static int check_level(const char *level, gnutls_priority_t priority_cache, int add) { bulk_rmadd_func *func; if (add) func = _add_priority; else func = _set_priority; if (strcasecmp(level, LEVEL_PERFORMANCE) == 0) { func(&priority_cache->cipher, cipher_priority_performance); func(&priority_cache->kx, kx_priority_performance); func(&priority_cache->mac, mac_priority_normal); func(&priority_cache->sign_algo, sign_priority_default); func(&priority_cache->supported_ecc, supported_ecc_normal); SET_LEVEL(GNUTLS_SEC_PARAM_VERY_WEAK); return 1; } else if (strcasecmp(level, LEVEL_NORMAL) == 0) { func(&priority_cache->cipher, cipher_priority_normal); func(&priority_cache->kx, kx_priority_secure); func(&priority_cache->mac, mac_priority_normal); func(&priority_cache->sign_algo, sign_priority_default); func(&priority_cache->supported_ecc, supported_ecc_normal); SET_LEVEL(GNUTLS_SEC_PARAM_VERY_WEAK); return 1; } else if (strcasecmp(level, LEVEL_PFS) == 0) { func(&priority_cache->cipher, cipher_priority_normal); func(&priority_cache->kx, kx_priority_pfs); func(&priority_cache->mac, mac_priority_normal); func(&priority_cache->sign_algo, sign_priority_default); func(&priority_cache->supported_ecc, supported_ecc_normal); SET_LEVEL(GNUTLS_SEC_PARAM_VERY_WEAK); return 1; } else if (strcasecmp(level, LEVEL_SECURE256) == 0 || strcasecmp(level, LEVEL_SECURE192) == 0) { func(&priority_cache->cipher, cipher_priority_secure192); func(&priority_cache->kx, kx_priority_secure); func(&priority_cache->mac, mac_priority_secure192); func(&priority_cache->sign_algo, sign_priority_secure192); func(&priority_cache->supported_ecc, supported_ecc_secure192); /* be conservative for now. Set the bits to correspond to 96-bit level */ SET_LEVEL(GNUTLS_SEC_PARAM_LEGACY); return 1; } else if (strcasecmp(level, LEVEL_SECURE128) == 0 || strcasecmp(level, "SECURE") == 0) { func(&priority_cache->cipher, cipher_priority_secure128); func(&priority_cache->kx, kx_priority_secure); func(&priority_cache->mac, mac_priority_secure128); func(&priority_cache->sign_algo, sign_priority_secure128); func(&priority_cache->supported_ecc, supported_ecc_secure128); /* be conservative for now. Set the bits to correspond to an 72-bit level */ SET_LEVEL(GNUTLS_SEC_PARAM_WEAK); return 1; } else if (strcasecmp(level, LEVEL_SUITEB128) == 0) { func(&priority_cache->protocol, protocol_priority_suiteb); func(&priority_cache->cipher, cipher_priority_suiteb128); func(&priority_cache->kx, kx_priority_suiteb); func(&priority_cache->mac, mac_priority_suiteb128); func(&priority_cache->sign_algo, sign_priority_suiteb128); func(&priority_cache->supported_ecc, supported_ecc_suiteb128); SET_LEVEL(GNUTLS_SEC_PARAM_HIGH); return 1; } else if (strcasecmp(level, LEVEL_SUITEB192) == 0) { func(&priority_cache->protocol, protocol_priority_suiteb); func(&priority_cache->cipher, cipher_priority_suiteb192); func(&priority_cache->kx, kx_priority_suiteb); func(&priority_cache->mac, mac_priority_suiteb192); func(&priority_cache->sign_algo, sign_priority_suiteb192); func(&priority_cache->supported_ecc, supported_ecc_suiteb192); SET_LEVEL(GNUTLS_SEC_PARAM_ULTRA); return 1; } else if (strcasecmp(level, LEVEL_EXPORT) == 0) { func(&priority_cache->cipher, cipher_priority_performance); func(&priority_cache->kx, kx_priority_performance); func(&priority_cache->mac, mac_priority_secure128); func(&priority_cache->sign_algo, sign_priority_default); func(&priority_cache->supported_ecc, supported_ecc_normal); SET_LEVEL(GNUTLS_SEC_PARAM_EXPORT); return 1; } return 0; }
static int check_level(const char *level, gnutls_priority_t priority_cache, int add) { bulk_rmadd_func *func; unsigned profile = 0; if (add) func = _add_priority; else func = _set_priority; if (strcasecmp(level, LEVEL_PERFORMANCE) == 0) { func(&priority_cache->cipher, cipher_priority_performance); func(&priority_cache->kx, kx_priority_performance); func(&priority_cache->mac, mac_priority_normal); func(&priority_cache->sign_algo, sign_priority_default); func(&priority_cache->supported_ecc, supported_ecc_normal); SET_PROFILE(GNUTLS_PROFILE_LOW); /* set certificate level */ SET_LEVEL(GNUTLS_SEC_PARAM_WEAK); /* set DH params level */ return 1; } else if (strcasecmp(level, LEVEL_NORMAL) == 0) { func(&priority_cache->cipher, cipher_priority_normal); func(&priority_cache->kx, kx_priority_secure); func(&priority_cache->mac, mac_priority_normal); func(&priority_cache->sign_algo, sign_priority_default); func(&priority_cache->supported_ecc, supported_ecc_normal); SET_PROFILE(GNUTLS_PROFILE_LOW); SET_LEVEL(GNUTLS_SEC_PARAM_WEAK); return 1; } else if (strcasecmp(level, LEVEL_PFS) == 0) { func(&priority_cache->cipher, cipher_priority_normal); func(&priority_cache->kx, kx_priority_pfs); func(&priority_cache->mac, mac_priority_secure128); func(&priority_cache->sign_algo, sign_priority_default); func(&priority_cache->supported_ecc, supported_ecc_normal); SET_PROFILE(GNUTLS_PROFILE_LOW); SET_LEVEL(GNUTLS_SEC_PARAM_WEAK); return 1; } else if (strcasecmp(level, LEVEL_SECURE256) == 0 || strcasecmp(level, LEVEL_SECURE192) == 0) { func(&priority_cache->cipher, cipher_priority_secure192); func(&priority_cache->kx, kx_priority_secure); func(&priority_cache->mac, mac_priority_secure192); func(&priority_cache->sign_algo, sign_priority_secure192); func(&priority_cache->supported_ecc, supported_ecc_secure192); SET_PROFILE(GNUTLS_PROFILE_HIGH); SET_LEVEL(GNUTLS_SEC_PARAM_HIGH); return 1; } else if (strcasecmp(level, LEVEL_SECURE128) == 0 || strcasecmp(level, "SECURE") == 0) { func(&priority_cache->cipher, cipher_priority_secure128); func(&priority_cache->kx, kx_priority_secure); func(&priority_cache->mac, mac_priority_secure128); func(&priority_cache->sign_algo, sign_priority_secure128); func(&priority_cache->supported_ecc, supported_ecc_secure128); /* The profile should have been HIGH but if we don't allow * SHA-1 (80-bits) as signature algorithm we are not able * to connect anywhere with this level */ SET_PROFILE(GNUTLS_PROFILE_LOW); SET_LEVEL(GNUTLS_SEC_PARAM_LOW); return 1; } else if (strcasecmp(level, LEVEL_SUITEB128) == 0) { func(&priority_cache->protocol, protocol_priority_suiteb); func(&priority_cache->cipher, cipher_priority_suiteb128); func(&priority_cache->kx, kx_priority_suiteb); func(&priority_cache->mac, mac_priority_suiteb128); func(&priority_cache->sign_algo, sign_priority_suiteb128); func(&priority_cache->supported_ecc, supported_ecc_suiteb128); SET_PROFILE(GNUTLS_PROFILE_SUITEB128); SET_LEVEL(GNUTLS_SEC_PARAM_HIGH); return 1; } else if (strcasecmp(level, LEVEL_SUITEB192) == 0) { func(&priority_cache->protocol, protocol_priority_suiteb); func(&priority_cache->cipher, cipher_priority_suiteb192); func(&priority_cache->kx, kx_priority_suiteb); func(&priority_cache->mac, mac_priority_suiteb192); func(&priority_cache->sign_algo, sign_priority_suiteb192); func(&priority_cache->supported_ecc, supported_ecc_suiteb192); SET_PROFILE(GNUTLS_PROFILE_SUITEB192); SET_LEVEL(GNUTLS_SEC_PARAM_ULTRA); return 1; } else if (strcasecmp(level, LEVEL_LEGACY) == 0) { func(&priority_cache->cipher, cipher_priority_normal); func(&priority_cache->kx, kx_priority_secure); func(&priority_cache->mac, mac_priority_normal); func(&priority_cache->sign_algo, sign_priority_default); func(&priority_cache->supported_ecc, supported_ecc_normal); SET_LEVEL(GNUTLS_SEC_PARAM_VERY_WEAK); return 1; } else if (strcasecmp(level, LEVEL_EXPORT) == 0) { func(&priority_cache->cipher, cipher_priority_performance); func(&priority_cache->kx, kx_priority_performance); func(&priority_cache->mac, mac_priority_secure128); func(&priority_cache->sign_algo, sign_priority_default); func(&priority_cache->supported_ecc, supported_ecc_normal); SET_LEVEL(GNUTLS_SEC_PARAM_EXPORT); return 1; } return 0; }