File: | lib/algorithms/kx.c |
Location: | line 217, column 21 |
Description: | Value stored to 'i' is never read |
1 | /* |
2 | * Copyright (C) 2011-2012 Free Software Foundation, Inc. |
3 | * |
4 | * Author: Nikos Mavrogiannopoulos |
5 | * |
6 | * This file is part of GnuTLS. |
7 | * |
8 | * The GnuTLS is free software; you can redistribute it and/or |
9 | * modify it under the terms of the GNU Lesser General Public License |
10 | * as published by the Free Software Foundation; either version 3 of |
11 | * the License, or (at your option) any later version. |
12 | * |
13 | * This library is distributed in the hope that it will be useful, but |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
16 | * Lesser General Public License for more details. |
17 | * |
18 | * You should have received a copy of the GNU Lesser General Public License |
19 | * along with this program. If not, see <http://www.gnu.org/licenses/> |
20 | * |
21 | */ |
22 | |
23 | #include <gnutls_int.h> |
24 | #include <algorithms.h> |
25 | #include <gnutls_errors.h> |
26 | #include <x509/common.h> |
27 | |
28 | |
29 | extern mod_auth_st rsa_auth_struct; |
30 | extern mod_auth_st rsa_export_auth_struct; |
31 | extern mod_auth_st dhe_rsa_auth_struct; |
32 | extern mod_auth_st ecdhe_rsa_auth_struct; |
33 | extern mod_auth_st ecdhe_psk_auth_struct; |
34 | extern mod_auth_st ecdhe_ecdsa_auth_struct; |
35 | extern mod_auth_st dhe_dss_auth_struct; |
36 | extern mod_auth_st anon_auth_struct; |
37 | extern mod_auth_st anon_ecdh_auth_struct; |
38 | extern mod_auth_st srp_auth_struct; |
39 | extern mod_auth_st psk_auth_struct; |
40 | extern mod_auth_st dhe_psk_auth_struct; |
41 | extern mod_auth_st srp_rsa_auth_struct; |
42 | extern mod_auth_st srp_dss_auth_struct; |
43 | |
44 | |
45 | /* Cred type mappings to KX algorithms |
46 | * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require |
47 | * more than one credentials type. |
48 | */ |
49 | typedef struct |
50 | { |
51 | gnutls_kx_algorithm_t algorithm; |
52 | gnutls_credentials_type_t client_type; |
53 | gnutls_credentials_type_t server_type; /* The type of credentials a server |
54 | * needs to set */ |
55 | } gnutls_cred_map; |
56 | |
57 | static const gnutls_cred_map cred_mappings[] = { |
58 | {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, |
59 | {GNUTLS_KX_ANON_ECDH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON}, |
60 | {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, |
61 | {GNUTLS_KX_RSA_EXPORT, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, |
62 | {GNUTLS_KX_ECDHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, |
63 | {GNUTLS_KX_ECDHE_ECDSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, |
64 | {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, |
65 | {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE}, |
66 | {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, |
67 | {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, |
68 | {GNUTLS_KX_ECDHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK}, |
69 | {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP}, |
70 | {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, |
71 | {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE}, |
72 | {0, 0, 0} |
73 | }; |
74 | |
75 | #define GNUTLS_KX_MAP_LOOP(b)const gnutls_cred_map *p; for(p = cred_mappings; p->algorithm != 0; p++) { b ; } \ |
76 | const gnutls_cred_map *p; \ |
77 | for(p = cred_mappings; p->algorithm != 0; p++) { b ; } |
78 | |
79 | #define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a)const gnutls_cred_map *p; for(p = cred_mappings; p->algorithm != 0; p++) { if(p->server_type == type) { a; break; } ; } \ |
80 | GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })const gnutls_cred_map *p; for(p = cred_mappings; p->algorithm != 0; p++) { if(p->server_type == type) { a; break; } ; } |
81 | |
82 | struct gnutls_kx_algo_entry |
83 | { |
84 | const char *name; |
85 | gnutls_kx_algorithm_t algorithm; |
86 | mod_auth_st *auth_struct; |
87 | int needs_dh_params; |
88 | int needs_rsa_params; |
89 | }; |
90 | typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry; |
91 | |
92 | static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = { |
93 | #ifdef ENABLE_ANON1 |
94 | {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0}, |
95 | {"ANON-ECDH", GNUTLS_KX_ANON_ECDH, &anon_ecdh_auth_struct, 0, 0}, |
96 | #endif |
97 | {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0}, |
98 | {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0, |
99 | 1 /* needs RSA params */ }, |
100 | {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0}, |
101 | {"ECDHE-RSA", GNUTLS_KX_ECDHE_RSA, &ecdhe_rsa_auth_struct, 0, 0}, |
102 | {"ECDHE-ECDSA", GNUTLS_KX_ECDHE_ECDSA, &ecdhe_ecdsa_auth_struct, 0, 0}, |
103 | {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0}, |
104 | |
105 | #ifdef ENABLE_SRP1 |
106 | {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0}, |
107 | {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0}, |
108 | {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0, 0}, |
109 | #endif |
110 | #ifdef ENABLE_PSK1 |
111 | {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0}, |
112 | {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct, |
113 | 1 /* needs DHE params */ , 0}, |
114 | {"ECDHE-PSK", GNUTLS_KX_ECDHE_PSK, &ecdhe_psk_auth_struct, 0 , 0}, |
115 | #endif |
116 | {0, 0, 0, 0, 0} |
117 | }; |
118 | |
119 | #define GNUTLS_KX_LOOP(b)const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { b ; } \ |
120 | const gnutls_kx_algo_entry *p; \ |
121 | for(p = _gnutls_kx_algorithms; p->name != NULL((void*)0); p++) { b ; } |
122 | |
123 | #define GNUTLS_KX_ALG_LOOP(a)const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if(p->algorithm == algorithm ) { a; break; } ; } \ |
124 | GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if(p->algorithm == algorithm ) { a; break; } ; } |
125 | |
126 | |
127 | /* Key EXCHANGE functions */ |
128 | mod_auth_st * |
129 | _gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm) |
130 | { |
131 | mod_auth_st *ret = NULL((void*)0); |
132 | GNUTLS_KX_ALG_LOOP (ret = p->auth_struct)const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if(p->algorithm == algorithm ) { ret = p->auth_struct; break; } ; }; |
133 | return ret; |
134 | |
135 | } |
136 | |
137 | |
138 | int |
139 | _gnutls_kx_priority (gnutls_session_t session, |
140 | gnutls_kx_algorithm_t algorithm) |
141 | { |
142 | unsigned int i; |
143 | for (i = 0; i < session->internals.priorities.kx.algorithms; i++) |
144 | { |
145 | if (session->internals.priorities.kx.priority[i] == algorithm) |
146 | return i; |
147 | } |
148 | return -1; |
149 | } |
150 | |
151 | /** |
152 | * gnutls_kx_get_name: |
153 | * @algorithm: is a key exchange algorithm |
154 | * |
155 | * Convert a #gnutls_kx_algorithm_t value to a string. |
156 | * |
157 | * Returns: a pointer to a string that contains the name of the |
158 | * specified key exchange algorithm, or %NULL. |
159 | **/ |
160 | const char * |
161 | gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm) |
162 | { |
163 | const char *ret = NULL((void*)0); |
164 | |
165 | /* avoid prefix */ |
166 | GNUTLS_KX_ALG_LOOP (ret = p->name)const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if(p->algorithm == algorithm ) { ret = p->name; break; } ; }; |
167 | |
168 | return ret; |
169 | } |
170 | |
171 | /** |
172 | * gnutls_kx_get_id: |
173 | * @name: is a KX name |
174 | * |
175 | * Convert a string to a #gnutls_kx_algorithm_t value. The names are |
176 | * compared in a case insensitive way. |
177 | * |
178 | * Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN |
179 | * on error. |
180 | **/ |
181 | gnutls_kx_algorithm_t |
182 | gnutls_kx_get_id (const char *name) |
183 | { |
184 | gnutls_cipher_algorithm_t ret = GNUTLS_KX_UNKNOWN; |
185 | |
186 | GNUTLS_KX_LOOP (const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if (strcasecmp (p->name, name) == 0) { ret = p->algorithm; break; } ; } |
187 | if (strcasecmp (p->name, name) == 0)const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if (strcasecmp (p->name, name) == 0) { ret = p->algorithm; break; } ; } |
188 | {const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if (strcasecmp (p->name, name) == 0) { ret = p->algorithm; break; } ; } |
189 | ret = p->algorithm;const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if (strcasecmp (p->name, name) == 0) { ret = p->algorithm; break; } ; } |
190 | break;const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if (strcasecmp (p->name, name) == 0) { ret = p->algorithm; break; } ; } |
191 | }const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if (strcasecmp (p->name, name) == 0) { ret = p->algorithm; break; } ; } |
192 | )const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if (strcasecmp (p->name, name) == 0) { ret = p->algorithm; break; } ; }; |
193 | |
194 | return ret; |
195 | } |
196 | |
197 | /** |
198 | * gnutls_kx_list: |
199 | * |
200 | * Get a list of supported key exchange algorithms. |
201 | * |
202 | * This function is not thread safe. |
203 | * |
204 | * Returns: a (0)-terminated list of #gnutls_kx_algorithm_t integers |
205 | * indicating the available key exchange algorithms. |
206 | **/ |
207 | const gnutls_kx_algorithm_t * |
208 | gnutls_kx_list (void) |
209 | { |
210 | static gnutls_kx_algorithm_t supported_kxs[MAX_ALGOS32] = {0}; |
211 | |
212 | if (supported_kxs[0] == 0) |
213 | { |
214 | int i = 0; |
215 | |
216 | GNUTLS_KX_LOOP (supported_kxs[i++]=p->algorithm)const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { supported_kxs[i++]=p->algorithm ; }; |
217 | supported_kxs[i++]=0; |
Value stored to 'i' is never read | |
218 | } |
219 | |
220 | return supported_kxs; |
221 | } |
222 | |
223 | int |
224 | _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm) |
225 | { |
226 | ssize_t ret = -1; |
227 | GNUTLS_KX_ALG_LOOP (ret = p->algorithm)const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if(p->algorithm == algorithm ) { ret = p->algorithm; break; } ; }; |
228 | if (ret >= 0) |
229 | ret = 0; |
230 | else |
231 | ret = 1; |
232 | return ret; |
233 | } |
234 | |
235 | int |
236 | _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm) |
237 | { |
238 | ssize_t ret = 0; |
239 | GNUTLS_KX_ALG_LOOP (ret = p->needs_rsa_params)const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if(p->algorithm == algorithm ) { ret = p->needs_rsa_params; break; } ; }; |
240 | return ret; |
241 | } |
242 | |
243 | int |
244 | _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm) |
245 | { |
246 | ssize_t ret = 0; |
247 | GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params)const gnutls_kx_algo_entry *p; for(p = _gnutls_kx_algorithms; p->name != ((void*)0); p++) { if(p->algorithm == algorithm ) { ret = p->needs_dh_params; break; } ; }; |
248 | return ret; |
249 | } |
250 | |
251 | /* Type to KX mappings */ |
252 | gnutls_kx_algorithm_t |
253 | _gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server) |
254 | { |
255 | gnutls_kx_algorithm_t ret = -1; |
256 | |
257 | if (server) |
258 | { |
259 | GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm)const gnutls_cred_map *p; for(p = cred_mappings; p->algorithm != 0; p++) { if(p->server_type == type) { ret = p->algorithm ; break; } ; }; |
260 | } |
261 | else |
262 | { |
263 | GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm)const gnutls_cred_map *p; for(p = cred_mappings; p->algorithm != 0; p++) { if(p->server_type == type) { ret = p->algorithm ; break; } ; }; |
264 | } |
265 | return ret; |
266 | } |
267 | |
268 | /* Returns the credentials type required for this |
269 | * Key exchange method. |
270 | */ |
271 | gnutls_credentials_type_t |
272 | _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server) |
273 | { |
274 | gnutls_credentials_type_t ret = -1; |
275 | if (server) |
276 | { |
277 | GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =const gnutls_cred_map *p; for(p = cred_mappings; p->algorithm != 0; p++) { if (p->algorithm == algorithm) ret = p->server_type ; } |
278 | p->server_type)const gnutls_cred_map *p; for(p = cred_mappings; p->algorithm != 0; p++) { if (p->algorithm == algorithm) ret = p->server_type ; }; |
279 | } |
280 | else |
281 | { |
282 | GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =const gnutls_cred_map *p; for(p = cred_mappings; p->algorithm != 0; p++) { if (p->algorithm == algorithm) ret = p->client_type ; } |
283 | p->client_type)const gnutls_cred_map *p; for(p = cred_mappings; p->algorithm != 0; p++) { if (p->algorithm == algorithm) ret = p->client_type ; }; |
284 | } |
285 | |
286 | return ret; |
287 | } |
288 |