Curve customization support: extract curve array from yaml and make a list of mapped number strings

CHANGELOG.md

@@ -4,6 +4,7 @@ All notable changes to the ZSS package will be documented in this file.
 
 ## `2.18.0`
 - Change log level for setting default value of 'httpRequestHeapMaxBlocks' to DEBUG instead of INFO.(#719)
+- Enhancement: Curve customization support from array 'zowe.network.server.tls.curves' in zowe.yaml, only curves mentioned in https://www.ibm.com/docs/en/zos/3.1.0?topic=programming-cipher-suite-definitions#csdcwh__tttcsd are supported currently (#721).
 
 ## `2.17.0`
 - Code to configure the SLH block size of the http server through 'httpRequestHeapMaxBlocks' in the yaml.(#701)

c/zss.c

@@ -1171,6 +1171,7 @@ static char* generateCookieNameV2(ConfigManager *configmgr, int port) {
 #define ENV_AGENT_HTTPS_KEY(key) AGENT_HTTPS_PREFIX key
 
 TLS_IANA_CIPHER_MAP(ianaCipherMap)
+TLS_IANA_CURVE_MAP(ianaCurveMap)
 
 static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh,
                                      ConfigManager *configmgr,
@@ -1226,6 +1227,50 @@ static bool readAgentHttpsSettingsV2(ShortLivedHeap *slh,
 
   }
 
+  Json *tlsConfig = NULL;
+  int tlsGetStatus = cfgGetAnyC(configmgr, ZSS_CFGNAME, &tlsConfig, 4, "zowe", "network", "server", "tls");
+  if (tlsGetStatus) {
+    zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_INFO, "TLS is NOT configured for this ZSS\n");
+  } else {
+    JsonObject *tlsConfigObject = jsonAsObject(tlsConfig);
+    Json *curveJson = jsonObjectGetPropertyValue(tlsConfigObject, "curves");
+    char *curves = NULL;
+    if (curveJson && jsonIsArray(curveJson)) {
+      JsonArray *curveArray = jsonObjectGetArray(tlsConfigObject, "curves");
+      if (curveArray) {
+        int count = jsonArrayGetCount(curveArray);
+        const int curveCharLength = 4;
+        curves = safeMalloc((sizeof(char) * curveCharLength * count)+1, "curve list");
+        if (curves == NULL) {
+          zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_WARNING, "Failure to allocate memory for Curves\n");
+          return false;
+        }
+        for (int i = 0; i < count; i++) {
+          char *ianaName = jsonArrayGetString(curveArray, i);
+          if (ianaName) {
+            zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "curve request=%s\n", ianaName);
+            CurveMap *curve = (CurveMap *)ianaCurveMap;
+            bool found = false;
+            while (curve->groupId != NULL) {
+              if (!strcmp(ianaName, curve->name)) {
+                strcat(curves, curve->groupId);
+                zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Curve match=%s\n", curve->groupId);
+                found = true;
+                break;
+              }
+              ++curve;
+            }
+            if (!found) {
+              zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_WARNING, ZSS_LOG_CURVE_INVALID_MSG, ianaName);
+            }
+          }
+        }
+        zowelog(NULL, LOG_COMP_ID_MVD_SERVER, ZOWE_LOG_DEBUG, "Curve array is %s\n", curves);
+        settings->curves = curves;
+      }
+    }
+  }
+
   ECVT *ecvt = getECVT();
   /*
      2.3 (1020300) no tls 1.3

h/zssLogging.h

@@ -303,6 +303,12 @@ bool isLogLevelValid(int level);
 #define ZSS_LOG_CIPHER_INVALID_MSG_TEXT        "Requested cipher '%s' not available.\n"
 #define ZSS_LOG_CIPHER_INVALID_MSG             ZSS_LOG_CIPHER_INVALID_MSG_ID" "ZSS_LOG_CIPHER_INVALID_MSG_TEXT
 
+#ifndef ZSS_LOG_CURVE_INVALID_MSG_ID
+#define ZSS_LOG_CURVE_INVALID_MSG_ID          ZSS_LOG_MSG_PRFX"1067W"
+#endif
+#define ZSS_LOG_CURVE_INVALID_MSG_TEXT        "Requested curve '%s' not supported.\n"
+#define ZSS_LOG_CURVE_INVALID_MSG             ZSS_LOG_CURVE_INVALID_MSG_ID" "ZSS_LOG_CURVE_INVALID_MSG_TEXT
+
 
 /* registerProduct */