static
int check_level(const char *level, gnutls_priority_t priority_cache,
int add)
{
bulk_rmadd_func *func;
if (add)
func = _add_priority;
else
func = _set_priority;
if (strcasecmp(level, LEVEL_PERFORMANCE) == 0) {
func(&priority_cache->cipher, cipher_priority_performance);
func(&priority_cache->kx, kx_priority_performance);
func(&priority_cache->mac, mac_priority_normal);
func(&priority_cache->sign_algo, sign_priority_default);
func(&priority_cache->supported_ecc, supported_ecc_normal);
SET_LEVEL(GNUTLS_SEC_PARAM_VERY_WEAK);
return 1;
} else if (strcasecmp(level, LEVEL_NORMAL) == 0) {
func(&priority_cache->cipher, cipher_priority_normal);
func(&priority_cache->kx, kx_priority_secure);
func(&priority_cache->mac, mac_priority_normal);
func(&priority_cache->sign_algo, sign_priority_default);
func(&priority_cache->supported_ecc, supported_ecc_normal);
SET_LEVEL(GNUTLS_SEC_PARAM_VERY_WEAK);
return 1;
} else if (strcasecmp(level, LEVEL_PFS) == 0) {
func(&priority_cache->cipher, cipher_priority_normal);
func(&priority_cache->kx, kx_priority_pfs);
func(&priority_cache->mac, mac_priority_normal);
func(&priority_cache->sign_algo, sign_priority_default);
func(&priority_cache->supported_ecc, supported_ecc_normal);
SET_LEVEL(GNUTLS_SEC_PARAM_VERY_WEAK);
return 1;
} else if (strcasecmp(level, LEVEL_SECURE256) == 0
|| strcasecmp(level, LEVEL_SECURE192) == 0) {
func(&priority_cache->cipher, cipher_priority_secure192);
func(&priority_cache->kx, kx_priority_secure);
func(&priority_cache->mac, mac_priority_secure192);
func(&priority_cache->sign_algo, sign_priority_secure192);
func(&priority_cache->supported_ecc,
supported_ecc_secure192);
/* be conservative for now. Set the bits to correspond to 96-bit level */
SET_LEVEL(GNUTLS_SEC_PARAM_LEGACY);
return 1;
} else if (strcasecmp(level, LEVEL_SECURE128) == 0
|| strcasecmp(level, "SECURE") == 0) {
func(&priority_cache->cipher, cipher_priority_secure128);
func(&priority_cache->kx, kx_priority_secure);
func(&priority_cache->mac, mac_priority_secure128);
func(&priority_cache->sign_algo, sign_priority_secure128);
func(&priority_cache->supported_ecc,
supported_ecc_secure128);
/* be conservative for now. Set the bits to correspond to an 72-bit level */
SET_LEVEL(GNUTLS_SEC_PARAM_WEAK);
return 1;
} else if (strcasecmp(level, LEVEL_SUITEB128) == 0) {
func(&priority_cache->protocol, protocol_priority_suiteb);
func(&priority_cache->cipher, cipher_priority_suiteb128);
func(&priority_cache->kx, kx_priority_suiteb);
func(&priority_cache->mac, mac_priority_suiteb128);
func(&priority_cache->sign_algo, sign_priority_suiteb128);
func(&priority_cache->supported_ecc,
supported_ecc_suiteb128);
SET_LEVEL(GNUTLS_SEC_PARAM_HIGH);
return 1;
} else if (strcasecmp(level, LEVEL_SUITEB192) == 0) {
func(&priority_cache->protocol, protocol_priority_suiteb);
func(&priority_cache->cipher, cipher_priority_suiteb192);
func(&priority_cache->kx, kx_priority_suiteb);
func(&priority_cache->mac, mac_priority_suiteb192);
func(&priority_cache->sign_algo, sign_priority_suiteb192);
func(&priority_cache->supported_ecc,
supported_ecc_suiteb192);
SET_LEVEL(GNUTLS_SEC_PARAM_ULTRA);
return 1;
} else if (strcasecmp(level, LEVEL_EXPORT) == 0) {
func(&priority_cache->cipher, cipher_priority_performance);
func(&priority_cache->kx, kx_priority_performance);
func(&priority_cache->mac, mac_priority_secure128);
func(&priority_cache->sign_algo, sign_priority_default);
func(&priority_cache->supported_ecc, supported_ecc_normal);
SET_LEVEL(GNUTLS_SEC_PARAM_EXPORT);
return 1;
}
return 0;
}
static
int check_level(const char *level, gnutls_priority_t priority_cache,
int add)
{
bulk_rmadd_func *func;
unsigned profile = 0;
if (add)
func = _add_priority;
else
func = _set_priority;
if (strcasecmp(level, LEVEL_PERFORMANCE) == 0) {
func(&priority_cache->cipher, cipher_priority_performance);
func(&priority_cache->kx, kx_priority_performance);
func(&priority_cache->mac, mac_priority_normal);
func(&priority_cache->sign_algo, sign_priority_default);
func(&priority_cache->supported_ecc, supported_ecc_normal);
SET_PROFILE(GNUTLS_PROFILE_LOW); /* set certificate level */
SET_LEVEL(GNUTLS_SEC_PARAM_WEAK); /* set DH params level */
return 1;
} else if (strcasecmp(level, LEVEL_NORMAL) == 0) {
func(&priority_cache->cipher, cipher_priority_normal);
func(&priority_cache->kx, kx_priority_secure);
func(&priority_cache->mac, mac_priority_normal);
func(&priority_cache->sign_algo, sign_priority_default);
func(&priority_cache->supported_ecc, supported_ecc_normal);
SET_PROFILE(GNUTLS_PROFILE_LOW);
SET_LEVEL(GNUTLS_SEC_PARAM_WEAK);
return 1;
} else if (strcasecmp(level, LEVEL_PFS) == 0) {
func(&priority_cache->cipher, cipher_priority_normal);
func(&priority_cache->kx, kx_priority_pfs);
func(&priority_cache->mac, mac_priority_secure128);
func(&priority_cache->sign_algo, sign_priority_default);
func(&priority_cache->supported_ecc, supported_ecc_normal);
SET_PROFILE(GNUTLS_PROFILE_LOW);
SET_LEVEL(GNUTLS_SEC_PARAM_WEAK);
return 1;
} else if (strcasecmp(level, LEVEL_SECURE256) == 0
|| strcasecmp(level, LEVEL_SECURE192) == 0) {
func(&priority_cache->cipher, cipher_priority_secure192);
func(&priority_cache->kx, kx_priority_secure);
func(&priority_cache->mac, mac_priority_secure192);
func(&priority_cache->sign_algo, sign_priority_secure192);
func(&priority_cache->supported_ecc,
supported_ecc_secure192);
SET_PROFILE(GNUTLS_PROFILE_HIGH);
SET_LEVEL(GNUTLS_SEC_PARAM_HIGH);
return 1;
} else if (strcasecmp(level, LEVEL_SECURE128) == 0
|| strcasecmp(level, "SECURE") == 0) {
func(&priority_cache->cipher, cipher_priority_secure128);
func(&priority_cache->kx, kx_priority_secure);
func(&priority_cache->mac, mac_priority_secure128);
func(&priority_cache->sign_algo, sign_priority_secure128);
func(&priority_cache->supported_ecc,
supported_ecc_secure128);
/* The profile should have been HIGH but if we don't allow
* SHA-1 (80-bits) as signature algorithm we are not able
* to connect anywhere with this level */
SET_PROFILE(GNUTLS_PROFILE_LOW);
SET_LEVEL(GNUTLS_SEC_PARAM_LOW);
return 1;
} else if (strcasecmp(level, LEVEL_SUITEB128) == 0) {
func(&priority_cache->protocol, protocol_priority_suiteb);
func(&priority_cache->cipher, cipher_priority_suiteb128);
func(&priority_cache->kx, kx_priority_suiteb);
func(&priority_cache->mac, mac_priority_suiteb128);
func(&priority_cache->sign_algo, sign_priority_suiteb128);
func(&priority_cache->supported_ecc,
supported_ecc_suiteb128);
SET_PROFILE(GNUTLS_PROFILE_SUITEB128);
SET_LEVEL(GNUTLS_SEC_PARAM_HIGH);
return 1;
} else if (strcasecmp(level, LEVEL_SUITEB192) == 0) {
func(&priority_cache->protocol, protocol_priority_suiteb);
func(&priority_cache->cipher, cipher_priority_suiteb192);
func(&priority_cache->kx, kx_priority_suiteb);
func(&priority_cache->mac, mac_priority_suiteb192);
func(&priority_cache->sign_algo, sign_priority_suiteb192);
func(&priority_cache->supported_ecc,
supported_ecc_suiteb192);
SET_PROFILE(GNUTLS_PROFILE_SUITEB192);
SET_LEVEL(GNUTLS_SEC_PARAM_ULTRA);
return 1;
} else if (strcasecmp(level, LEVEL_LEGACY) == 0) {
func(&priority_cache->cipher, cipher_priority_normal);
func(&priority_cache->kx, kx_priority_secure);
func(&priority_cache->mac, mac_priority_normal);
func(&priority_cache->sign_algo, sign_priority_default);
func(&priority_cache->supported_ecc, supported_ecc_normal);
SET_LEVEL(GNUTLS_SEC_PARAM_VERY_WEAK);
return 1;
} else if (strcasecmp(level, LEVEL_EXPORT) == 0) {
func(&priority_cache->cipher, cipher_priority_performance);
func(&priority_cache->kx, kx_priority_performance);
func(&priority_cache->mac, mac_priority_secure128);
func(&priority_cache->sign_algo, sign_priority_default);
func(&priority_cache->supported_ecc, supported_ecc_normal);
SET_LEVEL(GNUTLS_SEC_PARAM_EXPORT);
return 1;
}
return 0;
}
