diff options
Diffstat (limited to 'src/daemon/https')
-rw-r--r-- | src/daemon/https/gnutls.h | 85 | ||||
-rw-r--r-- | src/daemon/https/tls/Makefile.am | 3 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_anon.c | 180 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_anon.h | 48 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_algorithms.c | 52 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_anon_cred.c | 140 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_auth.c | 16 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_handshake.c | 17 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_session_pack.c | 190 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_state.c | 30 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_ui.c | 573 |
11 files changed, 0 insertions, 1334 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h index 217e0fb7..985455c8 100644 --- a/src/daemon/https/gnutls.h +++ b/src/daemon/https/gnutls.h | |||
@@ -448,35 +448,6 @@ extern "C" | |||
448 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials; | 448 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_server_credentials; |
449 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials; | 449 | typedef MHD_gtls_cert_credentials_t MHD_gtls_cert_client_credentials; |
450 | 450 | ||
451 | typedef struct MHD_gtls_anon_server_credentials_st | ||
452 | *MHD_gtls_anon_server_credentials_t; | ||
453 | typedef struct MHD_gtls_anon_client_credentials_st | ||
454 | *MHD_gtls_anon_client_credentials_t; | ||
455 | |||
456 | void | ||
457 | MHD__gnutls_anon_free_server_credentials | ||
458 | (MHD_gtls_anon_server_credentials_t sc); | ||
459 | int | ||
460 | MHD__gnutls_anon_allocate_server_credentials | ||
461 | (MHD_gtls_anon_server_credentials_t * sc); | ||
462 | |||
463 | void | ||
464 | MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t | ||
465 | res, | ||
466 | MHD_gtls_dh_params_t dh_params); | ||
467 | |||
468 | void | ||
469 | MHD__gnutls_anon_set_server_params_function | ||
470 | (MHD_gtls_anon_server_credentials_t res, | ||
471 | MHD_gnutls_params_function * func); | ||
472 | |||
473 | void | ||
474 | MHD__gnutls_anon_free_client_credentials | ||
475 | (MHD_gtls_anon_client_credentials_t sc); | ||
476 | int | ||
477 | MHD__gnutls_anon_allocate_client_credentials | ||
478 | (MHD_gtls_anon_client_credentials_t * sc); | ||
479 | |||
480 | void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t | 451 | void MHD__gnutls_certificate_free_credentials (MHD_gtls_cert_credentials_t |
481 | sc); | 452 | sc); |
482 | int | 453 | int |
@@ -488,19 +459,6 @@ extern "C" | |||
488 | void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc); | 459 | void MHD__gnutls_certificate_free_ca_names (MHD_gtls_cert_credentials_t sc); |
489 | void MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc); | 460 | void MHD__gnutls_certificate_free_crls (MHD_gtls_cert_credentials_t sc); |
490 | 461 | ||
491 | void MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res, | ||
492 | MHD_gtls_dh_params_t dh_params); | ||
493 | void | ||
494 | MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t | ||
495 | res, | ||
496 | MHD_gtls_rsa_params_t | ||
497 | rsa_params); | ||
498 | void MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t | ||
499 | res, unsigned int flags); | ||
500 | void MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t | ||
501 | res, unsigned int max_bits, | ||
502 | unsigned int max_depth); | ||
503 | |||
504 | int MHD__gnutls_certificate_set_x509_trust_file (MHD_gtls_cert_credentials_t | 462 | int MHD__gnutls_certificate_set_x509_trust_file (MHD_gtls_cert_credentials_t |
505 | res, const char *CAFILE, | 463 | res, const char *CAFILE, |
506 | MHD_gnutls_x509_crt_fmt_t | 464 | MHD_gnutls_x509_crt_fmt_t |
@@ -647,13 +605,6 @@ extern "C" | |||
647 | void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr); | 605 | void MHD__gnutls_session_set_ptr (MHD_gtls_session_t session, void *ptr); |
648 | void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session); | 606 | void *MHD_gtls_session_get_ptr (MHD_gtls_session_t session); |
649 | 607 | ||
650 | /* | ||
651 | * this function returns the hash of the given data. | ||
652 | */ | ||
653 | int MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, | ||
654 | const MHD_gnutls_datum_t * data, void *result, | ||
655 | size_t * result_size); | ||
656 | |||
657 | typedef enum MHD_gnutls_x509_subject_alt_name_t | 608 | typedef enum MHD_gnutls_x509_subject_alt_name_t |
658 | { | 609 | { |
659 | GNUTLS_SAN_DNSNAME = 1, | 610 | GNUTLS_SAN_DNSNAME = 1, |
@@ -714,23 +665,6 @@ extern "C" | |||
714 | */ | 665 | */ |
715 | void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, | 666 | void MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, |
716 | unsigned int bits); | 667 | unsigned int bits); |
717 | int MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session); | ||
718 | int MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session); | ||
719 | int MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session); | ||
720 | |||
721 | int MHD__gnutls_dh_get_group (MHD_gtls_session_t session, | ||
722 | MHD_gnutls_datum_t * raw_gen, | ||
723 | MHD_gnutls_datum_t * raw_prime); | ||
724 | int MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session, | ||
725 | MHD_gnutls_datum_t * raw_key); | ||
726 | |||
727 | /* | ||
728 | * RSA | ||
729 | */ | ||
730 | int MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session, | ||
731 | MHD_gnutls_datum_t * exponent, | ||
732 | MHD_gnutls_datum_t * modulus); | ||
733 | int MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session); | ||
734 | 668 | ||
735 | /* External signing callback. Experimental. */ | 669 | /* External signing callback. Experimental. */ |
736 | typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session, | 670 | typedef int (*MHD_gnutls_sign_func) (MHD_gtls_session_t session, |
@@ -761,20 +695,11 @@ extern "C" | |||
761 | req); | 695 | req); |
762 | 696 | ||
763 | /* get data from the session */ | 697 | /* get data from the session */ |
764 | const MHD_gnutls_datum_t *MHD_gtls_certificate_get_peers (MHD_gtls_session_t | ||
765 | session, | ||
766 | unsigned int | ||
767 | *list_size); | ||
768 | const MHD_gnutls_datum_t *MHD_gtls_certificate_get_ours (MHD_gtls_session_t | ||
769 | session); | ||
770 | |||
771 | time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t | 698 | time_t MHD_gtls_certificate_activation_time_peers (MHD_gtls_session_t |
772 | session); | 699 | session); |
773 | time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t | 700 | time_t MHD_gtls_certificate_expiration_time_peers (MHD_gtls_session_t |
774 | session); | 701 | session); |
775 | 702 | ||
776 | int MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t | ||
777 | session); | ||
778 | int MHD_gtls_certificate_verify_peers2 (MHD_gtls_session_t session, | 703 | int MHD_gtls_certificate_verify_peers2 (MHD_gtls_session_t session, |
779 | unsigned int *status); | 704 | unsigned int *status); |
780 | 705 | ||
@@ -796,16 +721,6 @@ extern "C" | |||
796 | const MHD_gnutls_datum_t * b64_data, | 721 | const MHD_gnutls_datum_t * b64_data, |
797 | MHD_gnutls_datum_t * result); | 722 | MHD_gnutls_datum_t * result); |
798 | 723 | ||
799 | // void | ||
800 | // MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t | ||
801 | // res, | ||
802 | // MHD_gnutls_params_function * func); | ||
803 | // void MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res, | ||
804 | // MHD_gnutls_params_function * func); | ||
805 | // void MHD_gnutls_psk_set_params_function (MHD_gnutls_psk_server_credentials_t res, | ||
806 | // MHD_gnutls_params_function * func); | ||
807 | |||
808 | |||
809 | /* key_usage will be an OR of the following values: */ | 724 | /* key_usage will be an OR of the following values: */ |
810 | /* when the key is to be used for signing: */ | 725 | /* when the key is to be used for signing: */ |
811 | #define GNUTLS_KEY_DIGITAL_SIGNATURE 128 | 726 | #define GNUTLS_KEY_DIGITAL_SIGNATURE 128 |
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am index aa8a71a7..420307fc 100644 --- a/src/daemon/https/tls/Makefile.am +++ b/src/daemon/https/tls/Makefile.am | |||
@@ -16,7 +16,6 @@ libtls_la_LDFLAGS = \ | |||
16 | -L$(GCRYPT_LIB_PATH) | 16 | -L$(GCRYPT_LIB_PATH) |
17 | 17 | ||
18 | libtls_la_SOURCES = \ | 18 | libtls_la_SOURCES = \ |
19 | auth_anon.c \ | ||
20 | auth_cert.c \ | 19 | auth_cert.c \ |
21 | auth_dh_common.c \ | 20 | auth_dh_common.c \ |
22 | auth_dhe.c \ | 21 | auth_dhe.c \ |
@@ -30,7 +29,6 @@ ext_oprfi.c \ | |||
30 | ext_server_name.c \ | 29 | ext_server_name.c \ |
31 | gnutls_alert.c \ | 30 | gnutls_alert.c \ |
32 | gnutls_algorithms.c \ | 31 | gnutls_algorithms.c \ |
33 | gnutls_anon_cred.c \ | ||
34 | gnutls_asn1_tab.c \ | 32 | gnutls_asn1_tab.c \ |
35 | gnutls_auth.c \ | 33 | gnutls_auth.c \ |
36 | gnutls_buffers.c \ | 34 | gnutls_buffers.c \ |
@@ -66,7 +64,6 @@ gnutls_ui.c \ | |||
66 | gnutls_x509.c \ | 64 | gnutls_x509.c \ |
67 | pkix_asn1_tab.c \ | 65 | pkix_asn1_tab.c \ |
68 | x509_b64.c \ | 66 | x509_b64.c \ |
69 | auth_anon.h \ | ||
70 | auth_cert.h \ | 67 | auth_cert.h \ |
71 | auth_dh_common.h \ | 68 | auth_dh_common.h \ |
72 | debug.h \ | 69 | debug.h \ |
diff --git a/src/daemon/https/tls/auth_anon.c b/src/daemon/https/tls/auth_anon.c deleted file mode 100644 index 1d6922cc..00000000 --- a/src/daemon/https/tls/auth_anon.c +++ /dev/null | |||
@@ -1,180 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains the Anonymous Diffie Hellman key exchange part of | ||
26 | * the anonymous authentication. The functions here are used in the | ||
27 | * handshake. | ||
28 | */ | ||
29 | |||
30 | #include <gnutls_int.h> | ||
31 | |||
32 | #ifdef ENABLE_ANON | ||
33 | |||
34 | #include "gnutls_auth_int.h" | ||
35 | #include "gnutls_errors.h" | ||
36 | #include "gnutls_dh.h" | ||
37 | #include "auth_anon.h" | ||
38 | #include "gnutls_num.h" | ||
39 | #include "gnutls_mpi.h" | ||
40 | #include <gnutls_state.h> | ||
41 | #include <auth_dh_common.h> | ||
42 | |||
43 | static int MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t, opaque **); | ||
44 | static int MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t, opaque *, | ||
45 | size_t); | ||
46 | static int MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t, opaque *, | ||
47 | size_t); | ||
48 | |||
49 | const MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct = { | ||
50 | "ANON", | ||
51 | NULL, | ||
52 | NULL, | ||
53 | MHD_gtls_gen_anon_server_kx, | ||
54 | MHD_gtls_gen_dh_common_client_kx, /* this can be shared */ | ||
55 | NULL, | ||
56 | NULL, | ||
57 | |||
58 | NULL, | ||
59 | NULL, /* certificate */ | ||
60 | MHD_gtls_proc_anon_server_kx, | ||
61 | MHD_gtls_proc_anon_client_kx, | ||
62 | NULL, | ||
63 | NULL | ||
64 | }; | ||
65 | |||
66 | static int | ||
67 | MHD_gtls_gen_anon_server_kx (MHD_gtls_session_t session, opaque ** data) | ||
68 | { | ||
69 | mpi_t g, p; | ||
70 | const mpi_t *mpis; | ||
71 | int ret; | ||
72 | MHD_gtls_dh_params_t dh_params; | ||
73 | MHD_gtls_anon_server_credentials_t cred; | ||
74 | |||
75 | cred = (MHD_gtls_anon_server_credentials_t) | ||
76 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL); | ||
77 | if (cred == NULL) | ||
78 | { | ||
79 | MHD_gnutls_assert (); | ||
80 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
81 | } | ||
82 | |||
83 | dh_params = | ||
84 | MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); | ||
85 | mpis = MHD_gtls_dh_params_to_mpi (dh_params); | ||
86 | if (mpis == NULL) | ||
87 | { | ||
88 | MHD_gnutls_assert (); | ||
89 | return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; | ||
90 | } | ||
91 | |||
92 | p = mpis[0]; | ||
93 | g = mpis[1]; | ||
94 | |||
95 | if ((ret = | ||
96 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
97 | sizeof (anon_auth_info_st), 1)) < 0) | ||
98 | { | ||
99 | MHD_gnutls_assert (); | ||
100 | return ret; | ||
101 | } | ||
102 | |||
103 | MHD_gtls_dh_set_group (session, g, p); | ||
104 | |||
105 | ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0); | ||
106 | if (ret < 0) | ||
107 | { | ||
108 | MHD_gnutls_assert (); | ||
109 | } | ||
110 | |||
111 | return ret; | ||
112 | } | ||
113 | |||
114 | |||
115 | static int | ||
116 | MHD_gtls_proc_anon_client_kx (MHD_gtls_session_t session, opaque * data, | ||
117 | size_t _data_size) | ||
118 | { | ||
119 | MHD_gtls_anon_server_credentials_t cred; | ||
120 | int bits; | ||
121 | int ret; | ||
122 | mpi_t p, g; | ||
123 | MHD_gtls_dh_params_t dh_params; | ||
124 | const mpi_t *mpis; | ||
125 | |||
126 | bits = MHD_gtls_dh_get_allowed_prime_bits (session); | ||
127 | |||
128 | cred = (MHD_gtls_anon_server_credentials_t) | ||
129 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_ANON, NULL); | ||
130 | if (cred == NULL) | ||
131 | { | ||
132 | MHD_gnutls_assert (); | ||
133 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
134 | } | ||
135 | |||
136 | dh_params = | ||
137 | MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); | ||
138 | mpis = MHD_gtls_dh_params_to_mpi (dh_params); | ||
139 | if (mpis == NULL) | ||
140 | { | ||
141 | MHD_gnutls_assert (); | ||
142 | return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; | ||
143 | } | ||
144 | |||
145 | p = mpis[0]; | ||
146 | g = mpis[1]; | ||
147 | |||
148 | ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p); | ||
149 | |||
150 | return ret; | ||
151 | |||
152 | } | ||
153 | |||
154 | int | ||
155 | MHD_gtls_proc_anon_server_kx (MHD_gtls_session_t session, opaque * data, | ||
156 | size_t _data_size) | ||
157 | { | ||
158 | |||
159 | int ret; | ||
160 | |||
161 | /* set auth_info */ | ||
162 | if ((ret = | ||
163 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
164 | sizeof (anon_auth_info_st), 1)) < 0) | ||
165 | { | ||
166 | MHD_gnutls_assert (); | ||
167 | return ret; | ||
168 | } | ||
169 | |||
170 | ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0); | ||
171 | if (ret < 0) | ||
172 | { | ||
173 | MHD_gnutls_assert (); | ||
174 | return ret; | ||
175 | } | ||
176 | |||
177 | return 0; | ||
178 | } | ||
179 | |||
180 | #endif /* ENABLE_ANON */ | ||
diff --git a/src/daemon/https/tls/auth_anon.h b/src/daemon/https/tls/auth_anon.h deleted file mode 100644 index 4602ab23..00000000 --- a/src/daemon/https/tls/auth_anon.h +++ /dev/null | |||
@@ -1,48 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2002, 2003, 2004, 2005 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* this is not to be included by MHD_gnutls_anon.c */ | ||
26 | #include <gnutls_auth.h> | ||
27 | #include <auth_dh_common.h> | ||
28 | |||
29 | typedef struct MHD_gtls_anon_server_credentials_st | ||
30 | { | ||
31 | MHD_gtls_dh_params_t dh_params; | ||
32 | /* this callback is used to retrieve the DH or RSA | ||
33 | * parameters. | ||
34 | */ | ||
35 | MHD_gnutls_params_function *params_func; | ||
36 | } mhd_anon_server_credentials_st; | ||
37 | |||
38 | typedef struct MHD_gtls_anon_client_credentials_st | ||
39 | { | ||
40 | int dummy; | ||
41 | } mhd_anon_client_credentials_st; | ||
42 | |||
43 | typedef struct MHD_gtls_anon_auth_info_st | ||
44 | { | ||
45 | MHD_gtls_dh_info_st dh; | ||
46 | } *mhd_anon_auth_info_t; | ||
47 | |||
48 | typedef struct MHD_gtls_anon_auth_info_st anon_auth_info_st; | ||
diff --git a/src/daemon/https/tls/gnutls_algorithms.c b/src/daemon/https/tls/gnutls_algorithms.c index 18ba0457..89ca70bc 100644 --- a/src/daemon/https/tls/gnutls_algorithms.c +++ b/src/daemon/https/tls/gnutls_algorithms.c | |||
@@ -42,9 +42,6 @@ typedef struct | |||
42 | } MHD_gnutls_cred_map; | 42 | } MHD_gnutls_cred_map; |
43 | 43 | ||
44 | static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = { | 44 | static const MHD_gnutls_cred_map MHD_gtls_cred_mappings[] = { |
45 | {MHD_GNUTLS_KX_ANON_DH, | ||
46 | MHD_GNUTLS_CRD_ANON, | ||
47 | MHD_GNUTLS_CRD_ANON}, | ||
48 | {MHD_GNUTLS_KX_RSA, | 45 | {MHD_GNUTLS_KX_RSA, |
49 | MHD_GNUTLS_CRD_CERTIFICATE, | 46 | MHD_GNUTLS_CRD_CERTIFICATE, |
50 | MHD_GNUTLS_CRD_CERTIFICATE}, | 47 | MHD_GNUTLS_CRD_CERTIFICATE}, |
@@ -390,7 +387,6 @@ extern MHD_gtls_mod_auth_st MHD_gtls_rsa_auth_struct; | |||
390 | extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct; | 387 | extern MHD_gtls_mod_auth_st MHD_rsa_export_auth_struct; |
391 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct; | 388 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct; |
392 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct; | 389 | extern MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct; |
393 | extern MHD_gtls_mod_auth_st MHD_gtls_anon_auth_struct; | ||
394 | extern MHD_gtls_mod_auth_st srp_auth_struct; | 390 | extern MHD_gtls_mod_auth_st srp_auth_struct; |
395 | extern MHD_gtls_mod_auth_st psk_auth_struct; | 391 | extern MHD_gtls_mod_auth_st psk_auth_struct; |
396 | extern MHD_gtls_mod_auth_st dhe_psk_auth_struct; | 392 | extern MHD_gtls_mod_auth_st dhe_psk_auth_struct; |
@@ -407,9 +403,6 @@ typedef struct MHD_gtls_kx_algo_entry | |||
407 | } MHD_gtls_kx_algo_entry_t; | 403 | } MHD_gtls_kx_algo_entry_t; |
408 | 404 | ||
409 | static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { | 405 | static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { |
410 | #ifdef ENABLE_ANON | ||
411 | {"ANON-DH", MHD_GNUTLS_KX_ANON_DH, &MHD_gtls_anon_auth_struct, 1, 0}, | ||
412 | #endif | ||
413 | {"RSA", | 406 | {"RSA", |
414 | MHD_GNUTLS_KX_RSA, | 407 | MHD_GNUTLS_KX_RSA, |
415 | &MHD_gtls_rsa_auth_struct, | 408 | &MHD_gtls_rsa_auth_struct, |
@@ -451,9 +444,6 @@ static const MHD_gtls_kx_algo_entry_t MHD_gtls_kx_algorithms[] = { | |||
451 | /* Keep the contents of this struct the same as the previous one. */ | 444 | /* Keep the contents of this struct the same as the previous one. */ |
452 | static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] = | 445 | static const enum MHD_GNUTLS_KeyExchangeAlgorithm MHD_gtls_supported_kxs[] = |
453 | { | 446 | { |
454 | #ifdef ENABLE_ANON | ||
455 | MHD_GNUTLS_KX_ANON_DH, | ||
456 | #endif | ||
457 | MHD_GNUTLS_KX_RSA, | 447 | MHD_GNUTLS_KX_RSA, |
458 | MHD_GNUTLS_KX_RSA_EXPORT, | 448 | MHD_GNUTLS_KX_RSA_EXPORT, |
459 | MHD_GNUTLS_KX_DHE_RSA, | 449 | MHD_GNUTLS_KX_DHE_RSA, |
@@ -498,20 +488,6 @@ typedef struct | |||
498 | */ | 488 | */ |
499 | #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 } | 489 | #define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 } |
500 | 490 | ||
501 | /* ANONymous cipher suites. | ||
502 | */ | ||
503 | |||
504 | #define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B } | ||
505 | #define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 } | ||
506 | |||
507 | /* rfc3268: */ | ||
508 | #define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 } | ||
509 | #define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A } | ||
510 | |||
511 | /* rfc4132 */ | ||
512 | #define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 } | ||
513 | #define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 } | ||
514 | |||
515 | /* PSK (not in TLS 1.0) | 491 | /* PSK (not in TLS 1.0) |
516 | * draft-ietf-tls-psk: | 492 | * draft-ietf-tls-psk: |
517 | */ | 493 | */ |
@@ -590,34 +566,6 @@ typedef struct | |||
590 | #define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1 | 566 | #define CIPHER_SUITES_COUNT sizeof(MHD_gtls_cs_algorithms)/sizeof(MHD_gtls_cipher_suite_entry)-1 |
591 | 567 | ||
592 | static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = { | 568 | static const MHD_gtls_cipher_suite_entry MHD_gtls_cs_algorithms[] = { |
593 | /* ANON_DH */ | ||
594 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5, | ||
595 | MHD_GNUTLS_CIPHER_ARCFOUR_128, | ||
596 | MHD_GNUTLS_KX_ANON_DH, MHD_GNUTLS_MAC_MD5, | ||
597 | MHD_GNUTLS_PROTOCOL_SSL3), | ||
598 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1, | ||
599 | MHD_GNUTLS_CIPHER_3DES_CBC, | ||
600 | MHD_GNUTLS_KX_ANON_DH, | ||
601 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), | ||
602 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1, | ||
603 | MHD_GNUTLS_CIPHER_AES_128_CBC, | ||
604 | MHD_GNUTLS_KX_ANON_DH, | ||
605 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), | ||
606 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1, | ||
607 | MHD_GNUTLS_CIPHER_AES_256_CBC, | ||
608 | MHD_GNUTLS_KX_ANON_DH, | ||
609 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_SSL3), | ||
610 | #ifdef ENABLE_CAMELLIA | ||
611 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1, | ||
612 | MHD_GNUTLS_CIPHER_CAMELLIA_128_CBC, | ||
613 | MHD_GNUTLS_KX_ANON_DH, | ||
614 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), | ||
615 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1, | ||
616 | MHD_GNUTLS_CIPHER_CAMELLIA_256_CBC, | ||
617 | MHD_GNUTLS_KX_ANON_DH, | ||
618 | MHD_GNUTLS_MAC_SHA1, MHD_GNUTLS_PROTOCOL_TLS1_0), | ||
619 | #endif | ||
620 | |||
621 | /* SRP */ | 569 | /* SRP */ |
622 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, | 570 | GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1, |
623 | MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP, | 571 | MHD_GNUTLS_CIPHER_3DES_CBC, MHD_GNUTLS_KX_SRP, |
diff --git a/src/daemon/https/tls/gnutls_anon_cred.c b/src/daemon/https/tls/gnutls_anon_cred.c deleted file mode 100644 index d73c0edd..00000000 --- a/src/daemon/https/tls/gnutls_anon_cred.c +++ /dev/null | |||
@@ -1,140 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2001, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | #include "gnutls_int.h" | ||
26 | |||
27 | #ifdef ENABLE_ANON | ||
28 | |||
29 | #include "gnutls_errors.h" | ||
30 | #include "auth_anon.h" | ||
31 | #include "gnutls_auth_int.h" | ||
32 | #include "gnutls_dh.h" | ||
33 | #include "gnutls_num.h" | ||
34 | #include "gnutls_mpi.h" | ||
35 | |||
36 | static const int anon_dummy; | ||
37 | |||
38 | /** | ||
39 | * MHD__gnutls_anon_free_server_credentials - Used to free an allocated MHD_gtls_anon_server_credentials_t structure | ||
40 | * @sc: is an #MHD_gtls_anon_server_credentials_t structure. | ||
41 | * | ||
42 | * This structure is complex enough to manipulate directly thus this | ||
43 | * helper function is provided in order to free (deallocate) it. | ||
44 | **/ | ||
45 | void | ||
46 | MHD__gnutls_anon_free_server_credentials (MHD_gtls_anon_server_credentials_t | ||
47 | sc) | ||
48 | { | ||
49 | |||
50 | MHD_gnutls_free (sc); | ||
51 | } | ||
52 | |||
53 | /** | ||
54 | * MHD__gnutls_anon_allocate_server_credentials - Used to allocate an MHD_gtls_anon_server_credentials_t structure | ||
55 | * @sc: is a pointer to an #MHD_gtls_anon_server_credentials_t structure. | ||
56 | * | ||
57 | * This structure is complex enough to manipulate directly thus this | ||
58 | * helper function is provided in order to allocate it. | ||
59 | * | ||
60 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
61 | **/ | ||
62 | int | ||
63 | MHD__gnutls_anon_allocate_server_credentials | ||
64 | (MHD_gtls_anon_server_credentials_t * sc) | ||
65 | { | ||
66 | *sc = MHD_gnutls_calloc (1, sizeof (mhd_anon_server_credentials_st)); | ||
67 | if (*sc == NULL) | ||
68 | return GNUTLS_E_MEMORY_ERROR; | ||
69 | |||
70 | return 0; | ||
71 | } | ||
72 | |||
73 | |||
74 | /** | ||
75 | * MHD__gnutls_anon_free_client_credentials - Used to free an allocated MHD_gtls_anon_client_credentials_t structure | ||
76 | * @sc: is an #MHD_gtls_anon_client_credentials_t structure. | ||
77 | * | ||
78 | * This structure is complex enough to manipulate directly thus this | ||
79 | * helper function is provided in order to free (deallocate) it. | ||
80 | **/ | ||
81 | void | ||
82 | MHD__gnutls_anon_free_client_credentials (MHD_gtls_anon_client_credentials_t | ||
83 | sc) | ||
84 | { | ||
85 | } | ||
86 | |||
87 | /** | ||
88 | * MHD__gnutls_anon_allocate_client_credentials - Used to allocate a credentials structure | ||
89 | * @sc: is a pointer to an #MHD_gtls_anon_client_credentials_t structure. | ||
90 | * | ||
91 | * This structure is complex enough to manipulate directly thus | ||
92 | * this helper function is provided in order to allocate it. | ||
93 | * | ||
94 | * Returns: %GNUTLS_E_SUCCESS on success, or an error code. | ||
95 | **/ | ||
96 | int | ||
97 | MHD__gnutls_anon_allocate_client_credentials | ||
98 | (MHD_gtls_anon_client_credentials_t * sc) | ||
99 | { | ||
100 | /* anon_dummy is only there for *sc not to be null. | ||
101 | * it is not used at all; | ||
102 | */ | ||
103 | *sc = (void *) &anon_dummy; | ||
104 | |||
105 | return 0; | ||
106 | } | ||
107 | |||
108 | /** | ||
109 | * MHD__gnutls_anon_set_server_dh_params - This function will set the DH parameters for a server to use | ||
110 | * @res: is a MHD_gtls_anon_server_credentials_t structure | ||
111 | * @dh_params: is a structure that holds diffie hellman parameters. | ||
112 | * | ||
113 | * This function will set the diffie hellman parameters for an | ||
114 | * anonymous server to use. These parameters will be used in | ||
115 | * Anonymous Diffie Hellman cipher suites. | ||
116 | **/ | ||
117 | void | ||
118 | MHD__gnutls_anon_set_server_dh_params (MHD_gtls_anon_server_credentials_t res, | ||
119 | MHD_gtls_dh_params_t dh_params) | ||
120 | { | ||
121 | res->dh_params = dh_params; | ||
122 | } | ||
123 | |||
124 | /** | ||
125 | * MHD__gnutls_anon_set_server_params_function - This function will set the DH parameters callback | ||
126 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
127 | * @func: is the function to be called | ||
128 | * | ||
129 | * This function will set a callback in order for the server to get | ||
130 | * the diffie hellman parameters for anonymous authentication. The | ||
131 | * callback should return zero on success. | ||
132 | **/ | ||
133 | void | ||
134 | MHD__gnutls_anon_set_server_params_function | ||
135 | (MHD_gtls_anon_server_credentials_t res, MHD_gnutls_params_function * func) | ||
136 | { | ||
137 | res->params_func = func; | ||
138 | } | ||
139 | |||
140 | #endif | ||
diff --git a/src/daemon/https/tls/gnutls_auth.c b/src/daemon/https/tls/gnutls_auth.c index 6f14d9c8..fcb8ed55 100644 --- a/src/daemon/https/tls/gnutls_auth.c +++ b/src/daemon/https/tls/gnutls_auth.c | |||
@@ -30,7 +30,6 @@ | |||
30 | #include "auth_cert.h" | 30 | #include "auth_cert.h" |
31 | #include <gnutls_datum.h> | 31 | #include <gnutls_datum.h> |
32 | 32 | ||
33 | #include "auth_anon.h" | ||
34 | /* The functions here are used in order for authentication algorithms | 33 | /* The functions here are used in order for authentication algorithms |
35 | * to be able to retrieve the needed credentials eg public and private | 34 | * to be able to retrieve the needed credentials eg public and private |
36 | * key etc. | 35 | * key etc. |
@@ -79,9 +78,6 @@ MHD__gnutls_credentials_clear (MHD_gtls_session_t session) | |||
79 | * structure. Thus you will have to keep the structure allocated until | 78 | * structure. Thus you will have to keep the structure allocated until |
80 | * you call MHD__gnutls_deinit(). ] | 79 | * you call MHD__gnutls_deinit(). ] |
81 | * | 80 | * |
82 | * For GNUTLS_CRD_ANON cred should be MHD_gtls_anon_client_credentials_t in case of a client. | ||
83 | * In case of a server it should be MHD_gtls_anon_server_credentials_t. | ||
84 | * | ||
85 | * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t | 81 | * For GNUTLS_CRD_SRP cred should be MHD_gnutls_srp_client_credentials_t |
86 | * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case | 82 | * in case of a client, and MHD_gnutls_srp_server_credentials_t, in case |
87 | * of a server. | 83 | * of a server. |
@@ -267,7 +263,6 @@ out: | |||
267 | * is data obtained by the handshake protocol, the key exchange algorithm, | 263 | * is data obtained by the handshake protocol, the key exchange algorithm, |
268 | * and the TLS extensions messages. | 264 | * and the TLS extensions messages. |
269 | * | 265 | * |
270 | * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t; | ||
271 | * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; | 266 | * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; |
272 | * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; | 267 | * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; |
273 | -*/ | 268 | -*/ |
@@ -301,17 +296,6 @@ MHD_gtls_free_auth_info (MHD_gtls_session_t session) | |||
301 | { | 296 | { |
302 | case MHD_GNUTLS_CRD_SRP: | 297 | case MHD_GNUTLS_CRD_SRP: |
303 | break; | 298 | break; |
304 | case MHD_GNUTLS_CRD_ANON: | ||
305 | { | ||
306 | mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
307 | |||
308 | if (info == NULL) | ||
309 | break; | ||
310 | |||
311 | dh_info = &info->dh; | ||
312 | MHD_gtls_free_dh_info (dh_info); | ||
313 | } | ||
314 | break; | ||
315 | case MHD_GNUTLS_CRD_CERTIFICATE: | 299 | case MHD_GNUTLS_CRD_CERTIFICATE: |
316 | { | 300 | { |
317 | unsigned int i; | 301 | unsigned int i; |
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index db28ad9a..ba93018d 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -47,7 +47,6 @@ | |||
47 | #include "gnutls_record.h" | 47 | #include "gnutls_record.h" |
48 | #include "gnutls_state.h" | 48 | #include "gnutls_state.h" |
49 | #include "gnutls_rsa_export.h" /* for MHD_gnutls_get_rsa_params() */ | 49 | #include "gnutls_rsa_export.h" /* for MHD_gnutls_get_rsa_params() */ |
50 | #include "auth_anon.h" /* for MHD_gtls_anon_server_credentials_t */ | ||
51 | #include "gc.h" | 50 | #include "gc.h" |
52 | 51 | ||
53 | #ifdef HANDSHAKE_DEBUG | 52 | #ifdef HANDSHAKE_DEBUG |
@@ -2800,22 +2799,6 @@ check_server_params (MHD_gtls_session_t session, | |||
2800 | if (delete == 1) | 2799 | if (delete == 1) |
2801 | return 1; | 2800 | return 1; |
2802 | 2801 | ||
2803 | #ifdef ENABLE_ANON | ||
2804 | } | ||
2805 | else if (cred_type == MHD_GNUTLS_CRD_ANON) | ||
2806 | { | ||
2807 | MHD_gtls_anon_server_credentials_t anon_cred = | ||
2808 | (MHD_gtls_anon_server_credentials_t) MHD_gtls_get_cred (session->key, | ||
2809 | cred_type, | ||
2810 | NULL); | ||
2811 | |||
2812 | if (anon_cred != NULL) | ||
2813 | { | ||
2814 | dh_params = | ||
2815 | MHD_gtls_get_dh_params (anon_cred->dh_params, | ||
2816 | anon_cred->params_func, session); | ||
2817 | } | ||
2818 | #endif | ||
2819 | #ifdef ENABLE_PSK | 2802 | #ifdef ENABLE_PSK |
2820 | } | 2803 | } |
2821 | else if (cred_type == MHD_GNUTLS_CRD_PSK) | 2804 | else if (cred_type == MHD_GNUTLS_CRD_PSK) |
diff --git a/src/daemon/https/tls/gnutls_session_pack.c b/src/daemon/https/tls/gnutls_session_pack.c index ab359f6c..be80bfb7 100644 --- a/src/daemon/https/tls/gnutls_session_pack.c +++ b/src/daemon/https/tls/gnutls_session_pack.c | |||
@@ -33,7 +33,6 @@ | |||
33 | #ifdef ENABLE_PSK | 33 | #ifdef ENABLE_PSK |
34 | # include <auth_psk.h> | 34 | # include <auth_psk.h> |
35 | #endif | 35 | #endif |
36 | #include <auth_anon.h> | ||
37 | #include <auth_cert.h> | 36 | #include <auth_cert.h> |
38 | #include <gnutls_errors.h> | 37 | #include <gnutls_errors.h> |
39 | #include <gnutls_auth_int.h> | 38 | #include <gnutls_auth_int.h> |
@@ -55,175 +54,6 @@ static int unpack_security_parameters (MHD_gtls_session_t session, | |||
55 | static int pack_security_parameters (MHD_gtls_session_t session, | 54 | static int pack_security_parameters (MHD_gtls_session_t session, |
56 | MHD_gnutls_datum_t * packed_session); | 55 | MHD_gnutls_datum_t * packed_session); |
57 | 56 | ||
58 | /* Packs the ANON session authentication data. */ | ||
59 | #ifdef ENABLE_ANON | ||
60 | |||
61 | /* Format: | ||
62 | * 1 byte the credentials type | ||
63 | * 4 bytes the size of the whole structure | ||
64 | * 2 bytes the size of secret key in bits | ||
65 | * 4 bytes the size of the prime | ||
66 | * x bytes the prime | ||
67 | * 4 bytes the size of the generator | ||
68 | * x bytes the generator | ||
69 | * 4 bytes the size of the public key | ||
70 | * x bytes the public key | ||
71 | */ | ||
72 | static int | ||
73 | pack_anon_auth_info (MHD_gtls_session_t session, | ||
74 | MHD_gnutls_datum_t * packed_session) | ||
75 | { | ||
76 | mhd_anon_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
77 | int pos = 0; | ||
78 | size_t pack_size; | ||
79 | |||
80 | if (info) | ||
81 | pack_size = 2 + 4 * 3 + info->dh.prime.size + | ||
82 | info->dh.generator.size + info->dh.public_key.size; | ||
83 | else | ||
84 | pack_size = 0; | ||
85 | |||
86 | packed_session->size = PACK_HEADER_SIZE + pack_size + sizeof (uint32_t); | ||
87 | |||
88 | /* calculate the size and allocate the data. | ||
89 | */ | ||
90 | packed_session->data = | ||
91 | MHD_gnutls_malloc (packed_session->size + MAX_SEC_PARAMS); | ||
92 | |||
93 | if (packed_session->data == NULL) | ||
94 | { | ||
95 | MHD_gnutls_assert (); | ||
96 | return GNUTLS_E_MEMORY_ERROR; | ||
97 | } | ||
98 | |||
99 | packed_session->data[0] = MHD_GNUTLS_CRD_ANON; | ||
100 | MHD_gtls_write_uint32 (pack_size, &packed_session->data[PACK_HEADER_SIZE]); | ||
101 | pos += 4 + PACK_HEADER_SIZE; | ||
102 | |||
103 | if (pack_size > 0) | ||
104 | { | ||
105 | MHD_gtls_write_uint16 (info->dh.secret_bits, | ||
106 | &packed_session->data[pos]); | ||
107 | pos += 2; | ||
108 | |||
109 | MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.prime); | ||
110 | pos += 4 + info->dh.prime.size; | ||
111 | MHD_gtls_write_datum32 (&packed_session->data[pos], info->dh.generator); | ||
112 | pos += 4 + info->dh.generator.size; | ||
113 | MHD_gtls_write_datum32 (&packed_session->data[pos], | ||
114 | info->dh.public_key); | ||
115 | pos += 4 + info->dh.public_key.size; | ||
116 | |||
117 | } | ||
118 | |||
119 | return 0; | ||
120 | } | ||
121 | |||
122 | /* Format: | ||
123 | * 1 byte the credentials type | ||
124 | * 4 bytes the size of the whole structure | ||
125 | * 2 bytes the size of secret key in bits | ||
126 | * 4 bytes the size of the prime | ||
127 | * x bytes the prime | ||
128 | * 4 bytes the size of the generator | ||
129 | * x bytes the generator | ||
130 | * 4 bytes the size of the public key | ||
131 | * x bytes the public key | ||
132 | */ | ||
133 | static int | ||
134 | unpack_anon_auth_info (MHD_gtls_session_t session, | ||
135 | const MHD_gnutls_datum_t * packed_session) | ||
136 | { | ||
137 | size_t pack_size; | ||
138 | int pos = 0, size, ret; | ||
139 | mhd_anon_auth_info_t info; | ||
140 | |||
141 | if (packed_session->data[0] != MHD_GNUTLS_CRD_ANON) | ||
142 | { | ||
143 | MHD_gnutls_assert (); | ||
144 | return GNUTLS_E_INVALID_REQUEST; | ||
145 | } | ||
146 | |||
147 | pack_size = MHD_gtls_read_uint32 (&packed_session->data[PACK_HEADER_SIZE]); | ||
148 | pos += PACK_HEADER_SIZE + 4; | ||
149 | |||
150 | |||
151 | if (pack_size == 0) | ||
152 | return 0; /* nothing to be done */ | ||
153 | |||
154 | /* a simple check for integrity */ | ||
155 | if (pack_size + PACK_HEADER_SIZE + 4 > packed_session->size) | ||
156 | { | ||
157 | MHD_gnutls_assert (); | ||
158 | return GNUTLS_E_INVALID_REQUEST; | ||
159 | } | ||
160 | |||
161 | /* client and serer have the same auth_info here | ||
162 | */ | ||
163 | ret = | ||
164 | MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_ANON, | ||
165 | sizeof (anon_auth_info_st), 1); | ||
166 | if (ret < 0) | ||
167 | { | ||
168 | MHD_gnutls_assert (); | ||
169 | return ret; | ||
170 | } | ||
171 | |||
172 | info = MHD_gtls_get_auth_info (session); | ||
173 | if (info == NULL) | ||
174 | { | ||
175 | MHD_gnutls_assert (); | ||
176 | return GNUTLS_E_INTERNAL_ERROR; | ||
177 | } | ||
178 | |||
179 | info->dh.secret_bits = MHD_gtls_read_uint16 (&packed_session->data[pos]); | ||
180 | pos += 2; | ||
181 | |||
182 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
183 | pos += 4; | ||
184 | ret = | ||
185 | MHD__gnutls_set_datum (&info->dh.prime, &packed_session->data[pos], size); | ||
186 | if (ret < 0) | ||
187 | { | ||
188 | MHD_gnutls_assert (); | ||
189 | goto error; | ||
190 | } | ||
191 | pos += size; | ||
192 | |||
193 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
194 | pos += 4; | ||
195 | ret = | ||
196 | MHD__gnutls_set_datum (&info->dh.generator, &packed_session->data[pos], | ||
197 | size); | ||
198 | if (ret < 0) | ||
199 | { | ||
200 | MHD_gnutls_assert (); | ||
201 | goto error; | ||
202 | } | ||
203 | pos += size; | ||
204 | |||
205 | size = MHD_gtls_read_uint32 (&packed_session->data[pos]); | ||
206 | pos += 4; | ||
207 | ret = | ||
208 | MHD__gnutls_set_datum (&info->dh.public_key, &packed_session->data[pos], | ||
209 | size); | ||
210 | if (ret < 0) | ||
211 | { | ||
212 | MHD_gnutls_assert (); | ||
213 | goto error; | ||
214 | } | ||
215 | pos += size; | ||
216 | |||
217 | return 0; | ||
218 | |||
219 | error: | ||
220 | MHD__gnutls_free_datum (&info->dh.prime); | ||
221 | MHD__gnutls_free_datum (&info->dh.generator); | ||
222 | MHD__gnutls_free_datum (&info->dh.public_key); | ||
223 | return ret; | ||
224 | } | ||
225 | #endif /* ANON */ | ||
226 | |||
227 | /* Since auth_info structures contain malloced data, this function | 57 | /* Since auth_info structures contain malloced data, this function |
228 | * is required in order to pack these structures in a vector in | 58 | * is required in order to pack these structures in a vector in |
229 | * order to store them to the DB. | 59 | * order to store them to the DB. |
@@ -267,16 +97,6 @@ MHD_gtls_session_pack (MHD_gtls_session_t session, | |||
267 | } | 97 | } |
268 | break; | 98 | break; |
269 | #endif | 99 | #endif |
270 | #ifdef ENABLE_ANON | ||
271 | case MHD_GNUTLS_CRD_ANON: | ||
272 | ret = pack_anon_auth_info (session, packed_session); | ||
273 | if (ret < 0) | ||
274 | { | ||
275 | MHD_gnutls_assert (); | ||
276 | return ret; | ||
277 | } | ||
278 | break; | ||
279 | #endif | ||
280 | case MHD_GNUTLS_CRD_CERTIFICATE: | 100 | case MHD_GNUTLS_CRD_CERTIFICATE: |
281 | ret = pack_certificate_auth_info (session, packed_session); | 101 | ret = pack_certificate_auth_info (session, packed_session); |
282 | if (ret < 0) | 102 | if (ret < 0) |
@@ -346,16 +166,6 @@ MHD_gtls_session_unpack (MHD_gtls_session_t session, | |||
346 | } | 166 | } |
347 | break; | 167 | break; |
348 | #endif | 168 | #endif |
349 | #ifdef ENABLE_ANON | ||
350 | case MHD_GNUTLS_CRD_ANON: | ||
351 | ret = unpack_anon_auth_info (session, packed_session); | ||
352 | if (ret < 0) | ||
353 | { | ||
354 | MHD_gnutls_assert (); | ||
355 | return ret; | ||
356 | } | ||
357 | break; | ||
358 | #endif | ||
359 | case MHD_GNUTLS_CRD_CERTIFICATE: | 169 | case MHD_GNUTLS_CRD_CERTIFICATE: |
360 | ret = unpack_certificate_auth_info (session, packed_session); | 170 | ret = unpack_certificate_auth_info (session, packed_session); |
361 | if (ret < 0) | 171 | if (ret < 0) |
diff --git a/src/daemon/https/tls/gnutls_state.c b/src/daemon/https/tls/gnutls_state.c index 4f4ea122..0372b0f6 100644 --- a/src/daemon/https/tls/gnutls_state.c +++ b/src/daemon/https/tls/gnutls_state.c | |||
@@ -38,7 +38,6 @@ | |||
38 | #include <gnutls_buffers.h> | 38 | #include <gnutls_buffers.h> |
39 | #include <gnutls_state.h> | 39 | #include <gnutls_state.h> |
40 | #include <auth_cert.h> | 40 | #include <auth_cert.h> |
41 | #include <auth_anon.h> | ||
42 | #include <gnutls_algorithms.h> | 41 | #include <gnutls_algorithms.h> |
43 | #include <gnutls_rsa_export.h> | 42 | #include <gnutls_rsa_export.h> |
44 | 43 | ||
@@ -437,16 +436,6 @@ MHD_gtls_dh_set_peer_public (MHD_gtls_session_t session, mpi_t public) | |||
437 | 436 | ||
438 | switch (MHD_gtls_auth_get_type (session)) | 437 | switch (MHD_gtls_auth_get_type (session)) |
439 | { | 438 | { |
440 | case MHD_GNUTLS_CRD_ANON: | ||
441 | { | ||
442 | mhd_anon_auth_info_t info; | ||
443 | info = MHD_gtls_get_auth_info (session); | ||
444 | if (info == NULL) | ||
445 | return GNUTLS_E_INTERNAL_ERROR; | ||
446 | |||
447 | dh = &info->dh; | ||
448 | break; | ||
449 | } | ||
450 | case MHD_GNUTLS_CRD_CERTIFICATE: | 439 | case MHD_GNUTLS_CRD_CERTIFICATE: |
451 | { | 440 | { |
452 | cert_auth_info_t info; | 441 | cert_auth_info_t info; |
@@ -478,15 +467,6 @@ MHD_gtls_dh_set_secret_bits (MHD_gtls_session_t session, unsigned bits) | |||
478 | { | 467 | { |
479 | switch (MHD_gtls_auth_get_type (session)) | 468 | switch (MHD_gtls_auth_get_type (session)) |
480 | { | 469 | { |
481 | case MHD_GNUTLS_CRD_ANON: | ||
482 | { | ||
483 | mhd_anon_auth_info_t info; | ||
484 | info = MHD_gtls_get_auth_info (session); | ||
485 | if (info == NULL) | ||
486 | return GNUTLS_E_INTERNAL_ERROR; | ||
487 | info->dh.secret_bits = bits; | ||
488 | break; | ||
489 | } | ||
490 | case MHD_GNUTLS_CRD_CERTIFICATE: | 470 | case MHD_GNUTLS_CRD_CERTIFICATE: |
491 | { | 471 | { |
492 | cert_auth_info_t info; | 472 | cert_auth_info_t info; |
@@ -548,16 +528,6 @@ MHD_gtls_dh_set_group (MHD_gtls_session_t session, mpi_t gen, mpi_t prime) | |||
548 | 528 | ||
549 | switch (MHD_gtls_auth_get_type (session)) | 529 | switch (MHD_gtls_auth_get_type (session)) |
550 | { | 530 | { |
551 | case MHD_GNUTLS_CRD_ANON: | ||
552 | { | ||
553 | mhd_anon_auth_info_t info; | ||
554 | info = MHD_gtls_get_auth_info (session); | ||
555 | if (info == NULL) | ||
556 | return GNUTLS_E_INTERNAL_ERROR; | ||
557 | |||
558 | dh = &info->dh; | ||
559 | break; | ||
560 | } | ||
561 | case MHD_GNUTLS_CRD_CERTIFICATE: | 531 | case MHD_GNUTLS_CRD_CERTIFICATE: |
562 | { | 532 | { |
563 | cert_auth_info_t info; | 533 | cert_auth_info_t info; |
diff --git a/src/daemon/https/tls/gnutls_ui.c b/src/daemon/https/tls/gnutls_ui.c index a2594332..1963ce08 100644 --- a/src/daemon/https/tls/gnutls_ui.c +++ b/src/daemon/https/tls/gnutls_ui.c | |||
@@ -27,7 +27,6 @@ | |||
27 | */ | 27 | */ |
28 | 28 | ||
29 | #include <gnutls_int.h> | 29 | #include <gnutls_int.h> |
30 | #include <auth_anon.h> | ||
31 | #include <auth_cert.h> | 30 | #include <auth_cert.h> |
32 | #include <gnutls_errors.h> | 31 | #include <gnutls_errors.h> |
33 | #include <gnutls_auth_int.h> | 32 | #include <gnutls_auth_int.h> |
@@ -58,575 +57,3 @@ MHD__gnutls_dh_set_prime_bits (MHD_gtls_session_t session, unsigned int bits) | |||
58 | session->internals.dh_prime_bits = bits; | 57 | session->internals.dh_prime_bits = bits; |
59 | } | 58 | } |
60 | 59 | ||
61 | /** | ||
62 | * MHD__gnutls_dh_get_group - This function returns the group of the DH authentication | ||
63 | * @session: is a gnutls session | ||
64 | * @raw_gen: will hold the generator. | ||
65 | * @raw_prime: will hold the prime. | ||
66 | * | ||
67 | * This function will return the group parameters used in the last Diffie Hellman | ||
68 | * authentication with the peer. These are the prime and the generator used. | ||
69 | * This function should be used for both anonymous and ephemeral diffie Hellman. | ||
70 | * The output parameters must be freed with MHD_gnutls_free(). | ||
71 | * | ||
72 | * Returns a negative value in case of an error. | ||
73 | * | ||
74 | **/ | ||
75 | int | ||
76 | MHD__gnutls_dh_get_group (MHD_gtls_session_t session, | ||
77 | MHD_gnutls_datum_t * raw_gen, | ||
78 | MHD_gnutls_datum_t * raw_prime) | ||
79 | { | ||
80 | MHD_gtls_dh_info_st *dh; | ||
81 | int ret; | ||
82 | mhd_anon_auth_info_t anon_info; | ||
83 | cert_auth_info_t cert_info; | ||
84 | |||
85 | switch (MHD_gtls_auth_get_type (session)) | ||
86 | { | ||
87 | case MHD_GNUTLS_CRD_ANON: | ||
88 | anon_info = MHD_gtls_get_auth_info (session); | ||
89 | if (anon_info == NULL) | ||
90 | return GNUTLS_E_INTERNAL_ERROR; | ||
91 | dh = &anon_info->dh; | ||
92 | break; | ||
93 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
94 | cert_info = MHD_gtls_get_auth_info (session); | ||
95 | if (cert_info == NULL) | ||
96 | return GNUTLS_E_INTERNAL_ERROR; | ||
97 | dh = &cert_info->dh; | ||
98 | break; | ||
99 | default: | ||
100 | MHD_gnutls_assert (); | ||
101 | return GNUTLS_E_INVALID_REQUEST; | ||
102 | } | ||
103 | |||
104 | ret = MHD__gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size); | ||
105 | if (ret < 0) | ||
106 | { | ||
107 | MHD_gnutls_assert (); | ||
108 | return ret; | ||
109 | } | ||
110 | |||
111 | ret = | ||
112 | MHD__gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size); | ||
113 | if (ret < 0) | ||
114 | { | ||
115 | MHD_gnutls_assert (); | ||
116 | MHD__gnutls_free_datum (raw_prime); | ||
117 | return ret; | ||
118 | } | ||
119 | |||
120 | return 0; | ||
121 | } | ||
122 | |||
123 | /** | ||
124 | * MHD__gnutls_dh_get_pubkey - This function returns the peer's public key used in DH authentication | ||
125 | * @session: is a gnutls session | ||
126 | * @raw_key: will hold the public key. | ||
127 | * | ||
128 | * This function will return the peer's public key used in the last Diffie Hellman authentication. | ||
129 | * This function should be used for both anonymous and ephemeral diffie Hellman. | ||
130 | * The output parameters must be freed with MHD_gnutls_free(). | ||
131 | * | ||
132 | * Returns a negative value in case of an error. | ||
133 | * | ||
134 | **/ | ||
135 | int | ||
136 | MHD__gnutls_dh_get_pubkey (MHD_gtls_session_t session, | ||
137 | MHD_gnutls_datum_t * raw_key) | ||
138 | { | ||
139 | MHD_gtls_dh_info_st *dh; | ||
140 | mhd_anon_auth_info_t anon_info; | ||
141 | cert_auth_info_t cert_info; | ||
142 | cert_auth_info_t psk_info; | ||
143 | |||
144 | switch (MHD_gtls_auth_get_type (session)) | ||
145 | { | ||
146 | case MHD_GNUTLS_CRD_ANON: | ||
147 | { | ||
148 | anon_info = MHD_gtls_get_auth_info (session); | ||
149 | if (anon_info == NULL) | ||
150 | return GNUTLS_E_INTERNAL_ERROR; | ||
151 | dh = &anon_info->dh; | ||
152 | break; | ||
153 | } | ||
154 | case MHD_GNUTLS_CRD_PSK: | ||
155 | { | ||
156 | psk_info = MHD_gtls_get_auth_info (session); | ||
157 | if (psk_info == NULL) | ||
158 | return GNUTLS_E_INTERNAL_ERROR; | ||
159 | dh = &psk_info->dh; | ||
160 | break; | ||
161 | } | ||
162 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
163 | { | ||
164 | |||
165 | cert_info = MHD_gtls_get_auth_info (session); | ||
166 | if (cert_info == NULL) | ||
167 | return GNUTLS_E_INTERNAL_ERROR; | ||
168 | dh = &cert_info->dh; | ||
169 | break; | ||
170 | } | ||
171 | default: | ||
172 | MHD_gnutls_assert (); | ||
173 | return GNUTLS_E_INVALID_REQUEST; | ||
174 | } | ||
175 | |||
176 | return MHD__gnutls_set_datum (raw_key, dh->public_key.data, | ||
177 | dh->public_key.size); | ||
178 | } | ||
179 | |||
180 | /** | ||
181 | * MHD_gtls_rsa_export_get_pubkey - This function returns the peer's public key used in RSA-EXPORT authentication | ||
182 | * @session: is a gnutls session | ||
183 | * @exponent: will hold the exponent. | ||
184 | * @modulus: will hold the modulus. | ||
185 | * | ||
186 | * This function will return the peer's public key exponent and | ||
187 | * modulus used in the last RSA-EXPORT authentication. The output | ||
188 | * parameters must be freed with MHD_gnutls_free(). | ||
189 | * | ||
190 | * Returns a negative value in case of an error. | ||
191 | * | ||
192 | **/ | ||
193 | int | ||
194 | MHD_gtls_rsa_export_get_pubkey (MHD_gtls_session_t session, | ||
195 | MHD_gnutls_datum_t * exponent, | ||
196 | MHD_gnutls_datum_t * modulus) | ||
197 | { | ||
198 | cert_auth_info_t info; | ||
199 | int ret; | ||
200 | |||
201 | if (MHD_gtls_auth_get_type (session) == MHD_GNUTLS_CRD_CERTIFICATE) | ||
202 | { | ||
203 | info = MHD_gtls_get_auth_info (session); | ||
204 | if (info == NULL) | ||
205 | return GNUTLS_E_INTERNAL_ERROR; | ||
206 | |||
207 | ret = MHD__gnutls_set_datum (modulus, info->rsa_export.modulus.data, | ||
208 | info->rsa_export.modulus.size); | ||
209 | if (ret < 0) | ||
210 | { | ||
211 | MHD_gnutls_assert (); | ||
212 | return ret; | ||
213 | } | ||
214 | |||
215 | ret = MHD__gnutls_set_datum (exponent, info->rsa_export.exponent.data, | ||
216 | info->rsa_export.exponent.size); | ||
217 | if (ret < 0) | ||
218 | { | ||
219 | MHD_gnutls_assert (); | ||
220 | MHD__gnutls_free_datum (modulus); | ||
221 | return ret; | ||
222 | } | ||
223 | |||
224 | return 0; | ||
225 | } | ||
226 | |||
227 | return GNUTLS_E_INVALID_REQUEST; | ||
228 | } | ||
229 | |||
230 | /** | ||
231 | * MHD__gnutls_dh_get_secret_bits - This function returns the bits used in DH authentication | ||
232 | * @session: is a gnutls session | ||
233 | * | ||
234 | * This function will return the bits used in the last Diffie Hellman authentication | ||
235 | * with the peer. Should be used for both anonymous and ephemeral diffie Hellman. | ||
236 | * Returns a negative value in case of an error. | ||
237 | * | ||
238 | **/ | ||
239 | int | ||
240 | MHD__gnutls_dh_get_secret_bits (MHD_gtls_session_t session) | ||
241 | { | ||
242 | switch (MHD_gtls_auth_get_type (session)) | ||
243 | { | ||
244 | case MHD_GNUTLS_CRD_ANON: | ||
245 | { | ||
246 | mhd_anon_auth_info_t info; | ||
247 | |||
248 | info = MHD_gtls_get_auth_info (session); | ||
249 | if (info == NULL) | ||
250 | return GNUTLS_E_INTERNAL_ERROR; | ||
251 | return info->dh.secret_bits; | ||
252 | } | ||
253 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
254 | { | ||
255 | cert_auth_info_t info; | ||
256 | |||
257 | info = MHD_gtls_get_auth_info (session); | ||
258 | if (info == NULL) | ||
259 | return GNUTLS_E_INTERNAL_ERROR; | ||
260 | |||
261 | return info->dh.secret_bits; | ||
262 | } | ||
263 | default: | ||
264 | MHD_gnutls_assert (); | ||
265 | return GNUTLS_E_INVALID_REQUEST; | ||
266 | } | ||
267 | } | ||
268 | |||
269 | /** | ||
270 | * MHD__gnutls_dh_get_prime_bits - This function returns the bits used in DH authentication | ||
271 | * @session: is a gnutls session | ||
272 | * | ||
273 | * This function will return the bits of the prime used in the last Diffie Hellman authentication | ||
274 | * with the peer. Should be used for both anonymous and ephemeral diffie Hellman. | ||
275 | * Returns a negative value in case of an error. | ||
276 | * | ||
277 | **/ | ||
278 | int | ||
279 | MHD__gnutls_dh_get_prime_bits (MHD_gtls_session_t session) | ||
280 | { | ||
281 | MHD_gtls_dh_info_st *dh; | ||
282 | |||
283 | switch (MHD_gtls_auth_get_type (session)) | ||
284 | { | ||
285 | case MHD_GNUTLS_CRD_ANON: | ||
286 | { | ||
287 | mhd_anon_auth_info_t info; | ||
288 | |||
289 | info = MHD_gtls_get_auth_info (session); | ||
290 | if (info == NULL) | ||
291 | return GNUTLS_E_INTERNAL_ERROR; | ||
292 | dh = &info->dh; | ||
293 | break; | ||
294 | } | ||
295 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
296 | { | ||
297 | cert_auth_info_t info; | ||
298 | |||
299 | info = MHD_gtls_get_auth_info (session); | ||
300 | if (info == NULL) | ||
301 | return GNUTLS_E_INTERNAL_ERROR; | ||
302 | |||
303 | dh = &info->dh; | ||
304 | break; | ||
305 | } | ||
306 | default: | ||
307 | MHD_gnutls_assert (); | ||
308 | return GNUTLS_E_INVALID_REQUEST; | ||
309 | } | ||
310 | |||
311 | return (dh->prime.size) * 8; | ||
312 | |||
313 | } | ||
314 | |||
315 | /** | ||
316 | * MHD_gtls_rsa_export_get_modulus_bits - This function returns the bits used in RSA-export key exchange | ||
317 | * @session: is a gnutls session | ||
318 | * | ||
319 | * This function will return the bits used in the last RSA-EXPORT key exchange | ||
320 | * with the peer. | ||
321 | * Returns a negative value in case of an error. | ||
322 | * | ||
323 | **/ | ||
324 | int | ||
325 | MHD_gtls_rsa_export_get_modulus_bits (MHD_gtls_session_t session) | ||
326 | { | ||
327 | cert_auth_info_t info; | ||
328 | |||
329 | info = MHD_gtls_get_auth_info (session); | ||
330 | if (info == NULL) | ||
331 | return GNUTLS_E_INTERNAL_ERROR; | ||
332 | |||
333 | return info->rsa_export.modulus.size * 8; | ||
334 | } | ||
335 | |||
336 | /** | ||
337 | * MHD__gnutls_dh_get_peers_public_bits - This function returns the bits used in DH authentication | ||
338 | * @session: is a gnutls session | ||
339 | * | ||
340 | * This function will return the bits used in the last Diffie Hellman authentication | ||
341 | * with the peer. Should be used for both anonymous and ephemeral diffie Hellman. | ||
342 | * Returns a negative value in case of an error. | ||
343 | * | ||
344 | **/ | ||
345 | int | ||
346 | MHD__gnutls_dh_get_peers_public_bits (MHD_gtls_session_t session) | ||
347 | { | ||
348 | MHD_gtls_dh_info_st *dh; | ||
349 | |||
350 | switch (MHD_gtls_auth_get_type (session)) | ||
351 | { | ||
352 | case MHD_GNUTLS_CRD_ANON: | ||
353 | { | ||
354 | mhd_anon_auth_info_t info; | ||
355 | |||
356 | info = MHD_gtls_get_auth_info (session); | ||
357 | if (info == NULL) | ||
358 | return GNUTLS_E_INTERNAL_ERROR; | ||
359 | |||
360 | dh = &info->dh; | ||
361 | break; | ||
362 | } | ||
363 | case MHD_GNUTLS_CRD_CERTIFICATE: | ||
364 | { | ||
365 | cert_auth_info_t info; | ||
366 | |||
367 | info = MHD_gtls_get_auth_info (session); | ||
368 | if (info == NULL) | ||
369 | return GNUTLS_E_INTERNAL_ERROR; | ||
370 | |||
371 | dh = &info->dh; | ||
372 | break; | ||
373 | } | ||
374 | default: | ||
375 | MHD_gnutls_assert (); | ||
376 | return GNUTLS_E_INVALID_REQUEST; | ||
377 | } | ||
378 | |||
379 | return dh->public_key.size * 8; | ||
380 | |||
381 | } | ||
382 | |||
383 | /* CERTIFICATE STUFF */ | ||
384 | |||
385 | /** | ||
386 | * MHD_gtls_certificate_get_ours - This function returns the raw certificate sent in the last handshake | ||
387 | * @session: is a gnutls session | ||
388 | * | ||
389 | * This function will return the certificate as sent to the peer, | ||
390 | * in the last handshake. These certificates are in raw format. | ||
391 | * In X.509 this is a certificate list. In OpenPGP this is a single | ||
392 | * certificate. | ||
393 | * Returns NULL in case of an error, or if no certificate was used. | ||
394 | * | ||
395 | **/ | ||
396 | const MHD_gnutls_datum_t * | ||
397 | MHD_gtls_certificate_get_ours (MHD_gtls_session_t session) | ||
398 | { | ||
399 | MHD_gtls_cert_credentials_t cred; | ||
400 | |||
401 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
402 | |||
403 | cred | ||
404 | = (MHD_gtls_cert_credentials_t) MHD_gtls_get_cred (session->key, | ||
405 | MHD_GNUTLS_CRD_CERTIFICATE, | ||
406 | NULL); | ||
407 | if (cred == NULL || cred->cert_list == NULL) | ||
408 | { | ||
409 | MHD_gnutls_assert (); | ||
410 | return NULL; | ||
411 | } | ||
412 | |||
413 | if (session->internals.selected_cert_list == NULL) | ||
414 | return NULL; | ||
415 | |||
416 | return &session->internals.selected_cert_list[0].raw; | ||
417 | } | ||
418 | |||
419 | /** | ||
420 | * MHD_gtls_certificate_get_peers - This function returns the peer's raw certificate | ||
421 | * @session: is a gnutls session | ||
422 | * @list_size: is the length of the certificate list | ||
423 | * | ||
424 | * This function will return the peer's raw certificate (chain) as | ||
425 | * sent by the peer. These certificates are in raw format (DER encoded | ||
426 | * for X.509). In case of a X.509 then a certificate list may be present. | ||
427 | * The first certificate in the list is the peer's certificate, | ||
428 | * following the issuer's certificate, then the issuer's issuer etc. | ||
429 | * | ||
430 | * In case of OpenPGP keys a single key will be returned | ||
431 | * in raw format. | ||
432 | * | ||
433 | * Returns NULL in case of an error, or if no certificate was sent. | ||
434 | * | ||
435 | **/ | ||
436 | const MHD_gnutls_datum_t * | ||
437 | MHD_gtls_certificate_get_peers (MHD_gtls_session_t | ||
438 | session, unsigned int *list_size) | ||
439 | { | ||
440 | cert_auth_info_t info; | ||
441 | |||
442 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
443 | |||
444 | info = MHD_gtls_get_auth_info (session); | ||
445 | if (info == NULL) | ||
446 | return NULL; | ||
447 | |||
448 | *list_size = info->ncerts; | ||
449 | return info->raw_certificate_list; | ||
450 | } | ||
451 | |||
452 | /** | ||
453 | * MHD_gtls_certificate_client_get_request_status - This function returns the certificate request status | ||
454 | * @session: is a gnutls session | ||
455 | * | ||
456 | * This function will return 0 if the peer (server) did not request client | ||
457 | * authentication or 1 otherwise. | ||
458 | * Returns a negative value in case of an error. | ||
459 | * | ||
460 | **/ | ||
461 | int | ||
462 | MHD_gtls_certificate_client_get_request_status (MHD_gtls_session_t session) | ||
463 | { | ||
464 | cert_auth_info_t info; | ||
465 | |||
466 | CHECK_AUTH (MHD_GNUTLS_CRD_CERTIFICATE, 0); | ||
467 | |||
468 | info = MHD_gtls_get_auth_info (session); | ||
469 | if (info == NULL) | ||
470 | return GNUTLS_E_INTERNAL_ERROR; | ||
471 | return info->certificate_requested; | ||
472 | } | ||
473 | |||
474 | /** | ||
475 | * MHD__gnutls_fingerprint - This function calculates the fingerprint of the given data | ||
476 | * @algo: is a digest algorithm | ||
477 | * @data: is the data | ||
478 | * @result: is the place where the result will be copied (may be null). | ||
479 | * @result_size: should hold the size of the result. The actual size | ||
480 | * of the returned result will also be copied there. | ||
481 | * | ||
482 | * This function will calculate a fingerprint (actually a hash), of the | ||
483 | * given data. The result is not printable data. You should convert it | ||
484 | * to hex, or to something else printable. | ||
485 | * | ||
486 | * This is the usual way to calculate a fingerprint of an X.509 | ||
487 | * DER encoded certificate. Note however that the fingerprint | ||
488 | * of an OpenPGP is not just a hash and cannot be calculated with | ||
489 | * this function. | ||
490 | * | ||
491 | * Returns a negative value in case of an error. | ||
492 | * | ||
493 | **/ | ||
494 | int | ||
495 | MHD__gnutls_fingerprint (enum MHD_GNUTLS_HashAlgorithm algo, | ||
496 | const MHD_gnutls_datum_t * data, | ||
497 | void *result, size_t * result_size) | ||
498 | { | ||
499 | GNUTLS_HASH_HANDLE td; | ||
500 | int hash_len = MHD_gnutls_hash_get_algo_len (HASH2MAC (algo)); | ||
501 | |||
502 | if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL) | ||
503 | { | ||
504 | *result_size = hash_len; | ||
505 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
506 | } | ||
507 | *result_size = hash_len; | ||
508 | |||
509 | if (result) | ||
510 | { | ||
511 | td = MHD_gtls_hash_init (HASH2MAC (algo)); | ||
512 | if (td == NULL) | ||
513 | return GNUTLS_E_HASH_FAILED; | ||
514 | |||
515 | MHD_gnutls_hash (td, data->data, data->size); | ||
516 | |||
517 | MHD_gnutls_hash_deinit (td, result); | ||
518 | } | ||
519 | |||
520 | return 0; | ||
521 | } | ||
522 | |||
523 | /** | ||
524 | * MHD__gnutls_certificate_set_dh_params - This function will set the DH parameters for a server to use | ||
525 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
526 | * @dh_params: is a structure that holds diffie hellman parameters. | ||
527 | * | ||
528 | * This function will set the diffie hellman parameters for a | ||
529 | * certificate server to use. These parameters will be used in | ||
530 | * Ephemeral Diffie Hellman cipher suites. Note that only a pointer | ||
531 | * to the parameters are stored in the certificate handle, so if you | ||
532 | * deallocate the parameters before the certificate is deallocated, | ||
533 | * you must change the parameters stored in the certificate first. | ||
534 | * | ||
535 | **/ | ||
536 | void | ||
537 | MHD__gnutls_certificate_set_dh_params (MHD_gtls_cert_credentials_t res, | ||
538 | MHD_gtls_dh_params_t dh_params) | ||
539 | { | ||
540 | res->dh_params = dh_params; | ||
541 | } | ||
542 | |||
543 | /** | ||
544 | * MHD_gnutls_certificate_set_params_function - This function will set the DH or RSA parameters callback | ||
545 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
546 | * @func: is the function to be called | ||
547 | * | ||
548 | * This function will set a callback in order for the server to get the | ||
549 | * diffie hellman or RSA parameters for certificate authentication. The callback | ||
550 | * should return zero on success. | ||
551 | * | ||
552 | **/ | ||
553 | void | ||
554 | MHD_gnutls_certificate_set_params_function (MHD_gtls_cert_credentials_t res, | ||
555 | MHD_gnutls_params_function * func) | ||
556 | { | ||
557 | res->params_func = func; | ||
558 | } | ||
559 | |||
560 | /** | ||
561 | * MHD__gnutls_certificate_set_verify_flags - This function will set the flags to be used at certificate verification | ||
562 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
563 | * @flags: are the flags | ||
564 | * | ||
565 | * This function will set the flags to be used at verification of the | ||
566 | * certificates. Flags must be OR of the | ||
567 | * #MHD_gnutls_certificate_verify_flags enumerations. | ||
568 | * | ||
569 | **/ | ||
570 | void | ||
571 | MHD__gnutls_certificate_set_verify_flags (MHD_gtls_cert_credentials_t | ||
572 | res, unsigned int flags) | ||
573 | { | ||
574 | res->verify_flags = flags; | ||
575 | } | ||
576 | |||
577 | /** | ||
578 | * MHD__gnutls_certificate_set_verify_limits - This function will set the upper limits to be used at certificate verification | ||
579 | * @res: is a MHD_gnutls_certificate_credentials structure | ||
580 | * @max_bits: is the number of bits of an acceptable certificate (default 8200) | ||
581 | * @max_depth: is maximum depth of the verification of a certificate chain (default 5) | ||
582 | * | ||
583 | * This function will set some upper limits for the default verification function, | ||
584 | * MHD_gtls_certificate_verify_peers2(), to avoid denial of service attacks. | ||
585 | * You can set them to zero to disable limits. | ||
586 | * | ||
587 | **/ | ||
588 | void | ||
589 | MHD__gnutls_certificate_set_verify_limits (MHD_gtls_cert_credentials_t | ||
590 | res, | ||
591 | unsigned int max_bits, | ||
592 | unsigned int max_depth) | ||
593 | { | ||
594 | res->verify_depth = max_depth; | ||
595 | res->verify_bits = max_bits; | ||
596 | } | ||
597 | |||
598 | /** | ||
599 | * MHD__gnutls_certificate_set_rsa_export_params - This function will set the RSA parameters for a server to use | ||
600 | * @res: is a MHD_gtls_cert_credentials_t structure | ||
601 | * @rsa_params: is a structure that holds temporary RSA parameters. | ||
602 | * | ||
603 | * This function will set the temporary RSA parameters for a certificate | ||
604 | * server to use. These parameters will be used in RSA-EXPORT | ||
605 | * cipher suites. | ||
606 | * | ||
607 | **/ | ||
608 | void | ||
609 | MHD__gnutls_certificate_set_rsa_export_params (MHD_gtls_cert_credentials_t | ||
610 | res, | ||
611 | MHD_gtls_rsa_params_t | ||
612 | rsa_params) | ||
613 | { | ||
614 | res->rsa_params = rsa_params; | ||
615 | } | ||
616 | |||
617 | /** | ||
618 | * MHD_gnutls_anon_set_params_function - This function will set the DH or RSA parameters callback | ||
619 | * @res: is a MHD_gtls_anon_server_credentials_t structure | ||
620 | * @func: is the function to be called | ||
621 | * | ||
622 | * This function will set a callback in order for the server to get the | ||
623 | * diffie hellman or RSA parameters for anonymous authentication. The callback | ||
624 | * should return zero on success. | ||
625 | * | ||
626 | **/ | ||
627 | void | ||
628 | MHD_gnutls_anon_set_params_function (MHD_gtls_anon_server_credentials_t res, | ||
629 | MHD_gnutls_params_function * func) | ||
630 | { | ||
631 | res->params_func = func; | ||
632 | } | ||