1 /*
2  * Copyright (C) 2011-2012 Free Software Foundation, Inc.
3  *
4  * Author: Nikos Mavrogiannopoulos
5  *
6  * This file is part of GnuTLS.
7  *
8  * The GnuTLS is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public License
10  * as published by the Free Software Foundation; either version 2.1 of
11  * the License, or (at your option) any later version.
12  *
13  * This library is distributed in the hope that it will be useful, but
14  * WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public License
19  * along with this program.  If not, see <https://www.gnu.org/licenses/>
20  *
21  */
22 
23 #include "gnutls_int.h"
24 #include <algorithms.h>
25 #include "errors.h"
26 #include <x509/common.h>
27 
28 
29 /* KX mappings to PK algorithms */
30 typedef struct {
31 	gnutls_kx_algorithm_t kx_algorithm;
32 	gnutls_pk_algorithm_t pk_algorithm;
33 	enum encipher_type encipher_type;	/* CIPHER_ENCRYPT if this algorithm is to be used
34 						 * for encryption, CIPHER_SIGN if signature only,
35 						 * CIPHER_IGN if this does not apply at all.
36 						 *
37 						 * This is useful to certificate cipher suites, which check
38 						 * against the certificate key usage bits.
39 						 */
40 } gnutls_pk_map;
41 
42 /* This table maps the Key exchange algorithms to
43  * the certificate algorithms. Eg. if we have
44  * RSA algorithm in the certificate then we can
45  * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
46  */
47 static const gnutls_pk_map pk_mappings[] = {
48 	{GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
49 	{GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
50 	{GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
51 	{GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
52 	{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EC, CIPHER_SIGN},
53 	{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EDDSA_ED25519, CIPHER_SIGN},
54 	{GNUTLS_KX_ECDHE_ECDSA, GNUTLS_PK_EDDSA_ED448, CIPHER_SIGN},
55 	{GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
56 	{GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA_PSS, CIPHER_SIGN},
57 	{GNUTLS_KX_ECDHE_RSA, GNUTLS_PK_RSA_PSS, CIPHER_SIGN},
58 	{GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
59 	{GNUTLS_KX_RSA_PSK, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
60 	{GNUTLS_KX_VKO_GOST_12, GNUTLS_PK_GOST_01, CIPHER_SIGN},
61 	{GNUTLS_KX_VKO_GOST_12, GNUTLS_PK_GOST_12_256, CIPHER_SIGN},
62 	{GNUTLS_KX_VKO_GOST_12, GNUTLS_PK_GOST_12_512, CIPHER_SIGN},
63 	{0, 0, 0}
64 };
65 
66 #define GNUTLS_PK_MAP_LOOP(b) \
67 	const gnutls_pk_map *p; \
68 		for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
69 
70 #define GNUTLS_PK_MAP_ALG_LOOP(a) \
71 			GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
72 
73 
74 unsigned
_gnutls_kx_supports_pk(gnutls_kx_algorithm_t kx_algorithm,gnutls_pk_algorithm_t pk_algorithm)75 _gnutls_kx_supports_pk(gnutls_kx_algorithm_t kx_algorithm,
76 		       gnutls_pk_algorithm_t pk_algorithm)
77 {
78 	GNUTLS_PK_MAP_LOOP(if (p->kx_algorithm == kx_algorithm && p->pk_algorithm == pk_algorithm) { return 1; })
79 	return 0;
80 }
81 
82 unsigned
_gnutls_kx_supports_pk_usage(gnutls_kx_algorithm_t kx_algorithm,gnutls_pk_algorithm_t pk_algorithm,unsigned int key_usage)83 _gnutls_kx_supports_pk_usage(gnutls_kx_algorithm_t kx_algorithm,
84 			     gnutls_pk_algorithm_t pk_algorithm,
85 			     unsigned int key_usage)
86 {
87 	const gnutls_pk_map *p;
88 
89 	for(p = pk_mappings; p->kx_algorithm != 0; p++) {
90 		if (p->kx_algorithm == kx_algorithm && p->pk_algorithm == pk_algorithm) {
91 			if (key_usage == 0)
92 				return 1;
93 			else if (p->encipher_type == CIPHER_SIGN && (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
94 				return 1;
95 			else if (p->encipher_type == CIPHER_ENCRYPT && (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT))
96 				return 1;
97 			else
98 				return 0;
99 		}
100 	}
101 
102 	return 0;
103 }
104 
105 /* pk algorithms;
106  */
107 struct gnutls_pk_entry {
108 	const char *name;
109 	const char *oid;
110 	gnutls_pk_algorithm_t id;
111 	gnutls_ecc_curve_t curve; /* to map PK to specific OID, we need to know the curve for EdDSA */
112 	bool no_prehashed; /* non-zero if the algorithm cannot sign pre-hashed data */
113 };
114 typedef struct gnutls_pk_entry gnutls_pk_entry;
115 
116 static const gnutls_pk_entry pk_algorithms[] = {
117 	/* having duplicate entries is ok, as long as the one
118 	 * we want to return OID from is first */
119 	{ .name = "RSA", .oid = PK_PKIX1_RSA_OID, .id = GNUTLS_PK_RSA,
120 	   .curve = GNUTLS_ECC_CURVE_INVALID },
121 	{ .name = "RSA-PSS", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_PK_RSA_PSS,
122 	   .curve = GNUTLS_ECC_CURVE_INVALID },
123 	{ .name = "RSA (X.509)", .oid = PK_X509_RSA_OID, .id = GNUTLS_PK_RSA,
124 	   .curve = GNUTLS_ECC_CURVE_INVALID },	/* some certificates use this OID for RSA */
125 	{ .name = "RSA-MD5", .oid = SIG_RSA_MD5_OID, .id = GNUTLS_PK_RSA,
126 	   .curve = GNUTLS_ECC_CURVE_INVALID },	/* some other broken certificates set RSA with MD5 as an indicator of RSA */
127 	{ .name = "RSA-SHA1", .oid = SIG_RSA_SHA1_OID, .id = GNUTLS_PK_RSA,
128 	   .curve = GNUTLS_ECC_CURVE_INVALID },	/* some other broken certificates set RSA with SHA1 as an indicator of RSA */
129 	{ .name = "RSA-SHA1", .oid = ISO_SIG_RSA_SHA1_OID, .id = GNUTLS_PK_RSA,
130 	   .curve = GNUTLS_ECC_CURVE_INVALID },	/* some other broken certificates set RSA with SHA1 as an indicator of RSA */
131 	{ .name = "DSA", .oid = PK_DSA_OID, .id = GNUTLS_PK_DSA,
132 	   .curve = GNUTLS_ECC_CURVE_INVALID },
133 	{ .name = "GOST R 34.10-2012-512", .oid = PK_GOST_R3410_2012_512_OID, .id = GNUTLS_PK_GOST_12_512,
134 	   .curve = GNUTLS_ECC_CURVE_INVALID },
135 	{ .name = "GOST R 34.10-2012-256", .oid = PK_GOST_R3410_2012_256_OID, .id = GNUTLS_PK_GOST_12_256,
136 	   .curve = GNUTLS_ECC_CURVE_INVALID },
137 	{ .name = "GOST R 34.10-2001", .oid = PK_GOST_R3410_2001_OID, .id = GNUTLS_PK_GOST_01,
138 	   .curve = GNUTLS_ECC_CURVE_INVALID },
139 	{ .name = "GOST R 34.10-94", .oid = PK_GOST_R3410_94_OID, .id = GNUTLS_PK_UNKNOWN,
140 	   .curve = GNUTLS_ECC_CURVE_INVALID },
141 	{ .name = "EC/ECDSA", .oid = "1.2.840.10045.2.1", .id = GNUTLS_PK_ECDSA,
142 	   .curve = GNUTLS_ECC_CURVE_INVALID },
143 	{ .name = "EdDSA (Ed25519)", .oid = SIG_EDDSA_SHA512_OID, .id = GNUTLS_PK_EDDSA_ED25519,
144 	  .curve = GNUTLS_ECC_CURVE_ED25519, .no_prehashed = 1 },
145 	{ .name = "EdDSA (Ed448)", .oid = SIG_ED448_OID, .id = GNUTLS_PK_EDDSA_ED448,
146 	  .curve = GNUTLS_ECC_CURVE_ED448, .no_prehashed = 1 },
147 	{ .name = "DH", .oid = NULL, .id = GNUTLS_PK_DH,
148 	   .curve = GNUTLS_ECC_CURVE_INVALID },
149 	{ .name = "ECDH (X25519)", .oid = "1.3.101.110", .id = GNUTLS_PK_ECDH_X25519,
150 	  .curve = GNUTLS_ECC_CURVE_X25519 },
151 	{ .name = "ECDH (X448)", .oid = "1.3.101.111", .id = GNUTLS_PK_ECDH_X448,
152 	  .curve = GNUTLS_ECC_CURVE_X448 },
153 	{ .name = "UNKNOWN", .oid = NULL, .id = GNUTLS_PK_UNKNOWN,
154 	  .curve = GNUTLS_ECC_CURVE_INVALID },
155 	{0, 0, 0, 0}
156 };
157 
158 #define GNUTLS_PK_LOOP(b) \
159 	{ const gnutls_pk_entry *p; \
160 		for(p = pk_algorithms; p->name != NULL; p++) { b ; } }
161 
162 
163 /**
164  * gnutls_pk_algorithm_get_name:
165  * @algorithm: is a pk algorithm
166  *
167  * Convert a #gnutls_pk_algorithm_t value to a string.
168  *
169  * Returns: a string that contains the name of the specified public
170  *   key algorithm, or %NULL.
171  **/
gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm)172 const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm)
173 {
174 	const char *ret = NULL;
175 
176 	GNUTLS_PK_LOOP(
177 		if (p->id == algorithm) {
178 			ret = p->name;
179 			break;
180 		}
181 	);
182 
183 	return ret;
184 }
185 
186 /**
187  * gnutls_pk_list:
188  *
189  * Get a list of supported public key algorithms.
190  *
191  * This function is not thread safe.
192  *
193  * Returns: a (0)-terminated list of #gnutls_pk_algorithm_t integers
194  *   indicating the available ciphers.
195  *
196  * Since: 2.6.0
197  **/
gnutls_pk_list(void)198 const gnutls_pk_algorithm_t *gnutls_pk_list(void)
199 {
200 	static gnutls_pk_algorithm_t supported_pks[MAX_ALGOS] = { 0 };
201 
202 	if (supported_pks[0] == 0) {
203 		int i = 0;
204 
205 		GNUTLS_PK_LOOP(
206 			if (p->id != GNUTLS_PK_UNKNOWN && supported_pks[i > 0 ? (i - 1) : 0] != p->id)
207 				supported_pks[i++] = p->id
208 		);
209 		supported_pks[i++] = 0;
210 	}
211 
212 	return supported_pks;
213 }
214 
215 /**
216  * gnutls_pk_get_id:
217  * @name: is a string containing a public key algorithm name.
218  *
219  * Convert a string to a #gnutls_pk_algorithm_t value.  The names are
220  * compared in a case insensitive way.  For example,
221  * gnutls_pk_get_id("RSA") will return %GNUTLS_PK_RSA.
222  *
223  * Returns: a #gnutls_pk_algorithm_t id of the specified public key
224  *   algorithm string, or %GNUTLS_PK_UNKNOWN on failures.
225  *
226  * Since: 2.6.0
227  **/
gnutls_pk_get_id(const char * name)228 gnutls_pk_algorithm_t gnutls_pk_get_id(const char *name)
229 {
230 	gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
231 	const gnutls_pk_entry *p;
232 
233 	for (p = pk_algorithms; p->name != NULL; p++)
234 		if (name && strcmp(p->name, name) == 0) {
235 			ret = p->id;
236 			break;
237 		}
238 
239 	return ret;
240 }
241 
242 /**
243  * gnutls_pk_get_name:
244  * @algorithm: is a public key algorithm
245  *
246  * Convert a #gnutls_pk_algorithm_t value to a string.
247  *
248  * Returns: a pointer to a string that contains the name of the
249  *   specified public key algorithm, or %NULL.
250  *
251  * Since: 2.6.0
252  **/
gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm)253 const char *gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm)
254 {
255 	const char *ret = "Unknown";
256 	const gnutls_pk_entry *p;
257 
258 	for (p = pk_algorithms; p->name != NULL; p++)
259 		if (algorithm == p->id) {
260 			ret = p->name;
261 			break;
262 		}
263 
264 	return ret;
265 }
266 
267 /*-
268  * _gnutls_pk_is_not_prehashed:
269  * @algorithm: is a public key algorithm
270  *
271  * Returns non-zero when the public key algorithm does not support pre-hashed
272  * data.
273  *
274  * Since: 3.6.0
275  **/
_gnutls_pk_is_not_prehashed(gnutls_pk_algorithm_t algorithm)276 bool _gnutls_pk_is_not_prehashed(gnutls_pk_algorithm_t algorithm)
277 {
278 	const gnutls_pk_entry *p;
279 
280 	for (p = pk_algorithms; p->name != NULL; p++)
281 		if (algorithm == p->id) {
282 			return p->no_prehashed;
283 		}
284 
285 	return 0;
286 }
287 
288 /**
289  * gnutls_oid_to_pk:
290  * @oid: is an object identifier
291  *
292  * Converts a textual object identifier to a #gnutls_pk_algorithm_t value.
293  *
294  * Returns: a #gnutls_pk_algorithm_t id of the specified digest
295  *   algorithm, or %GNUTLS_PK_UNKNOWN on failure.
296  *
297  * Since: 3.4.3
298  **/
gnutls_oid_to_pk(const char * oid)299 gnutls_pk_algorithm_t gnutls_oid_to_pk(const char *oid)
300 {
301 	gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
302 	const gnutls_pk_entry *p;
303 
304 	for (p = pk_algorithms; p->name != NULL; p++)
305 		if (p->oid && strcmp(p->oid, oid) == 0) {
306 			ret = p->id;
307 			break;
308 		}
309 
310 	return ret;
311 }
312 
313 /**
314  * gnutls_pk_get_oid:
315  * @algorithm: is a public key algorithm
316  *
317  * Convert a #gnutls_pk_algorithm_t value to its object identifier string.
318  *
319  * Returns: a pointer to a string that contains the object identifier of the
320  *   specified public key algorithm, or %NULL.
321  *
322  * Since: 3.4.3
323  **/
gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm)324 const char *gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm)
325 {
326 	const char *ret = NULL;
327 	const gnutls_pk_entry *p;
328 
329 	if (algorithm == 0)
330 		return NULL;
331 
332 	for (p = pk_algorithms; p->name != NULL; p++)
333 		if (p->id == algorithm) {
334 			ret = p->oid;
335 			break;
336 		}
337 
338 	return ret;
339 }
340 
341 /*-
342  * _gnutls_oid_to_pk_and_curve:
343  * @oid: is an object identifier
344  *
345  * Convert an OID to a #gnutls_pk_algorithm_t and curve values. If no curve
346  * is applicable, curve will be set GNUTLS_ECC_CURVE_INVALID.
347  *
348  * Returns: a #gnutls_pk_algorithm_t id of the specified digest
349  *   algorithm, or %GNUTLS_PK_UNKNOWN on failure.
350  *
351  * Since: 3.6.0
352  -*/
_gnutls_oid_to_pk_and_curve(const char * oid,gnutls_ecc_curve_t * curve)353 gnutls_pk_algorithm_t _gnutls_oid_to_pk_and_curve(const char *oid, gnutls_ecc_curve_t *curve)
354 {
355 	gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
356 	const gnutls_pk_entry *p;
357 
358 	for (p = pk_algorithms; p->name != NULL; p++)
359 		if (p->oid && strcmp(p->oid, oid) == 0) {
360 			ret = p->id;
361 			if (curve)
362 				*curve = p->curve;
363 			break;
364 		}
365 
366 	if (ret == GNUTLS_PK_UNKNOWN && curve)
367 		*curve = GNUTLS_ECC_CURVE_INVALID;
368 
369 	return ret;
370 }
371 
372 /* Returns the encipher type for the given key exchange algorithm.
373  * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN.
374  *
375  * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
376  */
377 enum encipher_type
_gnutls_kx_encipher_type(gnutls_kx_algorithm_t kx_algorithm)378 _gnutls_kx_encipher_type(gnutls_kx_algorithm_t kx_algorithm)
379 {
380 	int ret = CIPHER_IGN;
381 	GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type)
382 
383 	return ret;
384 
385 }
386 
_gnutls_pk_are_compat(gnutls_pk_algorithm_t pk1,gnutls_pk_algorithm_t pk2)387 bool _gnutls_pk_are_compat(gnutls_pk_algorithm_t pk1, gnutls_pk_algorithm_t pk2)
388 {
389 	if (pk1 == pk2)
390 		return 1;
391 
392 	if (GNUTLS_PK_IS_RSA(pk1) && GNUTLS_PK_IS_RSA(pk2))
393 		return 1;
394 
395 	return 0;
396 }
397