Line data    Source code

       1             : /*
       2             :  * Copyright (C) 2019 Red Hat, Inc.
       3             :  *
       4             :  * Author: Nikos Mavrogiannopoulos
       5             :  *
       6             :  * This file is part of GnuTLS.
       7             :  *
       8             :  * The GnuTLS is free software; you can redistribute it and/or
       9             :  * modify it under the terms of the GNU Lesser General Public License
      10             :  * as published by the Free Software Foundation; either version 2.1 of
      11             :  * the License, or (at your option) any later version.
      12             :  *
      13             :  * This library is distributed in the hope that it will be useful, but
      14             :  * WITHOUT ANY WARRANTY; without even the implied warranty of
      15             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      16             :  * Lesser General Public License for more details.
      17             :  *
      18             :  * You should have received a copy of the GNU Lesser General Public License
      19             :  * along with this program.  If not, see <https://www.gnu.org/licenses/>
      20             :  *
      21             :  */
      22             : 
      23             : #include "gnutls_int.h"
      24             : #include <algorithms.h>
      25             : #include "errors.h"
      26             : #include <x509/common.h>
      27             : #include "c-strcase.h"
      28             : #include "profiles.h"
      29             : 
      30             : typedef struct {
      31             :         const char *name;
      32             :         gnutls_certificate_verification_profiles_t profile;
      33             :         gnutls_sec_param_t sec_param;
      34             : } gnutls_profile_entry;
      35             : 
      36             : static const gnutls_profile_entry profiles[] = {
      37             :         {"Very weak", GNUTLS_PROFILE_VERY_WEAK, GNUTLS_SEC_PARAM_VERY_WEAK},
      38             :         {"Low", GNUTLS_PROFILE_LOW, GNUTLS_SEC_PARAM_LOW},
      39             :         {"Legacy", GNUTLS_PROFILE_LEGACY, GNUTLS_SEC_PARAM_LEGACY},
      40             :         {"Medium", GNUTLS_PROFILE_MEDIUM, GNUTLS_SEC_PARAM_MEDIUM},
      41             :         {"High", GNUTLS_PROFILE_HIGH, GNUTLS_SEC_PARAM_HIGH},
      42             :         {"Ultra", GNUTLS_PROFILE_ULTRA, GNUTLS_SEC_PARAM_ULTRA},
      43             :         {"Future", GNUTLS_PROFILE_FUTURE, GNUTLS_SEC_PARAM_FUTURE},
      44             :         {"SuiteB128", GNUTLS_PROFILE_SUITEB128, GNUTLS_SEC_PARAM_HIGH},
      45             :         {"SuiteB192", GNUTLS_PROFILE_SUITEB192, GNUTLS_SEC_PARAM_ULTRA},
      46             :         {NULL, 0, 0}
      47             : };
      48             : 
      49          30 : gnutls_sec_param_t _gnutls_profile_to_sec_level(gnutls_certificate_verification_profiles_t profile)
      50             : {
      51          30 :         const gnutls_profile_entry *p;
      52             : 
      53         126 :         for(p = profiles; p->name != NULL; p++) {
      54         126 :                 if (profile == p->profile)
      55          30 :                         return p->sec_param;
      56             :         }
      57             : 
      58             :         return GNUTLS_SEC_PARAM_UNKNOWN;
      59             : }
      60             : 
      61             : /**
      62             :  * gnutls_certificate_verification_profile_get_id:
      63             :  * @name: is a profile name
      64             :  *
      65             :  * Convert a string to a #gnutls_certificate_verification_profiles_t value.  The names are
      66             :  * compared in a case insensitive way.
      67             :  *
      68             :  * Returns: a #gnutls_certificate_verification_profiles_t id of the specified profile,
      69             :  *   or %GNUTLS_PROFILE_UNKNOWN on failure.
      70             :  **/
      71          11 : gnutls_certificate_verification_profiles_t gnutls_certificate_verification_profile_get_id(const char *name)
      72             : {
      73          11 :         const gnutls_profile_entry *p;
      74             : 
      75          11 :         if (name == NULL)
      76             :                 return GNUTLS_PROFILE_UNKNOWN;
      77             : 
      78          53 :         for (p = profiles; p->name != NULL; p++) {
      79          52 :                 if (c_strcasecmp(p->name, name) == 0)
      80          10 :                         return p->profile;
      81             :         }
      82             : 
      83             :         return GNUTLS_PROFILE_UNKNOWN;
      84             : }
      85             : 
      86             : /**
      87             :  * gnutls_certificate_verification_profile_get_name:
      88             :  * @id: is a profile ID
      89             :  *
      90             :  * Convert a #gnutls_certificate_verification_profiles_t value to a string.
      91             :  *
      92             :  * Returns: a string that contains the name of the specified profile or %NULL.
      93             :  **/
      94             : const char *
      95           6 : gnutls_certificate_verification_profile_get_name(gnutls_certificate_verification_profiles_t id)
      96             : {
      97           6 :         const gnutls_profile_entry *p;
      98             : 
      99          21 :         for (p = profiles; p->name != NULL; p++) {
     100          21 :                 if (p->profile == id)
     101             :                         return p->name;
     102             :         }
     103             : 
     104             :         return NULL;
     105             : }