This allows listing the ciphersuites enabled in a priority structure.
The certtool -l option was overloaded so if combined with --priority
it will only list the ciphersuites that are enabled by the given
priority string.
* Version 3.0.9 (unreleased)
+** certtool: -l option was overloaded so if combined with --priority
+it will only list the ciphersuites that are enabled by the given
+priority string.
+
** libgnutls: Added the SECP192R1 curve.
+** libgnutls: Added gnutls_priority_get_cipher_suite() to
+allow listing the ciphersuites enabled in a priority structure.
+
** libgnutls: Optimizations in the elliptic curve code (timing
attacks resistant code is only used in ECDSA private key operations).
now added again in the distribution.
** API and ABI modifications:
-No changes since last version.
+gnutls_priority_get_cipher_suite: Added
* Version 3.0.8 (released 2011-11-12)
**/
const char *
gnutls_cipher_suite_info (size_t idx,
- char *cs_id,
+ unsigned char *cs_id,
gnutls_kx_algorithm_t * kx,
gnutls_cipher_algorithm_t * cipher,
gnutls_mac_algorithm_t * mac,
return ret_count;
}
+/**
+ * gnutls_priority_get_cipher_suite:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @idx: is an index number
+ * @name: Will point to the ciphersuite name
+ * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
+ *
+ * Provides ciphersuite information. The index provided is an internal
+ * index kept at the priorities structure. It might be that a valid index
+ * does not correspond to a ciphersuite and in that case %GNUTLS_E_UNKNOWN_CIPHER_SUITE
+ * will be returned. Once the last available index is crossed then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ *
+ * Returns: On success it returns %GNUTLS_E_SUCCESS (0), or a negative error value otherwise.
+ **/
+int
+gnutls_priority_get_cipher_suite (gnutls_priority_t pcache, int idx, const char** name, unsigned char cs_id[2])
+{
+int mac_idx, cipher_idx, kx_idx;
+int total = pcache->mac.algorithms * pcache->cipher.algorithms * pcache->kx.algorithms;
+const gnutls_cipher_suite_entry * ce;
+
+ if (idx >= total)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ mac_idx = idx % pcache->mac.algorithms;
+
+ idx /= pcache->mac.algorithms;
+ cipher_idx = idx % pcache->cipher.algorithms;
+
+ idx /= pcache->cipher.algorithms;
+ kx_idx = idx % pcache->kx.algorithms;
+
+ ce = cipher_suite_get(pcache->kx.priority[kx_idx], pcache->cipher.priority[cipher_idx],
+ pcache->mac.priority[mac_idx]);
+
+ if (ce == NULL)
+ {
+ *name = NULL;
+ memset(cs_id, 0, 2);
+ }
+ else
+ {
+ *name = ce->name;
+ memcpy(cs_id, ce->id.suite, 2);
+ }
+
+ if (*name == NULL)
+ {
+ *name = "(no corresponding ciphersuite)";
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ return 0;
+}
+
const gnutls_pk_algorithm_t *gnutls_pk_list (void);
const gnutls_sign_algorithm_t *gnutls_sign_list (void);
const char *gnutls_cipher_suite_info (size_t idx,
- char *cs_id,
+ unsigned char *cs_id,
gnutls_kx_algorithm_t * kx,
gnutls_cipher_algorithm_t * cipher,
gnutls_mac_algorithm_t * mac,
int gnutls_priority_init (gnutls_priority_t * priority_cache,
const char *priorities, const char **err_pos);
void gnutls_priority_deinit (gnutls_priority_t priority_cache);
+ int gnutls_priority_get_cipher_suite (gnutls_priority_t pcache, int idx, const char** name, unsigned char cs_id[2]);
int gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority);
gnutls_srp_4096_group_generator;
gnutls_srp_4096_group_prime;
gnutls_x509_privkey_verify_params;
+ gnutls_priority_get_cipher_suite;
} GNUTLS_2_12;
GNUTLS_PRIVATE {
__gaa_helpsingle(0, "benchmark-ciphers", "", "Benchmark individual ciphers.");
__gaa_helpsingle(0, "benchmark-soft-ciphers", "", "Benchmark individual software ciphers.");
__gaa_helpsingle(0, "benchmark-tls", "", "Benchmark ciphers and key exchange methods in TLS.");
- __gaa_helpsingle('l', "list", "", "Print a list of the supported algorithms and modes.");
+ __gaa_helpsingle('l', "list", "", "Print a list of the supported algorithms and modes. If a priority string is given then only the ciphersuites enabled by the priority are shown.");
__gaa_helpsingle('h', "help", "", "prints this help");
__gaa_helpsingle('v', "version", "", "prints the program's version number");
case GAAOPTID_list:
OK = 0;
#line 106 "cli.gaa"
-{ print_list(gaaval->verbose); exit(0); ;};
+{ print_list(gaaval->priorities, gaaval->verbose); exit(0); ;};
return GAA_OK;
break;
option ( benchmark-soft-ciphers) { benchmark_cipher(0, $debug); exit(0) } "Benchmark individual software ciphers."
option ( benchmark-tls) { benchmark_tls($debug); exit(0) } "Benchmark ciphers and key exchange methods in TLS."
-option (l, list) { print_list($verbose); exit(0); } "Print a list of the supported algorithms and modes."
+option (l, list) { print_list($priorities, $verbose); exit(0); } "Print a list of the supported algorithms and modes. If a priority string is given then only the ciphersuites enabled by the priority are shown."
option (h, help) { gaa_help(); exit(0); } "prints this help"
option (v, version) { cli_version(); exit(0); } "prints the program's version number"
}
void
-print_list (int verbose)
+print_list (const char* priorities, int verbose)
{
- {
size_t i;
+ int ret;
const char *name;
- char id[2];
+ const char *err;
+ unsigned char id[2];
gnutls_kx_algorithm_t kx;
gnutls_cipher_algorithm_t cipher;
gnutls_mac_algorithm_t mac;
gnutls_protocol_t version;
+ gnutls_priority_t pcache;
+
+ if (priorities != NULL)
+ {
+ printf ("Cipher suites for %s\n", priorities);
+
+ ret = gnutls_priority_init(&pcache, priorities, &err);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Syntax error at: %s\n", err);
+ exit(1);
+ }
+
+ for (i=0;;i++)
+ {
+ ret = gnutls_priority_get_cipher_suite(pcache, i, &name, id);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue;
+
+ printf ("%-50s\t0x%02x, 0x%02x\n", name, id[0], id[1]);
+ }
+
+ return;
+ }
printf ("Cipher suites:\n");
for (i = 0; (name = gnutls_cipher_suite_info
gnutls_kx_get_name (kx),
gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
}
- }
{
const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
int print_info (gnutls_session_t state, const char *hostname, int insecure);
void print_cert_info (gnutls_session_t state, const char *hostname,
int insecure);
-void print_list (int verbose);
+void print_list (const char* priorities, int verbose);
const char *raw_to_string (const unsigned char *raw, size_t raw_size);
int service_to_port (const char *service);
case GAAOPTID_list:
OK = 0;
#line 103 "serv.gaa"
-{ print_list(0); exit(0); ;};
+{ print_list(gaaval->priorities, 0); exit(0); ;};
return GAA_OK;
break;
#char *priorities;
option (priority) STR "PRIORITY STRING" { $priorities = $1 } "Priorities string."
-option (l, list) { print_list(0); exit(0); } "Print a list of the supported algorithms and modes."
+option (l, list) { print_list($priorities, 0); exit(0); } "Print a list of the supported algorithms and modes."
option (h, help) { gaa_help(); exit(0); } "prints this help"
option (v, version) { serv_version(); exit(0); } "prints the program's version number"