Line data Source code
1 : /* 2 : * Copyright (C) 2018 ARPA2 project 3 : * 4 : * Author: Tom Vrancken (dev@tomvrancken.nl) 5 : * 6 : * This file is part of GnuTLS. 7 : * 8 : * The GnuTLS is free software; you can redistribute it and/or 9 : * modify it under the terms of the GNU Lesser General Public License 10 : * as published by the Free Software Foundation; either version 2.1 of 11 : * the License, or (at your option) any later version. 12 : * 13 : * This library is distributed in the hope that it will be useful, but 14 : * WITHOUT ANY WARRANTY; without even the implied warranty of 15 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 : * Lesser General Public License for more details. 17 : * 18 : * You should have received a copy of the GNU Lesser General Public License 19 : * along with this program. If not, see <https://www.gnu.org/licenses/> 20 : * 21 : * This file provides common functionality for certificate type 22 : * handling during TLS hello extensions. 23 : * 24 : */ 25 : 26 : #ifndef GNUTLS_LIB_EXT_CERT_TYPES_H 27 : #define GNUTLS_LIB_EXT_CERT_TYPES_H 28 : 29 : /* Maps IANA TLS Certificate Types identifiers to internal 30 : * certificate type representation. 31 : */ 32 238 : static inline gnutls_certificate_type_t IANA2cert_type(int num) 33 : { 34 238 : switch (num) { 35 : case 0: 36 : return GNUTLS_CRT_X509; 37 49 : case 2: 38 96 : return GNUTLS_CRT_RAWPK; 39 0 : default: 40 0 : return GNUTLS_CRT_UNKNOWN; 41 : } 42 : } 43 : 44 : /* Maps internal certificate type representation to 45 : * IANA TLS Certificate Types identifiers. 46 : */ 47 142 : static inline int cert_type2IANA(gnutls_certificate_type_t cert_type) 48 : { 49 142 : switch (cert_type) { 50 : case GNUTLS_CRT_X509: 51 : return 0; 52 : case GNUTLS_CRT_RAWPK: 53 55 : return 2; 54 : default: 55 0 : return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; 56 : } 57 : } 58 : 59 : /* Checks whether the given cert type is enabled in the application 60 : */ 61 228 : static inline bool is_cert_type_enabled(gnutls_session_t session, gnutls_certificate_type_t cert_type) 62 : { 63 228 : switch(cert_type) { 64 : case GNUTLS_CRT_X509: 65 : // Default cert type, always enabled 66 : return true; 67 126 : case GNUTLS_CRT_RAWPK: 68 126 : return session->internals.flags & GNUTLS_ENABLE_RAWPK; 69 : default: 70 : // When not explicitly supported here disable it 71 : return false; 72 : } 73 : } 74 : 75 : /* Checks whether alternative cert types (i.e. other than X.509) 76 : * are enabled in the application 77 : */ 78 16282 : static inline bool are_alternative_cert_types_allowed(gnutls_session_t session) 79 : { 80 : // OR-ed list of defined cert type init flags 81 : #define CERT_TYPES_FLAGS GNUTLS_ENABLE_RAWPK 82 : 83 16282 : return session->internals.flags & CERT_TYPES_FLAGS; 84 : 85 : #undef CERT_TYPES_FLAGS 86 : } 87 : 88 : #endif /* GNUTLS_LIB_EXT_CERT_TYPES_H */