1 /*
2  * Copyright (C) 2018 ARPA2 project
3  *
4  * Author: Tom Vrancken (dev@tomvrancken.nl)
5  *
6  * This file is part of GnuTLS.
7  *
8  * The GnuTLS is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public License
10  * as published by the Free Software Foundation; either version 2.1 of
11  * the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public License
19  * along with this program.  If not, see <https://www.gnu.org/licenses/>
20  *
21  * This file provides common functionality for certificate type
22  * handling during TLS hello extensions.
23  *
24  */
25 
26 #ifndef GNUTLS_LIB_EXT_CERT_TYPES_H
27 #define GNUTLS_LIB_EXT_CERT_TYPES_H
28 
29 /* Maps IANA TLS Certificate Types identifiers to internal
30  * certificate type representation.
31  */
IANA2cert_type(int num)32 static inline gnutls_certificate_type_t IANA2cert_type(int num)
33 {
34 	switch (num) {
35 		case 0:
36 			return GNUTLS_CRT_X509;
37 		case 2:
38 			return GNUTLS_CRT_RAWPK;
39 		default:
40 			return GNUTLS_CRT_UNKNOWN;
41 	}
42 }
43 
44 /* Maps internal certificate type representation to
45  * IANA TLS Certificate Types identifiers.
46  */
cert_type2IANA(gnutls_certificate_type_t cert_type)47 static inline int cert_type2IANA(gnutls_certificate_type_t cert_type)
48 {
49 	switch (cert_type) {
50 		case GNUTLS_CRT_X509:
51 			return 0;
52 		case GNUTLS_CRT_RAWPK:
53 			return 2;
54 		default:
55 			return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
56 	}
57 }
58 
59 /* Checks whether the given cert type is enabled in the application
60  */
is_cert_type_enabled(gnutls_session_t session,gnutls_certificate_type_t cert_type)61 static inline bool is_cert_type_enabled(gnutls_session_t session, gnutls_certificate_type_t cert_type)
62 {
63 	switch(cert_type) {
64 		case GNUTLS_CRT_X509:
65 			// Default cert type, always enabled
66 			return true;
67 		case GNUTLS_CRT_RAWPK:
68 			return session->internals.flags & GNUTLS_ENABLE_RAWPK;
69 		default:
70 			// When not explicitly supported here disable it
71 			return false;
72 	}
73 }
74 
75 /* Checks whether alternative cert types (i.e. other than X.509)
76  * are enabled in the application
77  */
are_alternative_cert_types_allowed(gnutls_session_t session)78 static inline bool are_alternative_cert_types_allowed(gnutls_session_t session)
79 {
80 	// OR-ed list of defined cert type init flags
81 	#define CERT_TYPES_FLAGS GNUTLS_ENABLE_RAWPK
82 
83 	return session->internals.flags & CERT_TYPES_FLAGS;
84 
85 	#undef CERT_TYPES_FLAGS
86 }
87 
88 #endif /* GNUTLS_LIB_EXT_CERT_TYPES_H */
89