/* * Copyright (C) 2017 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * * The GnuTLS is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program. If not, see * */ #include "gnutls_int.h" #include #include "errors.h" #include #include #include "c-strcase.h" /* Supported ECC curves */ static const gnutls_group_entry_st supported_groups[] = { { .name = "SECP192R1", .id = GNUTLS_GROUP_SECP192R1, .curve = GNUTLS_ECC_CURVE_SECP192R1, .tls_id = 19, .pk = GNUTLS_PK_ECDSA, }, { .name = "SECP224R1", .id = GNUTLS_GROUP_SECP224R1, .curve = GNUTLS_ECC_CURVE_SECP224R1, .tls_id = 21, .pk = GNUTLS_PK_ECDSA, }, { .name = "SECP256R1", .id = GNUTLS_GROUP_SECP256R1, .curve = GNUTLS_ECC_CURVE_SECP256R1, .tls_id = 23, .pk = GNUTLS_PK_ECDSA, }, { .name = "SECP384R1", .id = GNUTLS_GROUP_SECP384R1, .curve = GNUTLS_ECC_CURVE_SECP384R1, .tls_id = 24, .pk = GNUTLS_PK_ECDSA, }, { .name = "SECP521R1", .id = GNUTLS_GROUP_SECP521R1, .curve = GNUTLS_ECC_CURVE_SECP521R1, .tls_id = 25, .pk = GNUTLS_PK_ECDSA, }, { .name = "X25519", .id = GNUTLS_GROUP_X25519, .curve = GNUTLS_ECC_CURVE_X25519, .tls_id = 29, .pk = GNUTLS_PK_ECDH_X25519 }, #ifdef ENABLE_GOST /* draft-smyshlyaev-tls12-gost-suites-06, Section 6 */ { .name = "GC256A", .id = GNUTLS_GROUP_GC256A, .curve = GNUTLS_ECC_CURVE_GOST256A, .pk = GNUTLS_PK_GOST_12_256, .tls_id = 34, }, { .name = "GC256B", .id = GNUTLS_GROUP_GC256B, .curve = GNUTLS_ECC_CURVE_GOST256B, .pk = GNUTLS_PK_GOST_12_256, .tls_id = 35, }, { .name = "GC256C", .id = GNUTLS_GROUP_GC256C, .curve = GNUTLS_ECC_CURVE_GOST256C, .pk = GNUTLS_PK_GOST_12_256, .tls_id = 36, }, { .name = "GC256D", .id = GNUTLS_GROUP_GC256D, .curve = GNUTLS_ECC_CURVE_GOST256D, .pk = GNUTLS_PK_GOST_12_256, .tls_id = 37, }, { .name = "GC512A", .id = GNUTLS_GROUP_GC512A, .curve = GNUTLS_ECC_CURVE_GOST512A, .pk = GNUTLS_PK_GOST_12_512, .tls_id = 38, }, { .name = "GC512B", .id = GNUTLS_GROUP_GC512B, .curve = GNUTLS_ECC_CURVE_GOST512B, .pk = GNUTLS_PK_GOST_12_512, .tls_id = 39, }, { .name = "GC512C", .id = GNUTLS_GROUP_GC512C, .curve = GNUTLS_ECC_CURVE_GOST512C, .pk = GNUTLS_PK_GOST_12_512, .tls_id = 40, }, #endif { .name = "X448", .id = GNUTLS_GROUP_X448, .curve = GNUTLS_ECC_CURVE_X448, .tls_id = 30, .pk = GNUTLS_PK_ECDH_X448 }, #ifdef ENABLE_DHE { .name = "FFDHE2048", .id = GNUTLS_GROUP_FFDHE2048, .generator = &gnutls_ffdhe_2048_group_generator, .prime = &gnutls_ffdhe_2048_group_prime, .q = &gnutls_ffdhe_2048_group_q, .q_bits = &gnutls_ffdhe_2048_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x100 }, { .name = "FFDHE3072", .id = GNUTLS_GROUP_FFDHE3072, .generator = &gnutls_ffdhe_3072_group_generator, .prime = &gnutls_ffdhe_3072_group_prime, .q = &gnutls_ffdhe_3072_group_q, .q_bits = &gnutls_ffdhe_3072_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x101 }, { .name = "FFDHE4096", .id = GNUTLS_GROUP_FFDHE4096, .generator = &gnutls_ffdhe_4096_group_generator, .prime = &gnutls_ffdhe_4096_group_prime, .q = &gnutls_ffdhe_4096_group_q, .q_bits = &gnutls_ffdhe_4096_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x102 }, { .name = "FFDHE6144", .id = GNUTLS_GROUP_FFDHE6144, .generator = &gnutls_ffdhe_6144_group_generator, .prime = &gnutls_ffdhe_6144_group_prime, .q = &gnutls_ffdhe_6144_group_q, .q_bits = &gnutls_ffdhe_6144_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x103 }, { .name = "FFDHE8192", .id = GNUTLS_GROUP_FFDHE8192, .generator = &gnutls_ffdhe_8192_group_generator, .prime = &gnutls_ffdhe_8192_group_prime, .q = &gnutls_ffdhe_8192_group_q, .q_bits = &gnutls_ffdhe_8192_key_bits, .pk = GNUTLS_PK_DH, .tls_id = 0x104 }, #endif {0, 0, 0} }; #define GNUTLS_GROUP_LOOP(b) \ { const gnutls_group_entry_st *p; \ for(p = supported_groups; p->name != NULL; p++) { b ; } } /* Returns the TLS id of the given curve */ const gnutls_group_entry_st * _gnutls_tls_id_to_group(unsigned num) { GNUTLS_GROUP_LOOP( if (p->tls_id == num && (p->curve == 0 || _gnutls_ecc_curve_is_supported(p->curve))) { return p; } ); return NULL; } const gnutls_group_entry_st * _gnutls_id_to_group(unsigned id) { if (id == 0) return NULL; GNUTLS_GROUP_LOOP( if (p->id == id && (p->curve == 0 || _gnutls_ecc_curve_is_supported(p->curve))) { return p; } ); return NULL; } /** * gnutls_group_list: * * Get the list of supported elliptic curves. * * This function is not thread safe. * * Returns: Return a (0)-terminated list of #gnutls_group_t * integers indicating the available groups. * * Since: 3.6.0 **/ const gnutls_group_t *gnutls_group_list(void) { static gnutls_group_t groups[MAX_ALGOS] = { 0 }; if (groups[0] == 0) { int i = 0; GNUTLS_GROUP_LOOP( if (p->curve == 0 || _gnutls_ecc_curve_is_supported(p->curve)) groups[i++] = p->id; ); groups[i++] = 0; } return groups; } /** * gnutls_group_get_id: * @name: is a group name * * The names are compared in a case insensitive way. * * Returns: return a #gnutls_group_t value corresponding to * the specified group, or %GNUTLS_GROUP_INVALID on error. * * Since: 3.6.0 **/ gnutls_group_t gnutls_group_get_id(const char *name) { gnutls_group_t ret = GNUTLS_GROUP_INVALID; GNUTLS_GROUP_LOOP( if (c_strcasecmp(p->name, name) == 0 && ( p->curve == 0 ||_gnutls_ecc_curve_is_supported(p->curve))) { ret = p->id; break; } ); return ret; } /* Similar to gnutls_group_get_id, except that it does not check if * the curve is supported. */ gnutls_group_t _gnutls_group_get_id(const char *name) { gnutls_group_t ret = GNUTLS_GROUP_INVALID; GNUTLS_GROUP_LOOP( if (c_strcasecmp(p->name, name) == 0) { ret = p->id; break; } ); return ret; } /** * gnutls_group_get_name: * @group: is an element from %gnutls_group_t * * Convert a #gnutls_group_t value to a string. * * Returns: a string that contains the name of the specified * group or %NULL. * * Since: 3.6.0 **/ const char *gnutls_group_get_name(gnutls_group_t group) { GNUTLS_GROUP_LOOP( if (p->id == group) { return p->name; } ); return NULL; }