bool Digest::has(const char *id)
{
if(eq_case(id, "md5"))
return true;
if(eq_case(id, "sha1") || eq_case(id, "sha"))
return true;
return false;
}
void Cipher::Key::set(const char *cipher, const char *digest)
{
set(cipher);
// never use sha0...
if(eq_case(digest, "sha") || eq_case(digest, "sha160"))
digest = "sha1";
hashtype = EVP_get_digestbyname(digest);
}
void Digest::set(const char *type)
{
release();
if(eq_case(type, "md5")) {
hashtype = "m";
context = new MD5_CTX;
MD5Init((MD5_CTX*)context);
}
else if(eq_case(type, "sha") || eq_case(type, "sha1")) {
hashtype = "s";
context = new SHA1_CTX;
SHA1Init((SHA1_CTX*)context);
}
}
secure::error_t secure::verify(session_t session, const char *peername)
{
SSL *ssl = (SSL *)session;
char peer_cn[256];
if(SSL_get_verify_result(ssl) != X509_V_OK)
return secure::INVALID_CERTIFICATE;
if(!peername)
return secure::OK;
X509 *peer = SSL_get_peer_certificate(ssl);
if(!peer)
return secure::INVALID_PEERNAME;
X509_NAME_get_text_by_NID(
X509_get_subject_name(peer),
NID_commonName, peer_cn, sizeof(peer_cn));
if(!eq_case(peer_cn, peername))
return secure::INVALID_PEERNAME;
return secure::OK;
}
void Digest::set(const char *type)
{
secure::init();
release();
// never use sha0
if(eq_case(type, "sha") || eq_case(type, "sha160"))
type = "sha1";
hashtype = (void *)EVP_get_digestbyname(type);
if(hashtype) {
context = new EVP_MD_CTX;
EVP_MD_CTX_init((EVP_MD_CTX *)context);
EVP_DigestInit_ex((EVP_MD_CTX *)context, (const EVP_MD *)hashtype, NULL);
}
}
int __context::map_digest(const char *type)
{
if(eq_case(type, "sha") || eq_case(type, "sha1"))
return GNUTLS_DIG_SHA1;
else if(eq_case(type, "sha256"))
return GNUTLS_DIG_SHA256;
else if(eq_case(type, "sha512"))
return GNUTLS_DIG_SHA512;
else if(eq_case(type, "md5"))
return GNUTLS_DIG_MD5;
else if(eq_case(type, "md2"))
return GNUTLS_DIG_MD2;
else if(eq_case(type, "rmd160"))
return GNUTLS_DIG_RMD160;
else
return 0;
}
int __context::map_cipher(const char *cipher)
{
char algoname[64];
enum {
NONE, CBC, ECB, CFB, OFB
} modeid;
String::set(algoname, sizeof(algoname), cipher);
char *fpart = strchr(algoname, '-');
char *lpart = strrchr(algoname, '-');
modeid = NONE;
if(lpart) {
if(fpart != lpart)
*(fpart++) = 0;
else
++fpart;
*(lpart++) = 0;
if(eq_case(lpart, "cbc"))
modeid = CBC;
else if(eq_case(lpart, "ecb"))
modeid = ECB;
else if(eq_case(lpart, "cfb") || eq_case(lpart, "pgp"))
modeid = CFB;
else if(eq_case(lpart, "ofb"))
modeid = OFB;
else
modeid = NONE;
}
else if(eq_case(cipher, "aes128") || eq_case(cipher, "aes"))
return GNUTLS_CIPHER_AES_128_CBC;
else if(eq_case(cipher, "aes256"))
return GNUTLS_CIPHER_AES_256_CBC;
else if(eq_case(cipher, "aes192"))
return GNUTLS_CIPHER_AES_192_CBC;
else if(eq_case(cipher, "arcfour") || eq_case(cipher, "arc4"))
return GNUTLS_CIPHER_ARCFOUR_128;
else if(eq_case(cipher, "des"))
return GNUTLS_CIPHER_DES_CBC;
else if(eq_case(cipher, "3des"))
return GNUTLS_CIPHER_3DES_CBC;
else if(eq_case(cipher, "rc2"))
return GNUTLS_CIPHER_RC2_40_CBC;
else if(eq_case(cipher, "idea"))
return GNUTLS_CIPHER_IDEA_PGP_CFB;
else if(eq_case(cipher, "twofish") || eq_case(cipher, "2fish"))
return GNUTLS_CIPHER_TWOFISH_PGP_CFB;
else if(eq_case(cipher, "blowfish"))
return GNUTLS_CIPHER_BLOWFISH_PGP_CFB;
else if(eq_case(algoname, "cast") || eq_case(algoname, "cast5"))
return GNUTLS_CIPHER_CAST5_PGP_CFB;
switch(modeid) {
case CFB:
if(eq_case(algoname, "aes")) {
if(atoi(fpart) == 128)
return GNUTLS_CIPHER_AES128_PGP_CFB;
if(atoi(fpart) == 192)
return GNUTLS_CIPHER_AES192_PGP_CFB;
if(atoi(fpart) == 256)
return GNUTLS_CIPHER_AES256_PGP_CFB;
return 0;
}
if(eq_case(algoname, "idea"))
return GNUTLS_CIPHER_IDEA_PGP_CFB;
if(eq_case(algoname, "3des"))
return GNUTLS_CIPHER_3DES_PGP_CFB;
if(eq_case(algoname, "cast") || eq_case(algoname, "cast5"))
return GNUTLS_CIPHER_CAST5_PGP_CFB;
if(eq_case(algoname, "twofish") || eq_case(algoname, "2fish"))
return GNUTLS_CIPHER_TWOFISH_PGP_CFB;
if(eq_case(algoname, "blowfish"))
return GNUTLS_CIPHER_BLOWFISH_PGP_CFB;
if(eq_case(algoname, "sk"))
return GNUTLS_CIPHER_SAFER_SK128_PGP_CFB;
return 0;
case CBC:
if(eq_case(algoname, "aes")) {
if(atoi(fpart) == 128)
return GNUTLS_CIPHER_AES_128_CBC;
if(atoi(fpart) == 192)
return GNUTLS_CIPHER_AES_192_CBC;
if(atoi(fpart) == 256)
return GNUTLS_CIPHER_AES_256_CBC;
return 0;
}
if(eq_case(algoname, "camellia")) {
if(atoi(fpart) == 128)
return GNUTLS_CIPHER_CAMELLIA_128_CBC;
if(atoi(fpart) == 256)
return GNUTLS_CIPHER_CAMELLIA_256_CBC;
return 0;
}
if(eq_case(algoname, "3des"))
return GNUTLS_CIPHER_3DES_CBC;
if(eq_case(algoname, "des"))
return GNUTLS_CIPHER_DES_CBC;
if(eq_case(algoname, "rc2"))
return GNUTLS_CIPHER_RC2_40_CBC;
return 0;
default:
if(eq_case(algoname, "arc4") || eq_case(algoname, "arcfour")) {
if(atoi(fpart) == 40)
return GNUTLS_CIPHER_ARCFOUR_40;
if(atoi(fpart) == 128)
return GNUTLS_CIPHER_ARCFOUR_128;
}
return 0;
}
}