diff options
Diffstat (limited to 'lib/profiles.c')
-rw-r--r-- | lib/profiles.c | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/lib/profiles.c b/lib/profiles.c new file mode 100644 index 0000000..d74cc2c --- /dev/null +++ b/lib/profiles.c @@ -0,0 +1,105 @@ +/* + * Copyright (C) 2019 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * + */ + +#include "gnutls_int.h" +#include <algorithms.h> +#include "errors.h" +#include <x509/common.h> +#include "c-strcase.h" +#include "profiles.h" + +typedef struct { + const char *name; + gnutls_certificate_verification_profiles_t profile; + gnutls_sec_param_t sec_param; +} gnutls_profile_entry; + +static const gnutls_profile_entry profiles[] = { + {"Very weak", GNUTLS_PROFILE_VERY_WEAK, GNUTLS_SEC_PARAM_VERY_WEAK}, + {"Low", GNUTLS_PROFILE_LOW, GNUTLS_SEC_PARAM_LOW}, + {"Legacy", GNUTLS_PROFILE_LEGACY, GNUTLS_SEC_PARAM_LEGACY}, + {"Medium", GNUTLS_PROFILE_MEDIUM, GNUTLS_SEC_PARAM_MEDIUM}, + {"High", GNUTLS_PROFILE_HIGH, GNUTLS_SEC_PARAM_HIGH}, + {"Ultra", GNUTLS_PROFILE_ULTRA, GNUTLS_SEC_PARAM_ULTRA}, + {"Future", GNUTLS_PROFILE_FUTURE, GNUTLS_SEC_PARAM_FUTURE}, + {"SuiteB128", GNUTLS_PROFILE_SUITEB128, GNUTLS_SEC_PARAM_HIGH}, + {"SuiteB192", GNUTLS_PROFILE_SUITEB192, GNUTLS_SEC_PARAM_ULTRA}, + {NULL, 0, 0} +}; + +gnutls_sec_param_t _gnutls_profile_to_sec_level(gnutls_certificate_verification_profiles_t profile) +{ + const gnutls_profile_entry *p; + + for(p = profiles; p->name != NULL; p++) { + if (profile == p->profile) + return p->sec_param; + } + + return GNUTLS_SEC_PARAM_UNKNOWN; +} + +/** + * gnutls_certificate_verification_profile_get_id: + * @name: is a profile name + * + * Convert a string to a #gnutls_certificate_verification_profiles_t value. The names are + * compared in a case insensitive way. + * + * Returns: a #gnutls_certificate_verification_profiles_t id of the specified profile, + * or %GNUTLS_PROFILE_UNKNOWN on failure. + **/ +gnutls_certificate_verification_profiles_t gnutls_certificate_verification_profile_get_id(const char *name) +{ + const gnutls_profile_entry *p; + + if (name == NULL) + return GNUTLS_PROFILE_UNKNOWN; + + for (p = profiles; p->name != NULL; p++) { + if (c_strcasecmp(p->name, name) == 0) + return p->profile; + } + + return GNUTLS_PROFILE_UNKNOWN; +} + +/** + * gnutls_certificate_verification_profile_get_name: + * @id: is a profile ID + * + * Convert a #gnutls_certificate_verification_profiles_t value to a string. + * + * Returns: a string that contains the name of the specified profile or %NULL. + **/ +const char * +gnutls_certificate_verification_profile_get_name(gnutls_certificate_verification_profiles_t id) +{ + const gnutls_profile_entry *p; + + for (p = profiles; p->name != NULL; p++) { + if (p->profile == id) + return p->name; + } + + return NULL; +} |