stbuehler/gnutls-priority.c

## gnutls-priority.c
/*
gcc -o gnutls-priority gnutls-priority.c `pkg-config gnutls --cflags --libs` -DTRY_INTERNALS

With -DTRY_INTERNALS it will try to show internal stuff, but the internal API might change
and the feature break.

Example call:
./gnutls-priority "NORMAL:-MAC-ALL:+AEAD"

also check gnutls-cli -c
*/

/* This example code is placed in the public domain. */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <gnutls/gnutls.h>

#define CHECK_RET(func, ret) do { \
		if (ret < 0) { \
			fprintf(stderr, "%s failed: %s\n", func, gnutls_strerror(ret)); \
			exit(1); \
		} \
	} while (0)

#ifdef TRY_INTERNALS
/* this is taken from gnutls 3.2.2 (lib/gnutls_int.h), might break with other versions */
typedef struct
{
  unsigned int priority[GNUTLS_MAX_ALGORITHM_NUM];
  unsigned int algorithms;
} priority_st;
struct gnutls_priority_st
{
  priority_st cipher;
  priority_st mac;
  priority_st kx;
  priority_st compression;
  priority_st protocol;
  priority_st cert_type;
  priority_st sign_algo;
  priority_st supported_ecc;
  /* omitted remaining stuff */
};
#endif

static void print_cipher_suite_list(const char* priorities) {
	size_t i;
	int ret;
	unsigned int idx;
	const char *name;
	const char *err;
	unsigned char id[2];
	gnutls_protocol_t version;
	gnutls_priority_t pcache;
	const unsigned int* list;

	if (priorities == NULL) return;

	printf("Cipher suites for %s\n", priorities);

	ret = gnutls_priority_init(&pcache, priorities, &err);
	if (ret < 0) {
		fprintf(stderr, "Syntax error at: %s\n", err);
		CHECK_RET("gnutls_priority_init", ret);
	}

	for (i=0;;i++) {
		ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
		if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
		if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) {
			/* > It might be that a valid priorities index does not correspond
			 * > to a ciphersuite and in that case GNUTLS_E_UNKNOWN_CIPHER_SUITE
			 * > will be returned. */
			/* printf("Unknown cipher suite %i\n", idx); */
			continue;
		}
		CHECK_RET("gnutls_priority_get_cipher_suite_index", ret);

		name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version);

		if (name != NULL) {
			printf("%-50s\t0x%02x, 0x%02x\t%s\n",
				name, (unsigned char) id[0], (unsigned char) id[1],
				gnutls_protocol_get_name (version));
		}
	}

	printf("Certificate types:\n");
	ret = gnutls_priority_certificate_type_list(pcache, &list);
	CHECK_RET("gnutls_priority_certificate_type_list", ret);
	for (i = 0; i < ret; ++i) {
		name = gnutls_certificate_type_get_name(list[i]);
		printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

	printf("Compression methods:\n");
	ret = gnutls_priority_compression_list(pcache, &list);
	CHECK_RET("gnutls_priority_compression_list", ret);
	for (i = 0; i < ret; ++i) {
		name = gnutls_compression_get_name(list[i]);
		printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

	printf("Elliptic curves:\n");
	ret = gnutls_priority_ecc_curve_list(pcache, &list);
	CHECK_RET("gnutls_priority_ecc_curve_list", ret);
	for (i = 0; i < ret; ++i) {
		name = gnutls_ecc_curve_get_name(list[i]);
		printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

	printf("Protocols:\n");
	ret = gnutls_priority_protocol_list(pcache, &list);
	CHECK_RET("gnutls_priority_protocol_list", ret);
	for (i = 0; i < ret; ++i) {
		name = gnutls_protocol_get_name(list[i]);
		printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

	printf("signature algorithms:\n");
	ret = gnutls_priority_sign_list(pcache, &list);
	CHECK_RET("gnutls_priority_sign_list", ret);
	for (i = 0; i < ret; ++i) {
		name = gnutls_sign_get_name(list[i]);
		printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

#ifdef TRY_INTERNALS
	/* not official api */
	printf("\nStuff from internals\n");
	printf("cipher algorithms:\n");
	for (i = 0; i < GNUTLS_MAX_ALGORITHM_NUM; ++i) {
		name = gnutls_cipher_get_name(pcache->cipher.priority[i]);
		if (i >= pcache->cipher.algorithms) {
			if (pcache->cipher.priority[i] != 0) {
				printf("%20s\t0x%02x\tat index %i after list end\n", name ? name : "<unknown>", pcache->cipher.priority[i], i);
			}
		} else {
			printf("%20s\t0x%02x\n", name ? name : "<unknown>", pcache->cipher.priority[i]);
		}
	}

	printf("MAC algorithms:\n");
	for (i = 0; i < GNUTLS_MAX_ALGORITHM_NUM; ++i) {
		name = gnutls_mac_get_name(pcache->mac.priority[i]);
		if (i >= pcache->mac.algorithms) {
			if (pcache->mac.priority[i] != 0) {
				printf("%20s\t0x%02x\tat index %i after list end\n", name ? name : "<unknown>", pcache->mac.priority[i], i);
			}
		} else {
			printf("%20s\t0x%02x\n", name ? name : "<unknown>", pcache->mac.priority[i]);
		}
	}

	printf("key exchange algorithms:\n");
	for (i = 0; i < GNUTLS_MAX_ALGORITHM_NUM; ++i) {
		name = gnutls_kx_get_name(pcache->kx.priority[i]);
		if (i >= pcache->kx.algorithms) {
			if (pcache->kx.priority[i] != 0) {
				printf("%20s\t0x%02x\tat index %i after list end\n", name ? name : "<unknown>", pcache->kx.priority[i], i);
			}
		} else {
			printf("%20s\t0x%02x\n", name ? name : "<unknown>", pcache->kx.priority[i]);
		}
	}
#endif
}

int main(int argc, char** argv) {
	if (argc > 1) print_cipher_suite_list(argv[1]);
}
	/*
	gcc -o gnutls-priority gnutls-priority.c `pkg-config gnutls --cflags --libs` -DTRY_INTERNALS

	With -DTRY_INTERNALS it will try to show internal stuff, but the internal API might change
	and the feature break.

	Example call:
	./gnutls-priority "NORMAL:-MAC-ALL:+AEAD"

	also check gnutls-cli -c
	*/

	/* This example code is placed in the public domain. */

	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <gnutls/gnutls.h>

	#define CHECK_RET(func, ret) do { \
	if (ret < 0) { \
	fprintf(stderr, "%s failed: %s\n", func, gnutls_strerror(ret)); \
	exit(1); \
	} \
	} while (0)

	#ifdef TRY_INTERNALS
	/* this is taken from gnutls 3.2.2 (lib/gnutls_int.h), might break with other versions */
	typedef struct
	{
	unsigned int priority[GNUTLS_MAX_ALGORITHM_NUM];
	unsigned int algorithms;
	} priority_st;
	struct gnutls_priority_st
	{
	priority_st cipher;
	priority_st mac;
	priority_st kx;
	priority_st compression;
	priority_st protocol;
	priority_st cert_type;
	priority_st sign_algo;
	priority_st supported_ecc;
	/* omitted remaining stuff */
	};
	#endif

	static void print_cipher_suite_list(const char* priorities) {
	size_t i;
	int ret;
	unsigned int idx;
	const char *name;
	const char *err;
	unsigned char id[2];
	gnutls_protocol_t version;
	gnutls_priority_t pcache;
	const unsigned int* list;

	if (priorities == NULL) return;

	printf("Cipher suites for %s\n", priorities);

	ret = gnutls_priority_init(&pcache, priorities, &err);
	if (ret < 0) {
	fprintf(stderr, "Syntax error at: %s\n", err);
	CHECK_RET("gnutls_priority_init", ret);
	}

	for (i=0;;i++) {
	ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
	if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
	if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) {
	/* > It might be that a valid priorities index does not correspond
	* > to a ciphersuite and in that case GNUTLS_E_UNKNOWN_CIPHER_SUITE
	* > will be returned. */
	/* printf("Unknown cipher suite %i\n", idx); */
	continue;
	}
	CHECK_RET("gnutls_priority_get_cipher_suite_index", ret);

	name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version);

	if (name != NULL) {
	printf("%-50s\t0x%02x, 0x%02x\t%s\n",
	name, (unsigned char) id[0], (unsigned char) id[1],
	gnutls_protocol_get_name (version));
	}
	}

	printf("Certificate types:\n");
	ret = gnutls_priority_certificate_type_list(pcache, &list);
	CHECK_RET("gnutls_priority_certificate_type_list", ret);
	for (i = 0; i < ret; ++i) {
	name = gnutls_certificate_type_get_name(list[i]);
	printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

	printf("Compression methods:\n");
	ret = gnutls_priority_compression_list(pcache, &list);
	CHECK_RET("gnutls_priority_compression_list", ret);
	for (i = 0; i < ret; ++i) {
	name = gnutls_compression_get_name(list[i]);
	printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

	printf("Elliptic curves:\n");
	ret = gnutls_priority_ecc_curve_list(pcache, &list);
	CHECK_RET("gnutls_priority_ecc_curve_list", ret);
	for (i = 0; i < ret; ++i) {
	name = gnutls_ecc_curve_get_name(list[i]);
	printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

	printf("Protocols:\n");
	ret = gnutls_priority_protocol_list(pcache, &list);
	CHECK_RET("gnutls_priority_protocol_list", ret);
	for (i = 0; i < ret; ++i) {
	name = gnutls_protocol_get_name(list[i]);
	printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

	printf("signature algorithms:\n");
	ret = gnutls_priority_sign_list(pcache, &list);
	CHECK_RET("gnutls_priority_sign_list", ret);
	for (i = 0; i < ret; ++i) {
	name = gnutls_sign_get_name(list[i]);
	printf("%20s\t0x%02x\n", name ? name : "<unknown>", list[i]);
	}

	#ifdef TRY_INTERNALS
	/* not official api */
	printf("\nStuff from internals\n");
	printf("cipher algorithms:\n");
	for (i = 0; i < GNUTLS_MAX_ALGORITHM_NUM; ++i) {
	name = gnutls_cipher_get_name(pcache->cipher.priority[i]);
	if (i >= pcache->cipher.algorithms) {
	if (pcache->cipher.priority[i] != 0) {
	printf("%20s\t0x%02x\tat index %i after list end\n", name ? name : "<unknown>", pcache->cipher.priority[i], i);
	}
	} else {
	printf("%20s\t0x%02x\n", name ? name : "<unknown>", pcache->cipher.priority[i]);
	}
	}

	printf("MAC algorithms:\n");
	for (i = 0; i < GNUTLS_MAX_ALGORITHM_NUM; ++i) {
	name = gnutls_mac_get_name(pcache->mac.priority[i]);
	if (i >= pcache->mac.algorithms) {
	if (pcache->mac.priority[i] != 0) {
	printf("%20s\t0x%02x\tat index %i after list end\n", name ? name : "<unknown>", pcache->mac.priority[i], i);
	}
	} else {
	printf("%20s\t0x%02x\n", name ? name : "<unknown>", pcache->mac.priority[i]);
	}
	}

	printf("key exchange algorithms:\n");
	for (i = 0; i < GNUTLS_MAX_ALGORITHM_NUM; ++i) {
	name = gnutls_kx_get_name(pcache->kx.priority[i]);
	if (i >= pcache->kx.algorithms) {
	if (pcache->kx.priority[i] != 0) {
	printf("%20s\t0x%02x\tat index %i after list end\n", name ? name : "<unknown>", pcache->kx.priority[i], i);
	}
	} else {
	printf("%20s\t0x%02x\n", name ? name : "<unknown>", pcache->kx.priority[i]);
	}
	}
	#endif
	}

	int main(int argc, char** argv) {
	if (argc > 1) print_cipher_suite_list(argv[1]);
	}