summaryrefslogtreecommitdiffstats
path: root/lib/profiles.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/profiles.c')
-rw-r--r--lib/profiles.c105
1 files changed, 105 insertions, 0 deletions
diff --git a/lib/profiles.c b/lib/profiles.c
new file mode 100644
index 0000000..d74cc2c
--- /dev/null
+++ b/lib/profiles.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>
+ *
+ */
+
+#include "gnutls_int.h"
+#include <algorithms.h>
+#include "errors.h"
+#include <x509/common.h>
+#include "c-strcase.h"
+#include "profiles.h"
+
+typedef struct {
+ const char *name;
+ gnutls_certificate_verification_profiles_t profile;
+ gnutls_sec_param_t sec_param;
+} gnutls_profile_entry;
+
+static const gnutls_profile_entry profiles[] = {
+ {"Very weak", GNUTLS_PROFILE_VERY_WEAK, GNUTLS_SEC_PARAM_VERY_WEAK},
+ {"Low", GNUTLS_PROFILE_LOW, GNUTLS_SEC_PARAM_LOW},
+ {"Legacy", GNUTLS_PROFILE_LEGACY, GNUTLS_SEC_PARAM_LEGACY},
+ {"Medium", GNUTLS_PROFILE_MEDIUM, GNUTLS_SEC_PARAM_MEDIUM},
+ {"High", GNUTLS_PROFILE_HIGH, GNUTLS_SEC_PARAM_HIGH},
+ {"Ultra", GNUTLS_PROFILE_ULTRA, GNUTLS_SEC_PARAM_ULTRA},
+ {"Future", GNUTLS_PROFILE_FUTURE, GNUTLS_SEC_PARAM_FUTURE},
+ {"SuiteB128", GNUTLS_PROFILE_SUITEB128, GNUTLS_SEC_PARAM_HIGH},
+ {"SuiteB192", GNUTLS_PROFILE_SUITEB192, GNUTLS_SEC_PARAM_ULTRA},
+ {NULL, 0, 0}
+};
+
+gnutls_sec_param_t _gnutls_profile_to_sec_level(gnutls_certificate_verification_profiles_t profile)
+{
+ const gnutls_profile_entry *p;
+
+ for(p = profiles; p->name != NULL; p++) {
+ if (profile == p->profile)
+ return p->sec_param;
+ }
+
+ return GNUTLS_SEC_PARAM_UNKNOWN;
+}
+
+/**
+ * gnutls_certificate_verification_profile_get_id:
+ * @name: is a profile name
+ *
+ * Convert a string to a #gnutls_certificate_verification_profiles_t value. The names are
+ * compared in a case insensitive way.
+ *
+ * Returns: a #gnutls_certificate_verification_profiles_t id of the specified profile,
+ * or %GNUTLS_PROFILE_UNKNOWN on failure.
+ **/
+gnutls_certificate_verification_profiles_t gnutls_certificate_verification_profile_get_id(const char *name)
+{
+ const gnutls_profile_entry *p;
+
+ if (name == NULL)
+ return GNUTLS_PROFILE_UNKNOWN;
+
+ for (p = profiles; p->name != NULL; p++) {
+ if (c_strcasecmp(p->name, name) == 0)
+ return p->profile;
+ }
+
+ return GNUTLS_PROFILE_UNKNOWN;
+}
+
+/**
+ * gnutls_certificate_verification_profile_get_name:
+ * @id: is a profile ID
+ *
+ * Convert a #gnutls_certificate_verification_profiles_t value to a string.
+ *
+ * Returns: a string that contains the name of the specified profile or %NULL.
+ **/
+const char *
+gnutls_certificate_verification_profile_get_name(gnutls_certificate_verification_profiles_t id)
+{
+ const gnutls_profile_entry *p;
+
+ for (p = profiles; p->name != NULL; p++) {
+ if (p->profile == id)
+ return p->name;
+ }
+
+ return NULL;
+}