aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/tls
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/tls')
-rw-r--r--src/daemon/https/tls/Makefile.am3
-rw-r--r--src/daemon/https/tls/auth_anon.c180
-rw-r--r--src/daemon/https/tls/auth_anon.h48
-rw-r--r--src/daemon/https/tls/gnutls_algorithms.c52
-rw-r--r--src/daemon/https/tls/gnutls_anon_cred.c140
-rw-r--r--src/daemon/https/tls/gnutls_auth.c16
-rw-r--r--src/daemon/https/tls/gnutls_handshake.c17
-rw-r--r--src/daemon/https/tls/gnutls_session_pack.c190
-rw-r--r--src/daemon/https/tls/gnutls_state.c30
-rw-r--r--src/daemon/https/tls/gnutls_ui.c573
10 files changed, 0 insertions, 1249 deletions
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am
index aa8a71a7..420307fc 100644
--- a/src/daemon/https/tls/Makefile.am
+++ b/src/daemon/https/tls/Makefile.am
@@ -16,7 +16,6 @@ libtls_la_LDFLAGS = \
16 -L$(GCRYPT_LIB_PATH) 16 -L$(GCRYPT_LIB_PATH)
17 17
18libtls_la_SOURCES = \ 18libtls_la_SOURCES = \
19auth_anon.c \
20auth_cert.c \ 19auth_cert.c \
21auth_dh_common.c \ 20auth_dh_common.c \
22auth_dhe.c \ 21auth_dhe.c \
@@ -30,7 +29,6 @@ ext_oprfi.c \
30ext_server_name.c \ 29ext_server_name.c \
31gnutls_alert.c \ 30gnutls_alert.c \
32gnutls_algorithms.c \ 31gnutls_algorithms.c \
33gnutls_anon_cred.c \
34gnutls_asn1_tab.c \ 32gnutls_asn1_tab.c \
35gnutls_auth.c \ 33gnutls_auth.c \
36gnutls_buffers.c \ 34gnutls_buffers.c \
@@ -66,7 +64,6 @@ gnutls_ui.c \
66gnutls_x509.c \ 64gnutls_x509.c \
67pkix_asn1_tab.c \ 65pkix_asn1_tab.c \
68x509_b64.c \ 66x509_b64.c \
69auth_anon.h \
70auth_cert.h \ 67auth_cert.h \
71auth_dh_common.h \ 68auth_dh_common.h \
72debug.h \ 69debug.h \
diff --git a/src/daemon/https/tls/auth_anon.c b/src/daemon/https/tls/auth_anon.c
deleted file mode 100644
index 1d6922cc..00000000
--- a/src/daemon/https/tls/auth_anon.c
+++ /dev/null
@@ -1,180 +0,0 @@
1/*
2 * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25/* This file contains the Anonymous Diffie Hellman key exchange part of
26 * the anonymous authentication. The functions here are used in the
27 * handshake.
28 */
29
30#include <gnutls_int.h>
31
32#ifdef ENABLE_ANON
33
34#include "gnutls_auth_int.h"
35#include "gnutls_errors.h"
36#include "gnutls_dh.h"
37#include "auth_anon.h"
38#include "gnutls_num.h"
39#include "gnutls_mpi.h"
40#include <gnutls_state.h>
41#include <auth_dh_common.h>
42
43static int MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t, opaque **);
44static int MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t, opaque *,
45 size_t);
46static int MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t, opaque *,
47 size_t);
48
49const MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct = {
50 "ANON",
51 NULL,
52 NULL,
53 MHD_gtls_gen_anon_server_kx,
54 MHD_gtls_gen_dh_common_client_kx, /* this can be shared */
55 NULL,
56 NULL,
57
58 NULL,
59 NULL, /* certificate */
60 MHD_gtls_proc_anon_server_kx,
61 MHD_gtls_proc_anon_client_kx,
62 NULL,
63 NULL
64};
65
66static int
67MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t session, opaque ** data)
68{
69 mpi_t g, p;
70 const mpi_t *mpis;
71 int ret;
72 MHD_gtls_dh_params_t dh_params;
73 MHD_gtls_anon_server_credentials_t cred;
74
75 cred = (MHD_gtls_anon_server_credentials_t)
76 MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL);
77 if (cred == NULL)
78 {
79 MHD_gnutls_assert ();
80 return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
81 }
82
83 dh_params =
84 MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
85 mpis = MHD_gtls_dh_params_to_mpi (dh_params);
86 if (mpis == NULL)
87 {
88 MHD_gnutls_assert ();
89 return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
90 }
91
92 p = mpis[0];
93 g = mpis[1];
94
95 if ((ret =
96 MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
97 sizeof (anon_auth_info_st), 1)) < 0)
98 {
99 MHD_gnutls_assert ();
100 return ret;
101 }
102
103 MHD_gtls_dh_set_group (session, g, p);
104
105 ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0);
106 if (ret < 0)
107 {
108 MHD_gnutls_assert ();
109 }
110
111 return ret;
112}
113
114
115static int
116MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t session, opaque * data,
117 size_t _data_size)
118{
119 MHD_gtls_anon_server_credentials_t cred;
120 int bits;
121 int ret;
122 mpi_t p, g;
123 MHD_gtls_dh_params_t dh_params;
124 const mpi_t *mpis;
125
126 bits = MHD_gtls_dh_get_allowed_prime_bits (session);
127
128 cred = (MHD_gtls_anon_server_credentials_t)
129 MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL);
130 if (cred == NULL)
131 {
132 MHD_gnutls_assert ();
133 return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
134 }
135
136 dh_params =
137 MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session);
138 mpis = MHD_gtls_dh_params_to_mpi (dh_params);
139 if (mpis == NULL)
140 {
141 MHD_gnutls_assert ();
142 return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
143 }
144
145 p = mpis[0];
146 g = mpis[1];
147
148 ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p);
149
150 return ret;
151
152}
153
154int
155MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t session, opaque * data,
156 size_t _data_size)
157{
158
159 int ret;
160
161 /* set auth_info */
162 if ((ret =
163 MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
164 sizeof (anon_auth_info_st), 1)) < 0)
165 {
166 MHD_gnutls_assert ();
167 return ret;
168 }
169
170 ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0);
171 if (ret < 0)
172 {
173 MHD_gnutls_assert ();
174 return ret;
175 }
176
177 return 0;
178}
179
180#endif /* ENABLE_ANON */
diff --git a/src/daemon/https/tls/auth_anon.h b/src/daemon/https/tls/auth_anon.h
deleted file mode 100644
index 4602ab23..00000000
--- a/src/daemon/https/tls/auth_anon.h
+++ /dev/null
@@ -1,48 +0,0 @@
1/*
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25/* this is not to be included by MHD_gnutls_anon.c */
26#include <gnutls_auth.h>
27#include <auth_dh_common.h>
28
29typedef struct MHD_gtls_anon_server_credentials_st
30{
31 MHD_gtls_dh_params_t dh_params;
32 /* this callback is used to retrieve the DH or RSA
33 * parameters.
34 */
35 MHD_gnutls_params_function *params_func;
36} mhd_anon_server_credentials_st;
37
38typedef struct MHD_gtls_anon_client_credentials_st
39{
40 int dummy;
41} mhd_anon_client_credentials_st;
42
43typedef struct MHD_gtls_anon_auth_info_st
44{
45 MHD_gtls_dh_info_st dh;
46} *mhd_anon_auth_info_t;
47
48typedef struct MHD_gtls_anon_auth_info_st anon_auth_info_st;
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c
index 18ba0457..89ca70bc 100644
--- a/src/daemon/https/tls/gnutls_algorithms.c
+++ b/src/daemon/https/tls/gnutls_algorithms.c
@@ -42,9 +42,6 @@ typedef struct
42} MHD_gnutls_cred_map; 42} MHD_gnutls_cred_map;
43 43
44static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = { 44static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = {
45 {MHD_GNUTLS_KX_ANON_DH,
46 MHD_GNUTLS_CRD_ANON,
47 MHD_GNUTLS_CRD_ANON},
48 {MHD_GNUTLS_KX_RSA, 45 {MHD_GNUTLS_KX_RSA,
49 MHD_GNUTLS_CRD_CERTIFICATE, 46 MHD_GNUTLS_CRD_CERTIFICATE,
50 MHD_GNUTLS_CRD_CERTIFICATE}, 47 MHD_GNUTLS_CRD_CERTIFICATE},
@@ -390,7 +387,6 @@ extern MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct;
390extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct; 387extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct;
391extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct; 388extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct;
392extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct; 389extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct;
393extern MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct;
394extern MHD_gtls_mod_auth_st srp_auth_struct; 390extern MHD_gtls_mod_auth_st srp_auth_struct;
395extern MHD_gtls_mod_auth_st psk_auth_struct; 391extern MHD_gtls_mod_auth_st psk_auth_struct;
396extern MHD_gtls_mod_auth_st dhe_psk_auth_struct; 392extern MHD_gtls_mod_auth_st dhe_psk_auth_struct;
@@ -407,9 +403,6 @@ typedef struct MHD_gtls_kx_algo_entry
407} MHD_gtls_kx_algo_entry_t; 403} MHD_gtls_kx_algo_entry_t;
408 404
409static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { 405static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
410#ifdef ENABLE_ANON
411 {"ANON-DH", MHD_GNUTLS_KX_ANON_DH, &MHD_gtls_anon_auth_struct, 1, 0},
412#endif
413 {"RSA", 406 {"RSA",
414 MHD_GNUTLS_KX_RSA, 407 MHD_GNUTLS_KX_RSA,
415 &MHD_gtls_rsa_auth_struct, 408 &MHD_gtls_rsa_auth_struct,
@@ -451,9 +444,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = {
451/* Keep the contents of this struct the same as the previous one. */ 444/* Keep the contents of this struct the same as the previous one. */
452static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] = 445static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] =
453{ 446{
454#ifdef ENABLE_ANON
455 MHD_GNUTLS_KX_ANON_DH,
456#endif
457 MHD_GNUTLS_KX_RSA, 447 MHD_GNUTLS_KX_RSA,
458 MHD_GNUTLS_KX_RSA_EXPORT, 448 MHD_GNUTLS_KX_RSA_EXPORT,
459 MHD_GNUTLS_KX_DHE_RSA, 449 MHD_GNUTLS_KX_DHE_RSA,
@@ -498,20 +488,6 @@ typedef struct
498 */ 488 */
499#define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 } 489#define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
500 490
501/* ANONymous cipher suites.
502 */
503
504#define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
505#define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
506
507/* rfc3268: */
508#define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
509#define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
510
511/* rfc4132 */
512#define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
513#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
514
515/* PSK (not in TLS 1.0) 491/* PSK (not in TLS 1.0)
516 * draft-ietf-tls-psk: 492 * draft-ietf-tls-psk:
517 */ 493 */
@@ -590,34 +566,6 @@ typedef struct
590#define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1 566#define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1
591 567
592static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = { 568static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = {
593 /* ANON_DH */
594 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
595 MHD_GNUTLS_CIPHER_ARCFOUR_128,
596 MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5,
597 MHD_GNUTLS_PROTOCOL_SSL3),
598 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
599 MHD_GNUTLS_CIPHER_3DES_CBC,
600 MHD_GNUTLS_KX_ANON_DH,
601 MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
602 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
603 MHD_GNUTLS_CIPHER_AES_128_CBC,
604 MHD_GNUTLS_KX_ANON_DH,
605 MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
606 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
607 MHD_GNUTLS_CIPHER_AES_256_CBC,
608 MHD_GNUTLS_KX_ANON_DH,
609 MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3),
610#ifdef ENABLE_CAMELLIA
611 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
612 MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC,
613 MHD_GNUTLS_KX_ANON_DH,
614 MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
615 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
616 MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC,
617 MHD_GNUTLS_KX_ANON_DH,
618 MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0),
619#endif
620
621 /* SRP */ 569 /* SRP */
622 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, 570 GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
623 MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP, 571 MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP,
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c
deleted file mode 100644
index d73c0edd..00000000
--- a/src/daemon/https/tls/gnutls_anon_cred.c
+++ /dev/null
@@ -1,140 +0,0 @@
1/*
2 * Copyright (C) 2001, 2004, 2005, 2007 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25#include "gnutls_int.h"
26
27#ifdef ENABLE_ANON
28
29#include "gnutls_errors.h"
30#include "auth_anon.h"
31#include "gnutls_auth_int.h"
32#include "gnutls_dh.h"
33#include "gnutls_num.h"
34#include "gnutls_mpi.h"
35
36static const int anon_dummy;
37
38/**
39 * MHD__gnutls_anon_free_server_credentials - Used to free an allocated MHD_gtls_anon_server_credentials_t structure
40 * @sc: is an #MHD_gtls_anon_server_credentials_t structure.
41 *
42 * This structure is complex enough to manipulate directly thus this
43 * helper function is provided in order to free (deallocate) it.
44 **/
45void
46MHD__gnutls_anon_free_server_credentials (MHD_gtls_anon_server_credentials_t
47 sc)
48{
49
50 MHD_gnutls_free (sc);
51}
52
53/**
54 * MHD__gnutls_anon_allocate_server_credentials - Used to allocate an MHD_gtls_anon_server_credentials_t structure
55 * @sc: is a pointer to an #MHD_gtls_anon_server_credentials_t structure.
56 *
57 * This structure is complex enough to manipulate directly thus this
58 * helper function is provided in order to allocate it.
59 *
60 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
61 **/
62int
63 MHD__gnutls_anon_allocate_server_credentials
64 (MHD_gtls_anon_server_credentials_t * sc)
65{
66 *sc = MHD_gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st));
67 if (*sc == NULL)
68 return GNUTLS_E_MEMORY_ERROR;
69
70 return 0;
71}
72
73
74/**
75 * MHD__gnutls_anon_free_client_credentials - Used to free an allocated MHD_gtls_anon_client_credentials_t structure
76 * @sc: is an #MHD_gtls_anon_client_credentials_t structure.
77 *
78 * This structure is complex enough to manipulate directly thus this
79 * helper function is provided in order to free (deallocate) it.
80 **/
81void
82MHD__gnutls_anon_free_client_credentials (MHD_gtls_anon_client_credentials_t
83 sc)
84{
85}
86
87/**
88 * MHD__gnutls_anon_allocate_client_credentials - Used to allocate a credentials structure
89 * @sc: is a pointer to an #MHD_gtls_anon_client_credentials_t structure.
90 *
91 * This structure is complex enough to manipulate directly thus
92 * this helper function is provided in order to allocate it.
93 *
94 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
95 **/
96int
97 MHD__gnutls_anon_allocate_client_credentials
98 (MHD_gtls_anon_client_credentials_t * sc)
99{
100 /* anon_dummy is only there for *sc not to be null.
101 * it is not used at all;
102 */
103 *sc = (void *) &anon_dummy;
104
105 return 0;
106}
107
108/**
109 * MHD__gnutls_anon_set_server_dh_params - This function will set the DH parameters for a server to use
110 * @res: is a MHD_gtls_anon_server_credentials_t structure
111 * @dh_params: is a structure that holds diffie hellman parameters.
112 *
113 * This function will set the diffie hellman parameters for an
114 * anonymous server to use. These parameters will be used in
115 * Anonymous Diffie Hellman cipher suites.
116 **/
117void
118MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t res,
119 MHD_gtls_dh_params_t dh_params)
120{
121 res->dh_params = dh_params;
122}
123
124/**
125 * MHD__gnutls_anon_set_server_params_function - This function will set the DH parameters callback
126 * @res: is a MHD_gtls_cert_credentials_t structure
127 * @func: is the function to be called
128 *
129 * This function will set a callback in order for the server to get
130 * the diffie hellman parameters for anonymous authentication. The
131 * callback should return zero on success.
132 **/
133void
134MHD__gnutls_anon_set_server_params_function
135 (MHD_gtls_anon_server_credentials_t res, MHD_gnutls_params_function * func)
136{
137 res->params_func = func;
138}
139
140#endif
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c
index 6f14d9c8..fcb8ed55 100644
--- a/src/daemon/https/tls/gnutls_auth.c
+++ b/src/daemon/https/tls/gnutls_auth.c
@@ -30,7 +30,6 @@
30#include "auth_cert.h" 30#include "auth_cert.h"
31#include <gnutls_datum.h> 31#include <gnutls_datum.h>
32 32
33#include "auth_anon.h"
34/* The functions here are used in order for authentication algorithms 33/* The functions here are used in order for authentication algorithms
35 * to be able to retrieve the needed credentials eg public and private 34 * to be able to retrieve the needed credentials eg public and private
36 * key etc. 35 * key etc.
@@ -79,9 +78,6 @@ MHD__gnutls_credentials_clear (MHD_gtls_session_t session)
79 * structure. Thus you will have to keep the structure allocated until 78 * structure. Thus you will have to keep the structure allocated until
80 * you call MHD__gnutls_deinit(). ] 79 * you call MHD__gnutls_deinit(). ]
81 * 80 *
82 * For GNUTLS_CRD_ANON cred should be MHD_gtls_anon_client_credentials_t in case of a client.
83 * In case of a server it should be MHD_gtls_anon_server_credentials_t.
84 *
85 * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t 81 * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t
86 * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case 82 * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case
87 * of a server. 83 * of a server.
@@ -267,7 +263,6 @@ out:
267 * is data obtained by the handshake protocol, the key exchange algorithm, 263 * is data obtained by the handshake protocol, the key exchange algorithm,
268 * and the TLS extensions messages. 264 * and the TLS extensions messages.
269 * 265 *
270 * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t;
271 * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; 266 * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
272 * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; 267 * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
273 -*/ 268 -*/
@@ -301,17 +296,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session)
301 { 296 {
302 case MHD_GNUTLS_CRD_SRP: 297 case MHD_GNUTLS_CRD_SRP:
303 break; 298 break;
304 case MHD_GNUTLS_CRD_ANON:
305 {
306 mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session);
307
308 if (info == NULL)
309 break;
310
311 dh_info = &info->dh;
312 MHD_gtls_free_dh_info (dh_info);
313 }
314 break;
315 case MHD_GNUTLS_CRD_CERTIFICATE: 299 case MHD_GNUTLS_CRD_CERTIFICATE:
316 { 300 {
317 unsigned int i; 301 unsigned int i;
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c
index db28ad9a..ba93018d 100644
--- a/src/daemon/https/tls/gnutls_handshake.c
+++ b/src/daemon/https/tls/gnutls_handshake.c
@@ -47,7 +47,6 @@
47#include "gnutls_record.h" 47#include "gnutls_record.h"
48#include "gnutls_state.h" 48#include "gnutls_state.h"
49#include "gnutls_rsa_export.h" /* for MHD_gnutls_get_rsa_params() */ 49#include "gnutls_rsa_export.h" /* for MHD_gnutls_get_rsa_params() */
50#include "auth_anon.h" /* for MHD_gtls_anon_server_credentials_t */
51#include "gc.h" 50#include "gc.h"
52 51
53#ifdef HANDSHAKE_DEBUG 52#ifdef HANDSHAKE_DEBUG
@@ -2800,22 +2799,6 @@ check_server_params (MHD_gtls_session_t session,
2800 if (delete == 1) 2799 if (delete == 1)
2801 return 1; 2800 return 1;
2802 2801
2803#ifdef ENABLE_ANON
2804 }
2805 else if (cred_type == MHD_GNUTLS_CRD_ANON)
2806 {
2807 MHD_gtls_anon_server_credentials_t anon_cred =
2808 (MHD_gtls_anon_server_credentials_t) MHD_gtls_get_cred (session->key,
2809 cred_type,
2810 NULL);
2811
2812 if (anon_cred != NULL)
2813 {
2814 dh_params =
2815 MHD_gtls_get_dh_params (anon_cred->dh_params,
2816 anon_cred->params_func, session);
2817 }
2818#endif
2819#ifdef ENABLE_PSK 2802#ifdef ENABLE_PSK
2820 } 2803 }
2821 else if (cred_type == MHD_GNUTLS_CRD_PSK) 2804 else if (cred_type == MHD_GNUTLS_CRD_PSK)
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c
index ab359f6c..be80bfb7 100644
--- a/src/daemon/https/tls/gnutls_session_pack.c
+++ b/src/daemon/https/tls/gnutls_session_pack.c
@@ -33,7 +33,6 @@
33#ifdef ENABLE_PSK 33#ifdef ENABLE_PSK
34# include <auth_psk.h> 34# include <auth_psk.h>
35#endif 35#endif
36#include <auth_anon.h>
37#include <auth_cert.h> 36#include <auth_cert.h>
38#include <gnutls_errors.h> 37#include <gnutls_errors.h>
39#include <gnutls_auth_int.h> 38#include <gnutls_auth_int.h>
@@ -55,175 +54,6 @@ static int unpack_security_parameters (MHD_gtls_session_t session,
55static int pack_security_parameters (MHD_gtls_session_t session, 54static int pack_security_parameters (MHD_gtls_session_t session,
56 MHD_gnutls_datum_t * packed_session); 55 MHD_gnutls_datum_t * packed_session);
57 56
58/* Packs the ANON session authentication data. */
59#ifdef ENABLE_ANON
60
61/* Format:
62 * 1 byte the credentials type
63 * 4 bytes the size of the whole structure
64 * 2 bytes the size of secret key in bits
65 * 4 bytes the size of the prime
66 * x bytes the prime
67 * 4 bytes the size of the generator
68 * x bytes the generator
69 * 4 bytes the size of the public key
70 * x bytes the public key
71 */
72static int
73pack_anon_auth_info (MHD_gtls_session_t session,
74 MHD_gnutls_datum_t * packed_session)
75{
76 mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session);
77 int pos = 0;
78 size_t pack_size;
79
80 if (info)
81 pack_size = 2 + 4 * 3 + info->dh.prime.size +
82 info->dh.generator.size + info->dh.public_key.size;
83 else
84 pack_size = 0;
85
86 packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t);
87
88 /* calculate the size and allocate the data.
89 */
90 packed_session->data =
91 MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS);
92
93 if (packed_session->data == NULL)
94 {
95 MHD_gnutls_assert ();
96 return GNUTLS_E_MEMORY_ERROR;
97 }
98
99 packed_session->data[0] = MHD_GNUTLS_CRD_ANON;
100 MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]);
101 pos += 4 + PACK_HEADER_SIZE;
102
103 if (pack_size > 0)
104 {
105 MHD_gtls_write_uint16 (info->dh.secret_bits,
106 &packed_session->data[pos]);
107 pos += 2;
108
109 MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime);
110 pos += 4 + info->dh.prime.size;
111 MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator);
112 pos += 4 + info->dh.generator.size;
113 MHD_gtls_write_datum32 (&packed_session->data[pos],
114 info->dh.public_key);
115 pos += 4 + info->dh.public_key.size;
116
117 }
118
119 return 0;
120}
121
122/* Format:
123 * 1 byte the credentials type
124 * 4 bytes the size of the whole structure
125 * 2 bytes the size of secret key in bits
126 * 4 bytes the size of the prime
127 * x bytes the prime
128 * 4 bytes the size of the generator
129 * x bytes the generator
130 * 4 bytes the size of the public key
131 * x bytes the public key
132 */
133static int
134unpack_anon_auth_info (MHD_gtls_session_t session,
135 const MHD_gnutls_datum_t * packed_session)
136{
137 size_t pack_size;
138 int pos = 0, size, ret;
139 mhd_anon_auth_info_t info;
140
141 if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON)
142 {
143 MHD_gnutls_assert ();
144 return GNUTLS_E_INVALID_REQUEST;
145 }
146
147 pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]);
148 pos += PACK_HEADER_SIZE + 4;
149
150
151 if (pack_size == 0)
152 return 0; /* nothing to be done */
153
154 /* a simple check for integrity */
155 if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size)
156 {
157 MHD_gnutls_assert ();
158 return GNUTLS_E_INVALID_REQUEST;
159 }
160
161 /* client and serer have the same auth_info here
162 */
163 ret =
164 MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON,
165 sizeof (anon_auth_info_st), 1);
166 if (ret < 0)
167 {
168 MHD_gnutls_assert ();
169 return ret;
170 }
171
172 info = MHD_gtls_get_auth_info (session);
173 if (info == NULL)
174 {
175 MHD_gnutls_assert ();
176 return GNUTLS_E_INTERNAL_ERROR;
177 }
178
179 info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]);
180 pos += 2;
181
182 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
183 pos += 4;
184 ret =
185 MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size);
186 if (ret < 0)
187 {
188 MHD_gnutls_assert ();
189 goto error;
190 }
191 pos += size;
192
193 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
194 pos += 4;
195 ret =
196 MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos],
197 size);
198 if (ret < 0)
199 {
200 MHD_gnutls_assert ();
201 goto error;
202 }
203 pos += size;
204
205 size = MHD_gtls_read_uint32 (&packed_session->data[pos]);
206 pos += 4;
207 ret =
208 MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos],
209 size);
210 if (ret < 0)
211 {
212 MHD_gnutls_assert ();
213 goto error;
214 }
215 pos += size;
216
217 return 0;
218
219error:
220 MHD__gnutls_free_datum (&info->dh.prime);
221 MHD__gnutls_free_datum (&info->dh.generator);
222 MHD__gnutls_free_datum (&info->dh.public_key);
223 return ret;
224}
225#endif /* ANON */
226
227/* Since auth_info structures contain malloced data, this function 57/* Since auth_info structures contain malloced data, this function
228 * is required in order to pack these structures in a vector in 58 * is required in order to pack these structures in a vector in
229 * order to store them to the DB. 59 * order to store them to the DB.
@@ -267,16 +97,6 @@ MHD_gtls_session_pack (MHD_gtls_session_t session,
267 } 97 }
268 break; 98 break;
269#endif 99#endif
270#ifdef ENABLE_ANON
271 case MHD_GNUTLS_CRD_ANON:
272 ret = pack_anon_auth_info (session, packed_session);
273 if (ret < 0)
274 {
275 MHD_gnutls_assert ();
276 return ret;
277 }
278 break;
279#endif
280 case MHD_GNUTLS_CRD_CERTIFICATE: 100 case MHD_GNUTLS_CRD_CERTIFICATE:
281 ret = pack_certificate_auth_info (session, packed_session); 101 ret = pack_certificate_auth_info (session, packed_session);
282 if (ret < 0) 102 if (ret < 0)
@@ -346,16 +166,6 @@ MHD_gtls_session_unpack (MHD_gtls_session_t session,
346 } 166 }
347 break; 167 break;
348#endif 168#endif
349#ifdef ENABLE_ANON
350 case MHD_GNUTLS_CRD_ANON:
351 ret = unpack_anon_auth_info (session, packed_session);
352 if (ret < 0)
353 {
354 MHD_gnutls_assert ();
355 return ret;
356 }
357 break;
358#endif
359 case MHD_GNUTLS_CRD_CERTIFICATE: 169 case MHD_GNUTLS_CRD_CERTIFICATE:
360 ret = unpack_certificate_auth_info (session, packed_session); 170 ret = unpack_certificate_auth_info (session, packed_session);
361 if (ret < 0) 171 if (ret < 0)
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c
index 4f4ea122..0372b0f6 100644
--- a/src/daemon/https/tls/gnutls_state.c
+++ b/src/daemon/https/tls/gnutls_state.c
@@ -38,7 +38,6 @@
38#include <gnutls_buffers.h> 38#include <gnutls_buffers.h>
39#include <gnutls_state.h> 39#include <gnutls_state.h>
40#include <auth_cert.h> 40#include <auth_cert.h>
41#include <auth_anon.h>
42#include <gnutls_algorithms.h> 41#include <gnutls_algorithms.h>
43#include <gnutls_rsa_export.h> 42#include <gnutls_rsa_export.h>
44 43
@@ -437,16 +436,6 @@ MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public)
437 436
438 switch (MHD_gtls_auth_get_type (session)) 437 switch (MHD_gtls_auth_get_type (session))
439 { 438 {
440 case MHD_GNUTLS_CRD_ANON:
441 {
442 mhd_anon_auth_info_t info;
443 info = MHD_gtls_get_auth_info (session);
444 if (info == NULL)
445 return GNUTLS_E_INTERNAL_ERROR;
446
447 dh = &info->dh;
448 break;
449 }
450 case MHD_GNUTLS_CRD_CERTIFICATE: 439 case MHD_GNUTLS_CRD_CERTIFICATE:
451 { 440 {
452 cert_auth_info_t info; 441 cert_auth_info_t info;
@@ -478,15 +467,6 @@ MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits)
478{ 467{
479 switch (MHD_gtls_auth_get_type (session)) 468 switch (MHD_gtls_auth_get_type (session))
480 { 469 {
481 case MHD_GNUTLS_CRD_ANON:
482 {
483 mhd_anon_auth_info_t info;
484 info = MHD_gtls_get_auth_info (session);
485 if (info == NULL)
486 return GNUTLS_E_INTERNAL_ERROR;
487 info->dh.secret_bits = bits;
488 break;
489 }
490 case MHD_GNUTLS_CRD_CERTIFICATE: 470 case MHD_GNUTLS_CRD_CERTIFICATE:
491 { 471 {
492 cert_auth_info_t info; 472 cert_auth_info_t info;
@@ -548,16 +528,6 @@ MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, mpi_t prime)
548 528
549 switch (MHD_gtls_auth_get_type (session)) 529 switch (MHD_gtls_auth_get_type (session))
550 { 530 {
551 case MHD_GNUTLS_CRD_ANON:
552 {
553 mhd_anon_auth_info_t info;
554 info = MHD_gtls_get_auth_info (session);
555 if (info == NULL)
556 return GNUTLS_E_INTERNAL_ERROR;
557
558 dh = &info->dh;
559 break;
560 }
561 case MHD_GNUTLS_CRD_CERTIFICATE: 531 case MHD_GNUTLS_CRD_CERTIFICATE:
562 { 532 {
563 cert_auth_info_t info; 533 cert_auth_info_t info;
diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c
index a2594332..1963ce08 100644
--- a/src/daemon/https/tls/gnutls_ui.c
+++ b/src/daemon/https/tls/gnutls_ui.c
@@ -27,7 +27,6 @@
27 */ 27 */
28 28
29#include <gnutls_int.h> 29#include <gnutls_int.h>
30#include <auth_anon.h>
31#include <auth_cert.h> 30#include <auth_cert.h>
32#include <gnutls_errors.h> 31#include <gnutls_errors.h>
33#include <gnutls_auth_int.h> 32#include <gnutls_auth_int.h>
@@ -58,575 +57,3 @@ MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits)
58 session->internals.dh_prime_bits = bits; 57 session->internals.dh_prime_bits = bits;
59} 58}
60 59
61/**
62 * MHD__gnutls_dh_get_group - This function returns the group of the DH authentication
63 * @session: is a gnutls session
64 * @raw_gen: will hold the generator.
65 * @raw_prime: will hold the prime.
66 *
67 * This function will return the group parameters used in the last Diffie Hellman
68 * authentication with the peer. These are the prime and the generator used.
69 * This function should be used for both anonymous and ephemeral diffie Hellman.
70 * The output parameters must be freed with MHD_gnutls_free().
71 *
72 * Returns a negative value in case of an error.
73 *
74 **/
75int
76MHD__gnutls_dh_get_group (MHD_gtls_session_t session,
77 MHD_gnutls_datum_t * raw_gen,
78 MHD_gnutls_datum_t * raw_prime)
79{
80 MHD_gtls_dh_info_st *dh;
81 int ret;
82 mhd_anon_auth_info_t anon_info;
83 cert_auth_info_t cert_info;
84
85 switch (MHD_gtls_auth_get_type (session))
86 {
87 case MHD_GNUTLS_CRD_ANON:
88 anon_info = MHD_gtls_get_auth_info (session);
89 if (anon_info == NULL)
90 return GNUTLS_E_INTERNAL_ERROR;
91 dh = &anon_info->dh;
92 break;
93 case MHD_GNUTLS_CRD_CERTIFICATE:
94 cert_info = MHD_gtls_get_auth_info (session);
95 if (cert_info == NULL)
96 return GNUTLS_E_INTERNAL_ERROR;
97 dh = &cert_info->dh;
98 break;
99 default:
100 MHD_gnutls_assert ();
101 return GNUTLS_E_INVALID_REQUEST;
102 }
103
104 ret = MHD__gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size);
105 if (ret < 0)
106 {
107 MHD_gnutls_assert ();
108 return ret;
109 }
110
111 ret =
112 MHD__gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size);
113 if (ret < 0)
114 {
115 MHD_gnutls_assert ();
116 MHD__gnutls_free_datum (raw_prime);
117 return ret;
118 }
119
120 return 0;
121}
122
123/**
124 * MHD__gnutls_dh_get_pubkey - This function returns the peer's public key used in DH authentication
125 * @session: is a gnutls session
126 * @raw_key: will hold the public key.
127 *
128 * This function will return the peer's public key used in the last Diffie Hellman authentication.
129 * This function should be used for both anonymous and ephemeral diffie Hellman.
130 * The output parameters must be freed with MHD_gnutls_free().
131 *
132 * Returns a negative value in case of an error.
133 *
134 **/
135int
136MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session,
137 MHD_gnutls_datum_t * raw_key)
138{
139 MHD_gtls_dh_info_st *dh;
140 mhd_anon_auth_info_t anon_info;
141 cert_auth_info_t cert_info;
142 cert_auth_info_t psk_info;
143
144 switch (MHD_gtls_auth_get_type (session))
145 {
146 case MHD_GNUTLS_CRD_ANON:
147 {
148 anon_info = MHD_gtls_get_auth_info (session);
149 if (anon_info == NULL)
150 return GNUTLS_E_INTERNAL_ERROR;
151 dh = &anon_info->dh;
152 break;
153 }
154 case MHD_GNUTLS_CRD_PSK:
155 {
156 psk_info = MHD_gtls_get_auth_info (session);
157 if (psk_info == NULL)
158 return GNUTLS_E_INTERNAL_ERROR;
159 dh = &psk_info->dh;
160 break;
161 }
162 case MHD_GNUTLS_CRD_CERTIFICATE:
163 {
164
165 cert_info = MHD_gtls_get_auth_info (session);
166 if (cert_info == NULL)
167 return GNUTLS_E_INTERNAL_ERROR;
168 dh = &cert_info->dh;
169 break;
170 }
171 default:
172 MHD_gnutls_assert ();
173 return GNUTLS_E_INVALID_REQUEST;
174 }
175
176 return MHD__gnutls_set_datum (raw_key, dh->public_key.data,
177 dh->public_key.size);
178}
179
180/**
181 * MHD_gtls_rsa_export_get_pubkey - This function returns the peer's public key used in RSA-EXPORT authentication
182 * @session: is a gnutls session
183 * @exponent: will hold the exponent.
184 * @modulus: will hold the modulus.
185 *
186 * This function will return the peer's public key exponent and
187 * modulus used in the last RSA-EXPORT authentication. The output
188 * parameters must be freed with MHD_gnutls_free().
189 *
190 * Returns a negative value in case of an error.
191 *
192 **/
193int
194MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session,
195 MHD_gnutls_datum_t * exponent,
196 MHD_gnutls_datum_t * modulus)
197{
198 cert_auth_info_t info;
199 int ret;
200
201 if (MHD_gtls_auth_get_type (session) == MHD_GNUTLS_CRD_CERTIFICATE)
202 {
203 info = MHD_gtls_get_auth_info (session);
204 if (info == NULL)
205 return GNUTLS_E_INTERNAL_ERROR;
206
207 ret = MHD__gnutls_set_datum (modulus, info->rsa_export.modulus.data,
208 info->rsa_export.modulus.size);
209 if (ret < 0)
210 {
211 MHD_gnutls_assert ();
212 return ret;
213 }
214
215 ret = MHD__gnutls_set_datum (exponent, info->rsa_export.exponent.data,
216 info->rsa_export.exponent.size);
217 if (ret < 0)
218 {
219 MHD_gnutls_assert ();
220 MHD__gnutls_free_datum (modulus);
221 return ret;
222 }
223
224 return 0;
225 }
226
227 return GNUTLS_E_INVALID_REQUEST;
228}
229
230/**
231 * MHD__gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication
232 * @session: is a gnutls session
233 *
234 * This function will return the bits used in the last Diffie Hellman authentication
235 * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
236 * Returns a negative value in case of an error.
237 *
238 **/
239int
240MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session)
241{
242 switch (MHD_gtls_auth_get_type (session))
243 {
244 case MHD_GNUTLS_CRD_ANON:
245 {
246 mhd_anon_auth_info_t info;
247
248 info = MHD_gtls_get_auth_info (session);
249 if (info == NULL)
250 return GNUTLS_E_INTERNAL_ERROR;
251 return info->dh.secret_bits;
252 }
253 case MHD_GNUTLS_CRD_CERTIFICATE:
254 {
255 cert_auth_info_t info;
256
257 info = MHD_gtls_get_auth_info (session);
258 if (info == NULL)
259 return GNUTLS_E_INTERNAL_ERROR;
260
261 return info->dh.secret_bits;
262 }
263 default:
264 MHD_gnutls_assert ();
265 return GNUTLS_E_INVALID_REQUEST;
266 }
267}
268
269/**
270 * MHD__gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication
271 * @session: is a gnutls session
272 *
273 * This function will return the bits of the prime used in the last Diffie Hellman authentication
274 * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
275 * Returns a negative value in case of an error.
276 *
277 **/
278int
279MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session)
280{
281 MHD_gtls_dh_info_st *dh;
282
283 switch (MHD_gtls_auth_get_type (session))
284 {
285 case MHD_GNUTLS_CRD_ANON:
286 {
287 mhd_anon_auth_info_t info;
288
289 info = MHD_gtls_get_auth_info (session);
290 if (info == NULL)
291 return GNUTLS_E_INTERNAL_ERROR;
292 dh = &info->dh;
293 break;
294 }
295 case MHD_GNUTLS_CRD_CERTIFICATE:
296 {
297 cert_auth_info_t info;
298
299 info = MHD_gtls_get_auth_info (session);
300 if (info == NULL)
301 return GNUTLS_E_INTERNAL_ERROR;
302
303 dh = &info->dh;
304 break;
305 }
306 default:
307 MHD_gnutls_assert ();
308 return GNUTLS_E_INVALID_REQUEST;
309 }
310
311 return (dh->prime.size) * 8;
312
313}
314
315/**
316 * MHD_gtls_rsa_export_get_modulus_bits - This function returns the bits used in RSA-export key exchange
317 * @session: is a gnutls session
318 *
319 * This function will return the bits used in the last RSA-EXPORT key exchange
320 * with the peer.
321 * Returns a negative value in case of an error.
322 *
323 **/
324int
325MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session)
326{
327 cert_auth_info_t info;
328
329 info = MHD_gtls_get_auth_info (session);
330 if (info == NULL)
331 return GNUTLS_E_INTERNAL_ERROR;
332
333 return info->rsa_export.modulus.size * 8;
334}
335
336/**
337 * MHD__gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication
338 * @session: is a gnutls session
339 *
340 * This function will return the bits used in the last Diffie Hellman authentication
341 * with the peer. Should be used for both anonymous and ephemeral diffie Hellman.
342 * Returns a negative value in case of an error.
343 *
344 **/
345int
346MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session)
347{
348 MHD_gtls_dh_info_st *dh;
349
350 switch (MHD_gtls_auth_get_type (session))
351 {
352 case MHD_GNUTLS_CRD_ANON:
353 {
354 mhd_anon_auth_info_t info;
355
356 info = MHD_gtls_get_auth_info (session);
357 if (info == NULL)
358 return GNUTLS_E_INTERNAL_ERROR;
359
360 dh = &info->dh;
361 break;
362 }
363 case MHD_GNUTLS_CRD_CERTIFICATE:
364 {
365 cert_auth_info_t info;
366
367 info = MHD_gtls_get_auth_info (session);
368 if (info == NULL)
369 return GNUTLS_E_INTERNAL_ERROR;
370
371 dh = &info->dh;
372 break;
373 }
374 default:
375 MHD_gnutls_assert ();
376 return GNUTLS_E_INVALID_REQUEST;
377 }
378
379 return dh->public_key.size * 8;
380
381}
382
383/* CERTIFICATE STUFF */
384
385/**
386 * MHD_gtls_certificate_get_ours - This function returns the raw certificate sent in the last handshake
387 * @session: is a gnutls session
388 *
389 * This function will return the certificate as sent to the peer,
390 * in the last handshake. These certificates are in raw format.
391 * In X.509 this is a certificate list. In OpenPGP this is a single
392 * certificate.
393 * Returns NULL in case of an error, or if no certificate was used.
394 *
395 **/
396const MHD_gnutls_datum_t *
397MHD_gtls_certificate_get_ours (MHD_gtls_session_t session)
398{
399 MHD_gtls_cert_credentials_t cred;
400
401 CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
402
403 cred
404 = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key,
405 MHD_GNUTLS_CRD_CERTIFICATE,
406 NULL);
407 if (cred == NULL || cred->cert_list == NULL)
408 {
409 MHD_gnutls_assert ();
410 return NULL;
411 }
412
413 if (session->internals.selected_cert_list == NULL)
414 return NULL;
415
416 return &session->internals.selected_cert_list[0].raw;
417}
418
419/**
420 * MHD_gtls_certificate_get_peers - This function returns the peer's raw certificate
421 * @session: is a gnutls session
422 * @list_size: is the length of the certificate list
423 *
424 * This function will return the peer's raw certificate (chain) as
425 * sent by the peer. These certificates are in raw format (DER encoded
426 * for X.509). In case of a X.509 then a certificate list may be present.
427 * The first certificate in the list is the peer's certificate,
428 * following the issuer's certificate, then the issuer's issuer etc.
429 *
430 * In case of OpenPGP keys a single key will be returned
431 * in raw format.
432 *
433 * Returns NULL in case of an error, or if no certificate was sent.
434 *
435 **/
436const MHD_gnutls_datum_t *
437MHD_gtls_certificate_get_peers (MHD_gtls_session_t
438 session, unsigned int *list_size)
439{
440 cert_auth_info_t info;
441
442 CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL);
443
444 info = MHD_gtls_get_auth_info (session);
445 if (info == NULL)
446 return NULL;
447
448 *list_size = info->ncerts;
449 return info->raw_certificate_list;
450}
451
452/**
453 * MHD_gtls_certificate_client_get_request_status - This function returns the certificate request status
454 * @session: is a gnutls session
455 *
456 * This function will return 0 if the peer (server) did not request client
457 * authentication or 1 otherwise.
458 * Returns a negative value in case of an error.
459 *
460 **/
461int
462MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t session)
463{
464 cert_auth_info_t info;
465
466 CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, 0);
467
468 info = MHD_gtls_get_auth_info (session);
469 if (info == NULL)
470 return GNUTLS_E_INTERNAL_ERROR;
471 return info->certificate_requested;
472}
473
474/**
475 * MHD__gnutls_fingerprint - This function calculates the fingerprint of the given data
476 * @algo: is a digest algorithm
477 * @data: is the data
478 * @result: is the place where the result will be copied (may be null).
479 * @result_size: should hold the size of the result. The actual size
480 * of the returned result will also be copied there.
481 *
482 * This function will calculate a fingerprint (actually a hash), of the
483 * given data. The result is not printable data. You should convert it
484 * to hex, or to something else printable.
485 *
486 * This is the usual way to calculate a fingerprint of an X.509
487 * DER encoded certificate. Note however that the fingerprint
488 * of an OpenPGP is not just a hash and cannot be calculated with
489 * this function.
490 *
491 * Returns a negative value in case of an error.
492 *
493 **/
494int
495MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo,
496 const MHD_gnutls_datum_t * data,
497 void *result, size_t * result_size)
498{
499 GNUTLS_HASH_HANDLE td;
500 int hash_len = MHD_gnutls_hash_get_algo_len (HASH2MAC (algo));
501
502 if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
503 {
504 *result_size = hash_len;
505 return GNUTLS_E_SHORT_MEMORY_BUFFER;
506 }
507 *result_size = hash_len;
508
509 if (result)
510 {
511 td = MHD_gtls_hash_init (HASH2MAC (algo));
512 if (td == NULL)
513 return GNUTLS_E_HASH_FAILED;
514
515 MHD_gnutls_hash (td, data->data, data->size);
516
517 MHD_gnutls_hash_deinit (td, result);
518 }
519
520 return 0;
521}
522
523/**
524 * MHD__gnutls_certificate_set_dh_params - This function will set the DH parameters for a server to use
525 * @res: is a MHD_gtls_cert_credentials_t structure
526 * @dh_params: is a structure that holds diffie hellman parameters.
527 *
528 * This function will set the diffie hellman parameters for a
529 * certificate server to use. These parameters will be used in
530 * Ephemeral Diffie Hellman cipher suites. Note that only a pointer
531 * to the parameters are stored in the certificate handle, so if you
532 * deallocate the parameters before the certificate is deallocated,
533 * you must change the parameters stored in the certificate first.
534 *
535 **/
536void
537MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res,
538 MHD_gtls_dh_params_t dh_params)
539{
540 res->dh_params = dh_params;
541}
542
543/**
544 * MHD_gnutls_certificate_set_params_function - This function will set the DH or RSA parameters callback
545 * @res: is a MHD_gtls_cert_credentials_t structure
546 * @func: is the function to be called
547 *
548 * This function will set a callback in order for the server to get the
549 * diffie hellman or RSA parameters for certificate authentication. The callback
550 * should return zero on success.
551 *
552 **/
553void
554MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t res,
555 MHD_gnutls_params_function * func)
556{
557 res->params_func = func;
558}
559
560/**
561 * MHD__gnutls_certificate_set_verify_flags - This function will set the flags to be used at certificate verification
562 * @res: is a MHD_gtls_cert_credentials_t structure
563 * @flags: are the flags
564 *
565 * This function will set the flags to be used at verification of the
566 * certificates. Flags must be OR of the
567 * #MHD_gnutls_certificate_verify_flags enumerations.
568 *
569 **/
570void
571MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t
572 res, unsigned int flags)
573{
574 res->verify_flags = flags;
575}
576
577/**
578 * MHD__gnutls_certificate_set_verify_limits - This function will set the upper limits to be used at certificate verification
579 * @res: is a MHD_gnutls_certificate_credentials structure
580 * @max_bits: is the number of bits of an acceptable certificate (default 8200)
581 * @max_depth: is maximum depth of the verification of a certificate chain (default 5)
582 *
583 * This function will set some upper limits for the default verification function,
584 * MHD_gtls_certificate_verify_peers2(), to avoid denial of service attacks.
585 * You can set them to zero to disable limits.
586 *
587 **/
588void
589MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t
590 res,
591 unsigned int max_bits,
592 unsigned int max_depth)
593{
594 res->verify_depth = max_depth;
595 res->verify_bits = max_bits;
596}
597
598/**
599 * MHD__gnutls_certificate_set_rsa_export_params - This function will set the RSA parameters for a server to use
600 * @res: is a MHD_gtls_cert_credentials_t structure
601 * @rsa_params: is a structure that holds temporary RSA parameters.
602 *
603 * This function will set the temporary RSA parameters for a certificate
604 * server to use. These parameters will be used in RSA-EXPORT
605 * cipher suites.
606 *
607 **/
608void
609MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t
610 res,
611 MHD_gtls_rsa_params_t
612 rsa_params)
613{
614 res->rsa_params = rsa_params;
615}
616
617/**
618 * MHD_gnutls_anon_set_params_function - This function will set the DH or RSA parameters callback
619 * @res: is a MHD_gtls_anon_server_credentials_t structure
620 * @func: is the function to be called
621 *
622 * This function will set a callback in order for the server to get the
623 * diffie hellman or RSA parameters for anonymous authentication. The callback
624 * should return zero on success.
625 *
626 **/
627void
628MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res,
629 MHD_gnutls_params_function * func)
630{
631 res->params_func = func;
632}
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-28 01:52:27 +0000