression_get_name (*p)); } printf ("@end table\n"); } }
/** * gnutls_session_get_desc: * @session: is a gnutls session * * This function returns a string describing the current session. * The string is null terminated and allocated using gnutls_malloc(). * * If initial negotiation is not complete when this function is called, * %NULL will be returned. * * Returns: a description of the protocols and algorithms in the current session. * * Since: 3.1.10 **/ char *gnutls_session_get_desc(gnutls_session_t session) { gnutls_kx_algorithm_t kx; const char *kx_str; unsigned type; char kx_name[32]; char proto_name[32]; const char *curve_name = NULL; unsigned dh_bits = 0; unsigned mac_id; char *desc; if (session->internals.initial_negotiation_completed == 0) return NULL; kx = session->security_parameters.kx_algorithm; if (kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK || kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) { curve_name = gnutls_ecc_curve_get_name(gnutls_ecc_curve_get (session)); #if defined(ENABLE_DHE) || defined(ENABLE_ANON) } else if (kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK || kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) { dh_bits = gnutls_dh_get_prime_bits(session); #endif } kx_str = gnutls_kx_get_name(kx); if (kx_str) { if (curve_name != NULL) snprintf(kx_name, sizeof(kx_name), "%s-%s", kx_str, curve_name); else if (dh_bits != 0) snprintf(kx_name, sizeof(kx_name), "%s-%u", kx_str, dh_bits); else snprintf(kx_name, sizeof(kx_name), "%s", kx_str); } else { strcpy(kx_name, "NULL"); } type = gnutls_certificate_type_get(session); if (type == GNUTLS_CRT_X509) snprintf(proto_name, sizeof(proto_name), "%s", gnutls_protocol_get_name(get_num_version (session))); else snprintf(proto_name, sizeof(proto_name), "%s-%s", gnutls_protocol_get_name(get_num_version (session)), gnutls_certificate_type_get_name(type)); desc = gnutls_malloc(DESC_SIZE); if (desc == NULL) return NULL; mac_id = gnutls_mac_get(session); if (mac_id == GNUTLS_MAC_AEAD) { /* no need to print */ snprintf(desc, DESC_SIZE, "(%s)-(%s)-(%s)", proto_name, kx_name, gnutls_cipher_get_name(gnutls_cipher_get(session))); } else { snprintf(desc, DESC_SIZE, "(%s)-(%s)-(%s)-(%s)", proto_name, kx_name, gnutls_cipher_get_name(gnutls_cipher_get(session)), gnutls_mac_get_name(mac_id)); } return desc; }
static void privkey_info_int(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t key) { int ret, key_type; unsigned int bits = 0; size_t size; const char *cprint; /* Public key algorithm */ fprintf(outfile, "Public Key Info:\n"); ret = gnutls_x509_privkey_get_pk_algorithm2(key, &bits); fprintf(outfile, "\tPublic Key Algorithm: "); key_type = ret; cprint = gnutls_pk_algorithm_get_name(key_type); fprintf(outfile, "%s\n", cprint ? cprint : "Unknown"); fprintf(outfile, "\tKey Security Level: %s (%u bits)\n\n", gnutls_sec_param_get_name(gnutls_x509_privkey_sec_param (key)), bits); /* Print the raw public and private keys */ if (key_type == GNUTLS_PK_RSA) { gnutls_datum_t m, e, d, p, q, u, exp1, exp2; ret = gnutls_x509_privkey_export_rsa_raw2(key, &m, &e, &d, &p, &q, &u, &exp1, &exp2); if (ret < 0) fprintf(stderr, "Error in key RSA data export: %s\n", gnutls_strerror(ret)); else { print_rsa_pkey(outfile, &m, &e, &d, &p, &q, &u, &exp1, &exp2, cinfo->cprint); gnutls_free(m.data); gnutls_free(e.data); gnutls_free(d.data); gnutls_free(p.data); gnutls_free(q.data); gnutls_free(u.data); gnutls_free(exp1.data); gnutls_free(exp2.data); } } else if (key_type == GNUTLS_PK_DSA) { gnutls_datum_t p, q, g, y, x; ret = gnutls_x509_privkey_export_dsa_raw(key, &p, &q, &g, &y, &x); if (ret < 0) fprintf(stderr, "Error in key DSA data export: %s\n", gnutls_strerror(ret)); else { print_dsa_pkey(outfile, &x, &y, &p, &q, &g, cinfo->cprint); gnutls_free(x.data); gnutls_free(y.data); gnutls_free(p.data); gnutls_free(q.data); gnutls_free(g.data); } } else if (key_type == GNUTLS_PK_EC) { gnutls_datum_t y, x, k; gnutls_ecc_curve_t curve; ret = gnutls_x509_privkey_export_ecc_raw(key, &curve, &x, &y, &k); if (ret < 0) fprintf(stderr, "Error in key ECC data export: %s\n", gnutls_strerror(ret)); else { cprint = gnutls_ecc_curve_get_name(curve); bits = 0; print_ecc_pkey(outfile, curve, &k, &x, &y, cinfo->cprint); gnutls_free(x.data); gnutls_free(y.data); gnutls_free(k.data); } } fprintf(outfile, "\n"); size = lbuffer_size; ret = gnutls_x509_privkey_get_seed(key, NULL, lbuffer, &size); if (ret >= 0) { fprintf(outfile, "Seed: %s\n", raw_to_string(lbuffer, size)); } size = lbuffer_size; ret = gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA256, lbuffer, &size); if (ret < 0) { fprintf(stderr, "Error in key id calculation: %s\n", gnutls_strerror(ret)); } else { gnutls_datum_t art; fprintf(outfile, "Public Key ID:\n\tsha256:%s\n", raw_to_string(lbuffer, size)); size = lbuffer_size; ret = gnutls_x509_privkey_get_key_id(key, GNUTLS_KEYID_USE_SHA1, lbuffer, &size); if (ret >= 0) { fprintf(outfile, "\tsha1:%s\n", raw_to_string(lbuffer, size)); } ret = gnutls_random_art(GNUTLS_RANDOM_ART_OPENSSH, cprint, bits, lbuffer, size, &art); if (ret >= 0) { fprintf(outfile, "Public key's random art:\n%s\n", art.data); gnutls_free(art.data); } } fprintf(outfile, "\n"); }
/* This function will print some details of the * given session. */ int print_info (gnutls_session_t session) { const char *tmp; gnutls_credentials_type_t cred; gnutls_kx_algorithm_t kx; int dhe, ecdh; dhe = ecdh = 0; /* print the key exchange's algorithm name */ kx = gnutls_kx_get (session); tmp = gnutls_kx_get_name (kx); printf ("- Key Exchange: %s\n", tmp); /* Check the authentication type used and switch * to the appropriate. */ cred = gnutls_auth_get_type (session); switch (cred) { case GNUTLS_CRD_IA: printf ("- TLS/IA session\n"); break; #ifdef ENABLE_SRP case GNUTLS_CRD_SRP: printf ("- SRP session with username %s\n", gnutls_srp_server_get_username (session)); break; #endif case GNUTLS_CRD_PSK: /* This returns NULL in server side. */ if (gnutls_psk_client_get_hint (session) != NULL) printf ("- PSK authentication. PSK hint '%s'\n", gnutls_psk_client_get_hint (session)); /* This returns NULL in client side. */ if (gnutls_psk_server_get_username (session) != NULL) printf ("- PSK authentication. Connected as '%s'\n", gnutls_psk_server_get_username (session)); if (kx == GNUTLS_KX_ECDHE_PSK) ecdh = 1; else if (kx == GNUTLS_KX_DHE_PSK) dhe = 1; break; case GNUTLS_CRD_ANON: /* anonymous authentication */ printf ("- Anonymous authentication.\n"); if (kx == GNUTLS_KX_ANON_ECDH) ecdh = 1; else if (kx == GNUTLS_KX_ANON_DH) dhe = 1; break; case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */ /* Check if we have been using ephemeral Diffie-Hellman. */ if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) dhe = 1; else if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA) ecdh = 1; /* if the certificate list is available, then * print some information about it. */ print_x509_certificate_info (session); } /* switch */ if (ecdh != 0) printf ("- Ephemeral ECDH using curve %s\n", gnutls_ecc_curve_get_name (gnutls_ecc_curve_get (session))); else if (dhe != 0) printf ("- Ephemeral DH using prime of %d bits\n", gnutls_dh_get_prime_bits (session)); /* print the protocol's name (ie TLS 1.0) */ tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session)); printf ("- Protocol: %s\n", tmp); /* print the certificate type of the peer. * ie X.509 */ tmp = gnutls_certificate_type_get_name (gnutls_certificate_type_get (session)); printf ("- Certificate Type: %s\n", tmp); /* print the compression algorithm (if any) */ tmp = gnutls_compression_get_name (gnutls_compression_get (session)); printf ("- Compression: %s\n", tmp); /* print the name of the cipher used. * ie 3DES. */ tmp = gnutls_cipher_get_name (gnutls_cipher_get (session)); printf ("- Cipher: %s\n", tmp); /* Print the MAC algorithms name. * ie SHA1 */ tmp = gnutls_mac_get_name (gnutls_mac_get (session)); printf ("- MAC: %s\n", tmp); return 0; }