summaryrefslogtreecommitdiff
path: root/lib/algorithms.h
blob: 2f5366db6bc647031356a1c6ce1999b26129e34d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
/*
 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
 * Copyright (C) 2017 Red Hat, Inc.
 *
 * Author: Nikos Mavrogiannopoulos
 *
 * This file is part of GnuTLS.
 *
 * The GnuTLS is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>
 *
 */

#ifndef GNUTLS_LIB_ALGORITHMS_H
#define GNUTLS_LIB_ALGORITHMS_H

#include "auth.h"

#ifdef DISABLE_SYSTEM_CONFIG
# define SYSTEM_CONFIG_OR_CONST const
#else
# define SYSTEM_CONFIG_OR_CONST
#endif

#define version_to_entry _gnutls_version_to_entry

#define GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR 0x00
#define GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR 0xFF

#define GNUTLS_FALLBACK_SCSV_MAJOR 0x56
#define GNUTLS_FALLBACK_SCSV_MINOR 0x00

#define IS_GOSTEC(x) (((x)==GNUTLS_PK_GOST_01)	|| \
		      ((x)==GNUTLS_PK_GOST_12_256)|| \
		      ((x)==GNUTLS_PK_GOST_12_512))

#define IS_EC(x) (((x)==GNUTLS_PK_ECDSA)|| \
		  ((x)==GNUTLS_PK_ECDH_X25519)||((x)==GNUTLS_PK_EDDSA_ED25519)|| \
		  ((x)==GNUTLS_PK_ECDH_X448)||((x)==GNUTLS_PK_EDDSA_ED448))

#define SIG_SEM_PRE_TLS12 (1<<1)
#define SIG_SEM_TLS13 (1<<2)
#define SIG_SEM_DEFAULT (SIG_SEM_PRE_TLS12|SIG_SEM_TLS13)

#define TLS_SIGN_AID_UNKNOWN {{255, 255}, 0}
#define HAVE_UNKNOWN_SIGAID(aid) ((aid)->id[0] == 255 && (aid)->id[1] == 255)

#define CS_INVALID_MAJOR 0x00
#define CS_INVALID_MINOR 0x00

/* Functions for version handling. */
const version_entry_st *version_to_entry(gnutls_protocol_t version);
const version_entry_st *nversion_to_entry(uint8_t major, uint8_t minor);
const version_entry_st *_gnutls_version_lowest(gnutls_session_t session);

const version_entry_st *_gnutls_legacy_version_max(gnutls_session_t session);
const version_entry_st *_gnutls_version_max(gnutls_session_t session);
int _gnutls_version_priority(gnutls_session_t session,
			     gnutls_protocol_t version);
int _gnutls_nversion_is_supported(gnutls_session_t session,
				  unsigned char major, unsigned char minor);
gnutls_protocol_t _gnutls_version_get(uint8_t major, uint8_t minor);
unsigned _gnutls_version_is_too_high(gnutls_session_t session, uint8_t major, uint8_t minor);

int _gnutls_write_supported_versions(gnutls_session_t session, uint8_t *buffer, ssize_t buffer_size);

/* Functions for feature checks */
int
_gnutls_figure_common_ciphersuite(gnutls_session_t session,
				  const ciphersuite_list_st *peer_clist,
				  const gnutls_cipher_suite_entry_st **ce);

inline static int
_gnutls_version_has_selectable_prf(const version_entry_st * ver)
{
	if (unlikely(ver == NULL))
		return 0;
	return ver->selectable_prf;
}

inline static int
_gnutls_version_has_selectable_sighash(const version_entry_st * ver)
{
	if (unlikely(ver == NULL))
		return 0;
	return ver->selectable_sighash;
}

inline static
int _gnutls_version_has_extensions(const version_entry_st * ver)
{
	if (unlikely(ver == NULL))
		return 0;
	return ver->extensions;
}

inline static
int _gnutls_version_has_explicit_iv(const version_entry_st * ver)
{
	if (unlikely(ver == NULL))
		return 0;
	return ver->explicit_iv;
}

/* Functions for MACs. */
const mac_entry_st *_gnutls_mac_to_entry(gnutls_mac_algorithm_t c);
#define mac_to_entry(x) _gnutls_mac_to_entry(x)
#define hash_to_entry(x) mac_to_entry((gnutls_mac_algorithm_t)(x))

inline static int _gnutls_mac_is_ok(const mac_entry_st * e)
{
	if (unlikely(e == NULL) || e->id == 0)
		return 0;
	else
		return 1;
}

/*-
 * _gnutls_mac_get_algo_len:
 * @algorithm: is an encryption algorithm
 *
 * Get size of MAC key.
 *
 * Returns: length (in bytes) of the MAC output size, or 0 if the
 *   given MAC algorithm is invalid.
 -*/
inline static size_t _gnutls_mac_get_algo_len(const mac_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	else
		return e->output_size;
}

inline static const char *_gnutls_x509_mac_to_oid(const mac_entry_st * e)
{
	if (unlikely(e == NULL))
		return NULL;
	else
		return e->oid;
}

inline static const char *_gnutls_mac_get_name(const mac_entry_st * e)
{
	if (unlikely(e == NULL))
		return NULL;
	else
		return e->name;
}

inline static int _gnutls_mac_block_size(const mac_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	else
		return e->block_size;
}

inline static int _gnutls_mac_get_key_size(const mac_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	else
		return e->key_size;
}

inline static gnutls_digest_algorithm_t
_gnutls_mac_to_dig(gnutls_mac_algorithm_t mac)
{
	if (unlikely(mac >= GNUTLS_MAC_AEAD))
		return GNUTLS_DIG_UNKNOWN;

	return (gnutls_digest_algorithm_t)mac;
}

#define MAC_TO_DIG(mac) _gnutls_mac_to_dig(mac)

/* Functions for digests. */
#define _gnutls_x509_digest_to_oid _gnutls_x509_mac_to_oid
#define _gnutls_digest_get_name _gnutls_mac_get_name
#define _gnutls_hash_get_algo_len _gnutls_mac_get_algo_len

#define DIG_TO_MAC(dig) (gnutls_mac_algorithm_t)(dig)

/* Security against pre-image attacks */
inline static int _gnutls_digest_is_secure(const mac_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	else
		return !(e->flags & GNUTLS_MAC_FLAG_PREIMAGE_INSECURE);
}

/* Functions for cipher suites. */
int _gnutls_get_client_ciphersuites(gnutls_session_t session,
	gnutls_buffer_st * cdata, const version_entry_st *minver,
	unsigned add_scsv);

int _gnutls_supported_ciphersuites(gnutls_session_t session,
				   uint8_t * cipher_suites,
				   unsigned int max_cipher_suite_size);

const gnutls_cipher_suite_entry_st
    *cipher_suite_get(gnutls_kx_algorithm_t kx_algorithm,
		      gnutls_cipher_algorithm_t cipher_algorithm,
		      gnutls_mac_algorithm_t mac_algorithm);

const char *_gnutls_cipher_suite_get_name(const uint8_t suite[2]);
gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo(const uint8_t
						       suite[2]);

int
_gnutls_cipher_suite_get_id(gnutls_kx_algorithm_t kx_algorithm,
			    gnutls_cipher_algorithm_t cipher_algorithm,
			    gnutls_mac_algorithm_t mac_algorithm,
			    uint8_t suite[2]);

const gnutls_cipher_suite_entry_st *ciphersuite_to_entry(const uint8_t suite[2]);

/* Functions for ciphers. */
const cipher_entry_st *_gnutls_cipher_to_entry(gnutls_cipher_algorithm_t c);
#define cipher_to_entry(x) _gnutls_cipher_to_entry(x)
const cipher_entry_st *cipher_name_to_entry(const char *name);

inline static cipher_type_t _gnutls_cipher_type(const cipher_entry_st * e)
{
	if (unlikely(e == NULL))
		return CIPHER_AEAD; /* doesn't matter */
	return e->type;
}

inline static int _gnutls_cipher_get_block_size(const cipher_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	return e->blocksize;
}

inline static int
_gnutls_cipher_get_implicit_iv_size(const cipher_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	return e->implicit_iv;
}

inline static int
_gnutls_cipher_get_iv_size(const cipher_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	return e->cipher_iv;
}

inline static int
_gnutls_cipher_get_explicit_iv_size(const cipher_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	return e->explicit_iv;
}

inline static int _gnutls_cipher_get_key_size(const cipher_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	return e->keysize;
}

inline static const char *_gnutls_cipher_get_name(const cipher_entry_st *
						  e)
{
	if (unlikely(e == NULL))
		return NULL;
	return e->name;
}

inline static int _gnutls_cipher_algo_is_aead(const cipher_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	return (e->type == CIPHER_AEAD)?1:0;
}

inline static int _gnutls_cipher_is_ok(const cipher_entry_st * e)
{
	if (unlikely(e == NULL) || e->id == 0)
		return 0;
	else
		return 1;
}

inline static int _gnutls_cipher_get_tag_size(const cipher_entry_st * e)
{
	size_t ret = 0;

	if (unlikely(e == NULL))
		return ret;

	/* non-AEAD have 0 as tag size */
	return e->tagsize;
}

/* Functions for key exchange. */
bool _gnutls_kx_needs_dh_params(gnutls_kx_algorithm_t algorithm);
bool _gnutls_kx_allows_false_start(gnutls_session_t session);
mod_auth_st *_gnutls_kx_auth_struct(gnutls_kx_algorithm_t algorithm);
int _gnutls_kx_is_ok(gnutls_kx_algorithm_t algorithm);

int _gnutls_kx_get_id(const char *name);

gnutls_credentials_type_t _gnutls_map_kx_get_cred(gnutls_kx_algorithm_t
						  algorithm, int server);

/* KX to PK mapping. */
unsigned
_gnutls_kx_supports_pk(gnutls_kx_algorithm_t kx_algorithm,
		       gnutls_pk_algorithm_t pk_algorithm);

unsigned
_gnutls_kx_supports_pk_usage(gnutls_kx_algorithm_t kx_algorithm,
		       gnutls_pk_algorithm_t pk_algorithm,
		       unsigned key_usage);

enum encipher_type { CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };

enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm_t
					    kx_algorithm);

/* Functions for sign algorithms. */

typedef enum hash_security_level_t {
	_SECURE,
	_INSECURE_FOR_CERTS,
	_INSECURE
} hash_security_level_t;

int _gnutls_ecc_curve_mark_disabled(gnutls_ecc_curve_t curve);
int _gnutls_sign_mark_insecure(gnutls_sign_algorithm_t, hash_security_level_t);
int _gnutls_digest_mark_insecure(gnutls_digest_algorithm_t dig);
unsigned _gnutls_digest_is_insecure(gnutls_digest_algorithm_t dig);
int _gnutls_version_mark_disabled(gnutls_protocol_t version);
gnutls_protocol_t _gnutls_protocol_get_id_if_supported(const char *name);

#define GNUTLS_SIGN_FLAG_TLS13_OK	1 /* if it is ok to use under TLS1.3 */
#define GNUTLS_SIGN_FLAG_CRT_VRFY_REVERSE (1 << 1) /* reverse order of bytes in CrtVrfy signature */
struct gnutls_sign_entry_st {
	const char *name;
	const char *oid;
	gnutls_sign_algorithm_t id;
	gnutls_pk_algorithm_t pk;
	gnutls_digest_algorithm_t hash;

	/* if non-zero it must be the algorithm of the
	 * private key used or certificate. This is for algorithms
	 * which can have a different public key type than the
	 * private key (e.g., RSA PKCS#1 1.5 certificate, but
	 * an RSA-PSS private key, or an RSA private key and
	 * an RSA-PSS certificate). */
	gnutls_pk_algorithm_t priv_pk;
	gnutls_pk_algorithm_t cert_pk;

	unsigned flags;

	/* if this signature algorithm is restricted to a curve
	 * under TLS 1.3. */
	gnutls_ecc_curve_t curve;

	/* See RFC 5246 HashAlgorithm and SignatureAlgorithm
	   for values to use in aid struct. */
	const sign_algorithm_st aid;
	hash_security_level_t slevel;	/* contains values of hash_security_level_t */

	/* 0 if it matches the predefined hash output size, otherwise
	 * it is truncated or expanded (with XOF) */
	unsigned hash_output_size;
};
typedef struct gnutls_sign_entry_st gnutls_sign_entry_st;

const gnutls_sign_entry_st *_gnutls_sign_to_entry(gnutls_sign_algorithm_t sign);
const gnutls_sign_entry_st *_gnutls_pk_to_sign_entry(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash);
const gnutls_sign_entry_st *_gnutls_oid_to_sign_entry(const char *oid);

/* returns true if that signature can be generated
 * from the given private key algorithm. */
inline static unsigned
sign_supports_priv_pk_algorithm(const gnutls_sign_entry_st *se, gnutls_pk_algorithm_t pk)
{
	if (pk == se->pk || (se->priv_pk && se->priv_pk == pk))
		return 1;

	return 0;
}

/* returns true if that signature can be verified with
 * the given public key algorithm. */
inline static unsigned
sign_supports_cert_pk_algorithm(const gnutls_sign_entry_st *se, gnutls_pk_algorithm_t pk)
{
	if ((!se->cert_pk && pk == se->pk) || (se->cert_pk && se->cert_pk == pk))
		return 1;

	return 0;
}

bool _gnutls_sign_is_secure2(const gnutls_sign_entry_st *se, unsigned int flags);

gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk(gnutls_sign_algorithm_t
					      sign);
const char *_gnutls_x509_sign_to_oid(gnutls_pk_algorithm_t,
				     gnutls_digest_algorithm_t mac);

const gnutls_sign_entry_st *
_gnutls_tls_aid_to_sign_entry(uint8_t id0, uint8_t id1, const version_entry_st *ver);

gnutls_sign_algorithm_t
_gnutls_tls_aid_to_sign(uint8_t id0, uint8_t id1, const version_entry_st *ver);
const sign_algorithm_st *_gnutls_sign_to_tls_aid(gnutls_sign_algorithm_t
						 sign);

const gnutls_sign_entry_st *
_gnutls13_sign_get_compatible_with_privkey(gnutls_privkey_t privkey);

unsigned int _gnutls_pk_bits_to_subgroup_bits(unsigned int pk_bits);
gnutls_digest_algorithm_t _gnutls_pk_bits_to_sha_hash(unsigned int pk_bits);

gnutls_digest_algorithm_t _gnutls_hash_size_to_sha_hash(unsigned int size);

bool _gnutls_pk_is_not_prehashed(gnutls_pk_algorithm_t algorithm);

/* ECC */
typedef struct gnutls_ecc_curve_entry_st {
	const char *name;
	const char *oid;
	gnutls_ecc_curve_t id;
	gnutls_pk_algorithm_t pk;
	unsigned size;		/* the size in bytes */
	unsigned sig_size;	/* the size of curve signatures in bytes (EdDSA) */
	unsigned gost_curve;
	bool supported;
	gnutls_group_t group;
} gnutls_ecc_curve_entry_st;

const gnutls_ecc_curve_entry_st
    *_gnutls_ecc_curve_get_params(gnutls_ecc_curve_t curve);

unsigned _gnutls_ecc_curve_is_supported(gnutls_ecc_curve_t);

gnutls_group_t _gnutls_ecc_curve_get_group(gnutls_ecc_curve_t);
const gnutls_group_entry_st *_gnutls_tls_id_to_group(unsigned num);
const gnutls_group_entry_st * _gnutls_id_to_group(unsigned id);

gnutls_ecc_curve_t _gnutls_ecc_bits_to_curve(gnutls_pk_algorithm_t pk, int bits);
#define MAX_ECC_CURVE_SIZE 66

gnutls_pk_algorithm_t _gnutls_oid_to_pk_and_curve(const char *oid, gnutls_ecc_curve_t *curve);

inline static int _curve_is_eddsa(const gnutls_ecc_curve_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	if (e->pk == GNUTLS_PK_EDDSA_ED25519 ||
	    e->pk == GNUTLS_PK_EDDSA_ED448)
		return 1;
	return 0;
}

inline static int _curve_is_modern_ecdh(const gnutls_ecc_curve_entry_st * e)
{
	if (unlikely(e == NULL))
		return 0;
	if (e->pk == GNUTLS_PK_ECDH_X25519 ||
	    e->pk == GNUTLS_PK_ECDH_X448)
		return 1;
	return 0;
}

inline static int curve_is_eddsa(gnutls_ecc_curve_t id)
{
	const gnutls_ecc_curve_entry_st *e = _gnutls_ecc_curve_get_params(id);
	return _curve_is_eddsa(e);
}

inline static int curve_is_modern_ecdh(gnutls_ecc_curve_t id)
{
	const gnutls_ecc_curve_entry_st *e = _gnutls_ecc_curve_get_params(id);
	return _curve_is_modern_ecdh(e);
}

static inline int _gnutls_kx_is_ecc(gnutls_kx_algorithm_t kx)
{
	if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA ||
	    kx == GNUTLS_KX_ANON_ECDH || kx == GNUTLS_KX_ECDHE_PSK)
		return 1;

	return 0;
}

static inline int _gnutls_kx_is_psk(gnutls_kx_algorithm_t kx)
{
	if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK ||
	    kx == GNUTLS_KX_ECDHE_PSK || kx == GNUTLS_KX_RSA_PSK)
		return 1;

	return 0;
}

static inline int _gnutls_kx_is_dhe(gnutls_kx_algorithm_t kx)
{
	if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS ||
	    kx == GNUTLS_KX_ANON_DH || kx == GNUTLS_KX_DHE_PSK)
		return 1;

	return 0;
}

static inline unsigned _gnutls_kx_is_vko_gost(gnutls_kx_algorithm_t kx)
{
	if (kx == GNUTLS_KX_VKO_GOST_12)
		return 1;

	return 0;
}

static inline bool
_sign_is_gost(const gnutls_sign_entry_st *se)
{
	gnutls_pk_algorithm_t pk = se->pk;

	return  (pk == GNUTLS_PK_GOST_01) ||
		(pk == GNUTLS_PK_GOST_12_256) ||
		(pk == GNUTLS_PK_GOST_12_512);
}

static inline int _sig_is_ecdsa(gnutls_sign_algorithm_t sig)
{
	if (sig == GNUTLS_SIGN_ECDSA_SHA1 || sig == GNUTLS_SIGN_ECDSA_SHA224 ||
	    sig == GNUTLS_SIGN_ECDSA_SHA256 || sig == GNUTLS_SIGN_ECDSA_SHA384 ||
	    sig == GNUTLS_SIGN_ECDSA_SHA512)
		return 1;

	return 0;
}

bool _gnutls_pk_are_compat(gnutls_pk_algorithm_t pk1, gnutls_pk_algorithm_t pk2);

unsigned _gnutls_sign_get_hash_strength(gnutls_sign_algorithm_t sign);

#endif /* GNUTLS_LIB_ALGORITHMS_H */