static void try_prio (const char* prio, unsigned expected_cs, unsigned expected_ciphers) { int ret; gnutls_priority_t p; const char* err; const unsigned int * t; unsigned i, si, count = 0; /* this must be called once in the program */ global_init (); ret = gnutls_priority_init(&p, prio, &err); if (ret < 0) { fprintf(stderr, "error: %s: %s\n", gnutls_strerror(ret), err); exit(1); } for (i=0;;i++) { ret = gnutls_priority_get_cipher_suite_index(p, i, &si); if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue; else if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; else if (ret == 0) { count++; /* fprintf(stderr, "%s\n", gnutls_cipher_suite_info(si, NULL, NULL, NULL, NULL, NULL)); */ } } ret = gnutls_priority_cipher_list (p, &t); if ((unsigned)ret != expected_ciphers) { #if 0 for (i=0;i<ret;i++) fprintf(stderr, "%s\n", gnutls_cipher_get_name(t[i])); #endif fail("expected %d ciphers, found %d\n", expected_ciphers, ret); exit(1); } gnutls_priority_deinit(p); /* fprintf(stderr, "count: %d\n", count); */ if (debug) success ("finished: %s\n", prio); if (count != expected_cs) { fail("expected %d ciphersuites, found %d\n", expected_cs, count); exit(1); } }
wxString CTlsSocket::ListTlsCiphers(wxString priority) { if (priority.IsEmpty()) priority = wxString::FromUTF8(ciphers); wxString list = wxString::Format(_T("Ciphers for %s:\n"), priority.c_str()); #if GNUTLS_VERSION_NUMBER >= 0x030009 gnutls_priority_t pcache; const char *err = 0; int ret = gnutls_priority_init(&pcache, priority.mb_str(), &err); if (ret < 0) { list += wxString::Format(_T("gnutls_priority_init failed with code %d: %s"), ret, wxString::FromUTF8(err ? err : "").c_str()); return list; } else { for (size_t i = 0; ; i++) { unsigned int idx; ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue; gnutls_protocol_t version; unsigned char id[2]; const char* name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version); if (name != 0) { list += wxString::Format( _T("%-50s 0x%02x, 0x%02x %s\n"), wxString::FromUTF8(name).c_str(), (unsigned char)id[0], (unsigned char)id[1], wxString::FromUTF8(gnutls_protocol_get_name(version)).c_str()); } } } #else list += _T("Unknown\n"); #endif return list; }
static void print_cipher_suite_list(const char *priorities) { size_t i; int ret; unsigned int idx; const char *name; const char *err; unsigned char id[2]; gnutls_protocol_t version; gnutls_priority_t pcache; if (priorities != NULL) { printf("Cipher suites for %s\n", priorities); ret = gnutls_priority_init(&pcache, priorities, &err); if (ret < 0) { fprintf(stderr, "Syntax error at: %s\n", err); exit(1); } for (i = 0;; i++) { ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue; name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version); if (name != NULL) printf("%-50s\t0x%02x, 0x%02x\t%s\n", name, (unsigned char) id[0], (unsigned char) id[1], gnutls_protocol_get_name(version)); } return; } }
void print_list (const char *priorities, int verbose) { size_t i; int ret; unsigned int idx; const char *name; const char *err; unsigned char id[2]; gnutls_kx_algorithm_t kx; gnutls_cipher_algorithm_t cipher; gnutls_mac_algorithm_t mac; gnutls_protocol_t version; gnutls_priority_t pcache; const unsigned int *list; if (priorities != NULL) { printf ("Cipher suites for %s\n", priorities); ret = gnutls_priority_init (&pcache, priorities, &err); if (ret < 0) { fprintf (stderr, "Syntax error at: %s\n", err); exit (1); } for (i = 0;; i++) { ret = gnutls_priority_get_cipher_suite_index (pcache, i, &idx); if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break; if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue; name = gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL, &version); if (name != NULL) printf ("%-50s\t0x%02x, 0x%02x\t%s\n", name, (unsigned char) id[0], (unsigned char) id[1], gnutls_protocol_get_name (version)); } printf("\n"); { ret = gnutls_priority_certificate_type_list (pcache, &list); printf ("Certificate types: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("CTYPE-%s", gnutls_certificate_type_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } { ret = gnutls_priority_protocol_list (pcache, &list); printf ("Protocols: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("VERS-%s", gnutls_protocol_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } { ret = gnutls_priority_compression_list (pcache, &list); printf ("Compression: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("COMP-%s", gnutls_compression_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } { ret = gnutls_priority_ecc_curve_list (pcache, &list); printf ("Elliptic curves: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("CURVE-%s", gnutls_ecc_curve_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } { ret = gnutls_priority_sign_list (pcache, &list); printf ("PK-signatures: "); if (ret == 0) printf("none\n"); for (i = 0; i < (unsigned)ret; i++) { printf ("SIGN-%s", gnutls_sign_algorithm_get_name (list[i])); if (i+1!=(unsigned)ret) printf (", "); else printf ("\n"); } } return; } printf ("Cipher suites:\n"); for (i = 0; (name = gnutls_cipher_suite_info (i, id, &kx, &cipher, &mac, &version)); i++) { printf ("%-50s\t0x%02x, 0x%02x\t%s\n", name, (unsigned char) id[0], (unsigned char) id[1], gnutls_protocol_get_name (version)); if (verbose) printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n", gnutls_kx_get_name (kx), gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac)); } printf("\n"); { const gnutls_certificate_type_t *p = gnutls_certificate_type_list (); printf ("Certificate types: "); for (; *p; p++) { printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_protocol_t *p = gnutls_protocol_list (); printf ("Protocols: "); for (; *p; p++) { printf ("VERS-%s", gnutls_protocol_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_cipher_algorithm_t *p = gnutls_cipher_list (); printf ("Ciphers: "); for (; *p; p++) { printf ("%s", gnutls_cipher_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_mac_algorithm_t *p = gnutls_mac_list (); printf ("MACs: "); for (; *p; p++) { printf ("%s", gnutls_mac_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_kx_algorithm_t *p = gnutls_kx_list (); printf ("Key exchange algorithms: "); for (; *p; p++) { printf ("%s", gnutls_kx_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_compression_method_t *p = gnutls_compression_list (); printf ("Compression: "); for (; *p; p++) { printf ("COMP-%s", gnutls_compression_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list (); printf ("Elliptic curves: "); for (; *p; p++) { printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_pk_algorithm_t *p = gnutls_pk_list (); printf ("Public Key Systems: "); for (; *p; p++) { printf ("%s", gnutls_pk_algorithm_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } { const gnutls_sign_algorithm_t *p = gnutls_sign_list (); printf ("PK-signatures: "); for (; *p; p++) { printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p)); if (*(p + 1)) printf (", "); else printf ("\n"); } } }