1 /* 2 * Copyright (C) 2018 ARPA2 project 3 * 4 * Author: Tom Vrancken (dev@tomvrancken.nl) 5 * 6 * This file is part of GnuTLS. 7 * 8 * The GnuTLS is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU Lesser General Public License 10 * as published by the Free Software Foundation; either version 2.1 of 11 * the License, or (at your option) any later version. 12 * 13 * This library is distributed in the hope that it will be useful, but 14 * WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 * Lesser General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public License 19 * along with this program. If not, see <https://www.gnu.org/licenses/> 20 * 21 * This file provides common functionality for certificate type 22 * handling during TLS hello extensions. 23 * 24 */ 25 26 #ifndef GNUTLS_LIB_EXT_CERT_TYPES_H 27 #define GNUTLS_LIB_EXT_CERT_TYPES_H 28 29 /* Maps IANA TLS Certificate Types identifiers to internal 30 * certificate type representation. 31 */ IANA2cert_type(int num)32static inline gnutls_certificate_type_t IANA2cert_type(int num) 33 { 34 switch (num) { 35 case 0: 36 return GNUTLS_CRT_X509; 37 case 2: 38 return GNUTLS_CRT_RAWPK; 39 default: 40 return GNUTLS_CRT_UNKNOWN; 41 } 42 } 43 44 /* Maps internal certificate type representation to 45 * IANA TLS Certificate Types identifiers. 46 */ cert_type2IANA(gnutls_certificate_type_t cert_type)47static inline int cert_type2IANA(gnutls_certificate_type_t cert_type) 48 { 49 switch (cert_type) { 50 case GNUTLS_CRT_X509: 51 return 0; 52 case GNUTLS_CRT_RAWPK: 53 return 2; 54 default: 55 return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE; 56 } 57 } 58 59 /* Checks whether the given cert type is enabled in the application 60 */ is_cert_type_enabled(gnutls_session_t session,gnutls_certificate_type_t cert_type)61static inline bool is_cert_type_enabled(gnutls_session_t session, gnutls_certificate_type_t cert_type) 62 { 63 switch(cert_type) { 64 case GNUTLS_CRT_X509: 65 // Default cert type, always enabled 66 return true; 67 case GNUTLS_CRT_RAWPK: 68 return session->internals.flags & GNUTLS_ENABLE_RAWPK; 69 default: 70 // When not explicitly supported here disable it 71 return false; 72 } 73 } 74 75 /* Checks whether alternative cert types (i.e. other than X.509) 76 * are enabled in the application 77 */ are_alternative_cert_types_allowed(gnutls_session_t session)78static inline bool are_alternative_cert_types_allowed(gnutls_session_t session) 79 { 80 // OR-ed list of defined cert type init flags 81 #define CERT_TYPES_FLAGS GNUTLS_ENABLE_RAWPK 82 83 return session->internals.flags & CERT_TYPES_FLAGS; 84 85 #undef CERT_TYPES_FLAGS 86 } 87 88 #endif /* GNUTLS_LIB_EXT_CERT_TYPES_H */ 89