aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/tls/gnutls_state.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/tls/gnutls_state.c')
-rw-r--r--src/daemon/https/tls/gnutls_state.c321
1 files changed, 0 insertions, 321 deletions
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index 0372b0f6..9d819b68 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -89,18 +89,6 @@ MHD_gnutls_kx_get (MHD_gtls_session_t session)
89} 89}
90 90
91/** 91/**
92 * MHD_gnutls_mac_get - Returns the currently used mac algorithm.
93 * @session: is a #MHD_gtls_session_t structure.
94 *
95 * Returns: the currently used mac algorithm.
96 **/
97enum MHD_GNUTLS_HashAlgorithm
98MHD_gnutls_mac_get (MHD_gtls_session_t session)
99{
100 return session->security_parameters.read_mac_algorithm;
101}
102
103/**
104 * MHD_gnutls_compression_get - Returns the currently used compression algorithm. 92 * MHD_gnutls_compression_get - Returns the currently used compression algorithm.
105 * @session: is a #MHD_gtls_session_t structure. 93 * @session: is a #MHD_gtls_session_t structure.
106 * 94 *
@@ -322,13 +310,6 @@ MHD__gnutls_init (MHD_gtls_session_t * session,
322 return 0; 310 return 0;
323} 311}
324 312
325/* returns RESUME_FALSE or RESUME_TRUE.
326 */
327int
328MHD_gtls_session_is_resumable (MHD_gtls_session_t session)
329{
330 return session->internals.resumable;
331}
332 313
333/** 314/**
334 * MHD__gnutls_deinit - This function clears all buffers associated with a session 315 * MHD__gnutls_deinit - This function clears all buffers associated with a session
@@ -607,29 +588,6 @@ MHD__gnutls_record_set_default_version (MHD_gtls_session_t session,
607 session->internals.default_record_version[1] = minor; 588 session->internals.default_record_version[1] = minor;
608} 589}
609 590
610/**
611 * MHD_gtls_handshake_set_private_extensions - Used to enable the private cipher suites
612 * @session: is a #MHD_gtls_session_t structure.
613 * @allow: is an integer (0 or 1)
614 *
615 * This function will enable or disable the use of private cipher
616 * suites (the ones that start with 0xFF). By default or if @allow
617 * is 0 then these cipher suites will not be advertized nor used.
618 *
619 * Unless this function is called with the option to allow (1), then
620 * no compression algorithms, like LZO. That is because these
621 * algorithms are not yet defined in any RFC or even internet draft.
622 *
623 * Enabling the private ciphersuites when talking to other than
624 * gnutls servers and clients may cause interoperability problems.
625 **/
626void
627MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session,
628 int allow)
629{
630 session->internals.enable_private = allow;
631}
632
633inline static int 591inline static int
634MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm, 592MHD__gnutls_cal_PRF_A (enum MHD_GNUTLS_HashAlgorithm algorithm,
635 const void *secret, 593 const void *secret,
@@ -834,208 +792,6 @@ MHD_gtls_PRF (MHD_gtls_session_t session,
834 792
835} 793}
836 794
837/**
838 * MHD__gnutls_prf_raw - access the TLS PRF directly
839 * @session: is a #MHD_gtls_session_t structure.
840 * @label_size: length of the @label variable.
841 * @label: label used in PRF computation, typically a short string.
842 * @seed_size: length of the @seed variable.
843 * @seed: optional extra data to seed the PRF with.
844 * @outsize: size of pre-allocated output buffer to hold the output.
845 * @out: pre-allocate buffer to hold the generated data.
846 *
847 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
848 * on some data.
849 *
850 * The @label variable usually contain a string denoting the purpose
851 * for the generated data. The @seed usually contain data such as the
852 * client and server random, perhaps together with some additional
853 * data that is added to guarantee uniqueness of the output for a
854 * particular purpose.
855 *
856 * Because the output is not guaranteed to be unique for a particular
857 * session unless @seed include the client random and server random
858 * fields (the PRF would output the same data on another connection
859 * resumed from the first one), it is not recommended to use this
860 * function directly. The MHD__gnutls_prf() function seed the PRF with the
861 * client and server random fields directly, and is recommended if you
862 * want to generate pseudo random data unique for each session.
863 *
864 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
865 **/
866int
867MHD__gnutls_prf_raw (MHD_gtls_session_t session,
868 size_t label_size,
869 const char *label,
870 size_t seed_size, const char *seed, size_t outsize,
871 char *out)
872{
873 int ret;
874
875 ret = MHD_gtls_PRF (session, session->security_parameters.master_secret,
876 TLS_MASTER_SIZE, label, label_size, (opaque *) seed,
877 seed_size, outsize, out);
878
879 return ret;
880}
881
882/**
883 * MHD__gnutls_prf - derive pseudo-random data using the TLS PRF
884 * @session: is a #MHD_gtls_session_t structure.
885 * @label_size: length of the @label variable.
886 * @label: label used in PRF computation, typically a short string.
887 * @server_random_first: non-0 if server random field should be first in seed
888 * @extra_size: length of the @extra variable.
889 * @extra: optional extra data to seed the PRF with.
890 * @outsize: size of pre-allocated output buffer to hold the output.
891 * @out: pre-allocate buffer to hold the generated data.
892 *
893 * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
894 * on some data, seeded with the client and server random fields.
895 *
896 * The @label variable usually contain a string denoting the purpose
897 * for the generated data. The @server_random_first indicate whether
898 * the client random field or the server random field should be first
899 * in the seed. Non-0 indicate that the server random field is first,
900 * 0 that the client random field is first.
901 *
902 * The @extra variable can be used to add more data to the seed, after
903 * the random variables. It can be used to tie make sure the
904 * generated output is strongly connected to some additional data
905 * (e.g., a string used in user authentication).
906 *
907 * The output is placed in *@OUT, which must be pre-allocated.
908 *
909 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
910 **/
911int
912MHD__gnutls_prf (MHD_gtls_session_t session,
913 size_t label_size,
914 const char *label,
915 int server_random_first,
916 size_t extra_size, const char *extra, size_t outsize,
917 char *out)
918{
919 int ret;
920 opaque *seed;
921 size_t seedsize = 2 * TLS_RANDOM_SIZE + extra_size;
922
923 seed = MHD_gnutls_malloc (seedsize);
924 if (!seed)
925 {
926 MHD_gnutls_assert ();
927 return GNUTLS_E_MEMORY_ERROR;
928 }
929
930 memcpy (seed,
931 server_random_first ? session->security_parameters.server_random
932 : session->security_parameters.client_random, TLS_RANDOM_SIZE);
933 memcpy (seed + TLS_RANDOM_SIZE,
934 server_random_first ? session->security_parameters.client_random
935 : session->security_parameters.server_random, TLS_RANDOM_SIZE);
936
937 memcpy (seed + 2 * TLS_RANDOM_SIZE, extra, extra_size);
938
939 ret = MHD_gtls_PRF (session, session->security_parameters.master_secret,
940 TLS_MASTER_SIZE, label, label_size, seed, seedsize,
941 outsize, out);
942
943 MHD_gnutls_free (seed);
944
945 return ret;
946}
947
948/**
949 * MHD_gtls_session_get_client_random - get the session's client random value
950 * @session: is a #MHD_gtls_session_t structure.
951 *
952 * Return a pointer to the 32-byte client random field used in the
953 * session. The pointer must not be modified or deallocated.
954 *
955 * If a client random value has not yet been established, the output
956 * will be garbage; in particular, a %NULL return value should not be
957 * expected.
958 *
959 * Returns: pointer to client random data.
960 **/
961const void *
962MHD_gtls_session_get_client_random (MHD_gtls_session_t session)
963{
964 return (char *) session->security_parameters.client_random;
965}
966
967/**
968 * MHD_gtls_session_get_server_random - get the session's server random value
969 * @session: is a #MHD_gtls_session_t structure.
970 *
971 * Return a pointer to the 32-byte server random field used in the
972 * session. The pointer must not be modified or deallocated.
973 *
974 * If a server random value has not yet been established, the output
975 * will be garbage; in particular, a %NULL return value should not be
976 * expected.
977 *
978 * Returns: pointer to server random data.
979 **/
980const void *
981MHD_gtls_session_get_server_random (MHD_gtls_session_t session)
982{
983 return (char *) session->security_parameters.server_random;
984}
985
986/**
987 * MHD_gtls_session_get_master_secret - get the session's master secret value
988 * @session: is a #MHD_gtls_session_t structure.
989 *
990 * Return a pointer to the 48-byte master secret in the session. The
991 * pointer must not be modified or deallocated.
992 *
993 * If a master secret value has not yet been established, the output
994 * will be garbage; in particular, a %NULL return value should not be
995 * expected.
996 *
997 * Consider using MHD__gnutls_prf() rather than extracting the master
998 * secret and use it to derive further data.
999 *
1000 * Returns: pointer to master secret data.
1001 **/
1002const void *
1003MHD_gtls_session_get_master_secret (MHD_gtls_session_t session)
1004{
1005 return (char *) session->security_parameters.master_secret;
1006}
1007
1008/**
1009 * MHD_gtls_session_is_resumed - Used to check whether this session is a resumed one
1010 * @session: is a #MHD_gtls_session_t structure.
1011 *
1012 * Returns: non zero if this session is resumed, or a zero if this is
1013 * a new session.
1014 **/
1015int
1016MHD_gtls_session_is_resumed (MHD_gtls_session_t session)
1017{
1018#if MHD_DEBUG_TLS
1019 if (session->security_parameters.entity == GNUTLS_CLIENT)
1020 {
1021 if (session->security_parameters.session_id_size > 0
1022 && session->security_parameters.session_id_size
1023 == session->internals.resumed_security_parameters.session_id_size
1024 && memcmp (session->security_parameters.session_id,
1025 session->internals.
1026 resumed_security_parameters.session_id,
1027 session->security_parameters.session_id_size) == 0)
1028 return 1;
1029 }
1030 else
1031#endif
1032 {
1033 if (session->internals.resumed == RESUME_TRUE)
1034 return 1;
1035 }
1036
1037 return 0;
1038}
1039 795
1040/*- 796/*-
1041 * MHD_gtls_session_is_export - Used to check whether this session is of export grade 797 * MHD_gtls_session_is_export - Used to check whether this session is of export grade
@@ -1060,34 +816,6 @@ MHD_gtls_session_is_export (MHD_gtls_session_t session)
1060} 816}
1061 817
1062/** 818/**
1063 * MHD_gtls_session_get_ptr - Used to get the user pointer from the session structure
1064 * @session: is a #MHD_gtls_session_t structure.
1065 *
1066 * Returns: the user given pointer from the session structure. This
1067 * is the pointer set with MHD__gnutls_session_set_ptr().
1068 **/
1069void *
1070MHD_gtls_session_get_ptr (MHD_gtls_session_t session)
1071{
1072 return session->internals.user_ptr;
1073}
1074
1075/**
1076 * MHD__gnutls_session_set_ptr - Used to set the user pointer to the session structure
1077 * @session: is a #MHD_gtls_session_t structure.
1078 * @ptr: is the user pointer
1079 *
1080 * This function will set (associate) the user given pointer to the
1081 * session structure. This is pointer can be accessed with
1082 * MHD_gtls_session_get_ptr().
1083 **/
1084void
1085MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr)
1086{
1087 session->internals.user_ptr = ptr;
1088}
1089
1090/**
1091 * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call 819 * MHD__gnutls_record_get_direction - This function will return the direction of the last interrupted function call
1092 * @session: is a #MHD_gtls_session_t structure. 820 * @session: is a #MHD_gtls_session_t structure.
1093 * 821 *
@@ -1110,52 +838,3 @@ MHD__gnutls_record_get_direction (MHD_gtls_session_t session)
1110 return session->internals.direction; 838 return session->internals.direction;
1111} 839}
1112 840
1113/*-
1114 * MHD__gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
1115 * @session: is a #MHD_gtls_session_t structure.
1116 * @major: is the major version to use
1117 * @minor: is the minor version to use
1118 *
1119 * This function will set the given version number to be used at the
1120 * RSA PMS secret. This is only useful to clients, which want to
1121 * test server's capabilities.
1122 *
1123 -*/
1124void
1125MHD__gnutls_rsa_pms_set_version (MHD_gtls_session_t session,
1126 unsigned char major, unsigned char minor)
1127{
1128 session->internals.rsa_pms_version[0] = major;
1129 session->internals.rsa_pms_version[1] = minor;
1130}
1131
1132/**
1133 * MHD__gnutls_handshake_set_post_client_hello_function - This function will a callback to be called after the client hello is received
1134 * @res: is a MHD_gtls_anon_server_credentials_t structure
1135 * @func: is the function to be called
1136 *
1137 * This function will set a callback to be called after the client
1138 * hello has been received (callback valid in server side only). This
1139 * allows the server to adjust settings based on received extensions.
1140 *
1141 * Those settings could be ciphersuites, requesting certificate, or
1142 * anything else except for version negotiation (this is done before
1143 * the hello message is parsed).
1144 *
1145 * This callback must return 0 on success or a gnutls error code to
1146 * terminate the handshake.
1147 *
1148 * NOTE: You should not use this function to terminate the handshake
1149 * based on client input unless you know what you are doing. Before
1150 * the handshake is finished there is no way to know if there is a
1151 * man-in-the-middle attack being performed.
1152 *
1153 **/
1154void
1155MHD__gnutls_handshake_set_post_client_hello_function (MHD_gtls_session_t
1156 session,
1157 MHD_gnutls_handshake_post_client_hello_func
1158 func)
1159{
1160 session->internals.user_hello_func = func;
1161}