Extract curve from 'zowe.network.server.tls.curves' and make he curve…

…s number string if curve is supported

Signed-off-by: Gautham Kuppuswamy <gkuppuswamy@rocketsoftware.com>

CHANGELOG.md

@@ -4,6 +4,7 @@ All notable changes to the ZSS package will be documented in this file.
 
 ## `2.18.0`
 - Change log level for setting default value of 'httpRequestHeapMaxBlocks' to DEBUG instead of INFO.(#719)
+- Enhancement: Curve customization support from array 'zowe.network.server.tls.curves' in zowe.yaml, only curves mentioned in https://www.ibm.com/docs/en/zos/3.1.0?topic=programming-cipher-suite-definitions#csdcwh__tttcsd are supported currently (#721).
 
 ## `2.17.0`
 - Code to configure the SLH block size of the http server through 'httpRequestHeapMaxBlocks' in the yaml.(#701)

c/zss.c

@@ -1171,6 +1171,7 @@ static char* generateCookieNameV2(ConfigManager *configmgr, int port) {
 #define ENV_AGENT_HTTPS_KEY(key) AGENT_HTTPS_PREFIX key
 
 TLS_IANA_CIPHER_MAP(ianaCipherMap)
+TLS_IANA_CURVE_MAP(ianaCurveMap)
 
 static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh,
                                      ConfigManager *configmgr,
@@ -1226,6 +1227,42 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh,
 
   }
 
+  Json *tlsConfig = NULL;
+  int tlsGetStatus = cfgGetAnyC(configmgr,ZSS_CFGNAME,&tlsConfig, 4,"zowe","network","server","tls");
+  if (tlsGetStatus) {
+    zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_INFO, "TLS is NOT configured for this ZSS\n");
+  } else {
+    JsonObject *tlsConfigObject = jsonAsObject(tlsConfig);
+    Json *curveJson = jsonObjectGetPropertyValue(tlsConfigObject, "curves");
+    char *curves = NULL;
+    if(jsonIsArray(curveJson)) {
+      JsonArray *curveArray = jsonObjectGetArray(tlsConfigObject, "curves");
+      int count = jsonArrayGetCount(curveArray);
+      int curveCharLength = 4;
+      curves = (char *)safeMalloc((sizeof(char) * curveCharLength * count)+1, "curve list");
+      for (int i = 0; i < count; i++) {
+        char *ianaName = jsonArrayGetString(curveArray, i);
+        zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "curve request=%s\n", ianaName);
+        CurveMap *curve = (CurveMap *)ianaCurveMap;
+        bool found = false;
+        while (curve->groupId != NULL) {
+          if (!strcmp(ianaName, curve->name)) {
+            strcat(curves, curve->groupId);
+            zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Curve match=%s\n", curve->groupId);
+            found = true;
+            break;
+          }
+          ++curve;
+        }
+        if (!found) {
+          zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_WARNING, ZSS_LOG_CURVE_INVALID_MSG, ianaName);
+        }
+      }
+      zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Curve array is %s\n", curves);
+      settings->curves = curves;
+    }
+  }
+
   ECVT *ecvt = getECVT();
   /*
      2.3 (1020300) no tls 1.3

h/zssLogging.h

@@ -303,6 +303,12 @@ bool isLogLevelValid(int level);
 #define ZSS_LOG_CIPHER_INVALID_MSG_TEXT        "Requested cipher '%s' not available.\n"
 #define ZSS_LOG_CIPHER_INVALID_MSG             ZSS_LOG_CIPHER_INVALID_MSG_ID" "ZSS_LOG_CIPHER_INVALID_MSG_TEXT
 
+#ifndef ZSS_LOG_CURVE_INVALID_MSG_ID
+#define ZSS_LOG_CURVE_INVALID_MSG_ID          ZSS_LOG_MSG_PRFX"1067W"
+#endif
+#define ZSS_LOG_CURVE_INVALID_MSG_TEXT        "Requested curve '%s' not supported.\n"
+#define ZSS_LOG_CURVE_INVALID_MSG             ZSS_LOG_CURVE_INVALID_MSG_ID" "ZSS_LOG_CURVE_INVALID_MSG_TEXT
+
 
 /* registerProduct */