|
Packit |
549fdc |
/*
|
|
Packit |
549fdc |
* Copyright (C) 2017 Red Hat, Inc.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This file is part of GnuTLS.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit |
549fdc |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit |
549fdc |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
549fdc |
* the License, or (at your option) any later version.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This library is distributed in the hope that it will be useful, but
|
|
Packit |
549fdc |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
549fdc |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
549fdc |
* Lesser General Public License for more details.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
549fdc |
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#include "gnutls_int.h"
|
|
Packit |
549fdc |
#include <algorithms.h>
|
|
Packit |
549fdc |
#include "errors.h"
|
|
Packit |
549fdc |
#include <x509/common.h>
|
|
Packit |
549fdc |
#include <pk.h>
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Supported ECC curves
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
static const gnutls_group_entry_st supported_groups[] = {
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "SECP192R1",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_SECP192R1,
|
|
Packit |
549fdc |
.curve = GNUTLS_ECC_CURVE_SECP192R1,
|
|
Packit |
549fdc |
.tls_id = 19,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "SECP224R1",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_SECP224R1,
|
|
Packit |
549fdc |
.curve = GNUTLS_ECC_CURVE_SECP224R1,
|
|
Packit |
549fdc |
.tls_id = 21,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "SECP256R1",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_SECP256R1,
|
|
Packit |
549fdc |
.curve = GNUTLS_ECC_CURVE_SECP256R1,
|
|
Packit |
549fdc |
.tls_id = 23,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "SECP384R1",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_SECP384R1,
|
|
Packit |
549fdc |
.curve = GNUTLS_ECC_CURVE_SECP384R1,
|
|
Packit |
549fdc |
.tls_id = 24,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "SECP521R1",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_SECP521R1,
|
|
Packit |
549fdc |
.curve = GNUTLS_ECC_CURVE_SECP521R1,
|
|
Packit |
549fdc |
.tls_id = 25,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_ECDSA,
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "X25519",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_X25519,
|
|
Packit |
549fdc |
.curve = GNUTLS_ECC_CURVE_X25519,
|
|
Packit |
549fdc |
.tls_id = 29,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_ECDH_X25519
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
#ifdef ENABLE_DHE
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "FFDHE2048",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_FFDHE2048,
|
|
Packit |
549fdc |
.generator = &gnutls_ffdhe_2048_group_generator,
|
|
Packit |
549fdc |
.prime = &gnutls_ffdhe_2048_group_prime,
|
|
Packit |
549fdc |
.q_bits = &gnutls_ffdhe_2048_key_bits,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_DH,
|
|
Packit |
549fdc |
.tls_id = 0x100
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "FFDHE3072",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_FFDHE3072,
|
|
Packit |
549fdc |
.generator = &gnutls_ffdhe_3072_group_generator,
|
|
Packit |
549fdc |
.prime = &gnutls_ffdhe_3072_group_prime,
|
|
Packit |
549fdc |
.q_bits = &gnutls_ffdhe_3072_key_bits,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_DH,
|
|
Packit |
549fdc |
.tls_id = 0x101
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "FFDHE4096",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_FFDHE4096,
|
|
Packit |
549fdc |
.generator = &gnutls_ffdhe_4096_group_generator,
|
|
Packit |
549fdc |
.prime = &gnutls_ffdhe_4096_group_prime,
|
|
Packit |
549fdc |
.q_bits = &gnutls_ffdhe_4096_key_bits,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_DH,
|
|
Packit |
549fdc |
.tls_id = 0x102
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
.name = "FFDHE8192",
|
|
Packit |
549fdc |
.id = GNUTLS_GROUP_FFDHE8192,
|
|
Packit |
549fdc |
.generator = &gnutls_ffdhe_8192_group_generator,
|
|
Packit |
549fdc |
.prime = &gnutls_ffdhe_8192_group_prime,
|
|
Packit |
549fdc |
.q_bits = &gnutls_ffdhe_8192_key_bits,
|
|
Packit |
549fdc |
.pk = GNUTLS_PK_DH,
|
|
Packit |
549fdc |
.tls_id = 0x104
|
|
Packit |
549fdc |
},
|
|
Packit |
549fdc |
#endif
|
|
Packit |
549fdc |
{0, 0, 0}
|
|
Packit |
549fdc |
};
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
#define GNUTLS_GROUP_LOOP(b) \
|
|
Packit |
549fdc |
{ const gnutls_group_entry_st *p; \
|
|
Packit |
549fdc |
for(p = supported_groups; p->name != NULL; p++) { b ; } }
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/* Returns the TLS id of the given curve
|
|
Packit |
549fdc |
*/
|
|
Packit |
549fdc |
const gnutls_group_entry_st * _gnutls_tls_id_to_group(unsigned num)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
GNUTLS_GROUP_LOOP(
|
|
Packit |
549fdc |
if (p->tls_id == num &&
|
|
Packit |
549fdc |
(p->curve == 0 || _gnutls_pk_curve_exists(p->curve))) {
|
|
Packit |
549fdc |
return p;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return NULL;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
const gnutls_group_entry_st * _gnutls_id_to_group(unsigned id)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
if (id == 0)
|
|
Packit |
549fdc |
return NULL;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
GNUTLS_GROUP_LOOP(
|
|
Packit |
549fdc |
if (p->id == id &&
|
|
Packit |
549fdc |
(p->curve == 0 || _gnutls_pk_curve_exists(p->curve))) {
|
|
Packit |
549fdc |
return p;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return NULL;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/**
|
|
Packit |
549fdc |
* gnutls_group_list:
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Get the list of supported elliptic curves.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* This function is not thread safe.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Returns: Return a (0)-terminated list of #gnutls_group_t
|
|
Packit |
549fdc |
* integers indicating the available groups.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Since: 3.6.0
|
|
Packit |
549fdc |
**/
|
|
Packit |
549fdc |
const gnutls_group_t *gnutls_group_list(void)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
static gnutls_group_t groups[MAX_ALGOS] = { 0 };
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
if (groups[0] == 0) {
|
|
Packit |
549fdc |
int i = 0;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
GNUTLS_GROUP_LOOP(
|
|
Packit |
549fdc |
if (p->curve == 0 || _gnutls_pk_curve_exists(p->curve))
|
|
Packit |
549fdc |
groups[i++] = p->id;
|
|
Packit |
549fdc |
);
|
|
Packit |
549fdc |
groups[i++] = 0;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return groups;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/**
|
|
Packit |
549fdc |
* gnutls_group_get_id:
|
|
Packit |
549fdc |
* @name: is a group name
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* The names are compared in a case insensitive way.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Returns: return a #gnutls_group_t value corresponding to
|
|
Packit |
549fdc |
* the specified group, or %GNUTLS_GROUP_INVALID on error.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Since: 3.6.0
|
|
Packit |
549fdc |
**/
|
|
Packit |
549fdc |
gnutls_group_t gnutls_group_get_id(const char *name)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
gnutls_group_t ret = GNUTLS_GROUP_INVALID;
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
GNUTLS_GROUP_LOOP(
|
|
Packit |
549fdc |
if (strcasecmp(p->name, name) == 0 && (
|
|
Packit |
549fdc |
p->curve == 0 ||_gnutls_pk_curve_exists(p->curve))) {
|
|
Packit |
549fdc |
ret = p->id;
|
|
Packit |
549fdc |
break;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return ret;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
/**
|
|
Packit |
549fdc |
* gnutls_group_get_name:
|
|
Packit |
549fdc |
* @group: is an element from %gnutls_group_t
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Convert a #gnutls_group_t value to a string.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Returns: a string that contains the name of the specified
|
|
Packit |
549fdc |
* group or %NULL.
|
|
Packit |
549fdc |
*
|
|
Packit |
549fdc |
* Since: 3.6.0
|
|
Packit |
549fdc |
**/
|
|
Packit |
549fdc |
const char *gnutls_group_get_name(gnutls_group_t group)
|
|
Packit |
549fdc |
{
|
|
Packit |
549fdc |
GNUTLS_GROUP_LOOP(
|
|
Packit |
549fdc |
if (p->id == group) {
|
|
Packit |
549fdc |
return p->name;
|
|
Packit |
549fdc |
}
|
|
Packit |
549fdc |
);
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
return NULL;
|
|
Packit |
549fdc |
}
|